|This article needs additional citations for verification. (March 2008)|
A softmod is a method of using software to modify the intended behaviour of hardware, such as video cards, sound cards, or game consoles in a way that can overcome restrictions of the firmware, or install custom firmware.
Video card softmods
Video cards that can be modified using software to faster versions (without regard to clock speed) usually contain mostly the same hardware. Softmodding a card should not include changing the video card's BIOS, as that is a BIOS flash. Currently only four softmods are known, a Radeon 9500 NP to a 9500 Pro (128 bit) or 9700 (256 bit), a Radeon 9800SE (with 256-bit L-shaped memory layout on the PCB) to a Radeon 9800 Pro, a GeForce 6200 to a 6600, and a GeForce 6800NU to a 6800GT. The act of a softmod usually enables pixel rendering pipelines, though may also include other enhancements. A softmodded card may not always reach the same performance as the real card it has been changed to, but the difference should be very little; and generally not noticeable. The softmodding is not guaranteed to always work; sometimes the pipelines have been disabled for a reason, e.g., a defect that produces artifacts when enabled.
Softmods for Microsoft Xbox
Softmods for Xbox used to include a font exploit installed through exploits in savegame code for MechAssault, Splinter Cell, and 007: Agent Under Fire. Usage of the Splinter Cell disc is generally recommended as any version of the game will run the exploit, whereas certain production runs of Mechassault and Agent Under Fire are needed to use the exploit. Originally, via a piece of software called "MechInstaller" created by members of the Xbox-linux team, an additional option could be added to the Xbox Dashboard for booting Linux. The Font-hack works by exploiting a buffer underflow in the Xbox font loader which is part of the dashboard. Unfortunately, since the Xbox requires the clock to be valid and the dashboard itself is where you set the clock there is problem if the RTC backup capacitor discharges. The Xbox will detect that the clock isn't set and therefore force the dashboard to be loaded which then promptly reboots due to the buffer overflow exploit. Upon restarting, the Xbox detects the clock is invalid and the process repeats. This became known as the infamous "clockloop".
Softmods for Sony PSP
Much like the Xbox, it is possible to softmod almost any PSP. Using various exploits (such as the TIFF exploit or specially crafted savegames from games such as Grand Theft Auto: Liberty City Stories, Lumines, and later GripShift) or original unprotected firmware, the user can run a modified version of the PSPs updater, that will install custom firmware. This newer firmware allows the booting of ISOs, as well as running unauthorized (homebrew) code.
Softmods for Nintendo Wii
Wii softmodding is also closely related to the methods used to softmod Xboxes and PSPs. The first known method of loading unsigned code on a Wii (without a hardware mod) is known as the Twilight hack. This allowed users to run unsigned .dol/.elf files. The exploit was superseded by the development of Bannerbomb, which allows a user to run unsigned code on the console without relying on an exploit within a game. Bannerbomb works by using a malformed banner to inject a loader program into the Wii Menu program in memory. As the Wii Menu crashes, an unsigned executable is executed. Bannerbomb was superseded by Letterbomb, which uses a glitch in the Wii Message Board to crash the Wii Menu and load the .dol/elf file, allowing the user to install the Homebrew Channel.
These types of exploits have enabled the development and use of third-party homebrew applications, such as the Homebrew Channel, third-party games, media players, and many others. It can also be used to launch game backups, and opened the door to videogame piracy. The Wii homebrew community generally discourages the use of the term "softmod" to refer to Wii homebrew in general, as it is considered to have negative connotations due to its association with videogame piracy. As hardware modifications do not help the use of third-party software due to the console's security architecture, software modification is implied whenever homebrew software is in use. The term is therefore used to refer to software modifications that perform the same function as existing hardware modifications, that is, those that enable the use of copied games.
Softmods for Sony PlayStation 2
Much like the Wii, the PlayStation 2 has various methods to achieve a softmod. One of the earliest methods developed, known as the Independence Exploit, allows the PlayStation 2 to run unsigned code by exploiting a buffer overflow in the BIOS code responsible for loading original PlayStation games. This method, however, only works on models V10 and lower, excluding the slim PlayStation 2. It also requires a special "trigger disc" to be able to boot homebrew code. Another exploit, known as Free McBoot that can work on any model of the console except the SCPH-9000x series with BIOS v2.30 and up. This can be installed by editing a file on a game disc (such as 007: Agent Under Fire) putting an application known as ULaunchELF on the disc, burning the modified game to a DVD, then blocking the disc drive's sensors to allow hotswapping of the disc when needed. Free McBoot requires no trigger disc, instead is able to load it's executable, called an ELF, off of a standard memory card. This also locks the softmod to a specific memory card and console, however.
Homebrew can be executed off a memory card, and there are a wide variety of programs available. These include media players, emulators for other gaming consoles, tools to copy a memory card to a PC, and tools to load game disc images. Additionally, through the use of a program known as HD Loader, one may load game images off of the PlayStation 2 hard drive, opening the door to piracy of commercial games.
- SoftMod Xbox for Free (Hotswap Technique!)
- Halo 2 Modding Tutorials
- Xbox Linux
- Full hacking guide for 4.2 system menus (Wii)
- PS2 Independence mod
- Qin Zhou; Nigel Poole (2010). Dasun Weerasinghe, ed. Information Security and Digital Forensics: First International Conference, ISDF 2009. Springer Berlin Heidelberg. pp. 50–56 . ISBN 978-3-642-11530-1. Retrieved 14 July 2010.
- "How to make your own Memory Card Exploit using the Independence Installer". Retrieved April 24, 2013.
- "PS2 Softmod Install Tutorial". Retrieved April 24, 2013.