Xbox 360 File System Decoded

slurpster writes "The register reports that Pi group has decoded the file system used in the Xbox 360. They write "Once you get past the protections and down to the raw bits on the disc, its just the standard xboxdvdfs, however the offset and layer breakpoint are different.""

Re:how?

[tpgp]

I've always wondered how you actually go about understanding a file system with absolutely no documentation.

From Wikipedias Reverse Engineering Page

Reverse engineering of software can be accomplished by various methods. The three main groups of software reverse engineering are:

      1. Analysis through observation of information exchange, most prevalent in protocol reverse engineering, which involve using bus analyzers and packet sniffers for example for listening into a computer bus or computer network connection, revealing the traffic data underneath. Behaviour on the bus or network can then be analyzed for producing a stand-alone implementation that mimics the same behaviour. This is especially good for reverse engineering of device drivers.
      2. Disassembly using a disassembler, meaning the raw machine language of the program is read and understood in its own terms, only with the aid of machine language mnemonics. This works on any computer program but can take quite some time, especially for someone not used to machine code.
      3. Decompilation using a decompiler, a process that tries, with varying result, to recreate the source code in some high level language for a program only available in machine code.

I suspect that methods 1 and 2 would have been most useful for the original xbox dvd filesystem.

If your filesystem is writable, you can try:

      1. Look at the volume with a hex editor
      2. Perform some operation, e.g. create a file
      3. Use the hex editor to look for changes
      4. Classify and document the changes
      5. Repeat steps 1-4 forever

(from The linux ntfs faq