Modchip

From Free net encyclopedia

Image:Xenium ICE in XBOX.JPG

A modification chip or modchip is a device used to play import, backup, or homebrew games and/or circumvent the digital rights management of many popular game consoles, including the Xbox and PlayStation. Almost all modern console gaming systems have hardware-based schemes which ensure that only officially sanctioned games may be used with the system and implement regional lockout similar to the scheme used in DVD movies. The specific technical nature of these DRM systems varies by system, and may include cryptographic signing (Xbox), intentionally unreadable sectors (PlayStation), custom optical media (GameCube, Dreamcast), or some combination thereof. Modchips are available also for some DVD players, to defeat region code enforcement and user operation prohibitions.

Modchips typically require some level of technical ability to install. Most commonly, modchips must be soldered on to a console's motherboard, although there are no-solder install kits (which instead rely on the precise positioning of electrical contacts within the case) which work with some revisions of the PlayStation 2 and Xbox hardware.

Contents 1 History 2 Disadvantages of modchipping 3 Legality 3.1 Australian legality 3.2 USA legality under DMCA 3.3 Legality elsewhere 4 PlayStation 2 5 Xbox 6 GameCube 7 External links

History

Modchips first came into popularity with the original Sony PlayStation and were developed for playing import games. They worked by simply injecting the region code of all three available regions into the appropriate data stream, and had the side effect of enabling users to play burned games. Originally the PlayStation had a parallel port in the rear which was intended for debugging purposes. In the year 1998 some developers found a way to use a Game Enhancer or Cheat Cartridge and a spring (that tricked the console to believe the lid is closed) to swap from an original disc to an import or burned title. Sony removed the parallel port with the latest revision (SCPH-9000) of the PlayStation in May 1999, just one year prior to the release of the PlayStation 2. The name Modchip itself appeared first in early 1996 and was coined by Old Crow, a scene member. The original Modchip was programmed by a western engineer under contract for a Hong Kong company and was based on the PIC 16C54 microcontroller. Prices dropped after a few months, because Old Crow reverse-engineered it using a "blackbox" approach and released the first PIC 12C508 (an 8-pin microcontroller by Microchip) source code for free to the community. Some legal attempts such as Anti Piracy source code were made by Old Crow and Side a few months later. Even ten years after the Playstation's instruction (2005), HONGXING, a Chinese reverse-engineer from the GSM unlocking scene recreated a Modchip on an even smaller microcontroller, the PIC 10F200, which has only 6 pins.

Disadvantages of modchipping

A poorly installed modchip can cause permanent damage to the console, potentially rendering it useless. Some consoles cannot be used for online play if a chip is installed, such as the Xbox's Xbox Live service (non-Live online games can still be played on a modded system using software that emulates the Xbox's "system link" connection). Also some games do perform a check whether a modchip is installed and do not run if they find one. Therefore, some modchips have an enable/disable switch. Modchips are also generally more expensive than other methods, while boot disks and other methods to achieve the same basic functionality are often less than $30 USD. Opening a console, which is necessary to install a chip, will terminate any manufacturer's warranty it may have.

Legality

The legality of modchips is currently certain in Australia, and ambiguous in other jurisdictions.

As of October 2005, the Australian High Court is the first 'highest court of appeal' to consider anti-circumvention laws. The DMCA hasn't yet reached the US Supreme Court; nor have such laws reached the House of Lords in the UK.

The legality of modchips is often debated because they bring both illegal and legal benefits to the user.

• Games and programs developed for the community free of charge (homebrew) cannot be run on protected consoles without a modchip, despite the fact they are being run within their license, and,
• Video games and DVDs purchased overseas and imported locally are often a quicker way for the consumer to enjoy those titles. Sometimes imported copies can also be cheaper than a given country's local release of the same title. Many games are only released in one region, and cannot be enjoyed by overseas players without importing.

Australian legality

Template:Wikinews On October 6th 2005, the Australian High Court decided that the technical measures used by Sony on their PlayStation games, which prevent disks without the proper 'code' from being played in PlayStation machines, are not technological protection measures within the meaning of the Australian Act; and hence selling devices to circumvent the Sony measures was not a breach of Australian copyright law.

In short, the High Court have reinstated Justice Sackville's interpretation of TPM from his decision at first instance:

A 'technological protection measure', as defined, must be a device or product which utilises technological means to deny a person access to a copyright work [or other subject-matter], or which limits a person's capacity to make copies of a work [or other subject matter] to which access has been gained, and thereby 'physically' prevents or inhibits the person from undertaking acts which, if carried out, would or might infringe copyright in the work [or other subject matter]

On this definition, Sony's device is not a TPM, because all it does is prevent infringing copies from being played in Sony PlayStation devices - the effect on infringement is deterrent, rather than to 'physically' prevent infringement.

Further, this not only confirms the legality of modchips, it ensures that Australian consumers can play lawfully acquired DVD's from other countries, and play backups of their lawfully acquired PS2 games.

This victory for consumers is however likely to be short lived, because under the terms of the US-Australia Free Trade Agreement, Australia has until January 2007 to amend the Copyright Act in order to give copyright owners stronger mechanisms to take action against individuals who circumvent Effective technological measures under the US-Australia Free Trade Agreement [1]

USA legality under DMCA

The legality of modchips in the United States is ambiguous. The Digital Millennium Copyright Act (DMCA) does not mention modchips in particular, but some may interpret the meaning of the law as stating that modchips are illegal because many are made specifically to circumvent the copy-protection features of their host systems. During the rise of Modchips for the original PlayStation, and prior to the DMCA, various import game dealers introduced a so-called anti-piracy or good Modchip, which was further developed to allow playback of import games, but not burned game discs.

In early 2003, iSONEWS.com was raided by the FBI, presumably for selling Xbox modchips with pre-flashed BIOSes. The impetus for the raid was likely the fact that iSO News was distributing hacked versions of the original Microsoft BIOS, thus redistributing Microsoft's copyrighted software without permission.

Legality elsewhere

Through lawsuits during 2002 in many countries, including against Lik Sang in Hong Kong and Neo Technologies and Channel Tech

• Sony v. Ball UK High Court June 2004 in the UK, it was found that Modchips were illegal devices. [2]

However, three years later in 2005, Modchips are still broadly available in the UK. Sony, Microsoft or Nintendo have not pursued other retailers and developers seriously. Apparently, Modchips are becoming illegal in more and more countries, due to changed legislation and amendments of laws for the digital age, and through lobbying activities of manufacturers and representatives.

Many companies are now selling modchips without any possibly DMCA-infringing BIOS code loaded onto the EEPROM portion of the chip module, or loading it with a totally legal BIOS containing none of the manufacturer's copyrighted code (for example the Cromwell BIOS developed by the Xbox Linux Project). It is then up to the customer to separately obtain a copy of their desired (possibly illegal) firmware and then to flash it into EEPROM.

PlayStation 2

The original discs for PlayStation 2 titles have a series of pits and bumps before the data region which cannot be read or written to using a conventional CD recorder. For this reason, discs which have been copied using conventional means will not have this authentication region present, therefore the disc will fail to authenticate.

PlayStation 2 modchips come in several types:

Generation 1 - "Swap" Modchips

The "swap" modchips are not as advanced as their successors. In order to boot a non-original disc, the operator must first load an original disc (or a specialized loader disc like Swap Magic), which the PS2 authenticates and region-checks. At this point the modchip disables the eject notification feature of the PS2's DVD-ROM drive, allowing the user to swap the original disc. Once this swap has been performed, the operator can instruct the PS2 to load the code from the non-original disc. Since the PS2 does not realize the disc has been changed, the authentication code is never re-checked. Unlike "no-swap" modchips, these chips do not affect the BIOS. These modchips may require 4-7 wires to be soldered to the motherboard to install, depending on the hardware revision of the PS2 in question.

Generation 2 - "No-swap" Modchips

These modchips are more technically advanced than their predecessors, and do not require an original disc for authentication purposes. Instead, they replicate the authentication signal that is normally sent by the PS2's drive hardware when an authorized game disc is present, causing the BIOS to believe that a copied disc is the original and boot it. These modchips are usually more difficult to install into the console, requiring usually 19 to 24 wires to be soldered to the mainboard by the installer. The very first modchip of this kind was the Messiah from hDL & KVaks

Generation 3 - Flashable Modchips

These newer modchips contain more features in software and usually include menus and many configurable options, such as booting software bypassing the original BIOS GUI (named OSDSYS after the internal filename on the PS2 BIOS). They can be upgraded by several methods, usually from a CD-R containing the upgrade, and sometimes from other media such as USB pendrives. They can offer booting from several media such as Memory Cards, USB pendrives, an add-on internal PS2 HDD, files hosted in the network, etc. Some modchips of this category are the Ghost2, the O2mod, the DMS4, and the Matrix Infinity.

Alternatives to Modchips

Mod chips are not entirely necessary if you wish to try a different approach, such as the HD Loader and/or PS2 Independence Exploit for Playstation 2, because it allows the user to install a hard drive, and copy the contents of original game DVD discs to this hard drive. At this point you no longer require the original DVD or even a modchip to play the games from the hard drive installed into the PS2. By using M.R. Browns PS2 Independance Exploit, one can store the HD Loader executable (or any other homebrew code) on the memory card, trigger the exploit and load the copied games without using a burnt disc.

Xbox

Xbox modchips now allow a user to completely circumvent the BIOS on-board the video game console's mainboard. This allows a console to run code, such as user-created applications or games, not licensed or published by Microsoft. One of the main uses in the modding community of this ability is to provide a non-Microsoft BIOS that does not contain any copyrighted code that will run the Linux operating system from a DVD or the Xbox hard drive.

There are three possible techniques for modding an Xbox:

Softmodding 

is accomplished by loading a specially-crafted save game file into the Microsoft game title MechAssault. When loaded, the save game file induces a buffer overflow and forces the execution of a program which replaces portions of the Xbox system software to allow the loading of unsigned executables from the internal hard disk, DVD drive or a USB storage device. Similar exploits exist for the Splinter Cell and Agent Under Fire titles.

Modchip Installation 

requires opening of the Xbox case and soldering certain points on the motherboard. This is surprisingly easy to accomplish on most Xbox hardware versions (v1.0 to 1.5), as the Xbox motherboard includes a 16-pin LPC debugging port which the console can load an alternative BIOS from (this method is used in Xbox development kits). A pin header can be easily soldered into this port and plugged into a modchip (alternatively, if the solder holes are already filled, as in very early Xbox models, they can be briefly melted to directly attach wires). A single solder point outside of the LPC header, known as D0, must also be attached to the modchip. When the D0 point is shorted to ground, the onboard BIOS is bypassed due to the least significant bit of the data bus being forced to 0 and the Xbox chipset will attempt to load the BIOS from the LPC port instead. The very first Modchip created for the Xbox was the Enigmah.

In order to make the installation of modchips less attractive, Microsoft have changed the PCB layout for V1.6 and 1.6b Xboxes. They have effectivley eliminated the traces that make the LPC header functional. However, the functions haven't been removed and it remains relatively easy to re-enable the functionality through a process called an 'LPC rebuild' The principle is to make a connection between the LPC and the contact points on PCB, replacing the removed traces and is accomplished by either using cable or, as provided by some mod chip manufacturers, a PCB template, which is placed on the PCB and soldered on. Both methods have the same effect, but the PCB route (if the template works) could bring install time down to below ten minutes. It is worth noting, however, that the cable method is easier to troubleshoot and do over should a mistake occur.

Solderless adaptors do exist, the Xapt3r being a good example. The principle behind it is the same as the soldered method, but the reconnections are made using thin wire which can be inserted into the points from the component side of the PCB.

TSOP Flash 

is often considered to be middle ground between the modchip and softmod methods. This method requires two small solder points, which make the Xbox BIOS chip itself writable. Once this chip (the TSOP) is writable, one can use any of the games available for the softmod to run an exploit which will allow this chip to be overwritten with an alternative BIOS. The Xbox will then load the alternative BIOS instead of the default Xbox BIOS whenever it is turned on. Different versions of the Xbox include different size TSOP chips. Versions 1.0 and 1.1 Xboxes have a 1mb chip, which can be divided into two 512kb banks, four 256kb banks, or remain as a single 1mb bank. On these versions, a switch or two may be installed, allowing the user to activate any certain bank on the TSOP chip, making it possible to disable the mod by using the default Xbox BIOS on one bank. Versions 1.2 through 1.5 Xboxes have a single 256kb bank which cannot be divided, and therefore not disabled. To date, version 1.6 Xboxes cannot be modded via a TSOP flash.

There are two types of alternative BIOS in wide use on Xbox modchips. The first is the completely legal Cromwell BIOS, and its derivatives, which were developed by the Xbox Linux Project and contain 100% "cleanroom" GPL-licensed code which can be used to boot Linux from the Xbox hard drive or DVD drive. The second are possibly illegal (depending on territory) hacked BIOSes, which contain the original Microsoft BIOS (with the Windows 2000-derived kernel used in the Xbox) modified so that they will execute unsigned code. The latter type of BIOS can be used to boot back-up and homebrew games, as well as additional homebrew software developed using Microsoft's Xbox Development Kit (XDK) but not authorized for release by Microsoft (examples of this sort of software include game emulators, media players, and web browsers). Users of the second type of BIOS will typically load their Hard Drive with an alternative to Microsoft's original dashboard, such as XBMC, Evolution-X or Avalaunch, which provides a menu interface to all of the software installed onto the hard drive, and even an integrated FTP server for loading new software and media onto the console over a home network. Either type of BIOS will allow upgrading to a higher-capacity Hard Drive.

Additionally, Microsoft's Xbox Live gaming service contains automated security checks which ban users suspected of modchip use. At logon time, Xbox Live conducts a check of the currently running BIOS. If it differs in any way from the original BIOS, that particular Xbox (which is uniquely identified by a code in the motherboard's onboard ROM) is banned from the service. Some modchips (notably the very popular Xecuter line) include a manual switch which can be attached to the exterior of the case and used to switch the modchip on and off. When switched off, the Xbox will boot the original BIOS and dashboard, and allow the use of Xbox Live with an original game as if no modchip were present at all.

Finally, Xbox Live also maintains a database of the Hard Drive serial numbers associated with each particular Xbox. If the user has replaced the original Xbox hard drive with a larger one, they may become banned from the service even if their modchip is disabled. This pairing of serial numbers is created at the user's first login, so if the new hard drive is locked with the original hard drive's key using a specialized dashboard like Evolution-X, it is possible to use a non-original hard drive on Xbox Live, as long as the Xbox never logged on to Live with its original drive.

GameCube

A GameCube modchip called Viper was released in December of 2004. Like most console modchips, it attempts to avoid legal complications by including no code which circumvents copy protection or is copyrighted by Nintendo. It has some on-board flash memory which allows the user to write small programs to it (.DOLs). There is a hacked BIOS available for the Viper called Cobra. Cobra allows the user to directly boot a back-up or homebrew game on a 3-inch DVD-R inserted in the GameCube's optical drive (contrary to popular belief, the GameCube uses standard mini-DVDs with a modified filesystem for storage). Removing the GameCube's external case or installing a custom replacement allows the user to boot standard 5-inch DVD-R discs as well, but the positioning of the drive's laser renders only the first 1.4GB of capacity usable. Previously the only common way to run user code on the GameCube was to use a Broadband Adapter combined with a security hole in Phantasy Star Online. The Cobra software works, after an original disc is authenticated, by resetting the disc drive and unlocking a debug mode which allows code to be sent to the drive and executed. This code stops the disc drive for a few seconds, allowing the user to swap in a non-original disc. More recent (v1.0+) versions of Cobra no longer require an original disc for authentication purposes. TMBinc released an open source IPL replacement for NGC, which allow anyone to produce is own IPL replacement (modchip for NGC)

Alternatively, the Duo Q and XenoGC available. They don't have the features of the Viper, but do allow booting of homebrew programs such as SNES9X and burnt games.

External links

• Stevens v Kabushiki Kaisha Sony Computer Entertainment 2005 HCA 58 (6 October 2005)
• Before the High Court On Technology Locks and the Proper Scope of Digital Copyright Laws — Sony in the High Courtfr:Modchip

it:Modchip pl:Modchip