In response to the conclusion's formed by Nate Lawson ...
Repairing the hole
"Attackers only have tenuous hold on drive"
Commodore4Eva - Complete control of drive, any command or code sent to drive from host can be analysed and appropriate response given to host
"Defence: check that responses vary appropriately"
Commodore4Eva - Code already written to vary responses and will be implemented when required, current responses satisfy host code
"Defence: use same debug commands to load disc-specific hashing code into drive, check for patched firmware"
Commodore4Eva - As we have complete control of firmware, we can analyse each debug command sent from host and again formulate the appropriate response to host
"Defence: look for ss.bin????? file via host or code loading into drive"
Commodore4Eva - Xtreme firmware already locks host from reading illegal ranges of LBA once drive is unlocked, so host cannot read Xtreme Security Sector (not a SS.bin file). Again if debug command or code sent to drive, we can analyse and formulate the appropriate response to host
Conculsion
Drive is completely compromised and can be programmed to give the correct response to any query. If host changes the rules, so do we.
With any recorded media, the data is static, in content and position, so always hackable.
Coming soon for Xtreme firmware
_______________________________
DVD movie region free!!!
360 games using file iso/raw data hybrid - much smaller iso size
New Xtreme V5 for Hitachi and Benq drives
Thanks
Commodore4Eva
There is of course no ETA on any of the features listed above, so please dont ask
Social Networking Bookmarks