Post by: XanTium on December 02, 2005, 01:20:00 AM
EEPROM on Xbox 360 and xexdump utility-- Posted by XanTium on December 2 03:20 EST
XboxHacker/Free60 pointed out there's a Atmel EEPROM on the Xbox 360 near the CPU:
There is also a small flash chip near the CPU, as seen in these pictures:
* 1stgame article (probably a developer unit)
* informit.com article
* independent photo
* Anandtech article
As discussed in this article (by oz_paulb) on the xboxhacker.net forums, this appears to be a Atmel 25020 EEPROM. The chip from the 1stgame article reads:
ATMEL524
25020AN
SU18
Datasheet can be found here[atmel.com]
XboxHacker.net also posted an xexdumper utility (for linux) that was released by oskie on IRC. You can download it here.
Post by: seedyrom2003 on December 02, 2005, 02:58:00 AM
Post by: Cthulhu32 on December 02, 2005, 06:03:00 AM
Post by: oz_paulb on December 02, 2005, 07:10:00 AM
QUOTE(seedyrom2003 @ Dec 2 2005, 11:05 AM) 
So with this said, The eeprom has been dumped? Now we wait for someone to hack the crap out of it or am I just having high hopes?
I'm still trying to get my hands on a 360. Once I get one, the first thing I'll do is remove both the EEPROM and the NAND flash (TSOP) and dump their contents.
The original Xbox had an EEPROM for per-Xbox settings (serial number, PAL/NTSC, etc). I imagine the 360 EEPROM serves a similar purpose. (Although they could have used the NAND for this type of storage)
- Paul
Post by: prestige on December 02, 2005, 07:40:00 AM
Here's a win32 version of the app I rolled this morning. Hope it helps:
http://www.chaosorder.org/xexdump.zip
-prestige
Post by: Lamer123 on December 02, 2005, 08:57:00 AM
QUOTE(oz_paulb @ Dec 2 2005, 08:17 AM)
I'm still trying to get my hands on a 360. Once I get one, the first thing I'll do is remove both the EEPROM and the NAND flash (TSOP) and dump their contents.
The original Xbox had an EEPROM for per-Xbox settings (serial number, PAL/NTSC, etc). I imagine the 360 EEPROM serves a similar purpose. (Although they could have used the NAND for this type of storage)
- Paul
You are going to desolder two extremely vital chips from your xbox 360's mainboard , then risk corrupting them by connecting it to an untested hardware config ?
You got balls man
Post by: unspoiledpuma on December 02, 2005, 09:37:00 AM
Post by: cONEction on December 02, 2005, 10:34:00 AM
QUOTE(billygoatz @ Dec 2 2005, 05:07 PM)
Thanks for all your hard work.
I'm getting a 500gb drive for my xbox, as far as I'm concerned you breaking the 120gb limit was one of the biggest breakthroughs for the xbox.
Maybe you could post your PayPal addy so people can donate.
Agree
I think by donating xboxs to the hackers, we will reach our goal sooner , I really think the tsop has the dashboard on it, since the core system without hdd can also be updated through live, so the dashboard has to be stored in the TSOP, since there is no other big storage chip on the xbox, if we know more about the dashboard , we can find exploits
Post by: JEB-101 on December 02, 2005, 10:52:00 AM
JEB!
Post by: digital71 on December 03, 2005, 10:36:00 AM
The program doesn't seem to work for me. When I open it in command, I get the following error:
"Missing File Argument"
Does anyone know how to fix this?
Post by: thecheekymonkey on December 03, 2005, 10:45:00 AM
QUOTE(billygoatz @ Dec 2 2005, 06:07 PM)
as I'm concerned you breaking the 120gb limit was one of the biggest breakthroughs for the xbox.
Maybe you could post your PayPal addy so people can donate.
have to agree there, aside from getting the xbox to run unsigned code, breaking the 137 gig limit on hdd has to be the second greatest leap on the xbox.
credit due paul (and it turned a simple fix if i remember rightly).
as for donations, i dont think he`ll be into that, anyone remember WAB (PSP). turned it all into a farce.
but good luck, and thanks to all the clever people out there
Post by: unspoiledpuma on December 03, 2005, 05:05:00 PM
QUOTE(digital71 @ Dec 3 2005, 06:43 PM)
Wow, that was fast (less than a week from its release and we already can dump x360 executables. Great job guys!
The program doesn't seem to work for me. When I open it in command, I get the following error:
"Missing File Argument"
Does anyone know how to fix this?in DOS or Command prompt (start/excecute/cmd or command.com)
find the folder with xexdump.exe and the default.xex files
type this command:
xexdump.exe default.xex
actually you will only see what is the structure of the files , but you can have the same result with ollydbg, just rename the default.xex to default.exe and open it with ollydbg.
goodluck
Post by: ShadowElitePro on December 03, 2005, 06:59:00 PM
Post by: Shutdown[Swe] on December 03, 2005, 07:49:00 PM
But stil we arent sure who is gonna fix it. and maybe we donate ALOT of xxxx$ to someone and he didnt hack it and someone else gets to hack it with no donated money for it. Still the first guy deservse some money but not 4digit cash ^^
Post by: cjack on December 04, 2005, 06:08:00 AM
(IMG:http://www.darkmoon.org/images/x360Pro_noeeprom.jpg)
The console WITHOUT the eeprom is a "Premium", the one WITH the eeprom is a "Core".
No vital data inside this eeprom for me ;-)
Post by: Trex666 on December 04, 2005, 06:14:00 AM
Post by: oskie on December 04, 2005, 07:42:00 AM
Oskar
Post by: Trex666 on December 04, 2005, 07:54:00 AM
What if I brought a hard drive for the core system what would happen then?
or I some how broke the hard drive, does that mean the Premium isnt going to work anymore since its missing the data?
(IMG:style_emoticons/default/huh.gif)
This post has been edited by Trex666: Dec 4 2005, 03:56 PM
Post by: cjack on December 04, 2005, 08:12:00 AM
I have desoldered the tsop of my two x360 and inverted ;D
Tsop of Premium soldered on Core console .... NO GO. Ring of light blinked red ... black screen.
Just resoldered the tsops in correct consoles....everything ok, consoles works fine.
Now i'll try to desolder the eeprom to see if console will power on normally :-)
Post by: cjack on December 04, 2005, 09:48:00 AM
1)Just desoldered the eeprom from my x360 core and......ehehehehhe....the console works fine without the eeprom too!!!!! Dashboard version and Kernel versions (backup version too) are the same of when there was the eeprom.... Everything works fine, games boots without problems....xbox live too......
2)I have swapped the dvd players just for fun and ..... the games won't boot....x360 tell you "To play this disc, put it in an xbox 360 console". So I think that x360 have some kind of segnature of his dvd player and won't boot games without it!
Photos of my adventures with x360 here: http://www.darkmoon....x360_photos.htm
More exps to come ;D
Post by: JoHnnyTK36 on December 04, 2005, 10:22:00 AM
Glad to see more getting done than talking. Planning and discussing is always good but the only way to really know is just to do it.
Post by: zilli0n on December 04, 2005, 10:27:00 AM
Post by: BlueCELL on December 04, 2005, 10:40:00 AM
But yes, do you have big cahunas (spelt right??)
BlueCELL
Post by: cjack on December 04, 2005, 10:54:00 AM
But yes, seems that every xbox have a different encryption key for the Tsop. Swapping tsop also no x360 logo...only a black screen and red blink....ah dvd tray worked fine....
Post by: Jonlisle81 on December 04, 2005, 11:03:00 AM
and .... you.... have... . .. two. *sniff* *sniff* waaaaaaaahhhhhhAnyway, keep up the great work!
Post by: scooby_dooby on December 04, 2005, 11:11:00 AM
QUOTE(cjack @ Dec 4 2005, 07:01 PM) 
Cahunas? I'm from Italy, this word is not an italian one :-)
But yes, seems that every xbox have a different encryption key for the Tsop. Swapping tsop also no x360 logo...only a black screen and red blink....ah dvd tray worked fine....
Big Cahones! (caa-hone-ays)
Means you got big balls...
Good work man, I wouldn't trust myself to do that shit
This post has been edited by scooby_dooby: Dec 4 2005, 07:12 PM
Post by: cjack on December 04, 2005, 11:17:00 AM
Hope to see more experiments from other people and cracking teams ;-)
Post by: MGSolidus2 on December 04, 2005, 11:36:00 AM
360 Core = No Hard Drive, EEPROM
Someone should pull a little switch, de-solder the EEPROM from the Core, and put on the Premium Hard Drive. Then solder on the EEPROM for the Premium (guessing that there still is a spot for it). If it works, it shows that they both act as the holder if information, even tho the Core was proven to work without the EEPROM. If it doesn't, it means that one of them would cause a crossing of inconsistent data, meaning that they have to match or change for it to work.
Post by: Monoxboogie on December 04, 2005, 11:37:00 AM
I would gladly ship 2 your way. PM me an address if you believe they would be useful.
Post by: chedabob on December 04, 2005, 11:51:00 AM
Post by: cjack on December 04, 2005, 12:30:00 PM
Post by: TheSpecialist on December 04, 2005, 12:51:00 PM
This post has been edited by TheSpecialist: Dec 4 2005, 08:52 PM
Post by: thecheekymonkey on December 04, 2005, 02:27:00 PM
QUOTE(cjack @ Dec 4 2005, 06:55 PM)
2)I have swapped the dvd players just for fun and ..... the games won't boot....x360 tell you "To play this disc, put it in an xbox 360 console". So I think that x360 have some kind of segnature of his dvd player and won't boot games without it!
so what your saying is, that each 360`s dvdrom is `locked` to that xbox 360, and wont work in any other 360 (or at least the one you tried).
hmm, the plots thickens
Post by: unspoiledpuma on December 04, 2005, 02:38:00 PM
QUOTE(oskie @ Dec 4 2005, 03:49 PM)
Interesting discovery! No, this chip does not hold the dashboard software. It only has room for 2048 bits of data. It has been speculated that this chip holds system-specific permanent data (serialnumber, region etc). It is quite possible the premium edition keeps this data on the hard drive instead.
Oskar
No because if you remove the Hard drive the xbox360 will boot normaly
Post by: thecheekymonkey on December 04, 2005, 02:53:00 PM
trying to confuse the hackers?
Persoanlly i doubt it myself, but you just never know.
end of the day the 360 still bootswith or without it, on the machines that come with it, so what purpose does it serve?, i can see M$ putting something in there if its not needed, but it could be a ply to try and confuse.
Post by: cjack on December 04, 2005, 03:12:00 PM
Core:
DVD PLAYER model: GDR3120L (X800475-008)
Rom version: 0046DH
Premium:
DVD PLAYER model: GDR3120L (X800475-009)
Rom version: 0047DJ
It's possible that rom versions are not compatible........it'just an hypothesis!
Post by: azninvasion on December 04, 2005, 06:51:00 PM
Post by: 1st time modder on December 04, 2005, 07:23:00 PM
Post by: tiavo on December 04, 2005, 07:39:00 PM
Post by: StepsAscend on December 04, 2005, 07:48:00 PM
Post by: ppazz13 on December 04, 2005, 08:00:00 PM
QUOTE(thecheekymonkey @ Dec 4 2005, 04:53 PM) 
could it not just been a ply by M$?
trying to confuse the hackers?
Persoanlly i doubt it myself, but you just never know.
end of the day the 360 still bootswith or without it, on the machines that come with it, so what purpose does it serve?, i can see M$ putting something in there if its not needed, but it could be a ply to try and confuse.
I doubt MS would have just put an extra chip in to try to confuse people. If the chip is just a dead chip used as a decoy, it's already been found (< 2 weeks after launch). Seems like a pretty lame idea for a decoy.
It must serve some kind of purpose.
Post by: Bloodpainter on December 04, 2005, 07:53:00 PM
Could it possibly be (bear with me here) that the eeprom that the eeprom could have 2 locations, like 1 eeprom on the eeprom chip and a backup on the hynix or the mystery chip. This would explain the core working without the eeprom chip.
Sadly i don't have xbox360 either but another cool experiment you could try is to solder the core eeprom onto the premium, and then try to switch the dvd devices. I know im speakin out of my ass cause i suck at soldering and i know i would never try this on my box, but seeing what youve done so far has been outstanding.
Just givin my 2 cents.
P.S. Keep up the great work crackerjack. You got me rootin for ya.
Post by: Speil on December 04, 2005, 08:21:00 PM
Post by: melongstrike on December 04, 2005, 08:36:00 PM
I will work on getting a 360... shit at this point I don't even want one... YET the days of DREAMCAST really changed me if ya know what mean. I have 300 on a 360 at the moment, if I ever get my hands on it consider it yours my gift to you and the scene. I will keep you post on my progress. (just call me crazy)
Post by: Alkane on December 04, 2005, 09:03:00 PM
On PS2 consoles, DVD lasers of different models among same version PS2s cannot be swapped without first reprogramming the EEPROM. Sony repair facilities have the program to do this and recently it was recreated for the modding community. Whether this is security related on the Xbox 360 or not, only time can tell.
DVD drives of the same ROM revision should be swapped between two Xbox 360s. This will at least let us know if its married or just requires a reprogramming of a component (which in itself may depend on other security being bypassed). That particular Xbox 360 may not have support for that ROM version programmed into it, thus access to the special firmware features cannot be accessed.
Post by: dom0012 on December 04, 2005, 09:12:00 PM
Post by: mbratton on December 04, 2005, 09:20:00 PM
Post by: PCBUILDERCHRIS on December 04, 2005, 09:26:00 PM
your style is clean cjack but not clean enough
nah thats an odd ninja joke yall will get more of those when im be sleepy
but cjack your cool as i said in another forum ill be watching your progress hoping for a mod
hearing this was like hearing scientist had found a way to go faster than the speed of light
Post by: DivyX on December 05, 2005, 12:23:00 AM
Post by: Staticvoid on December 05, 2005, 12:47:00 AM
far as the dvdrom go the the system could save the info of the dvdrom so non other will work with that system. why not make it hard to change, alot of people would throw it away and get a new one, or pay m*crosoft out that ass to fix it.
lots of questions but no anwsers, still waiting on one to test.
Post by: flashfreak on December 05, 2005, 01:44:00 AM
In the xbox 1 modders have made money replacing dvd-roms, i know i have. Some of those thomsons are soo poor, its kinda sad, some1 i've fiddled with just don't read anything, theres no real point having it there.
Maybe they're locking them to take away one of our reasons to tinker with them and slowly trying to make nothing possible for us to change, and put us outta business.
But then again, my rant has gone pretty far
Just me thinking...
Post by: curare on December 05, 2005, 01:51:00 AM
It sort of sounds like what they do with high end videocards these days.
Like with the geforce 6800LE being a locked 6800 with most of the
6800LE's unlocking perfectly and others having broken pipelines.
But if it was true then you would get some kind of errors when running
without the eeprom like arthifacts or a unstable system.
But it might be worth the effort of testing it by just removing the eeprom
and doing some marathon gaming with it, that should give a good indication.
Although they probaply did that on all core systems, So some should run
fine without eeprom and others should get errors or flaws.
And I wander if it's for the gpu cpu or the memory, theres no way of telling
outside of testing it thorougly. Gpu's have proven to be queite hard to produce
so maybe the premium has 30 unified shaders and the core has 24.
It would be strange tho since everything you have more of on a premium
can not be use by developers because that would make the core users angry.
Or they should have a routine that checks if the console is a premium or
core and adjust the performance settings accordingly.
And for the dvd players why not try and switch the dvd between 2 premiums,
and see what that does cause maybe their just locked to run on 1 xbox.
If they are locked the repaircentres probaply have a special program to change it, but we dont.
Post by: InterestedHacker on December 05, 2005, 02:28:00 AM
QUOTE(cjack @ Dec 5 2005, 12:12 AM)
Just checked DVD player labels that are very similar but .... 2 different rom versions!
Core:
DVD PLAYER model: GDR3120L (X800475-008)
Rom version: 0046DH
Premium:
DVD PLAYER model: GDR3120L (X800475-009)
Rom version: 0047DJ
It's possible that rom versions are not compatible........it'just an hypothesis!
No, I think your initial thoughts were correct. From what MS said many months ago, hardware would be signed!! This means, DVD is locked to CPU, and possibly other things. I know they were talking about signed RAM chips not long ago, but I think that was with detachable memory modules, not soldered in ones, and applied to general PC manufacturing. I would guess that it's possible that the DVD-ROM firmware is signed, in a small flash chip? It's worth looking how easy it would be to swap logic boards on the DVD drives. In your case that might not work as you have a different revision.
It is also possible, like you said, that it's purely a compatibility issue, but I doubt that they would make the firmware incompatible...
QUOTE(flashfreak @ Dec 5 2005, 10:51 AM)
Locking DVD-Roms would be a dodgy idea, as I was thinking, if a drive died, your stuck with it, but as people have said, it'll create more work for MS to have it sent in to fix.
Not as silly as it sounds!
1) MS will sub contract the work out, and make some kind of small profit on the drive. This is one reason why hardware manufacturers are considering hardware signatures, to reap profit from the repairs and upgrades market. Sounds just like the sort of thing MS would do.
2) If the drive needed replacing, it would be a 2 minute job to change it, and the engineer could do some kind of controller combination to get the kernel to lock the new drive.
QUOTE(Xevious @ Dec 5 2005, 10:04 AM)
This is pure speculation...
Given the small size of the optional ROM, it could be a patch or configuration ROM designed to "fix" 360 processors (or assembled systems) that didn't completely pass validation. Specific examples could be disabling sections of cache that fail testing, modifying default RAM timings on boards that were unstable at full speed, etc.
Keeping with this theory, MS may have designed a certain margin of "error" in the 360 system spec in order to increase yields. For instance, the lowest common denominator could be 90% of "full speed" or full cache, with anything above being cream.
If there indeed is a positive correlation between core systems and the presence of a small ROM, this could indicate that MS binned systems, allocating the top bin to the Premium package.
Again, this is speculation, but it is based on practices that are commonly used by the industry to increase yields.
Whilst I agree this is possible, I think it's unlikely! For these reasons:-
1) User community would go mad! Think about it, do you want to buy a 360 not knowing if yours is 3 fps slower than your m8s? This just isn't an option, people are buying a console and they want an identical version to everyone else, period.
2) Problems with GPU pipelines etc would be flagged within the GPU and or it's assistant IC's. As for the CPU, I think the chances of limiting this baby for x number of cycles is mad! Think about it, games run with very precise timing, and limiting a CPU core or 2, even by as little as 0.001% would have some kind of compatibility issue with some code. Trust me!
I think in all likelyness, the fact he has 2 slightly different revision DVD-ROM drives, says to me that they are producing new revisions of the board as they go... Maybe the one with the EEPROM is a newer revision? Or maybe they dropped it, and it was a security feature that is causing more problems than it was worth? Again, speculation.
Post by: matcapir on December 05, 2005, 04:51:00 AM
maybe I missed it already, but maybe we could start a webpage with pertinant 360 info like we did for xbox 1. Serial #'s, components onboard, rom numbers, core/prem vers, etc. Start compiling a list so we can figure out version numbers and stuff
Post by: matcapir on December 05, 2005, 05:24:00 AM
QUOTE(Arnold_Schwarzenegger @ Dec 5 2005, 07:24 AM)
Thanks Gov,
Just found this before you posted it, what a wealth of info, thanks again.
Matt
Post by: thecheekymonkey on December 05, 2005, 06:37:00 AM
QUOTE(ppazz13 @ Dec 5 2005, 05:00 AM)
I doubt MS would have just put an extra chip in to try to confuse people. If the chip is just a dead chip used as a decoy, it's already been found (< 2 weeks after launch). Seems like a pretty lame idea for a decoy.
It must serve some kind of purpose.
yeah sorry, a few spelling mistakes in my post.
it`s supposed to ploy instead of ply
and what i meant to say was "i cant see MS putting the chip there, if it serves no purpose"
sorry
Post by: skipdaflip on December 05, 2005, 06:43:00 AM
Already found the answer!!! EEprom reader/writer. Think i will make one!
Post by: maximilian0017 on December 05, 2005, 11:22:00 AM
QUOTE(Xevious @ Dec 5 2005, 09:04 AM)
This is pure speculation...
Given the small size of the optional ROM, it could be a patch or configuration ROM designed to "fix" 360 processors (or assembled systems) that didn't completely pass validation.
I think you have something but MS wouldn't use it for that.
The more likely scenario would be that it's a "fix" chip for the processor, updating its microcode or security features, if i remember correctly i read something on free60 about a serial bus on the origional processor.
This would also explain why some consoles have this serial eprom and others don't, Old versions of the CPU could be patched this way and newer versions of the processors wouldn't need the patch because it is integrated in the new microcode.
That would probably mean that if you desolder it that the xbox would chrash at some time or another, or maby detect a DVD drive with another firmware version?!?
It looks just like the "patches" seen on motherboards etc Gate Array Logic chips(gals and pals) that change certain data signals to their correct version without reworking complete motherboards/chipsets.
My 2 cents
Post by: mad_pc_man on December 05, 2005, 12:28:00 PM
(some ideas follow, no particular order)
1. Has anyone tried using an xbox modchip in a 360, all types of chips, (xecuter spidergx etc...)
2. Has anyone got an output of the eeprom.
3. Can you use an exe from MCE to do some stuff.
4. Can you wipe the hdd/eeprom/tsop clean and see what happens.
5. Might be a bit n00bish but what exactly does a hypervisor do, (in simple layman's terms)
cheers
mad_pc_man
Post by: Ace25 on December 05, 2005, 12:46:00 PM
QUOTE(mad_pc_man @ Dec 5 2005, 11:35 AM)
Yo!
(some ideas follow, no particular order)
1. Has anyone tried using an xbox modchip in a 360, all types of chips, (xecuter spidergx etc...)
2. Has anyone got an output of the eeprom.
3. Can you use an exe from MCE to do some stuff.
4. Can you wipe the hdd/eeprom/tsop clean and see what happens.
5. Might be a bit n00bish but what exactly does a hypervisor do, (in simple layman's terms)
cheers
mad_pc_man
Ummm, ok.
1. Where would you "install" an xbox modchip? What points on the motherboard? Not trying to be mean, but what was going through your head when you thought of that one? Nevermind the fact that it is 100% certain not to work even if there were an identical "LPC" looking point were it could be installed.
2. No, its encrypted.
3. No
4. No
5. Locks the hardware into a "Virtual PC" in order to have complete control of the hardware/security. Hypervisor is the all seeing "Policeman" in the Xbox. Anything you want the xbox to do has to be run by him for approval.
Post by: mad_pc_man on December 05, 2005, 12:50:00 PM
Post by: InterestedHacker on December 05, 2005, 01:00:00 PM
QUOTE(mad_pc_man @ Dec 5 2005, 09:35 PM)
Yo!
(some ideas follow, no particular order)
1. Has anyone tried using an xbox modchip in a 360, all types of chips, (xecuter spidergx etc...)
2. Has anyone got an output of the eeprom.
3. Can you use an exe from MCE to do some stuff.
4. Can you wipe the hdd/eeprom/tsop clean and see what happens.
5. Might be a bit n00bish but what exactly does a hypervisor do, (in simple layman's terms)
cheers
mad_pc_man
1) The xbox hardware is completely different to the 360, and the xbox modchips contain code for x86 CPUs, not the IBM PowerPC type architecture, so there isn't a hope in hell that it would even slightly work!
2) Can't say for sure, but from what we've seen it will be completely encrypted, with a public / private key scheme similar to the original xboxs, but beafed up. Considering the hackers never worked out the old xbox encryption key, it's unlikely they will work it out this time either. Someone is going to have to get access somehow to the unencrypted streams.
3) MCE runs software on your PC / MCE system, and just allows the XBOX360 to remote control it. Video and audio is streamed from your PC / MCE system, straight to the xbox for display. Unless some kind of bug is found in the interface, not much doing here.
4) If you do this, your 360 will not boot, and display an error message if your lucky, at which point MS will ask you wtf you did when the support guy visits to fix it!
5) Hypervisor, in laymans terms, is a security guard for the CPU, that cross checks everything that goes on with code, making sure that no exploit code is running on the CPU, eg. buffer overflows etc. If you ask me, hypervisor, combined with the signed code code make the xbox360 very hard to crack. I wouldn't be suprised if 2 years from now we still see an unhacked 360.
QUOTE(mad_pc_man @ Dec 5 2005, 09:57 PM)
i meant the lpc thing from the pics from cjack with lpc-ish ports
We know what you meant!
It's like trying to play a DVD inside a VHS video recorder! Where you gonna put the disc?
Post by: gjm on December 05, 2005, 01:46:00 PM
Post by: Itcouldbeyou on December 05, 2005, 03:35:00 PM
To sum it up: There is NO way to crack the key until someone (mathematicians(!)) crack the encryption sceme itself (or quantum computers are build).
Post by: donuthole2010 on December 05, 2005, 04:39:00 PM
i dont know, i dont have my 360 yet, or i would try it myself.
just thowing out ideas, although it is probably not productive.
Post by: PCBUILDERCHRIS on December 05, 2005, 05:51:00 PM
heres what i think should happen when it does become cracked someone release a video and upload it to the usual places or underground somewhere we dont need news about the first 360 mod on the first page it needs to be deep in the forums somewhere where a normal m$ spy couldnt find and if they did they wouldnt understand
so we need a releasing place
and a code word for when it happens like if it happens well go around the forums saying stuff like man you heard about the "PON FAR" *star trek*
laymens terms
dont go all around telling about the next 360 mod until M$'s dumba$$ RE-leases enough for everone before they start the patching process it could be a year and only the original modded xbox owners will know and then after that first few months or year of a modded box we can start moving free and posting hacks on xboxscene front page
any body get what i mean
i love the progress though keep it up yall
i bet m$ had spies on here cuz how they know about people wanting painted xbox's *faceplates* and all the media 360 handles *media capabilities* need i say more how they find it out? *spies on xboxscene*
why xboxscene? *its like ** DO NOT ATTEMPT TO POST LINK TO THAT WAREZ TORRENT SITE ** was to the riaa and mpaa*
Post by: oz_paulb on December 05, 2005, 06:17:00 PM
QUOTE(ppazz13 @ Dec 6 2005, 02:16 AM)
But as for keeping accomplishments secret from MS... I think that's a little extreme. I mean, how long would it take MS to change production lines to prevent modding?
The xbox-linux group took this approach when the "1.1" xbox was broken: They figured out how to get the internal MCPX ROM dumped. Using the dumped ROM, they found an exploit. They published the exploit - but did not publish now they dumped the MCPX ROM.
MS could 'fix' the problem by changing the MCPX ROM again, but would be scratching their heads as to how the ROM was dumped. Since they were relying on 'security through obscurity', they really needed to know how the ROM was dumped/close that door to really 'fix' the problem (otherwise, the new version could be dumped/another exploit found). I don't believe MS ever made any further releases of the MCPX ROM.
With discussion on the 360 being so 'in the open' (as opposed to internal xbox-linux discussions on "1.1"), it may be hard to hide the actual methods used for finding a future exploit. But, if possible, it seems like a good idea.
BTW, some of the rest of the 'scene' got pretty pissed off at the xbox-linux group for keeping 'secrets' (since they should be 'open-source'), but I think it was the best decision. Revealing the secret wasn't necessary (exploit was released), and doing so would have let MS close the door on future exploits.
- Paul
Post by: Aceraider4 on December 05, 2005, 06:20:00 PM
1)locking the dvd-rom is smart for ms:
the less we learn, the harder it is to hack
whats the point of building a vault if its has an open window; everything has to be air tight for good security
2)eeprom is the lowest common denominator for read only memory, here are some facts:
non-volatile (information is stored even when there is no power to the chip)
can store anwhere from 1kbit (128bytes) to 1mbit (considering the small surface area and minimal number of pins, the 360's chip is going to be near the 1kbit range)
its ridiculously slow compared to most solid state memory, you can only read or write on bit at a time
in the original xbox, the only information stored on the eeprom was the serial number of the xbox and the hdd key
i dont think a dummy chip is too incredulous: here we are debating its purpose rather than spending time in other areas, seems it pretty effective if thats its purpose
Post by: DivyX on December 05, 2005, 06:23:00 PM
QUOTE
I mean, how long would it take MS to change production lines to prevent modding?
Definetly enough not to make it too often.
It's not worth it in most cases. The numbers of mod users in general isn't that big altough it feels that every friend you know of might have one.
Ofcourse MS does apply security fixes, hw/sw fixes too but i wouldn't bet my money that any version changes were ever made solemly because of modchips. This product updating and changing applies to cell phones also for example. Just general program fixes etc, better components etc...
What i'm trying to say is that "it is common that most electronic devices gets updated and bug fixed or otherwise made better during their lifespans". It will be another matter What we have by then ( if anything ) when MS will be next changing xbox360, meaning, what we would had discovered that MS could include to the "fix" and general product update.
Post by: sm0kie on December 05, 2005, 07:13:00 PM
Post by: Aceraider4 on December 05, 2005, 07:14:00 PM
Post by: ppazz13 on December 05, 2005, 07:21:00 PM
1. You're forgetting about the added cost of shipping/organizing/installing these chips.
2. That's thousands of dollars that could just as easily been spent on developing other ways to secure the 360.
I know that if it's a decoy chip it was meant to be found. I'm just saying that $10,000 is an expensive decoy. Especially since it's one that has been found within 2 weeks of the release, and will be discarded (if it is a decoy) in less than a few months after launch.
Post by: Aceraider4 on December 05, 2005, 07:21:00 PM
QUOTE(sm0kie @ Dec 6 2005, 03:20 AM)
couldnt the chip just be a back-up memory for when the 360 is updating the dashboard etc? If theres no HDD to boot from maybe it uses this instead (if it needs a restart mid upgrade). when is a current being sent to the chip?
not nearly enough memory on the chip; the chip itself could store a small text document, the dashboard is multiple mbytes in size
Post by: Aceraider4 on December 05, 2005, 07:40:00 PM
QUOTE(ppazz13 @ Dec 6 2005, 03:28 AM)
Two things:
1. You're forgetting about the added cost of shipping/organizing/installing these chips.
2. That's thousands of dollars that could just as easily been spent on developing other ways to secure the 360.
I know that if it's a decoy chip it was meant to be found. I'm just saying that $10,000 is an expensive decoy. Especially since it's one that has been found within 2 weeks of the release, and will be discarded (if it is a decoy) in less than a few months after launch.
im glad that your actually backing your argument with some logic, but i really still have to disagree.
i still think they could justify the expenditure: i think it would be safe to assume that only about 50% of the units got the decoy thats $5000, throw in a conservative estimate for shipping, installation, etc. and i think it would still bring it to at most $20,000. now, assuming that the analyst estimate of a $160 loss on each launch unit, that would mean ms spent between $460,000,000 and $560,000,000 on production, that equates to about 0.000043% of the budget was spent. i say its decoy until someone can prove me wrong
Post by: azninvasion on December 05, 2005, 07:56:00 PM
My guess is that it somehow limits the 360 cpu operation so it doesn't overheat. So one day you'll get your proof its not a decoy when that chip you removed caused your xbox to melt lol.
Post by: Aceraider4 on December 05, 2005, 08:12:00 PM
QUOTE(azninvasion @ Dec 6 2005, 04:03 AM)
Its almost certainly not a decoy. It could be just an appendage from development days. Or a patch to the cpu. In any case, it seems that the xbox is not generating error codes like its supposed to, so certainly it handles something. As you can run the 360 without the dvd and it will not display an error code.
My guess is that it somehow limits the 360 cpu operation so it doesn't overheat. So one day you'll get your proof its not a decoy when that chip you removed caused your xbox to melt lol.
id be very interested in how the eeprom controlled thee cpu operation; i know how it works when locating bad sectors on a hard drive, but im not sure how that would apply to a processor, but then again, im rather ignorant of cpu theory
Post by: ppazz13 on December 05, 2005, 08:19:00 PM
QUOTE(Aceraider4 @ Dec 5 2005, 09:47 PM)
i still think they could justify the expenditure: i think it would be safe to assume that only about 50% of the units got the decoy thats $5000, throw in a conservative estimate for shipping, installation, etc. and i think it would still bring it to at most $20,000. now, assuming that the analyst estimate of a $160 loss on each launch unit, that would mean ms spent between $460,000,000 and $560,000,000 on production, that equates to about 0.000043% of the budget was spent. i say its decoy until someone can prove me wrong
Good argument back. It just seems too easy though to me. I guess we'll see soon enough.
Post by: Staticvoid on December 06, 2005, 12:36:00 AM
Post by: sm0kie on December 06, 2005, 12:08:00 PM
QUOTE(Aceraider4 @ Dec 6 2005, 02:28 AM)
not nearly enough memory on the chip; the chip itself could store a small text document, the dashboard is multiple mbytes in size
I meant like a boot.ini file in windows, its only 243bytes with 2 OS's. Maybe the chip stores a simular file at upgrade telling the 360 to boot update.xbe (or whatever its called) instead of dashboard.xbe (or whatever...)
This would be stored on the HDD on a premium version. Someone needs to take there HDD out and run untill MS tries to update, they may be asked to insert HDD to continue. A core version owner wouldn't be asked becuase the chip is pressent.
Post by: instabin on December 06, 2005, 12:20:00 PM
QUOTE(sm0kie @ Dec 6 2005, 08:15 PM)
I meant like a boot.ini file in windows, its only 243bytes with 2 OS's. Maybe the chip stores a simular file at upgrade telling the 360 to boot update.xbe (or whatever its called) instead of dashboard.xbe (or whatever...)
This would be stored on the HDD on a premium version. Someone needs to take there HDD out and run untill MS tries to update, they may be asked to insert HDD to continue. A core version owner wouldn't be asked becuase the chip is pressent.
One thing wrong with that idea. You need at least a memory card to connect to the live serveice with the core xbox.
Post by: sentinel0 on December 06, 2005, 12:35:00 PM
QUOTE(mad_pc_man @ Dec 5 2005, 08:35 PM)
Yo!
(some ideas follow, no particular order)
1. Has anyone tried using an xbox modchip in a 360, all types of chips, (xecuter spidergx etc...)
2. Has anyone got an output of the eeprom.
3. Can you use an exe from MCE to do some stuff.
4. Can you wipe the hdd/eeprom/tsop clean and see what happens.
5. Might be a bit n00bish but what exactly does a hypervisor do, (in simple layman's terms)
cheers
mad_pc_man
you could have gotten most of those answers from www.free60.org
Post by: maximilian0017 on December 09, 2005, 01:54:00 AM
QUOTE(maximilian0017 @ Dec 5 2005, 07:29 PM)
This would also explain why some consoles have this serial eprom and others don't, Old versions of the CPU could be patched this way and newer versions of the processors wouldn't need the patch because it is integrated in the new microcode.
Confirmed
Post by: cheztir on December 20, 2005, 08:59:00 PM
However, i am curious. Perhaps one of the small flash chips near the CPU (as referenced here) 2048bits and 4096bits has some bigger signifigance.
Has anyone checked the other flash chip (pictured above, 2048bit) near the chip? Is it there on all 360's?
Also,
"According to IBM the CPU has 'an interface for a serial EEPROM in case patch logic configuration was needed during bring-up'." - Free60
Could one of these two chips link to Hypervisor code or even the 360 TSOP lock code? Doubt it. But curious.
EDIT: Better thought to second queston, potentially a boot sequence?
Post by: celicagt1993 on January 10, 2006, 01:40:00 AM
QUOTE(Staticvoid @ Dec 6 2005, 08:43 AM)
we need some xbox360 owners to take a peek inside and tell us if only the cores have the chip. i still think its something to do with the hdd,(what other differences are there between core and premium) untill we see a premium with one.
after reading this thread, i looked at my premium has the chip.... i don't think it has anything to do with HDD or not to HDD... sounds like a cpu patch.... considering there are two different companies making the 360...
if anyone wants any other info off my system to help with this, let me know
one more thing to think about with this chip, since we know that the system will work fine without it, has anyone tried using the media center extender part of the 360 without it?