Crazy how chaotic the inside of the chip looks like, and yet the drill spot is always in the same place. The components seem to be thrown in their haphazardly.
I was living in Thailand back in the late 2000's and there Xbox piracy was all you had, there were no legal supply chains from Microsoft for the consoles and games, so it was pretty big business. so big I was in a console store there and they had a drill press with a jig on it that took seconds to perform this hack. You basically put the board in the jig, pulled down on the press and it dropped to a set height. The guy there was doing these in bulk and charging like $5 a time. They must have made loads of money.
I used to live in Thailand as well, and the department store in my city were filled with stores selling pre-modded consoles tailored for piracy stuff, this was back in like 2008-2011, PS3 hadn't catched on at all since there were really no way to pirate games on it back then. PS2s are definitely the most popular by far though seeing how easy it is to do the drive mod for them.
@@renakunisaki That would be illegal, while modding a console is not (at least in most countries, it maybe illegal in the US but not all countries are governed by lobbies that forbid you to modify hardware you bought and you own). Also the point of modding a console is just to play games burned on a DVD, having to buy pirated games defeat the purpose, they will cost some money to make, surely more than a new DVD-R that you can burn with your PC. Back in the days people in my country used to go to electronic fairs just to buy packs of 50 DVD, that where the cheaper option before online shopping, since there you didn't pay VAT.
I really think that anti-piracy 'locks' essentially adhere to the turn of phrase applied to physical locks; they only keep out people who don't really want to get in that bad.
It's the same with a bike lock. It's there to keep people away, but is never fully secure. Those who really want to get the bike, will get it, but most people will take a look and back off and a few will try for a few seconds and then leave. If it takes longer than opening with a key or requires obvious tools, nobody would try it in public.
@@HappyBeezerStudios People have done tests in public. The chances of someone stopping you even when using power tools to steal a bike is very low. Only thing that stops people from doing it is the sense they'll get caught. When in reality, the chances of them getting caught is slim. If I'm remembering correctly, the tests were done in the USA/Canada. No idea what the rates would be like in countries that favor their bike transportation like the Netherlands or Finland.
@@the_hamrat "Very few locks are actual security devices. Treat your locks as latches, and don't trust a lock alone to protect your valuables or for any high security application."
tweezers, paperclips, mini-drills... the most mundane common household items that defeated console security a.k.a. the kind of stuff you come up with if you're a hacker
When people start drilling holes in their PCBs is about the point the hardware security people flip the tables and rage quit. Physical access always means the device belongs to YOU, not to whomever thinks it belongs to THEM. As it should be.
Drilling holes in PCBs is easy. You can see what you're doing. This is drilling a hole in a chip package - going in blind, no way to see what you're drilling, and trusting in the advice of a dodgy internet site.
Here in Brazil at that time I was one of the main modders in Sao Paulo City and I remember when the method was released on the forums and I went in the middle of the night to grab a Dremel bit that was proper for this and doing my own Xbox for testing. Next weekend after that I did at least 40, good times good times. Later a template would be release but at first I would just measure with ruler and mark with a pencil the correct spot. A software was kept running and when a loud beep started you knew the spot was hit correctly :)
@@NTDARK13 Since you did not need the mod to read the key, you could write in other models of drives (unprotected ones) and it would work fine. So I had a few spares in case anything would go wrong but being quite honest, I think I had to resort to that only once and I modded hundreds of drives back in the day. (One company thet resold console even hired me for a day to mod almost 100 units, it was crazy but they had people to open and close the x360 , so I would only deal with the barebone drive.)
@Francisco António Bianchi As I replied, of course the client would be assured to get a fully working modded x360. Even getting new drives was very cheap at the time.
One of my favourite hacking stories, this one - I remember it also being named the "Geremia method". Bonus trivia: sometimes the wires you shorted by dilling the hole would come apart again after a bit. To repeat the unlock, you needed to either stick the bit back in the hole and wiggle, or click an electronic lighter a couple times near the chip. Apparently the EM noise produced by the piezo was enough to trigger the circuit. Wild times for sure.
Gotta be one of the funniest hacks ever 🤣 Damn clever. You could tell even that Microsoft dude was impressed. I never had to do it, but I would've loved to take the risk ☺️
I was in this scene heavily back in the day. I never had one drive fail or go wrong. I developed some of the CFW for reset glitch hacked phat consoles, painstakingly using non-complier-based languages (as compiled code was hard to debug even when you had privileged access), and it taught me the high-level foundations of key/vault hardware security. Thanks to the X360, I’m now in a dream career due to the weird obsession I had with reversing the original 2005-11 hardware. 🎉
I easily did hundreds of these back in the day when I worked for a console shop in eastern europe and only managed to completely brick two boards at the very beginning. After doing a few of these we just eyeballed the bottom of the K letter on the MEDIATEK logo and never marked it. Worked nearly every time and when something went wrong we just put and pressed a solder ball in the hole after flashing and the drive worked again.
@@tezcanaslan2877 well it would be quite easy to drill wrong sized hole, have drill slip etc. Then I suppose there's miniscule probability that chip insides could be slightly misaligned in manufacturing, but so little that chip would still work without issues, but resulting in dead system trying this hack. It would have to be really bad luck, but I think it could be plausible to happen.
@@tezcanaslan2877 I guess he went too deep, and grinded out several metal traces instead of shorting them. The soldier blob after, on his other later mistakes, to "remake" these traces seems to agree. Remove too many, and now any soldier blob would short too many.
Damn. If you could do hundreds of those fuckers with only two failures, I'm honestly surprised that it's still called the Kamikaze Method. Plus, with all of the tools in the market to make the process easier and easier, why hasn't anyone invented a device where you put the board, lower a "tonearm" of sorts with a drill bit on it, and then push a button to make it automatically drill at the perfect position, stopping when it reaches the exact depth necessary to sever the connections.
I adore stuff like this. It's really a case of "If there's a will, there's a way" Knocking out the bond wires to the die is a pretty clever means of gaining access to signals they wanted you to stay away from. Reminds me of dremmling open those stupid dallas clock chips on my older computers to revive the RTC
These videos are so interesting! Never would've guessed this is what it used to take to break the 360's security. Would love to see an analysis or explanation on the Xbox One's security. I would imagine Microsoft went to even greater lengths to lock it down this time around to the point where they managed to go a whole console generation without any major hardware exploits.
an exploit for the Xbox One will never happen the security is completely airtight, and there's just no reason to hack an xbox one considering everything it has to offer
@@shoopdahoop2221 "there's just no reason to hack an xbox one considering everything it has to offer" I don't get that statement. Anyway, XBox One has not been defeated to my knowledge. Congrats to Microsoft, I suppose, they succeeded THAT much
I worked in a modding/repair shop for consoles around this time. We had a decent method of using a dremel with the 360 lizard kit, mostly saw successes with this modding method. There were of course a few boards that we didn't line up correctly or maybe the hand wasn't steady enough. Luckily we had spare unlocked board that we could flash to in case the board was cooked after the attempt. Just had to make sure to read the drive key before attempting the kamikaze method.
Another definition for Kamikaze is Divine Wind, which is the literal translation. It’s a reference to the typhoons that destroyed both mongol invasion attempts in 1274 and 1281. Because these events have hold significant importance in Japanese culture, during WWII the pilots were called to be the “divine wind” to destroy the invaders once again. It was first and foremost an act of nationalism. However for cultural reasons it was interpreted as meaning a self sacrificial attack by the west.
If anyone hasn't seen the Tony Chen presentation, it's a great watch for the tech head, really fascinating how they engineered the security and their goals in doing so. Gotta say though, I don't think this is a legit "mistakes were made", but rather, if you have to go to THIS length, then the security is certainly doing an effective job of being a deterrent. And that's all you can ask for from any security system, there is no such thing as "perfect" or "unhackable" security or any of the sort, that's essentially impossible, it's the degree of deterrence that matters. Doesn't have to be "unhackable" if hacking is either too risky, just a massive amount of work, or necessitating some meaningful degree of technical skill(which then essentially puts a price tag on it as a lot of people will then have to pay a skilled person to perform this service).
Imagine four balls on the edge of a cliff. Say a direct copy of the ball nearest the cliff is sent to the back of the line of balls and takes the place of the first ball. The formerly first ball becomes the second, the second becomes the third, and the fourth falls off the cliff. Xbox modding works the same way.
I did TONS of these back in 2012-2013......I should have definitely charged more. The soldering iron was way safer than the drill bit. I used the drill bit to mark the point then I used the soldering iron.......those were the days...awesome video!!!
One thing worth mentioning. This hack, and the others related to reading the drive key and reflashing it onto a new drive were necessary to replace a failed 360 drive; not just enable burned copies.
That’s brilliant. They had so many consoles in the wild by then that the risk was pretty low because you could pick up a 360 for dirt cheap even in 2012. I never knew about this one though, I love it!
Thanks for the nostalgia hit. I remember the days patiently awaiting a method for flashing the slims, had such great times back then. I'd say I flashed well over 50 xbox 360's during this era, and the small fee I charged most people was very welcome as a young 15/16 year old at the peak. Miss those days!
This reminds me of an old April Fool’s joke from the german DOS magazine back in 1993, where they showed a method of drilling your 486SX CPU to convert it into a full 486DX with co-processor. They promised the drilling template for May. ;)
@@aDistantLight There was another one that turned your 486SX into a DX by just tricking the OS into thinking you had a coprocessor. In that era very few games used a coprocessor but some software would refuse to run without one. Surprisingly enough, all of them worked but nowhere close to the performance of a true DX.
The SX was a DX that failed some tests so the FPU part was disabled, in much the same way CPUs are given a lower clock speed if they don't past the quality controls for a higher speed (hence why overclocking exists). Not sure if there was a way to re-enable it without specialist equipment. I heard rumours that people did so but never saw it in person.
@@aDistantLight i cant recall the name, but i used a coprocessor 'emulator' tsr for my old 386sx (sx stands for 'sucks' ;) to get some game to run with belss and whistles reserved for x87 equipped machines. cant remember the game either. it worked, but i remember the performace being even worse. makes sense, no fpu, worse fp performance.
The Celeron 300A, if the right pin was drilled out, could easily run at 450 MHz, as fast as the fastest Pentium II at the time! I knew a guy who did it.
Interesting thing about kamikaze is that technically there was a brief second rendition that involved dremelling the PCB substrate on a corona V3/4/5/6 prior to the release of the "postfix" adapter. Microsoft definitely learned several harsh lessons with the 360 that all essentially boil down to "don't trust the end-user with their own hardware"
Ever since LTT mentioned this offhandedly in his coverage on Retroarch with Dev Mode on the Series S, I’ve wanted to hear more about the Kamikaze mod. Nice! c:
I love these stories. The ingenuity and will of the gaming community never ceases to amaze me. I mean literally using a drill to hack a console... And even the name "kamikaze hack" just sounds awesome. Where there's a will, there's a way.
@@KiraSlith you don't need the whole squirrel, just a dab of it's urine on the q tip, with the other one to wipe it off a key area of the motherboard exactly when programing is done. You can also create a precisely conductive solution, but that won't be available till kits are made, thus the squirrel.
The drilling is scariest when Jungle Flasher freezes and you're like "damn, I'm about to go too far". Thank lord that never happened to me and we made it to the other side.
C4eva is a absolute legend. Thanks to him I was able to play so many games it was amazing. I had updated my xbox dvd firmware so often that all the plastic clips on my 360 where gone. Really miss those days.
@@matthewpepperl At some level, when you're doing security stuff, you just stop and say, "Damn, if they did that, they DESERVE to get in." Doesn't mean you stop trying to identify who's gotten in, mind you.
@@knghtbrd The problem is Microsoft treating their users like criminals. Yeah, this hack probably helped a lot of copyright infringement, but that's not the point. Microsoft should have made better deals with the developer community to allow for the existence of "backup" copies. Microsoft thinks they're Neo and there is no spoon. Reality continues to hit them in the balls and they never learn, because they're making enough money being aggressive toward their customers.
@@SuperDavidEF That's a major reason why I didn't bother to buy one of the consoles. That and that most of the games I prefer to play tend to be a little older anyway.
Reminds me of the dallas rtc chip, you could get a drop in replacement with a fresh battery, or, you could "hack" the chip and drill holes in it to attach a coin cell to the internal legs of the chip, amazing stuff and like you said, where is a will, there is a way!
If you decap a microcontroller and have knowledge of how they work it's not that hard to reverse engineer it. Watch CuriousMarc, he and his team do so in several episodes.
@@davidmcgill1000 I guess its really the easiest one. Decapping is a real risk especially with the epoxy junk, really only way to get to the wires is by drilling.
This was a lot of fun back then. Couldn't believe it worked when I did it. Seems so simple but so clever too. I did it with the measuring and pencil lines. No guide for me
I would have expected MS and other companies to have formed dedicated red teams with the purpose of defeating their own security. Only my opinion, but I have always thought the best way to improve anti-tamper design is to literally defeat the anti-tamper in-house. The purpose of dedicated teams that could hack each others group's products.
From what I've heard, Microsoft's internal social corporate hierarchy is pretty easily toppled with even mild competition, so they just avoid it when they can. That's partly why huge chunks of the NT Kernel itself in Windows 10 is STILL based on code that predates Windows 2000.
They just made dev mode and gamepass, now its kinda pointless to hack unless you are trying to prove a point, they used the only proven model to beat piracy, create good affordable content and services.
Ah the Fun times of hardware modding, never knew there was a tool to get the coordinates. I just count the pins and used a 18w soldering Iron to drill a hole and works every time, that it becomes second nature on my old job.
I was always more interested in JTAG and RGH mods on the 360 because of homebrew and unsigned code so I never knew about this hack. super interesting for sure. great video
I'm a historian. I think what you're doing here, as someone who knows what they're talking about, giving a 'first pass' at the history, is going to be super useful for future historians. I know it's for the clicks today, but stuff like this could wind up being genuinely important pieces of source material to future historians. Great stuff :)
Love these videos, I remember reading all about this. Didn’t get into modded Xbox’s till rgh was a thing so it wasn’t that necessary for kamikaze anymore.
If I was with Microsoft I'd be like: "If you went through such lengths to defeat our security you deserve to play a few games for free" That was really impressive and creative.
As Valve would say: piracy is a thing of convenience. If it's easier to install and use something via a pirated copy, the dev has done something wrong. And no software DRM is unbeatable, it's only a matter of time until someone breaks it.
Great video! -- At 3:40, you meant "read-only". Also, I got banned from Xbox live/semi-bricked my own console doing one of these firmware mods back then. No drill though. fun stuff.
Well, software can't exist without hardware. By the way, i'm curious about how good or bad was windows ce to programming games for the dreamcast. I hope you talk about dreamcast again in your future videos.
Not hard as long as you know how to program in windows ce. Now before you make a game for the dreamcast with ce in mind you must know that the dreamcast does not have ce installed on the system. Instead it runs ce from the game disk then launches the game.
The "Team Xecuter" that got arrested wasn't the real TX, their name was bought by the assholes behind Gateway 3DS. The actual TX guys are probably sitting on a beach right now, earning 20%.
@@bitelaserkhalif Oh dang. I hated the 3DS so I skipped out on that whole mess but I loved their work on the Switch, they did a remarkable job taking half-baked open source projects and turning them into actual polished professional products that didn't feel like 'hacks' but felt more like genuine accessories. Was looking forward to their releases for the newer switch models but I guess that's died out now :(
I can't count how many of these I did. And I didn't even use a drill or guide. The location was always the lower point of the K and you could use a small exact blade and just use it to drill down with a much finer point. Those days of console modding were fun and exciting. Waiting on IRC to see what drives were good for burning the non truncate discs flashing custom firmware to DVD burners, firmware update patches, and watching C4Eva break it in a week.
Lol I remember my friend doing this. So funny how they manage these hacks sometimes. I still have my o.g. Fat models so I never had to go the kamakazi route personally.
the instructions stated "drill gently, rinse and repeat" cut to picture of someone who drilled straight through the chip AND PCB !! 07:53 lolol great video as always
I would count this as a win for Microsoft. The amount of effort and risk involved means there are much fewer Xbox owners willing to do the mod, reducing piracy compared to many other hacks. As always, security is mostly about putting up enough of a fight that it's making yourself unattractive as a target.
I remember dremeling down the edge of my Wii's DVD drive controller chip to expose three legs that were purposefully cut off. Scary stuff. Good thing I had a steady hand!
I did exactly this back in the day, didnt have any of the tools just some diagrams from online, Got it eventually but it was scary to say the least. I enjoyed the burned games after though
There was something similair with the Yamaha DT 50cc bike. There was a rev limiter in the ignition box under the seat. If you drilled a hole in a specific place you could disable the rev limiter.
i bet it never even crossed their minds that someone could open the package as easy as they did, it must have blown their minds that after all their work it was beaten by a drill.
Another wonderful episode of 'Mistakes Were Made'. (You really should use that as branding for these) I'm always surprised at the length people will go to hack their systems. But as far as I can tell, 360 is still one of the hardest systems to mod without an internal change of some kind. Still a little bit of a bummer if I'm honest.
Oh man. I remember doing an insane amount of research for this. So damn poor I could only afford one Xbox and if I messed it up it was over. Got it on the first try. I remember hearing that beep in jungle flasher and jumping.
The peak of console modding when online gaming on consoles was just starting to boom in popularity. Now PC gaming is on the rise and hotter than ever, I don't ever see the console modding scene will ever be as fun and hot as it was back then.
Just wait till someone cracks the PS5 or SeriesX and get internal server access that cannot be revoked so both companies have to completely dump every pice of hardware and start from scratch😂😂
Former semiconductor engineer here. Since the drill is just going through the wire bonds (not the die itself) the depth of the drill hole sn't too critical. As long as you sever the wires it will work - if you go a little too far you'll only be drilling into the plastic beneath the wires, no harm done.
Do you think that drilling a hole to hack a drive sounds insane? Well, let's not forget that the first X360 hack was done using a floppy. OUTRAGEOUS!!! LOL
I loved how he talked about this mod in the presentation. I watched the whole video. I think even he wants to see when someone find a way to unlock the Xone.
Wait, why isn't it easier to pull up the 2 pins externally? He says the chip is '4 layers' which makes it impossible, but a '4 layer chip' has no meaning, wtf? The pins are right there under the epoxy, much safer to disconnect the externally...
That's what i was thinking. Cut the track on the pcb with a scalpel or if it's not in sight. Use a small soldering iron, heat the pin up and raise it using a scalpel tip. You need to be an expert at SMD soldering but it can be done and it's less risky
While i never had any experience with the kamikazi hack, i do remember doing the RGH hack on a few consoles back in the day when i was a teenager. RGH was the "new way" to turn consoles in to devkits that couldnt be JTAGged. I remember getting this thing from team Xecuter. it was called a nand-X, there was this chip that you had to solder onto specific points on the console, pull the nand from said console, and flash it to enable Devkit accessibility. You couldnt go online with it though unless you wanted to get instabanned. i remember people selling nand flashes that were hidden/ unbannable, but never wanted to pay for the service because i didnt trust it at the time.
Oh boy I love coming across such well done videos and all the more when sources are properly credited! Makes me instantly subscribe! Thumbs up good sir and keep up the good work !
6:10 Would be interested in a better explanation of this. I'm confused on why the pins were not an available attack? How is cutting the wire internally different from lifting the pin? What does the chip being 4 layers have to do with this? What mitigations did microsoft put in place, other than epoxy? Seems like drill the epoxy to the pins would have the same effect.
On the old star trek scotty cut a section of the wall near a locked door to cut away all the proper connections so it would open, with a lazer cutter, while the electricity was running through the ciructs... He did it super slow and even got yelled at for how slow it was taking. They even had to draw up an exact schematic to cut only the necessary parts. Exactly like pcb trimming but while its powered up. They were spot on when they made that part of the show and really knew how to go about the cutting.
I remembered doing my 360 with that little drill kit from Xecuter that I found someone selling locally. But I remembered putting a drop of isopropyl alcohol as you drill right?
How to make your Xbox 360 read illegitimate discs:
1. Perform lobotomy on the optical drive controller
Lobotomy is a bit of a harsh word here... I'd go with Trepanate.
@@bur1t0 lolbottomy ;d
Superman has entered the modding scene.
@@lis6502
This made me laugh 🏅
@@bur1t0 indeed thats Trepanation, and if it goes wrong, then you have lobotomised your DVD drive....like definitely
Crazy how chaotic the inside of the chip looks like, and yet the drill spot is always in the same place. The components seem to be thrown in their haphazardly.
I was living in Thailand back in the late 2000's and there Xbox piracy was all you had, there were no legal supply chains from Microsoft for the consoles and games, so it was pretty big business. so big I was in a console store there and they had a drill press with a jig on it that took seconds to perform this hack. You basically put the board in the jig, pulled down on the press and it dropped to a set height. The guy there was doing these in bulk and charging like $5 a time. They must have made loads of money.
Same thing here on Brazil, there were actually official supplies but they were so expensive nobody bothered
I used to live in Thailand as well, and the department store in my city were filled with stores selling pre-modded consoles tailored for piracy stuff, this was back in like 2008-2011, PS3 hadn't catched on at all since there were really no way to pirate games on it back then. PS2s are definitely the most popular by far though seeing how easy it is to do the drive mod for them.
Always surprised me that professional pirates can spend so much on equipment like that, but can't press "legit" discs to bypass the need for mods.
@@renakunisaki That would be illegal, while modding a console is not (at least in most countries, it maybe illegal in the US but not all countries are governed by lobbies that forbid you to modify hardware you bought and you own).
Also the point of modding a console is just to play games burned on a DVD, having to buy pirated games defeat the purpose, they will cost some money to make, surely more than a new DVD-R that you can burn with your PC. Back in the days people in my country used to go to electronic fairs just to buy packs of 50 DVD, that where the cheaper option before online shopping, since there you didn't pay VAT.
@@Julio-yy4ll Brazils Modding and video game scene in a nutshell
I really think that anti-piracy 'locks' essentially adhere to the turn of phrase applied to physical locks; they only keep out people who don't really want to get in that bad.
They probably would never have thought to drill a hole in an IC though. It's something that sounds too crazy to work.
It's the same with a bike lock. It's there to keep people away, but is never fully secure. Those who really want to get the bike, will get it, but most people will take a look and back off and a few will try for a few seconds and then leave. If it takes longer than opening with a key or requires obvious tools, nobody would try it in public.
@@HappyBeezerStudios People have done tests in public. The chances of someone stopping you even when using power tools to steal a bike is very low. Only thing that stops people from doing it is the sense they'll get caught. When in reality, the chances of them getting caught is slim. If I'm remembering correctly, the tests were done in the USA/Canada. No idea what the rates would be like in countries that favor their bike transportation like the Netherlands or Finland.
This is the Console Picking Lawyer
@@the_hamrat "Very few locks are actual security devices. Treat your locks as latches, and don't trust a lock alone to protect your valuables or for any high security application."
tweezers, paperclips, mini-drills...
the most mundane common household items that defeated console security
a.k.a. the kind of stuff you come up with if you're a hacker
yep, cant wait for someone to hack the xbox series x with a hammer
@@Pixdoet Someone's gonna do it with a Lego.
@@Pixdoet what about Xbox one
@@TheGlitchyMario i thought someone already made an NES with lego
MacGyver was the OG hacker
This is literally the peak of "Hardware Modder literally too angry to back off" in Console Modding. XD
Literally
When people start drilling holes in their PCBs is about the point the hardware security people flip the tables and rage quit. Physical access always means the device belongs to YOU, not to whomever thinks it belongs to THEM. As it should be.
This is actually a known law in Tech Security. Everyone knows that no method will hold out if an attacker has physical access to a given system.
tell this to these "you'll own nothing and you'll be happy" jerks ;)
Drilling holes in PCBs is easy. You can see what you're doing. This is drilling a hole in a chip package - going in blind, no way to see what you're drilling, and trusting in the advice of a dodgy internet site.
nah, smartcard/cryptowallet/TPM chips are specially hardened against such
@@lis6502 paul swabb ?
Here in Brazil at that time I was one of the main modders in Sao Paulo City and I remember when the method was released on the forums and I went in the middle of the night to grab a Dremel bit that was proper for this and doing my own Xbox for testing. Next weekend after that I did at least 40, good times good times. Later a template would be release but at first I would just measure with ruler and mark with a pencil the correct spot. A software was kept running and when a loud beep started you knew the spot was hit correctly :)
Did you offer compensation if you didn't hit the spot right? Or you explained beforehand it was a do or die move?
@Francisco António Bianchi haha true true
@@NTDARK13 Since you did not need the mod to read the key, you could write in other models of drives (unprotected ones) and it would work fine. So I had a few spares in case anything would go wrong but being quite honest, I think I had to resort to that only once and I modded hundreds of drives back in the day. (One company thet resold console even hired me for a day to mod almost 100 units, it was crazy but they had people to open and close the x360 , so I would only deal with the barebone drive.)
@Francisco António Bianchi As I replied, of course the client would be assured to get a fully working modded x360. Even getting new drives was very cheap at the time.
quanto você cobrava pelo serviço?
I do like “Mistakes were made”. Quite the history!
You should hear the story from my mom!
Mistakes are always made
My mum said I should be featured on MWM.
Maids were mistaken
Physically disconnecting the wires INSIDE the chip package! Holy hell! No wonder physical security is such a big thing nowadays!
One of my favourite hacking stories, this one - I remember it also being named the "Geremia method". Bonus trivia: sometimes the wires you shorted by dilling the hole would come apart again after a bit. To repeat the unlock, you needed to either stick the bit back in the hole and wiggle, or click an electronic lighter a couple times near the chip. Apparently the EM noise produced by the piezo was enough to trigger the circuit.
Wild times for sure.
Any title from MVG that has “defeated security” in the title is a much watch in my book! As always thanks for the wonderful content.
Gotta be one of the funniest hacks ever 🤣 Damn clever. You could tell even that Microsoft dude was impressed. I never had to do it, but I would've loved to take the risk ☺️
Nahi Chahiye ji
No
Hi Pewds
A pair of tweezers defeated the Nintendo Wii security, too
What's next? "How a piece of tin foil defeated security of the Sony PS5 "
@@itzjosheyy8514 Why not, he did a whole video on buying modded consoles lol
I was in this scene heavily back in the day. I never had one drive fail or go wrong. I developed some of the CFW for reset glitch hacked phat consoles, painstakingly using non-complier-based languages (as compiled code was hard to debug even when you had privileged access), and it taught me the high-level foundations of key/vault hardware security. Thanks to the X360, I’m now in a dream career due to the weird obsession I had with reversing the original 2005-11 hardware. 🎉
Thats so cool
I easily did hundreds of these back in the day when I worked for a console shop in eastern europe and only managed to completely brick two boards at the very beginning. After doing a few of these we just eyeballed the bottom of the K letter on the MEDIATEK logo and never marked it. Worked nearly every time and when something went wrong we just put and pressed a solder ball in the hole after flashing and the drive worked again.
Nice!
How did you brick those two
@@tezcanaslan2877 well it would be quite easy to drill wrong sized hole, have drill slip etc. Then I suppose there's miniscule probability that chip insides could be slightly misaligned in manufacturing, but so little that chip would still work without issues, but resulting in dead system trying this hack. It would have to be really bad luck, but I think it could be plausible to happen.
@@tezcanaslan2877 I guess he went too deep, and grinded out several metal traces instead of shorting them.
The soldier blob after, on his other later mistakes, to "remake" these traces seems to agree.
Remove too many, and now any soldier blob would short too many.
Damn. If you could do hundreds of those fuckers with only two failures, I'm honestly surprised that it's still called the Kamikaze Method. Plus, with all of the tools in the market to make the process easier and easier, why hasn't anyone invented a device where you put the board, lower a "tonearm" of sorts with a drill bit on it, and then push a button to make it automatically drill at the perfect position, stopping when it reaches the exact depth necessary to sever the connections.
When you showed the example of a mod gone wrong lol, that dude picked out the biggest drill bit he could find lol
I adore stuff like this. It's really a case of "If there's a will, there's a way"
Knocking out the bond wires to the die is a pretty clever means of gaining access to signals they wanted you to stay away from. Reminds me of dremmling open those stupid dallas clock chips on my older computers to revive the RTC
I find these stuff cool
Or in this case "If there's a drill, there's a way."
@@umbaupause If there's a will, there's a drill
"if there's a hole, there's a way"
@@blackpepper2610 “If there’s a hole, someone’s going to drill it”
These videos are so interesting! Never would've guessed this is what it used to take to break the 360's security. Would love to see an analysis or explanation on the Xbox One's security. I would imagine Microsoft went to even greater lengths to lock it down this time around to the point where they managed to go a whole console generation without any major hardware exploits.
an exploit for the Xbox One will never happen
the security is completely airtight, and there's just no reason to hack an xbox one considering everything it has to offer
Love your channel bro
@@TehChozen1 You can actually get a Retail mode version of Retroarch so you don't have to swap between the two modes. Pretty fun stuff.
@@shoopdahoop2221 famous last words...lol
@@shoopdahoop2221 "there's just no reason to hack an xbox one considering everything it has to offer"
I don't get that statement. Anyway, XBox One has not been defeated to my knowledge. Congrats to Microsoft, I suppose, they succeeded THAT much
The “Mistakess Were Made” series is the best videos on the channel, i love them 😊
on youtube*
In google**
on the internet**
Indeed Miku, Indeed.
@@linus607 love her 😊
I worked in a modding/repair shop for consoles around this time. We had a decent method of using a dremel with the 360 lizard kit, mostly saw successes with this modding method. There were of course a few boards that we didn't line up correctly or maybe the hand wasn't steady enough. Luckily we had spare unlocked board that we could flash to in case the board was cooked after the attempt. Just had to make sure to read the drive key before attempting the kamikaze method.
Another definition for Kamikaze is Divine Wind, which is the literal translation. It’s a reference to the typhoons that destroyed both mongol invasion attempts in 1274 and 1281. Because these events have hold significant importance in Japanese culture, during WWII the pilots were called to be the “divine wind” to destroy the invaders once again.
It was first and foremost an act of nationalism. However for cultural reasons it was interpreted as meaning a self sacrificial attack by the west.
That somehow never crossed my mind, but yeah it's literally Kami Kaze, as in God/Divinity + Wind
If anyone hasn't seen the Tony Chen presentation, it's a great watch for the tech head, really fascinating how they engineered the security and their goals in doing so.
Gotta say though, I don't think this is a legit "mistakes were made", but rather, if you have to go to THIS length, then the security is certainly doing an effective job of being a deterrent. And that's all you can ask for from any security system, there is no such thing as "perfect" or "unhackable" security or any of the sort, that's essentially impossible, it's the degree of deterrence that matters. Doesn't have to be "unhackable" if hacking is either too risky, just a massive amount of work, or necessitating some meaningful degree of technical skill(which then essentially puts a price tag on it as a lot of people will then have to pay a skilled person to perform this service).
Gotta be at least one person out there with a story like "Yeah, I tried the Kamikaze hack, and now they call me Johnny 7 Fingers."
Imagine four balls on the edge of a cliff. Say a direct copy of the ball nearest the cliff is sent to the back of the line of balls and takes the place of the first ball. The formerly first ball becomes the second, the second becomes the third, and the fourth falls off the cliff.
Xbox modding works the same way.
I did TONS of these back in 2012-2013......I should have definitely charged more. The soldering iron was way safer than the drill bit. I used the drill bit to mark the point then I used the soldering iron.......those were the days...awesome video!!!
This is insane. INSANE. I got out of the Xbox 360 modding scene after JTAG, and I thought that was pretty hardcore. But this. This is just insane.
Same! I had a Xenon with a flashed drive for online, and a later a JTAG Jasper. Most people wanted the slims because of the RRODs.
Lmfao people don't do that to the Xbox 360 you just buy a mod chip and put it in the 360
One thing worth mentioning. This hack, and the others related to reading the drive key and reflashing it onto a new drive were necessary to replace a failed 360 drive; not just enable burned copies.
That’s brilliant. They had so many consoles in the wild by then that the risk was pretty low because you could pick up a 360 for dirt cheap even in 2012. I never knew about this one though, I love it!
Thanks for the nostalgia hit. I remember the days patiently awaiting a method for flashing the slims, had such great times back then. I'd say I flashed well over 50 xbox 360's during this era, and the small fee I charged most people was very welcome as a young 15/16 year old at the peak. Miss those days!
This reminds me of an old April Fool’s joke from the german DOS magazine back in 1993, where they showed a method of drilling your 486SX CPU to convert it into a full 486DX with co-processor. They promised the drilling template for May. ;)
@@aDistantLight There was another one that turned your 486SX into a DX by just tricking the OS into thinking you had a coprocessor. In that era very few games used a coprocessor but some software would refuse to run without one. Surprisingly enough, all of them worked but nowhere close to the performance of a true DX.
The SX was a DX that failed some tests so the FPU part was disabled, in much the same way CPUs are given a lower clock speed if they don't past the quality controls for a higher speed (hence why overclocking exists). Not sure if there was a way to re-enable it without specialist equipment. I heard rumours that people did so but never saw it in person.
@@aDistantLight i cant recall the name, but i used a coprocessor 'emulator' tsr for my old 386sx (sx stands for 'sucks' ;) to get some game to run with belss and whistles reserved for x87 equipped machines. cant remember the game either. it worked, but i remember the performace being even worse. makes sense, no fpu, worse fp performance.
The Celeron 300A, if the right pin was drilled out, could easily run at 450 MHz, as fast as the fastest Pentium II at the time! I knew a guy who did it.
@@5roundsrapid263 that seems kind of familiar to me but didn't you just break the pen off?
Interesting thing about kamikaze is that technically there was a brief second rendition that involved dremelling the PCB substrate on a corona V3/4/5/6 prior to the release of the "postfix" adapter. Microsoft definitely learned several harsh lessons with the 360 that all essentially boil down to "don't trust the end-user with their own hardware"
Ever since LTT mentioned this offhandedly in his coverage on Retroarch with Dev Mode on the Series S, I’ve wanted to hear more about the Kamikaze mod. Nice! c:
I love these stories. The ingenuity and will of the gaming community never ceases to amaze me. I mean literally using a drill to hack a console... And even the name "kamikaze hack" just sounds awesome. Where there's a will, there's a way.
Next video: How the PS5 was defeated with a squirrel and 2 Q-Tips.
I can see lightly charring traces with burning Q-tips to increase their resistance, but what's the squirrel's job?
I wonder when they gonna hack it
I bet Stack Overflow is already working on installing Linux and Steam on a PS5 😆
@@KiraSlith you don't need the whole squirrel, just a dab of it's urine on the q tip, with the other one to wipe it off a key area of the motherboard exactly when programing is done.
You can also create a precisely conductive solution, but that won't be available till kits are made, thus the squirrel.
Mistakes Were Made
The drilling is scariest when Jungle Flasher freezes and you're like "damn, I'm about to go too far". Thank lord that never happened to me and we made it to the other side.
I do remember trying this. I also remember how my heart skipped a beat when I bricked the drive :D
F
Lmao
These stories are so fascinating. They're better than most tv shows and movies.
C4eva is a absolute legend. Thanks to him I was able to play so many games it was amazing. I had updated my xbox dvd firmware so often that all the plastic clips on my 360 where gone. Really miss those days.
An absolutely incredible feat of Homebrew engineering used to defeat the protection here, it's nothing short of amazing.
Love this hack it's hilarious, even MS must have had a laugh when they found out about it.
i can imagine the people behind xbox saying "they did WHAT!!!" and laughing their assess off
@@matthewpepperl At some level, when you're doing security stuff, you just stop and say, "Damn, if they did that, they DESERVE to get in." Doesn't mean you stop trying to identify who's gotten in, mind you.
@@knghtbrd The problem is Microsoft treating their users like criminals. Yeah, this hack probably helped a lot of copyright infringement, but that's not the point. Microsoft should have made better deals with the developer community to allow for the existence of "backup" copies. Microsoft thinks they're Neo and there is no spoon. Reality continues to hit them in the balls and they never learn, because they're making enough money being aggressive toward their customers.
@@SuperDavidEF That's a major reason why I didn't bother to buy one of the consoles. That and that most of the games I prefer to play tend to be a little older anyway.
Reminds me of the dallas rtc chip, you could get a drop in replacement with a fresh battery, or, you could "hack" the chip and drill holes in it to attach a coin cell to the internal legs of the chip, amazing stuff and like you said, where is a will, there is a way!
The real genius is the first person who figured this out. How? Would love to see a interview with the person who came up with this hack.
If you decap a microcontroller and have knowledge of how they work it's not that hard to reverse engineer it. Watch CuriousMarc, he and his team do so in several episodes.
@@Zerbey Thanks for the suggestion mate! Now watching how soviet soyuz clocks were built.
@@Zerbey Having knowledge is one thing, but deciding to shove a drill bit into it? That can't have been the first choice for a solution.
@@davidmcgill1000 I guess its really the easiest one. Decapping is a real risk especially with the epoxy junk, really only way to get to the wires is by drilling.
Sticking it to the big corporations no matter what really warms my heart.
This was a lot of fun back then. Couldn't believe it worked when I did it. Seems so simple but so clever too. I did it with the measuring and pencil lines. No guide for me
Microsoft: Haha! We have beaten the modders.
Modders: Heh. Drill go brrrrrr.
I remember reading about this back then. So crazy the lengths people are willing to go.
Who doesn't like free shit?
@@plaguemarine7767 exactly
Now THAT'S what you call "brute force" ... love it!
I would have expected MS and other companies to have formed dedicated red teams with the purpose of defeating their own security. Only my opinion, but I have always thought the best way to improve anti-tamper design is to literally defeat the anti-tamper in-house. The purpose of dedicated teams that could hack each others group's products.
From what I've heard, Microsoft's internal social corporate hierarchy is pretty easily toppled with even mild competition, so they just avoid it when they can. That's partly why huge chunks of the NT Kernel itself in Windows 10 is STILL based on code that predates Windows 2000.
@@KiraSlith Why does it matter if the code predates Windows 2000?
@@darrencurry4429 hardware changes, user requirements change, tools/compilers improve, etc.
They just made dev mode and gamepass, now its kinda pointless to hack unless you are trying to prove a point, they used the only proven model to beat piracy, create good affordable content and services.
Microsoft does have such a team. I don’t know if they were used for the Xbox 360 but I know they dedicated a few months trying to crack the Xbox One.
Ah the Fun times of hardware modding, never knew there was a tool to get the coordinates. I just count the pins and used a 18w soldering Iron to drill a hole and works every time, that it becomes second nature on my old job.
If that ain't a textbook MacGyver, then I don't know what is.
I was always more interested in JTAG and RGH mods on the 360 because of homebrew and unsigned code so I never knew about this hack. super interesting for sure. great video
Brings a whole new meaning to the term "brute force attack" doesn't it?
With a knife? Yes. Yes it does😂
I never asked for this
@@QuickishFM I didn't and the chip certainly didn't. You wouldn't catch me putting a drill through my augs, what is this, Pi? 😉😊👍
I'm a historian. I think what you're doing here, as someone who knows what they're talking about, giving a 'first pass' at the history, is going to be super useful for future historians. I know it's for the clicks today, but stuff like this could wind up being genuinely important pieces of source material to future historians. Great stuff :)
Love these videos, I remember reading all about this. Didn’t get into modded Xbox’s till rgh was a thing so it wasn’t that necessary for kamikaze anymore.
If I was with Microsoft I'd be like: "If you went through such lengths to defeat our security you deserve to play a few games for free"
That was really impressive and creative.
I'm not even mad, I'm impressed.
As Valve would say: piracy is a thing of convenience. If it's easier to install and use something via a pirated copy, the dev has done something wrong. And no software DRM is unbeatable, it's only a matter of time until someone breaks it.
@@HappyBeezerStudios This was not a software DRM, it was hardware DRM. Which is even more impressive.
this is the reason the devs mod exist on future xbox right? so i can play retroarch
Microsoft : this is not a drill, I repeat this is not a drill !
Kamikaze : Actually it is...
Great video! -- At 3:40, you meant "read-only".
Also, I got banned from Xbox live/semi-bricked my own console doing one of these firmware mods back then. No drill though. fun stuff.
I still can't wait for "toaster strudel defeated security on the PS5"
Boop
No
Wait this happened?
@@walksanator Not yet
The ps4 was hacked by a simple web exploit so i honestly wouldn't be surprised anymore.
Man I still remember hanging out on EFnet waiting for c4eva to drop firmware with every new release. Good times!!
Tried to look it up now incase I’d need the software, and it’s dead…
Well, software can't exist without hardware.
By the way, i'm curious about how good or bad was windows ce to programming games for the dreamcast. I hope you talk about dreamcast again in your future videos.
Not hard as long as you know how to program in windows ce.
Now before you make a game for the dreamcast with ce in mind you must know that the dreamcast does not have ce installed on the system. Instead it runs ce from the game disk then launches the game.
Windows CE had a big performance hit apparently
5:25 OMFG
That's like blowing up a banks vault by firing an orbit canon from space.
Write protection: exists
Hackers: *SO THAT IS WHEN I STARTED DRILLING*
Man I love these videos. They are very interesting.
Many of the technical terms I don't quite understand, but I still like watching them.
It's wild to see how Team Xecuter's run has gone for over a decade but now they're behind bars thanks to nintendo :( RIP
The "Team Xecuter" that got arrested wasn't the real TX, their name was bought by the assholes behind Gateway 3DS. The actual TX guys are probably sitting on a beach right now, earning 20%.
The current era TX is basically gateway3ds team, which is scummy due to drama that gateway3ds team created.
@@bitelaserkhalif Oh dang. I hated the 3DS so I skipped out on that whole mess but I loved their work on the Switch, they did a remarkable job taking half-baked open source projects and turning them into actual polished professional products that didn't feel like 'hacks' but felt more like genuine accessories. Was looking forward to their releases for the newer switch models but I guess that's died out now :(
TX stole all their ideas and designs from the community and manufactured them poorly, they deserve no credit for anything other than ruining the scene
@@MacGuffin1 A popular uninformed opinion, yes. Thank you for your lack of contribution to the discourse
I can't count how many of these I did. And I didn't even use a drill or guide. The location was always the lower point of the K and you could use a small exact blade and just use it to drill down with a much finer point.
Those days of console modding were fun and exciting. Waiting on IRC to see what drives were good for burning the non truncate discs flashing custom firmware to DVD burners, firmware update patches, and watching C4Eva break it in a week.
Lol I remember my friend doing this. So funny how they manage these hacks sometimes. I still have my o.g. Fat models so I never had to go the kamakazi route personally.
the instructions stated "drill gently, rinse and repeat"
cut to picture of someone who drilled straight through the chip AND PCB !! 07:53 lolol
great video as always
Next episode: How a screwdriver defeated security on the Sega Dreamcast
How dreamcast died by not putting security
Lmao you could burn game's day 1
One of my all time favourite hardware hacks. The epitome of, as the video mentions, where there's a will, there's a way.
I would count this as a win for Microsoft. The amount of effort and risk involved means there are much fewer Xbox owners willing to do the mod, reducing piracy compared to many other hacks. As always, security is mostly about putting up enough of a fight that it's making yourself unattractive as a target.
I remember dremeling down the edge of my Wii's DVD drive controller chip to expose three legs that were purposefully cut off. Scary stuff. Good thing I had a steady hand!
Its simply insane, just goes to show what people can do if they really wanna do it.
I've seen this video in a lot of articles recently. Very cool to see it outside of RUclips!
I did exactly this back in the day, didnt have any of the tools just some diagrams from online, Got it eventually but it was scary to say the least. I enjoyed the burned games after though
There was something similair with the Yamaha DT 50cc bike. There was a rev limiter in the ignition box under the seat. If you drilled a hole in a specific place you could disable the rev limiter.
i bet it never even crossed their minds that someone could open the package as easy as they did, it must have blown their minds that after all their work it was beaten by a drill.
Another wonderful episode of 'Mistakes Were Made'. (You really should use that as branding for these) I'm always surprised at the length people will go to hack their systems. But as far as I can tell, 360 is still one of the hardest systems to mod without an internal change of some kind. Still a little bit of a bummer if I'm honest.
Oh man. I remember doing an insane amount of research for this. So damn poor I could only afford one Xbox and if I messed it up it was over. Got it on the first try. I remember hearing that beep in jungle flasher and jumping.
You are one of the best creators on RUclips hands down. Every video is so thorough. My hats off to you sir.
Next time: how a breaker defeated security on the PS5
you mean hammer?
A breaker?
@@HonkeyKong54 the thing that switches power to your house?
The peak of console modding when online gaming on consoles was just starting to boom in popularity. Now PC gaming is on the rise and hotter than ever, I don't ever see the console modding scene will ever be as fun and hot as it was back then.
Just wait till someone cracks the PS5 or SeriesX and get internal server access that cannot be revoked so both companies have to completely dump every pice of hardware and start from scratch😂😂
I was amazed at how easy it was to mod my 360. Even those who really don't know much about computers could follow the commands for flashing the drive.
Former semiconductor engineer here. Since the drill is just going through the wire bonds (not the die itself) the depth of the drill hole sn't too critical. As long as you sever the wires it will work - if you go a little too far you'll only be drilling into the plastic beneath the wires, no harm done.
Do you think that drilling a hole to hack a drive sounds insane? Well, let's not forget that the first X360 hack was done using a floppy. OUTRAGEOUS!!! LOL
Wait what
Huh?
I loved how he talked about this mod in the presentation. I watched the whole video.
I think even he wants to see when someone find a way to unlock the Xone.
Wait, why isn't it easier to pull up the 2 pins externally? He says the chip is '4 layers' which makes it impossible, but a '4 layer chip' has no meaning, wtf? The pins are right there under the epoxy, much safer to disconnect the externally...
That's what i was thinking. Cut the track on the pcb with a scalpel or if it's not in sight. Use a small soldering iron, heat the pin up and raise it using a scalpel tip. You need to be an expert at SMD soldering but it can be done and it's less risky
Love these security videos. Always great stuff. Much love from down under.
This was a pleasant notification to wake up to! 🤘🤘🤘
While i never had any experience with the kamikazi hack, i do remember doing the RGH hack on a few consoles back in the day when i was a teenager. RGH was the "new way" to turn consoles in to devkits that couldnt be JTAGged. I remember getting this thing from team Xecuter. it was called a nand-X, there was this chip that you had to solder onto specific points on the console, pull the nand from said console, and flash it to enable Devkit accessibility. You couldnt go online with it though unless you wanted to get instabanned. i remember people selling nand flashes that were hidden/ unbannable, but never wanted to pay for the service because i didnt trust it at the time.
And now look at the steam deck, a console that is totally unlocked. We've come a long way.
Steam deck is NOT a console, it is a normal x86 computer. Why is it so hard to people to understand it?
Steam deck is just a pc with a front end
Oh boy I love coming across such well done videos and all the more when sources are properly credited! Makes me instantly subscribe!
Thumbs up good sir and keep up the good work !
Yay, another MVG video!
This is really interesting, love this kind of stuff, it would be interesting to hear about more of the physical mods
6:10 Would be interested in a better explanation of this. I'm confused on why the pins were not an available attack? How is cutting the wire internally different from lifting the pin? What does the chip being 4 layers have to do with this? What mitigations did microsoft put in place, other than epoxy? Seems like drill the epoxy to the pins would have the same effect.
I assume there were other wires connected to those pins as well. It's really not clear though.
On the old star trek scotty cut a section of the wall near a locked door to cut away all the proper connections so it would open, with a lazer cutter, while the electricity was running through the ciructs...
He did it super slow and even got yelled at for how slow it was taking.
They even had to draw up an exact schematic to cut only the necessary parts. Exactly like pcb trimming but while its powered up.
They were spot on when they made that part of the show and really knew how to go about the cutting.
Miss Takes is a very naughty girl but in this case she knows the drill🥳😄
This is a truly awesome series and is in my save list.
Live long and prosper🖖
I love how in 6:28 you repeat what you said in 5:25 because this entire hack just sounds SO DAMN RISKY
I remembered doing my 360 with that little drill kit from Xecuter that I found someone selling locally. But I remembered putting a drop of isopropyl alcohol as you drill right?
No, I never add alcohol
that two IC Bonding wire could be as thin as 10 micro meter (yes, micro; not mili) so that's a really precise drill right there.
I just bought an unlocked board and flashed my dvd key job done it was too easy in the 360 days i loved modifying them even the leds
No
The fact that in hindsight it's so simple is amazing.