Jump to content

Softmod

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Ozankk (talk | contribs) at 13:14, 22 November 2022 (rephrasing ps3/ps4/ps5 and correcting previous information i put). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

A softmod is a method of using software to modify the intended behavior of hardware, such as video cards, sound cards, or game consoles in a way that can overcome restrictions of the firmware, or install custom firmware.[1]

Video card softmods

Video cards that can be modified using software to faster versions (without regard to clock speed) usually contain mostly the same hardware. Softmodding a card should not include changing the video card's BIOS, as that is a BIOS flash.[citation needed] Currently only four softmods are known,[citation needed] a Radeon 9500 NP to a 9500 Pro (128 bit) or 9700 (256 bit), a Radeon 9800SE (with 256-bit L-shaped memory layout on the PCB) to a Radeon 9800 Pro, a GeForce 6200 to a 6600, and a GeForce 6800NU to a 6800GT. The act of a softmod usually enables pixel rendering pipelines, though may also include other enhancements. A softmodded card may not always reach the same performance as the real card it has been changed to, but the difference should be very little; and generally not noticeable. The softmodding is not guaranteed to always work; sometimes the pipelines have been disabled for a reason, e.g., a defect that produces artifacts when enabled.

Softmods for Xbox

Softmod is also a term used to refer to modifying an Xbox without the use of a mod chip.

Softmods for Xbox used to include a font exploit installed through exploits in savegame code for MechAssault, Splinter Cell, 007: Agent Under Fire, and Tony Hawk's Pro Skater 4. Usage of the Splinter Cell or Tony Hawk's Pro Skater 4 disc is generally recommended as any version of the game will run the exploit, whereas certain production runs of Mechassault and Agent Under Fire are needed to use the exploit. Originally, via a piece of software called "MechInstaller" created by members of the Xbox-linux team, an additional option could be added to the Xbox Dashboard for booting Linux. The Font-hack works by exploiting a buffer underflow in the Xbox font loader which is part of the dashboard. Unfortunately, since the Xbox requires the clock to be valid and the dashboard itself is where you set the clock there is problem if the RTC backup capacitor discharges. The Xbox will detect that the clock isn't set and therefore force the dashboard to be loaded which then promptly reboots due to the buffer overflow exploit. Upon restarting, the Xbox detects the clock is invalid and the process repeats. This became known as the infamous "clockloop".[2]

Softmod for Xbox 360

There is no whole-system (that will allow full root access and installing homebrew) softmod for Xbox 360 consoles. However, ways were found to modify the firmware of the DVD drive of the console. This allows the system to play games from "backup" (non-original) game discs. This requires opening of the console but no additional hardware such as a modchip is permanently installed into the system. Microsoft responded by introducing console ban system. If the data stream from the DVD drive indicated signs of unauthorized use, Microsoft would permanently ban the console from using Xbox Live service. The ban never expires and can only be fixed by purchasing another console. Other measures, such as introducing new hardware revisions to prevent modifications and checking/updating the drive firmware during dashboard updates, have been made too.

Softmods for PlayStation Portable

Much like the Xbox, it is possible to softmod almost any PSP. Using various exploits (such as the TIFF exploit or specially crafted savegames from games such as Grand Theft Auto: Liberty City Stories, Lumines, and later GripShift) or original unprotected firmware, the user can run a modified version of the PSPs updater, that will install custom firmware. This newer firmware allows the booting of ISOs, as well as running unauthorized (homebrew) code. A popular way of running homebrew code to softmod the PSP is by using the Infinity method.

Softmods for Wii

Wii softmodding is also closely related to the methods used to softmod Xboxes and PSPs. The first known method of loading unsigned code on a Wii (without a hardware mod) is known as the Twilight hack. This allowed users to run unsigned .dol/.elf files. The exploit was superseded by the development of Bannerbomb, which allows a user to run unsigned code on the console without relying on an exploit within a game. Bannerbomb works by using a malformed banner to inject a loader program into the Wii Menu program in memory. As the Wii Menu crashes, an unsigned executable is executed. Bannerbomb was superseded by Letterbomb, which uses a glitch in the Wii Message Board to crash the Wii Menu and load the .dol/elf file, allowing the user to install the Homebrew Channel.

These types of exploits have enabled the development and use of third-party homebrew applications, such as the Homebrew Channel, third-party games, media players, and many others. It can also be used to launch game backups, and opened the door to videogame copyright infringement. The Wii homebrew community generally discourages the use of the term "softmod" to refer to Wii homebrew in general, as it is considered to have negative connotations due to its association with copyright violation. As hardware modifications do not help the use of third-party software due to the console's security architecture, software modification is implied whenever homebrew software is in use. The term is therefore used to refer to software modifications that perform the same function as existing hardware modifications, that is, those that enable the use of copied games.

Softmods for PlayStation 2

The PlayStation 2 has various methods of achieving a softmod.

Disc swapping was used early on to bypass the PlayStation 2 copy protection, by taking advantage of certain trigger discs such as 007: Agent Under Fire or Swap Magic, homebrew could be loaded. This was done by inserting the trigger disc, blocking the lid open sensor then hotswapping with a homebrew disc. Although difficult to execute correctly, the universality of the method was often used in order to softmod.

One of the earliest softmods developed - the Independence Exploit - allows the PlayStation 2 to run homebrew by exploiting a buffer overflow in the BIOS code responsible for loading original PlayStation games. This method, however, only works on models V10 and lower, excluding the PlayStation 2 slim, while still requiring a disc to be burned.[3]

FreeMcBoot is an exploit that works on all models except the SCPH-9000x series with BIOS v2.30 and up.[4] It requires no trigger disc and is able to directly load ELFs from the memory card.

HD Loader is an exploit for PS2 models with the hard drive peripheral.

FreeDVDBoot is an exploit discovered in 2020 that requires burning a disc image loaded with a payload onto a DVD-R. It is compatible with a range of PlayStation 2 models and works by exploiting a buffer overflow in the PS2's DVD video functionality.[5]

Softmods for PlayStation 3

The PlayStation 3 has a couple of methods to achieve a softmod. They rely on WebKit vulnerabilities in the PS3 Web Browser. All models of PS3 can be softmodded regardless of model.

Consoles that have factory installed (minimum firmware) of version 3.55 or less can be exploited to be flashed with custom firmware (unofficial firmware). This includes all "fat" and "slim" 20xx and 21xx models. Slim 25xx models may be exploitable, but only if their date code is 0D or less; sometimes date code 1A consoles may be on factory installed 3.55, however this should not be relied on. Slim 30xx and all "super slim" models cannot be exploited. These guidelines assume a console has not been taken to Sony to be serviced, as Sony may update the factory installed firmware. Custom firmware can either be flashed using a modchip or a WebKit exploit, which patches the current firmware and forces the console to "downgrade" which in ordinary circumstances would not be possible. Custom firmware grants complete control over the console, having access to level 0 and level 1. This allows users to run homebrew, load game backups, bypass region checks, change fan and CELL/RSX speeds, grant access to root keys, as well as run PS2 ISOs on unsupported backwards compatible models. It also compromises the hypervisor which makes it very stable. Some custom firmware implementations reinstate features Sony removed such as "OtherOS".

Another popular softmod is PS3HEN. This softmod uses a WebKit exploit to install a signed file through the PS3 Web Browser, then uses another WebKit exploit which grants level 2 access when executed. As opposed to custom firmware, this is a tether softmod meaning PS3HEN has to be activated every time the console is powered on, however it supports all models of PS3 consoles. Users on official firmware 4.84 or later need to install hybrid firmware (another type of unofficial firmware), as Sony only removed the WebKit entry point but hybrid firmware reinstates it. This softmod shares a lot of custom firmware features - users can run homebrew, load backups of games, bypass region checks, and change fan speeds. The unofficial PS2 backwards compatibility is diminished as users can only run PS2 Classics encrypted PKGs instead of ISOs. The hypervisor is still intact and periodically checks if the current code being ran is unsigned, there is a small chance if the current code is unsigned, it can lead to the console becoming unresponsive or shutting down, making it less stable than custom firmware. Hybrid firmware is recommended in general when using PS3HEN even if below official firmware 4.84 because it also contains fixes that help stabilise the console in a softmod state compared to official firmware.

Softmods for PlayStation 4

The PlayStation 4 has ways to achieve a softmod, mostly by WebKit exploits in the PS4 Web Browser in combination with kernel exploits, which allows users to run homebrew, load game backups, bypass region checks, and change fan and CPU/GPU speeds. Some payloads can boot the PS4 into a Linux distribution. They are all tether exploits meaning they have to be performed every time the console is powered on.

Notable firmware versions that result in a softmod are: 5.05/5.07, 6.72, 7.02, 7.55, with 5.05/5.07 being the most stable. There is also the 9.00 exploit which is slightly less stable than the 5.05/5.07 exploit however this requires inserting a specially crafted USB flash drive in a small window of time in order to obtain kernel access and therefore does not meet the definition of a softmod.

Softmods for PlayStation 5

The PlayStation 5 currently has softmods of a very limited capacity. Firmware revisions that are vulnerable 4.03, 4.50 and 4.51. The entry points for these exploits can be either inserting a specially crafted Blu-ray disc for the disc version, or WebKit for the digital version (although this also works for disc ones too). Two of the kernel exploits in these revisions were previously fixed on the PS4 prior to the release of the PS5. These limited softmods allows the install of PKGs (but not run them), start an FTP server, dump PS5 files, modify the PS4 backwards compatibility blacklist, as well as enabling the Debug Settings. Previously these exploits would be sufficient to have complete control over the PS4 however the PS5 has added security measures in comparison, mainly a hypervisor which is yet to be compromised and likely to be the only obstacle standing in the way until full control is established.

Nintendo 3DS Modding

The Nintendo 3DS has become one of the most popular console platforms for modding, as the procedure requires very little other than the 3DS itself, and is relatively simple for the latest firmware (version 11.13.0 as of July 2020) and below, using the "unSAFEmode" method. Other methods use either a 3rd party flashcard with an "NTR Boot" payload, or more difficult techniques, such as a NAND memory hardmod or DsiWare injection system transfer exploit. The most well developed and commonly used Custom Firmware (CFW) is known as Luma3DS. It contains features such as EmuNAND, A.K.A. NAND redirection, running non-system menu payloads on boot, and installing Homebrew titles to the main menu. A popular homebrew app used for piracy, known as Freeshop,[6] was shut down by Nintendo with system update 11.8 by requiring a title key authorization on the Eshop download servers, thus making all NUS downloaders[7] for the 3ds to no longer function.

Computer DVD drives

Some DVD drives, such as those made by Lite-on, can be softmodded to ignore region coding, allow clearing of the drive's learned media calibration data, and enable DVD+R to DVD-ROM book type coding that is persistent across reboots. This is distinct from cross-flashing the drive or installing unofficial firmware, and does not modify the drive's firmware.[8]

References

  1. ^ Qin Zhou; Nigel Poole (2010). Dasun Weerasinghe (ed.). Information Security and Digital Forensics: First International Conference, ISDF 2009. Springer Berlin Heidelberg. pp. 50–56 [53]. ISBN 978-3-642-11530-1. Retrieved 14 July 2010.
  2. ^ "The Official Clock Loop Thread". Retrieved 26 April 2016.
  3. ^ "How to make your own Memory Card Exploit using the Independence Installer". Retrieved April 24, 2013.
  4. ^ "PS2 Softmod Install Tutorial". Archived from the original on March 21, 2013. Retrieved April 24, 2013.
  5. ^ Orland, Kyle (2020-06-29). "New hack runs homebrew code from DVD-R on unmodified PlayStation 2". Ars Technica. Retrieved 2020-12-29.
  6. ^ [1] Freeshop Taken Down By Nintndo
  7. ^ [2] NUS Downloaders
  8. ^ EEPROM Utility Myce.
Retrieved from "https://en.wikipedia.org/w/index.php?title=Softmod&oldid=1123196063"