Modchip
A Mod. Chip, an abbreviation of 'Modification MicroChip', is a device used to circumvent the digital rights management of many popular game consoles, including those made by Microsoft (Xbox series), Sony (PlayStation series), and Nintendo (GameCube, Wii) for the purposes of playing backup, imported, pirated, or homebrew games and/or applications. They are used mostly on systems that are CD/DVD-based due to the availability and low cost of blank media such as CD-Rs and DVD+/-Rs.
Almost all modern console gaming systems have hardware-based schemes which ensure that only officially sanctioned games may be used with the system and implement regional lockout similar to the scheme used in DVD movies. The specific technical nature of these DRM systems varies by system, and may include cryptographic signing (Xbox), intentionally unreadable sectors (PlayStation, Sega Saturn), custom optical media (GameCube, Dreamcast), or some combination thereof. Modchips are available also for some DVD players, to defeat region code enforcement and user operation prohibitions.
Modchips typically require some level of technical ability to install. Most commonly, modchips must be soldered on to a console's motherboard, although there are no-solder install kits (which instead rely on the precise positioning of electrical contacts within the case) which work with some revisions of the PlayStation 2 and Xbox hardware.
Legality
The term modchip and mod chip are trademarks of modchip inc http://www.modchip.ca legal information can be found Here
Australian legality
On December 5 2006, the Australian Federal Government amended Australia's Copyright Act to classify mod-chips as Access Control Technological Protection Measure (ACTPM) circumvention devices. However any console that employs a region code (or similar geographical market segmentation device) is not protected under the new laws. Law firms such as Minter Ellisonhave confirmed that if a games console contains a region code then mod-chips for that console are entirely legal so long as they are able to bypass that region code. All current games consoles (excluding the Nintendo DS) employ some form of region code, whether they be for games, DVD (PS3, Xbox 360), UMD (PSP) or Blu-Ray (PS3) videos.
Current Australian Mod Legality Summary (as of January 1, 2007)*:
This presents a marked change to the Copyright Act in which previously mod chips had always been legal (see Wikinews, right).
* Also note that Commodore4eva is about to release Xbox 360 mods that are legal in Australia (they will circumvent the DVD Video region code controls).
USA legality under DMCA
The Digital Millennium Copyright Act (DMCA) cites that circumvention devices, including, but not limited to mod-chips, are illegal, because the device circumvents the copy-protection features of their host systems. In reality, the mod-chips themselves are not illegal, they are just pieces of hardware inserted into the gaming console to override system defaults. The software is what is illegal because it was made to perform illegal actions such as decoding DVDs and copying games onto the Hard Drive.
In early 2003, iSONEWS.com was raided by the FBI, presumably for selling Xbox modchips with pre-flashed BIOSes. The impetus for the raid was likely the fact that iSO News was distributing hacked versions of the original Microsoft BIOS, thus redistributing Microsoft's copyrighted software without permission.
Legality elsewhere
Through lawsuits during 2002 in many countries, including against Lik Sang in Hong Kong and Neo Technologies and Channel Tech
- Sony v. Ball UK High Court June 2004 in the UK, it was found that Modchips were illegal devices. [1]
However, three years later in 2005, Modchips are still broadly available in the UK. Sony, Microsoft or Nintendo have not pursued other retailers and developers seriously. Apparently, Modchips are becoming illegal in more and more countries, due to changed legislation and amendments of laws for the digital age, and through lobbying activities of manufacturers and representatives. [citation needed]
Many companies are now selling modchips without any possibly DMCA-infringing BIOS code loaded onto the EEPROM portion of the chip module, or loading it with a totally legal BIOS containing none of the manufacturer's copyrighted code (for example the Cromwell BIOS developed by the Xbox Linux Project). It is then up to the customer to separately obtain a copy of their desired (possibly illegal) firmware and then to flash it into EEPROM.
On September 11 2006, Judge Claudia Wilken of the U.S. District Court awarded $3,750,200.00 in damages against corporate defendant Divineo, Inc. Divineo is a major international distributor of modchips, and the HDLoader Software for which it was sued by the ESA.
Pre fifth-generation consoles
Non-CD media based systems, such as the Sega Master System or the NES, did not have modchips produced for them. Instead they often used converters or passthrough/cartridge-like devices to circumvent regional lockout, and flash cartridges for back-ups and piracy.
Fifth-generation consoles
The fifth-generation of video game consoles is characterized not only with 32bit (sometimes 64bit) systems, but also the use of the CD medium for storing game software. Not every fifth-generation console used CDs, but a large portion of them did. Early CD media based consoles, like the Panasonic 3DO, did not have any method of regional lockout. The 3DO and the Sega CD also did not have a method of blocking burned CDs due to the rarity of CD burners at the time the systems were released. For these reasons, no mod chips were released for said 'earlier' fifth-generation consoles. It wasn't until the PlayStation arrived that mod chips started to surface.
PlayStation
Early mod chips for the PlayStation were soldered into the system, but later ones attached themselves to the extension port on the back of the original PlayStation. Later models of the original PlayStation, as well as the revamped PSone did not have this port so swap techniques became favorable. If a wide spring was inserted into the PlayStation (or a sticker for the PSone), holding a button down on the inside, making the unit believe that it is closed, a disc like the CDX version of the Gameshark could be used as a boot disc for CD-r based games.
Saturn
The Sega Saturn's copy protection relied on an outer 'ring' of data that could not be read or replicated by conventional CD burners. It was discovered though that the discs could be copied when a strip of tape was placed around the outer 'ring' of data. The Sega Saturn had a few mod chips created for it. Many were chips that allowed the system to be used for imports, disabling the regional lockout via a switch. This function was later made possible through the use of an Action Replay device that added the correct region code to the game before loading. There was only one successful modchip that allowed the use of CD-r based software which instructed the Saturn to ignore the copy protection 'strip' mentioned earlier. This modchip was more successful when installed in the North American Saturn that had the round 'power' and 'reset' buttons (as opposed to the oval\oblong ones). When burning games, it is possible to change the region code of an ISO to the region of a Sega Saturn prior to burning by using a program such as SatHeader, eliminating the use of a cartridge or 'region-mod' modchip.
Sixth-generation consoles
After the fifth-generation of video games, every console system featured CD\DVD-based media. For this reason the mod chip began to grow in popularity. And while the modchip was available, but not hugely popular, in the fifth-generation, the sixth generation saw widespread use of modchips. So much so that every sixth-generation console has a compatible modchip.
Dreamcast
The Dreamcast had modchips produced for it, but due to the Dreamcast's ability to boot backup games from standard CD-Rs or boot discs with no modification they achieved little popularity outside of the import scene.
Discs that did not boot automatically, often burned games that lacked or used a different region code than that of the Dreamcast unit being used, could be booted using a boot disc, released by Utopia. Another method included adding the appropriate region code to the CD image prior to burning.
See also: GD-ROM and Homebrew development
PlayStation 2
The original discs for PlayStation 2 titles have a series of pits and bumps before the data region which cannot be read or written to using a conventional CD recorder. For this reason, discs which have been copied using conventional means will not have this authentication region present, therefore the disc will fail to authenticate.
PlayStation 2 modchips come in several types:
- Generation 1 - "Swap" Modchips
- The "swap" modchips are not as advanced as their successors. In order to boot a non-original disc, the operator must first load an original disc (or a specialized loader disc like Swap Magic), which the PS2 authenticates and region-checks. At this point the modchip disables the eject notification feature of the PS2's DVD-ROM drive, allowing the user to swap the original disc. Once this swap has been performed, the operator can instruct the PS2 to load the code from the non-original disc. Since the PS2 does not realize the disc has been changed, the authentication code is never re-checked. Unlike "no-swap" modchips, these chips do not affect the BIOS. These modchips may require 4-7 wires to be soldered to the motherboard to install, depending on the hardware revision of the PS2 in question.
- Generation 2 - "No-swap" Modchips
- These modchips are more technically advanced than their predecessors, and do not require an original disc for authentication purposes. Instead, they replicate the authentication signal that is normally sent by the PS2's drive hardware when an authorized game disc is present, causing the BIOS to believe that a copied disc is the original and boot it. These modchips are usually more difficult to install into the console, requiring usually 19 to 24 wires to be soldered to the mainboard by the installer. The very first modchip of this kind was the Messiah from hDL & KVaks. They copy the original OrigaChip and NeoChip ideas. The first replicate only the drive authentication signal , the second modify only the bios routines.
- Generation 3 - Flashable Modchips
- These newer modchips contain more features in software and usually include menus and many configurable options, such as booting software bypassing the original BIOS GUI (named OSDSYS after the internal filename on the PS2 BIOS). They can be upgraded by several methods, usually from a CD-R containing the upgrade, and sometimes from other media such as USB pendrives. They can offer booting from several media such as Memory Cards, USB pendrives, an add-on internal PS2 HDD, files hosted in the network, etc. Some modchips of this category are the Ghost2, the O2mod, the DMS4, and the Matrix Infinity.
- Alternatives to Modchips
- Mod chips are not entirely necessary if you wish to try a different approach, such as, the 'swap tool', HD Loader, HD Advance and/or PS2 Independence Exploit for PlayStation 2. The swap tool was used to take advantage of a hardware flaw to allow for a Swap Magic Disc to be used without 'modding' your PlayStation 2. The other techniques allow the user to install a hard drive, and copy the contents of original game DVD discs to this hard drive. At this point you no longer require the original DVD or even a modchip to play the games from the hard drive installed into the PS2. By using M.R. Browns PS2 Independence Exploit, one can store the HD Loader executable (or any other homebrew code) on the memory card, trigger the exploit and load the copied games without using a burned disc. For more information on what games work with HD Loader, HD Advance, USB Advance and ToxicOS check out the PS2HD Compatibility lists.
There are many models of modchip that need to be soldered onto the PlayStation 2 mainboard. Some of the notable ones include DMS4, Matrix Infinity, and Crystal Chip.
Xbox
Xbox modchips now allow a user to completely circumvent the BIOS on-board the video game console's mainboard. This allows a console to run code, such as user-created applications or games, not licensed or published by Microsoft. One of the main uses in the modding community of this ability is to provide a non-Microsoft BIOS that does not contain any copyrighted code that will run the Linux operating system from a DVD or the Xbox hard drive.
There are three possible techniques for modding an Xbox:
- Softmodding
- is accomplished by loading a specially-crafted save game file into the Microsoft game title MechAssault. When loaded, the save game file induces a buffer overflow and forces the execution of a program which replaces portions of the Xbox system software to allow the loading of unsigned executables from the internal hard disk, DVD drive or a USB storage device. Similar exploits exist for the Splinter Cell and Agent Under Fire titles.
- Mod-Chip (Modification Chip) Installation
- requires opening of the Xbox case and soldering certain points on the motherboard. This is surprisingly easy to accomplish on most Xbox hardware versions (v1.0 to 1.5), as the Xbox motherboard includes a 16-pin LPC debugging port which the console can load an alternative BIOS from (this method is used in Xbox development kits). A pin header can be easily soldered into this port and plugged into a modchip (alternatively, if the solder holes are already filled, as in very early Xbox models, they can be briefly melted to directly attach wires). A single solder point outside of the LPC header, known as D0, must also be attached to the modchip. When the D0 point is shorted to ground, the onboard BIOS is bypassed due to the least significant bit of the data bus being forced to 0 and the Xbox chipset will attempt to load the BIOS from the LPC port instead. The very first Mod-chip created for the Xbox was the Xtender (May 2002) and was a 'replacement BIOS' type mod. A second chip, the Enigmah (June 2002) followed a month later and was the first 'patch' type mod (doesn't contain any copyrighted code). Two months after these the first LPC 'BIOS replacement' type mods appeared (August 2002). LPC mods reduced the installation time from hours down to minutes and are still the type of mod-chips in use today.
In order to make the installation of modchips less attractive, Microsoft have changed the PCB layout for V1.6 and 1.6b Xboxes. They have effectively eliminated the traces that make the LPC header functional. However, the functions haven't been removed and it remains relatively easy to re-enable the functionality through a process called an 'LPC rebuild' The principle is to make a connection between the LPC and the contact points on PCB, replacing the removed traces and is accomplished by either using cable or, as provided by some mod chip manufacturers, a PCB template, which is placed on the PCB and soldered on. Both methods have the same effect, but the PCB route (if the template works) could bring install time down to below ten minutes. It is worth noting, however, that the cable method is easier to troubleshoot and do over should a mistake occur.
Solderless adaptors do exist, the Xapt3r being a good example. The principle behind it is the same as the soldered method, but the reconnections are made using thin wire which can be inserted into the points from the component side of the PCB.
- TSOP Flash
- is often considered to be middle ground between the modchip and softmod methods. This method requires two small solder points, which make the Xbox BIOS chip itself writable. Once this chip (the TSOP) is writable, one can use any of the games available for the softmod to run an exploit which will allow this chip to be overwritten with an alternative BIOS. The Xbox will then load the alternative BIOS instead of the default Xbox BIOS whenever it is turned on. Different versions of the Xbox include different size TSOP chips. Versions 1.0 and 1.1 Xboxes have a 1mb chip, which can be divided into two 512kb banks, four 256kb banks, or remain as a single 1mb bank. On these versions, a switch or two may be installed, allowing the user to activate any certain bank on the TSOP chip, making it possible to disable the mod by using the default Xbox BIOS on one bank. Versions 1.2 through 1.5 Xboxes have a single 256kb bank which cannot be divided, and therefore not disabled. To date, version 1.6 Xboxes cannot be modded via a TSOP flash. The BIOS on version 1.6 Xboxes is stored on the Xcalibur video encoder chip.
There are two types of alternative BIOS in wide use on Xbox modchips. The first is the completely legal Cromwell BIOS, and its derivatives, which were developed by the Xbox Linux Project and contain 100% "cleanroom" GPL-licensed code which can be used to boot Linux from the Xbox hard drive or DVD drive. The second are possibly illegal (depending on territory) hacked BIOSes, which contain the original Microsoft BIOS (with the Windows 2000-derived kernel used in the Xbox) modified so that they will execute unsigned code. The latter type of BIOS can be used to boot back-up and homebrew games, as well as additional homebrew software developed using Microsoft's Xbox Development Kit (XDK) but not authorized for release by Microsoft (examples of this sort of software include game emulators, media players, and web browsers). Users of the second type of BIOS will typically load their hard drive with an alternative to Microsoft's original dashboard, such as XBMC, Evolution-X or Avalaunch, which provides a menu interface to all of the software installed onto the hard drive, and even an integrated FTP server for loading new software and media onto the console over a home network. Either type of BIOS will allow upgrading to a higher-capacity Hard Drive.
Additionally, Microsoft's Xbox Live gaming service contains automated security checks which ban users suspected of modchip use. At logon time, Xbox Live conducts a check of the currently running BIOS. If it differs in any way from the original BIOS, that particular Xbox (which is uniquely identified by a code in the motherboard's onboard ROM) is banned from the service. Some modchips (notably the very popular Xecuter line) include a manual switch which can be attached to the exterior of the case and used to switch the modchip on and off. When switched off, the Xbox will boot the original BIOS and dashboard, and allow the use of Xbox Live with an original game as if no modchip were present at all.
Finally, Xbox Live also maintains a database of the hard drive serial numbers associated with each particular Xbox. If the user has replaced the original Xbox hard drive with a larger one, they may become banned from the service even if their modchip is disabled. This pairing of serial numbers is created at the user's first login, so if the new hard drive is locked with the original hard drive's key using a specialized dashboard like Evolution-X, it is possible to use a non-original hard drive on Xbox Live, as long as the Xbox never logged on to Live with its original drive.
GameCube
A GameCube modchip called Viper was released in December of 2004. Like most console modchips, it attempts to avoid legal complications by including no code which circumvents copy protection or is copyrighted by Nintendo. It has some on-board flash memory which allows the user to write small programs to it (.DOLs). There is a hacked BIOS available for the Viper called Cobra. Cobra allows the user to directly boot a back-up or homebrew game on a 8 cm DVD-R inserted in the GameCube's optical drive (contrary to popular belief, the GameCube uses standard mini-DVDs with a modified filesystem for storage). Removing the GameCube's external case or installing a custom replacement allows the user to boot standard 12 cm DVD-R discs as well, but the positioning of the drive's laser renders only the first 1.4GB of capacity usable. Previously the only common way to run user code on the GameCube was to use a Broadband Adapter combined with a security hole in Phantasy Star Online. The Cobra software works, after an original disc is authenticated, by resetting the disc drive and unlocking a debug mode which allows code to be sent to the drive and executed. This code stops the disc drive for a few seconds, allowing the user to swap in a non-original disc. More recent (v1.0+) versions of Cobra no longer require an original disc for authentication purposes. TMBinc released an open source IPL replacement for NGC, which allow anyone to produce is own IPL replacement (modchip for NGC)
Alternatively, the Qoob, Duo Q and XenoGC chips are available. The Duo Q and XenoGC don't have the features of the Viper and Qoob, but do allow booting of emulators (such as Snes9x) and homebrew and copied games.
Seventh-generation consoles
The seventh-generation of video games is still unfolding, especially with the recent release of the Wii and PlayStation 3. Currently both the Xbox 360 and the Wii have modchips. Another system that does not qualify for the term 'console' and was released during the supposed 'seventh generation' is Sony's PSP, which has the distinction of being one of the first handhelds to have a mod chip.
Xbox 360
An xbox-scene.com member, Commodore4Eva released a modified firmware for the Samsung DVD drive of the Xbox 360. This allows the user to play copied Xbox 360 games and copied Xbox games. More recently there has been hacked firmware releases for each other DVD model found in Xbox 360s, with new versions being released rather often to improve compatibility. Currently (July 2006) there are many 'modchips' being released which add one or two firmware chips and have a switch to select. These do not allow the user to boot unsigned software or load an alternative OS such as Linux, but allow back-up copy play and software piracy.
Wii
In a very short amount of time four mod chips for Nintendo's seventh generation foray, the Wii, were announced: The WiiNinja (announced on January 26, 2007), the CycloWiz (January 29, 2007), the WiiKey (February 2, 2007), the WiiXT (February 18th, 2007) and Wiip. All five are apparently 'very easy' to install and each are so far mainly for playing back-up and pirated copies of Wii and GameCube games, some boasting compatibility with GameCube homebrew although WiiXT has promised DVD playback. The CycloWiz has begun shipping, while dates for the wiikey release are still extended. Right now it looks like February 25-28 will be the shipping date for the wiikey. It is also noted that the Wiip is the first open-source mod-chip project for the Wii.
PlayStation Portable
The PSP firmware version 1.00 and 1.50 have full access to unsigned code through EBOOT files which can be accessed through the GAME menu on the PSP. Firmware versions higher than 1.00 have limited homebrew compatibilities through the Kxploit and TIFF exploit, but only the Kxploit has full kernel access (required for booting of unsigned code). However, firmware versions 3.03 and below can be used to downgrade to 1.50, which has full kernel access. Firmware versions 1.51 - 3.03 can run user mode homebrew through an exploit in the game Grand Theft Auto: Liberty City Stories, however, this exploit has been patched in 2006 versions of the game. There are also methods to downgrade the PSP which do not require the use of the "Grand Theft Auto: Liberty City Stories exploit" (only up to firmware version 2.80), instead an exploit is initialized by the Photo Menu when the PSP tries to load a picture. A homebrew firmware called 3.10 OE-A' has all of the homebrew capabilities of 1.50 and all of the features of the official 3.10 excluding the Korean language and the Location Free Player (PSP Tv in Play Asia PSP').
Downgraders are constantly being released and updated for newer firmwares. They allow PSP users to downgrade their 1.51+ PSPs back to 1.50 to run unsigned code, such as emulators and games. Custom firmware is also being released which allow users to utilize many features of newer firmware such as web browsing and RSS feeds and also to access new UMD games which require the Sony updates while remaining downgraded to 1.50.
In May 2006, a new programmable modchip was announced for the PSP, the Undiluted Platinum, capable of storing two firmwares that can be alternated. This is most commonly used with both the latest firmware, and the unsigned code compatible 1.50 firmware. It can be used to run older, or even custom firmware, and can even restore a bricked PSP (most commonly done when writing data to the NaND chip or downgrading). There is continuous talk of another modchip soon to rival the Undiluted Platinum and even support the newer PSP's hardware reversions (TA-082); no release date is yet planned, but it is considered to be considerably cheaper than the Undiluted Platinum.
As of January 2007 a new mod chip, boasting TA-082 and TA-086 support has been announced, the 'PSP-Devolution.