Over the past couple of months, I have been on a quest. This quest has led me to many different locales, and it is still ongoing. Unfortunately, my quest has hit a roadblock of sorts for the moment, but it has not ended. I will explain more on that in a minute, but for now, I wanted to document the things I have found out thus far.
After hours of searching the net for a solution of using a Seagate hard drive in my Xbox, there was not a whole lot of happy news, however I have pieced together many sources, and have been able to change many of the drive’s parameters manually, effectively mirroring the functions of HDDHACKR. This is the main holdup that Seagate drives face. There is no automated way of doing this like there is with a Western Digital Drive. Just for your information, the information in my post is not for the faint of heart, and you probably will kill your hard drive if you are not very careful. I take no responsibility for what you do to your hard drive. This is in no way a complete tutorial, nor can I guarantee that this will work for you. My hope is that someone will benefit from the information that I have pieced together. Even though I have not completed this project, I believe I have found enough information that someone somewhere will have better luck than I have.
It is about 2:00 in the morning as I finish typing this, and I am on my way to bed. This is a work in progress, so pictures will come at a later date. For now, I am happy with what has been written, and it will suffice for now.
-Hex Editor (I use HxD. It’s free, and it works quite nicely. wxHexEditor works nicely for our *Nix friends as well. You need one that is able to open a physical disc.)
-RS232 to TTL Adapter (Max32 or similar. You can even use an Arduino if you don’t have anything else)
-External SATA enclosure (Makes it easier to control the power to your hard drive, without having to take apart your computer.)
-A SATA Controller that is compatible with HDDHACKR(We will not be flashing the firmware with this, but we will still be creating the partitions. You can do this manually also, but I will not detail that here)
-Plenty of time to experiment, and learn how to navigate the Seagate TMOS. I will tell you the commands I used to get as far as I did, but some of these commands vary from drive to drive. Even the same model numbers with different firmware revisions will have different command sets. BE VERY CAREFUL PLAYING WITH THESE SETTINGS. Take the time to learn what the commands do for yourself. The biggest mistake I made was trying a command that wasn’t made for my drive, and I have effectively bricked it for the moment.
-An Understanding of Hex. We will be dealing with hex addresses, and hex offsets. It will be much easier to follow if you understand Hex.
A Little Background Information
My first spark of inspiration was this site: http://tinyurl.com/6y75pxj. In this thread is a detailed list of how to manually place the security sectors of an official Xbox drive onto a different hard drive. The poster states that he has used this method to use a Seagate drive in his Xbox; however the tutorial itself was performed on a Western Digital drive. After numerous failed attempts at contacting the author of this thread and a few others, I did a bit more digging.
In short, what I learned was that when HDDHACKR modifies a hard drives firmware it changes 4 main things in the Hard Drive’s Firmware. These changes are taken from a valid hddss.bin that has been dumped from an official Xbox Hard Drive.
- It changes the Model Number
- It changes the Serial Number
- It changes the LBA
- It changes the Firmware Revision
After changing these things, it will then copy the information in the hddss.bin file to sectors 16-22 of the hard drive itself.
The previous link details the security sector of an official drive, and how it is structured. Basically the Xbox compares the information in these sectors (or the hddss.bin) to the physical drive’s information. If even one of the things in this list is not correct, the Xbox will refuse to see the hard drive as available local storage.
So, our goal is to change all of this information on the drive ourselves. This proves somewhat difficult however because there is not very much documentation on how this is done. There is a lot of guess work, and crying. In the end, our goal will be to change the previous 4 items to the following.
- Model number will be ST9250315AS (Will be entered in Hex)
- Serial Number will be 5VCF5J11
- LBA will be will be 70 59 1C 1D (Hex value)
- Firmware Revision will be 0002CE02 (Will be entered in Hex)
Another problem that exists is that a Seagate hard drive only allows 8 character serial numbers, and most of the available hddss.bin files freely available on the net are dumped from Hitachi drives. These drives have serial numbers that are up to 15 characters. Since this is the case, there is no way to successfully spoof the drive into looking like a Hitachi. The only real solution is to use an hddss.bin file that has been dumped from an official Seagate drive.
Oh yeah, for your information, all of my findings were done on a Seagate ST9250827AS Rev. 3.AAA
Connecting with SeDiv or Putty
To test your connection, open Putty or SeDiv, and open the connection with 9600 for your baud rate, 8 data bits, no parity, 1 stop bit, and no flow control. Plug the power into the hard drive, but not the data cable. If it works you will see some text come up in the terminal. If not you may have your Tx and Rx wires reversed.If you look to the left of the Power/SATA connector on the drive you are working on you will notice a few small pins. These pins are for the diagnostics port of the drive. From right to left, the pins are Rx, Tx, Gnd. There is a fourth pin, but you need not concern yourself with it. When connecting your TTL adapter, Rx on the Drive goes with Tx on the adapter, and Tx on the drive goes with Rx on the adapter. If you use an external enclosure to supply power to the drive, you shouldn’t have to worry about the ground connection because the USB connector should take care of that. Otherwise, you will have to find a way to ground them together.
For me, it says something like:
Buzz HM SFI
If you get this point, great! If not, you will need to do some more research on your own. There are quite a few tutorials about this lying around. You may have a look at https://sites.google.com/site/seagatefix/ – This will show you all the steps involved in creating a TTL adapter. The Baud rate is different from my drive, but you may need to try some different speeds to get yours working.
Basic Terminal Structure and Changing the Serial Number
So, once you have gotten the output in Putty or SeDiv, press Ctrl-Z. This should bring you to a prompt that says something like:
So you know, every command that you enter in this prompt is case sensitive, so you will need to watch what you are entering. Some commands have completely different effects whether you use the upper case or lower case command. Know that if you are not paying attention you can easily brick your drive with a one letter command. Please be careful. The prompt does not recognize backspace, so if you make an error, you are kind of stuck with it. If you have a doubt about what you entered, your best option is to press Ctrl-C BEFORE hitting enter. This will restart the terminal. Sometimes this means you will probably have to re-enter everything you just did, but it’s better than overwriting something that could brick your drive. Please also know that copy and paste doesn’t work very well with the prompt. It will usually end poorly, so even though it’s a pain, I highly recommend typing every command manually.
The command prompt is separated into different levels. Each level has a different function, and different commands to go along with it. Some of the commands you can enter at a level work completely different that they would at a different level, so keep an eye on which level you are on. There is a level for the numbers 1-9, a few different letters. The letter levels I know about are C, F, and T. We will be mainly dealing with Level T. The level is shown before the > at the prompt. So the above example would be at Level T. If you want to change to Level 2 for instance, you can do so with the following command:
(note: you only type the “/2”)
This would change the prompt to:
Some Seagate hard drives can tell you a list of the commands available to you, but mine did not, at least not with the examples I found. You can try this on your drive however, by changing to Level C and using the “Q” command.
As I stated however, basically everything we need to do can be accessed from Level T. If you are not there currently, then type /T to get there and we should be back to:
The first thing we are going to change is the Serial Number of the drive. This is the easiest thing to do in the console, so we are going to do this first.
At the prompt type “#”
The prompt will then ask you to enter the drive’s serial number. If you open the hddss.bin file I have supplied with a hex editor, and compare it to the site I linked to before, you can see that the serial number is “5VCF5J11”. Enter this Serial Number into the prompt and hit enter. It will then ask you for the Pack-Writer Serial Number. I just left this blank, so hit enter and go on.
It will look something like this:
Enter Drive S/N 5VCF5J11
Enter Packwriter S/N
Congrats! You are a fourth of the way there. You have successfully changed the Serial Number (hopefully :D)
AT Stuff, SetStuff, and Changing the Model Number
Back at Level T, the next thing you will want to do will help you find the offset of your model number. This is called “AT Stuff”. This is accomplished by pressing Ctrl-U at the prompt. (If you read the data sheets I’ve linked documenting how to use the console this will be shown as ^U. Any command in this manual with ^ in it means Ctrl+ whatever the key was. (ie: ^Z is Ctrl-Z, etc.)
So pressing Ctrl-U at the T> prompt brings something like:
0000: 0c5a 3fff c837 0010 0000 0000 003f 0000
0008: 0000 0000 2020 2020 2020 2020 2020 2020
0010: 3556 4346 354a 3131 0000 4000 0004 332e
0018: 4141 4120 2020 5354 3932 3530 3832 3741
0020: 20ff 2020 2020 2020 2020 2020 2020 2020
0028: 2020 2020 2020 2020 2020 2020 2020 8010
0030: 3331 2f00 4000 0200 0200 4153 3fff 0010
0038: 003f 3235 0000 0010 ffff 0fff 0000 0007
0040: 0003 5320 0078 0078 0078 0000 0000 0000
0048: 0000 0000 0000 001f 0506 0000 0048 0040
0050: 01f0 0029 346b 2020 6103 0461 1000 4103
0058: 007f 0000 0000 8080 fffe 0000 fe00 0000
0060: 0000 0000 0000 0000 5970 1d1c 0000 0000
0068: 0000 0000 4000 0606 0000 0000 0000 0000
0070: 0004 0000 0000 0000 0000 0040 0f41 0000
0078: 0000 0000 0040 0000 0440 0400 0800 0180
0080: 0001 5970 1d1c 5970 1d1c 2020 0002 0ab6
0088: 8002 0000 3c06 3c06 ffff 07c6 0100 0000
0090: 100f 1800 0002 0080 0000 0000 6080 0000
0098: 0000 0000 0000 0000 0000 0000 1e00 000b
00a0: 000f 0006 0003 0000 0032 0014 0033 0024
00a8: 000f 001e 0032 0000 0013 0022 0032 0014
00b0: 0032 0000 003a 0000 0022 002d 0032 0000
00b8: 0032 0000 0022 0000 001a 0000 0012 0000
00c0: 0010 0000 003e 0000 0000 0000 0032 0000
00c8: 0000 0000 0000 0000 0000 0000 0000 0000
00d0: 0000 0000 0000 0000 0000 0000 0000 0000
00d8: 0000 0000 0000 0000 0001 0002 ffff ffff
00e0: 0000 0000 0003 0066 1770 0015 0025 1200
00e8: 0000 0000 0000 0000 0000 0000 0000 0096
00f0: 0001 0000 0000 0200 0001 0000 0000 0000
00f8: 0000 0000 0000 1556 0000 0000 0000 0000
DRIVE HAS BEEN SET-STUFFED –
This is a lot of information for us, but fortunately it is also quite useful. Make sure when you run this command, you copy what you see in the windows to a text file. We will refer to it a couple more times.
On the left before the colon is the starting offset of that line. So,
0000: 0c5a 3fff c837 0010 0000 0000 003f 0000
starts at the beginning. This offset begins with 0000. So in this line offset “0000” is “0c5a”. Offset “0003” is “0010” These lines are only 8 offsets long, running from 0000 to 0007. The next line runs from 0008 to 000f, and so on. What we are looking for here at the moment is our drive’s Model number. An easy way of accomplishing this is copying and pasting each line, minus the offset number, into out hex editor. This will display the Plain Text of what our hex codes mean. So,
0c5a 3fff c837 0010 0000 0000 003f 0000
Not exactly the most helpful information in the world, but if we keep going, we find some interesting things. In particular, look for a line that has a value with “5354” this value is translates to “ST” and that is the beginning of our model number. I found mine at offset 1b. This is the line:
4141 4120 2020 5354 3932 3530 3832 3741
Which translates into:
Even though the rest of the model number spills onto the next line, we can clearly see that this is valuable information. We obviously need to change this, so we do that with the SetStuff command, which is F. This is also accessed through Level T. Our Target Model number is ST9250315AS, which in hex is 5354 3932 3530 3331 4153. We need to change the offsets one at a time, so the commands would be as follows.
Stuff key 1b -> 53 54
So, we type F, which prompts us with SetStuff->, to which we enter ASCI1B5354. Every command we will enter with SetStuff will always begin with ASCI (Not to be confused with ASCII) immediately followed by the offset (1B), which is also immediately followed by what hex value we want to change it to (5354). If our command was correct, it will give us Stuff key 1b -> 53 54, showing that the operation was successful. If it doesn’t show Stuff Key ->, the operation was not successful, and you will have to try again. Make sure you typed it correctly.
So, we need to do this to all the offsets of our model number. According to some websites that I checked it is good to enter spaces (hex 20) after the model number for a few offsets to make sure that the model number doesn’t have any garbage characters after it. So,
Stuff key 1c -> 39 32
Stuff key 1d -> 35 30
Stuff key 1e -> 33 31
Stuff key 1f -> 41 53
Stuff key 20 -> 20 20
Stuff key 21 -> 20 20
Stuff key 22 -> 20 20
Stuff key 23 -> 20 20
When we finish overwriting the model number, we send the W command. This writes the changes to disc.
At this point, I would suggest restarting the terminal, and running ^U again. You can look at the AT Stuff log again, and check the offsets to see if your changes are intact. If they are ok here, power off the drive and disconnect the serial cable. Connect the data and power cables to the drive, and turn it back on. When Windows detects it, keep an eye on what model number shows up in the Device Manager. If it is our new model number, then you have been successful. If junk characters or anything extra appear next to the drive name, you may need to go back and use the SetStuff command to add spaces to a few more offsets.
Writing the LBA and the Firmware Revision
These last two are basically the same as writing the model number. I wasn’t really sure what I was looking for when I was trying to find the LBA offset, but I found this site: http://tinyurl.com/cxgvqva – This is also where I found out how to use SetStuff in the first place. If you know what your drive’s LBA is in hex before you start, you will have a huge advantage over me, but I did not. I noticed that since their Model Number Offset started at 1B, the same as mine, I figured the LBA offsets could quite possibly be the same, so I used SetStuff to modify offset 83 and 84. (NOTE: On this site, they put the whole string of numbers they wanted to change into one offset instead of doing them one by one like we did with the model number. I tried this, and it did not work for me. Instead, it started changing offsets that were incorrect, or it would just not do anything. I still think the best/safest way is to do them one at a time, even if it takes longer.) They also recommend changing offsets 3C and 3D to the same values; however I did not see that the first time I read it. After this, send ^T
So it will look something like this:
Stuff key 83 -> 70 59
Stuff key 84 -> 1c 1d
Stuff key 3C -> 70 59
Stuff key 3D -> 1c 1d
I was never 100% I did the LBA correctly, but this was the best information that I found about that portion of the change.
Same goes for the Firmware Revision, and this is one part I got stuck on.
If you look in the AT Stuff dump you took earlier, you will notice that 3.AAA, or the Firmware Revision number for me anyways, was directly in front of the drive’s model number. It populated offsets 17-1A on my drive. I did the same SetStuff we have been doing to change it, but the drive reverts to its old offset when it is restarted. I will post what I did anyways so you can look, and hopefully have better luck than I did. We want to change the revision to the hex value of 3030 3032 9495 4345 3032
Stuff key 17 -> 30 30
Stuff key 18 -> 30 32
Stuff key 19 -> 43 45
Stuff key 1a -> 30 32
Like I said, running ^U before resetting the drive shows the changes I made in the correct place. After restarting the drive, it resets the offsets to what they were previously. I don’t know if this will happen to you as well, so try it out and see what happens. I have no way of testing anything else at the moment, so if it doesn’t work, I won’t be of much help.
Using HxD to Copy the Security Sectors
Power down the drive, and disconnect it from the serial cable and power. In HxD you will want to open two things. First, you will want to open the HDDSS.bin file you got from me. Second you will want to put the hard drive in your external enclosure and connect it to your computer. Inside of HxD, you will want to go to extras, then select open disk. In the physical disks section, select the last one (usually). It’s best to only have 2 disks total to make it easier. (Your main OS disk, and the Seagate we are working on.) Make sure read only is unchecked. Go back to the HDDSS.bin tab, and select everything. Edit copy. Go back to the disk tab. Scroll down to Sector 16. Select all of Sector 16 down to Sector 22. Edit paste insert. When you are feeling brave, File Save.
Using HDDHACKR to Create the Partitions
You will need to make a bootable USB stick or cd with a copy of MS-DOS on it. There are quite a few tutorials how to do this, so I won’t cover it here. You will need to copy HDDHACKR onto whatever bootable medium you choose.
Power down the computer you are going to connect the drive to, and hook your Seagate drive up. It is also a good idea to disconnect the other drives in the computer to prevent overwriting the wrong one. Power up the machine with the bootable medium connected. Boot into MS-DOS, and then run HDDHACKR. It will scan your system for discs. Select your Seagate drive from the list. We don’t need to worry about flashing the bin file, since it won’t work anyways. Select Create Partitions instead. It will probably say it was successful, but it won’t go back to the command prompt. Power down the computer when the partitions are created successfully.
What Happens When You Make a Mistake
This is where I got before I bricked my drive. I was trying a new command that I wasn’t too sure about, and it ended up disallowing me to enter the T> prompt. Instead, I am stuck in Level F, and I am unable to change levels. Currently, I am getting the following error when the device is powered on:
Buzz HM SFI
Code – 43 Track 0F82F.0.01E Sns 01E
So, that is as far as I got. I had just about everything (I think, minus the Firmware Revision), and then made a mistake.
Will this guide let you use your Seagate drive in your Xbox? I can’t say for sure. I am fairly confident that if someone were able to find a way to change the firmware revision successfully, the Xbox would recognize the drive.
I do hope that the information is somewhat helpful to someone. I would love to hear back from you, and know if this has helped someone. I have no intention of quitting on this project. I hope someday soon to figure out my way past the error I am plagued with at the moment, and continue figuring out how to make this work. If anyone has any tips on what things to try, I’m all ears.
Other Sites I Found Useful
http://forum.hddguru.com/seagate-terminal-commands-t6411.html – List of Terminal Commands for Seagate Drives. It’s kind of a mess, but there a quite a few better forma
http://beta.ivc.no/wiki/index.php/Xbox_360_Hard_Drive_Upgrade – Explains the Structure of the Xbox 360s Hard Drive.
http://forums.xbox-scene.com/index.php?showtopic=690435 – Very Basic overview of the same steps I just explained.
http://files.hddguru.com/download/Datasheets/Seagate/Seagate%20Diagnostic%20RS-232%20Port/ – Datasheets for the Seagate Terminal Console. Also includes pictures of how to setup correctly the TTL Adapter
http://sediv2008.narod.ru/Easy1014.rar – Download the SeDiv Program. This serves basically the same purpose as putty or hyperterminal, but it is much more powerful when dealing with Seagate drives, as this is what it was made for.
http://www.xboxhacker.org/index.php?topic=11813.0 – hddhackr was made for western digital drives, but we can still use it to make partitions for us.