Post by: XanTium on November 25, 2005, 01:53:00 AM
Xbox-Linux: Free60 project started-- Posted by XanTium on November 25 03:53 EST
You might remember we announced back in May that Team Xbox-Linux launched their project page (wiki) for the Xbox 360 on www.free60.org.
Today they launched the developers mailing list for technical/serious discussions on how get Linux boot on the Xbox 360.
Their documention page also contains some interesting details about the Xbox 360 already:
* The flash is encrypted with a per-box key
* The key is stored inside the CPU
* The boot ROM is stored inside the CPU
* Also inside the CPU is a hypervisor that verifies the running state of the kernel, making sure there is no modification (RAM checksums), else the Xbox360 panics and blows up!
* The CPU contains RAM inside of it to store the checksums
* All interrupt/exception handling is done by the hypervisor
* All code runs in kernel mode
* The emulator for first generation games can be updated via an official Microsoft download burned to CD by the user, though the CDs' content will be encrypted and signed with public key cryptography.
The Xbox 360's Hard Disk appears to connect to the Xbox 360 via 7-pin SATA, internally the drive connects to the external connector through standard SATA data and power connectors. This should be of some help.
They also have a disassembly of the official Xbox 360 WirelessLan adapter (Marvell 88W8388-BDK1 which seems to be 88W88305-derived,) here. They tried to connect it to a linux PC, but no support for it atm (full initialization failed?).
Some info about those backward compatibility updates is available here.
Official Site: http://www.free60.org
Post by: atlanta800 on November 25, 2005, 02:52:00 AM
Post by: Avenger 2.0 on November 25, 2005, 03:23:00 AM
If it's true about the boot rom being inside the CPU, it might be very difficult to crack.
Post by: Chamrock on November 25, 2005, 03:28:00 AM
Post by: johnstark on November 25, 2005, 03:28:00 AM
Has anyone ever figured out how to sign homebrew software? How does gameshark/action replay do it? Aren't they unofficial?
Post by: fasmanza on November 25, 2005, 03:11:00 AM
Post by: TheSandman87 on November 25, 2005, 04:04:00 AM
Post by: DynaMight on November 25, 2005, 04:07:00 AM
How long did the Xbox take?
Post by: DivyX on November 25, 2005, 04:01:00 AM
I was wondering how all this new security disables the methods used cracking the first gen xbox?
Like can you snif inside the cpu whats happening in there if it's not all encrypted all the time, which it prolly is?
*picturing in my mind a streaming hack like GC has... :/Would be neat if someone would do security comparison chart between xbox & x360.
Sorry bout the noobness...
Br: Divyx
Post by: Trevante on November 25, 2005, 05:37:00 AM
QUOTE
Also inside the CPU is a hypervisor that verifies the running state of the kernel, making sure there is no modification (RAM checksums), else the Xbox360 panics and blows up!
I hope this was just exaggeration..... a device that blows up or fails on purpose when tampered with should not be on the market IMO.
Post by: SiliconIce on November 25, 2005, 05:48:00 AM
Post by: TheSpecialist on November 25, 2005, 07:00:00 AM
QUOTE(DivyX @ Nov 25 2005, 12:08 PM) 
Hi.
I was wondering how all this new security disables the methods used cracking the first gen xbox?
Like can you snif inside the cpu whats happening in there if it's not all encrypted all the time, which it prolly is? (IMG:style_emoticons/default/tongue.gif) *picturing in my mind a streaming hack like GC has... :/
Would be neat if someone would do security comparison chart between xbox & x360.
Sorry bout the noobness...
Br: Divyx
In the XBOX 1, the bootloader was transferred from the Southbridge to the CPU. Bunnie built a device to snoop the data while it was transferring on the bus from the Southbridge to the CPU/memory. However, since the 360's bootloader is in the CPU itself, there won't be any bus to snoop this time. It's all done internally and that's why it will be VERY VERY hard this time to get to this bootloader code ... The only way i think that remains, is decapping the CPU, but ... decapping a 3-cored CPU will be VERY VERY hard, will take very much time and you'll need very expensive hardware. And even if this was succesful, I doubt that a modchip could be built, since I think that it is impossible to build a device that somehow overrides the internal CPU bootloader
This post has been edited by TheSpecialist: Nov 25 2005, 03:09 PM
Post by: garshmalarsh on November 25, 2005, 07:22:00 AM
Post by: dalezer on November 25, 2005, 07:15:00 AM
So much more protection than I expected there to be. DAMN M$ is really trying to protect its PROFITS this time.
Post by: Avenger 2.0 on November 25, 2005, 08:34:00 AM
Post by: TheSpecialist on November 25, 2005, 09:11:00 AM
QUOTE(dalezer @ Nov 25 2005, 03:22 PM)
What that's CRAZY! (IMG:style_emoticons/default/jester.gif) So much more protection than I expected there to be. DAMN M$ is really trying to protect its PROFITS this time. (IMG:style_emoticons/default/jester.gif) (IMG:style_emoticons/default/jester.gif)
Not just theirs, but more importantly: the software developer's profit. Think of it what it will mean to the software industry if the PS3 gets hacked and the 360 proofs to be 'unhackable'. Every software developer outthere would prefer to code games for the 360 and THAT would make the 360 REALLY big. And that's why it is SO important to M$ to protect this machine and it seems that they have done a REALLY good job this time. And even if someone finds a way to hack this thing (I doubt it), M$ will learn again and the next generation XBOX will be even HARDER to hack ... Yes, building this CPU from scratch was the best security decision M$ has made so far, and I'm quite sure this will become a trend in this sector.
This post has been edited by TheSpecialist: Nov 25 2005, 05:14 PM
Post by: bosstitan187 on November 25, 2005, 10:48:00 AM
Post by: CattyKid on November 25, 2005, 10:37:00 AM
QUOTE(Avenger 2.0 @ Nov 25 2005, 10:41 AM) 
But for now, let's use this box for what it was designed... GAMING
????
Why?
We paid for it, we should be able to use it for what we please.
Post by: BlueCELL on November 25, 2005, 11:45:00 AM
Post by: garshmalarsh on November 25, 2005, 12:09:00 PM
Post by: ksteiner on November 25, 2005, 12:11:00 PM
Post by: Demonicus on November 25, 2005, 12:08:00 PM
Post by: Bizquick on November 25, 2005, 01:25:00 PM
I just don't see how a hardware mod chip can do it. but we said the same about the GC and it took a hell of along time but there is a chip for it now. As far as PS3 and then the Xbox 360 comment about if the xbox360 proves to be unhackable and the PS3 is. Sony got a head because of software piracy on there first unit. and today it still improves sales on the PS2. the xbox would have been a Number 3 system today still if it wasn't hacked. and GC would have been on top. Yes Piracy does hurt the software company's I won't argue that. but it also helps the unit get more pouplar and then the sales to drive up from that. the major problem with the xbox 1 is that the hacks for it were so easy and very easy to get. I bet now if you look at sense the GC got hacked you are seeing a small rise in the sales on that. and I also bet sense the PSP was hacked that you are seeing alot more sales on that. but also Sony making money on Memcards from both 1st party and 3rd party because of that Duo brand stamp.
Post by: asteron on November 25, 2005, 01:57:00 PM
Post by: crazykid092 on November 25, 2005, 04:27:00 PM
Post by: saunders73 on November 25, 2005, 03:59:00 PM
QUOTE(asteron @ Nov 25 2005, 03:28 PM)
Man with all that security on the CPU it might be the only way to get code to run is to replace desolder the CPU and replace it with a compatible one without the security....
wow lets replace the cpu thats about the stupidest thing ive ever read
Post by: Dawg605 on November 25, 2005, 04:12:00 PM
QUOTE(crazykid092 @ Nov 25 2005, 05:58 PM)
has any1 tried to find out what's on the hard drive?
Don't think so, but I hope someone does soon!
Post by: GH0STce11 on November 25, 2005, 10:57:00 PM
QUOTE(DynaMight @ Nov 25 2005, 04:38 AM)
Dont forget we're still talking about MS here, there'll be security holes I'm sure, the more complex it is the more chance there is of a hole. Will be interesting to see how long it takes.
How long did the Xbox take?
How much protection did xbox1 have is the real question.
The answer is it had next to none. Basically a HDD Key and that's it. And since the BIOS and OS were seperate, all that was needed was an intercepter in the middle. But now that can't happen.
the sHype hypervisor is pretty much inpenetrable, as its got the CPU by the balls, and if it so much as hears of anything changing....
Post by: jer2eydevil88 on November 26, 2005, 12:52:00 AM
I know there are many simularities between the chips used in this xbox and the apple G5 cpu's (They are far from identical I know) maybe someone more familar with these systems will be of great help this time around. So basically someone call up Steve Jobs and tell him there is an oppurtunity to repay MS for that bit of hell he went through.
Post by: trey85stang on November 26, 2005, 02:14:00 AM
QUOTE(CattyKid @ Nov 25 2005, 06:44 PM)
????
Why?
We paid for it, we should be able to use it for what we please.
So do whatever you want to do with it, no one is stopping you.
This post has been edited by trey85stang: Nov 26 2005, 10:15 AM
Post by: Trevante on November 26, 2005, 01:52:00 AM
QUOTE(garshmalarsh @ Nov 25 2005, 12:40 PM)
just curious....has anyone tried ftp'ing into it yet? if so, can you copy the game disc to your pc and burn a dvd. the 360 does read dvd r's
Lol, well there's no ftp server running on it so ftping into it wouldn't work.
Post by: thebucketmouse on November 26, 2005, 12:20:00 PM
"so basicaly were fucked lol how long you think till we crack it?"
Post by: bcforn64 on November 26, 2005, 04:16:00 PM
If there is one thing Bunnie should have taught the scene is if the security is crackable, then it should be crackable with cheap parts. You don't need million dollar equipment if you know what you are doing, and have the steps to reverse engineer the beast properly. It all comes down to the motivation, look at how far Bunnie went and the recognition he got from his work. Many are already suggesting that a physical dissection of the CPU may be needed, but regardless if the primary boot code is executed from within the CPU or not may not matter if the CPU has a thousand or so pins that could be communicated to.
To make a long story short, don't sell yourselves so damn short. Even if you disagree with the above, this scene did not become 200,000+ members strong by failure. If you can already accept a save game exploit boot loader as a means for loading unsigned code as second nature then imagine what the future will bring.
Post by: TheMasterChef on November 26, 2005, 05:47:00 PM
QUOTE
If you can already accept a save game exploit boot loader as a means for loading unsigned code as second nature then imagine what the future will bring.
Well put. How many people thought the boot-disc chip-substitute for the Playstation would ever be http://web.archive.org/web/20021212092752/http://www.bootdiscworld.co.uk/playstation2.htm? As far as I know, no uncrackable console exists to this day. (I'm no history-of-Nintendo specialist or anything, but modern consoles have all been hackable. The Dreamcast would run some games that had just been cloned to CD-R.)
Post by: lordvader129 on November 26, 2005, 05:50:00 PM
a physical dissection of the CPU for example, much different than dissecting the MCPX as bunnie did, youd probably need a scanning electron microscope to be able to see the parts of the CPU
the CPU may have a thousand pins to listen on, but if all the juicy code is being stored, checked, verified, and executed internally then being on the outside looking is no good
Post by: luther349 on December 06, 2006, 02:46:00 PM