I Hacked Hundreds of Game Consoles Thanks to a Juice

By Sebastian Barrenechea on Aug 23, 2022
A composition of Bill Gates playing Guitar Hero in Mordor after being pwned by AdeS juice

In 2010, AdeS (an Argentine juice brand later acquired by Coca-Cola Company in 2016) held a contest on Facebook. It was a 4x4 puzzle game where you could win a Nintendo Wii. The conditions to win the prize were:

  • Do it in the shortest possible time, and
  • Do it in the fewest number of moves

I wouldn’t say I’m particularly good at 4x4 puzzles, but it seemed like a good challenge to work on.

The first few seconds of the game showed the solution (the fully formed image), and then it was scrambled.

I don’t have the original image, but here’s a stock photo for reference:

two puzzles side by side, the solution on the left and a scrambled version on the right

However, there was something particular about the game: the timer started counting AFTER you made your first move, giving you the opportunity to “think about it” before starting to play.

After looking at the image, I made a “secondary image” to play with, replacing the scrambled images with numbers. That way, it was easier to figure out “how to order it from 1 to 15”:

two puzzles side by side, the solution on the left and a scrambled version on the right, with numbers superimposed

My brain liked it better that way… Buttt, I didn’t want to spend too much time on this, so I looked for a puzzle solver. After a few hours, I found one that worked by brute force, taking quite a while to give you better and better solutions. It gave you several number sequences to follow after a while, and then you could solve the puzzle.

I spent a lot of time looking for a “good scrambled puzzle” because I wanted it to be solved in less than 20 moves if possible. After a few days and several restarts of the Facebook game, I had a solution in 16 moves.

I complicated myself after this due to the two restrictions of the puzzle: the move count AND the time. I used an auto-click app, where I captured with a screenshot the scrambled puzzle and then “solved” the puzzle following the best numerical sequence.

Everything was ready to start.

I click “Start” within the auto-click app.

The auto-click fails in the middle of the puzzle 💀

I screwed up by making the auto-click too fast and a click didn’t register within the game. I quickly intervened, fixed some mis-clicked tiles, and finished the sequence manually. My final mark was 21 moves in 15 seconds.

A few days before the deadline, I checked the leaderboard and the player in second place solved it in about 300 moves and 20 minutes. At that point, it wasn’t even a competition.

After a few days, I was notified through Facebook that I had won. Nice! 🎉

The official AdeS post was this one. Here’s a video taken on the spot when I picked up the console:

From Wii to Xbox 360

I was so eager to play Alan Wake! So I never thought about keeping the Wii, so I quickly posted it on an online forum (rest in peace, CHW 🪦), I could sell it, buy an Xbox 360, or trade it right away.

And a guy writes to me wanting to trade his newly received 360 for a Wii! Isn’t this world a beauty sometimes?

Turns out he won his Xbox 360 playing online poker. It was a PAL console (here in Chile we are NTSC), so that was a problem, but I made the exchange anyway. After all, I wanted to unlock it to be able to play backup copies. PAL games were a torrent download away.

Sorry, pirated games were the way I could play new games back then. Thanks, Microsoft!

Unlocking It and to the Moon 🚀

I found a thread within the same forum where someone was unlocking Xbox 360 (darcito was his username). I went to his house (that’s where he worked) and watched the unlocking process from a few meters away.

“Are you kidding me? He’s just connecting the DVD drive to his computer via SATA and clicking some buttons! I can do that 💩 myself!”

Optical Drives

And so, over the next few months, I learned on the internet how the unlocking process works. Xbox 360s have various optical drive vendors, different firmware revisions, and for each one, you had a unique unlocking method, but it all revolved around backing up the console’s unique DVD Key and flashing the drive with custom firmware developed by c4eva.

By the end of the year, I copied darcito’s strategy and opened my thread within the forum, unlocking consoles in my own home. Several Xbox modders powered the DVD drive with the same console, but the community thought Microsoft could detect if the console was on without the DVD drive connected, your console was “flagged” (I’m not sure if that was correct or not).

Anyway, I wanted to protect my customers’ consoles from being flagged, so I developed a custom power supply with switches for specific voltage lines (required to unlock some optical drives):

a custom power supply for Xbox 360 DVD drives

Of course, after a while, there were better sales options for modders, so eventually, I got a X360 USB Pro v2 from Team Xecuter.

Drilling Chips (Kamikaze Method)

This unlocking method for optical drives was wild; I’m not going to lie! For Xbox 360 Slims that came with locked LiteOn DG-16D4S and Winbond chips (there were LiteOn drives with MXIC chips that didn’t require this) you had to drill a hole in a chip inside the DVD drive.

a chip

What we were trying to achieve with Kamikaze was to reach a tiny wire and ground it, allowing you to flash custom firmware on the drive:

a decapsulated chip

I guess Microsoft didn’t expect this kind of madness to play backup copies. Never underestimate the power of hackers. A funny message I found on Twitter related to this:

MS: Ok, if we connect the write protection from inside the package with bonding wire, they can’t just cut a pin or a track

Modders: Hold my chip drilling alignment jig

Reset Glitch Hack

On August 28, 2011, GliGli and Tiros (with help from cOz) released the Reset Glitch Hack (or RGH) for Xbox 360. It’s a hardware exploit that’s impossible to patch to run unsigned code. After a few days, the Xbox 360 scene was slowly making tools for modders. You needed to be skilled with the soldering iron though.

Finding compatible chips for yourself in the early days was difficult, but I found some that worked. Nowadays, you don’t even require a chip with RGH 3.0.

Here’s a photo of me booting Linux (the couch you see there was where my customers used to wait):

an Xbox 360 running Linux

I really believe I was one of the first to offer the RGH service here in Chile. I served customers from all over the country for both optical drive unlocks and RGH. Walking to the post office with Xbox 360s was a weekly routine for a long time. Crazy and fun times.

A copy of the feedback from my services is still alive here. I met many very nice people and still keep in touch with them. All that is thanks to AdeS juice.

me looking at a broken Xbox 360

Me looking at a RRoD (dead) Xbox 360

Content translated by gpt-4-1106-preview

©2022-2024 Sebastian Barrenechea. All rights reserved.

Built with Astro v4.15.9.