Print

[lordvader129]

QUOTE(deadeyes989 @ Nov 21 2005, 10:07 PM)

Good point, but they wouldn't have the chip there for nothing, unless they REALLY wanted to try and screw with us..... maybe the chip is a pure 16mb of security <.< >.> not that what i said sounds technical, but maybe it contains some small portion of the boot sequence, with a highly encrypted boot file. (im not good with technical words)

[deadeyes989]

QUOTE(lordvader129 @ Nov 22 2005, 06:09 AM)

it has the dashboard, and probably a few files for xbox Live, including your gamertag

[deadparrot]

Ut has to be writable, as M$ announced that they would be doing BIOS and Dash upgrades via Live.

[steblublu]

QUOTE(TheSpecialist @ Nov 22 2005, 06:04 PM)

Don't forget that the most part of the REAL bootcode was in the southbridge on the xbox 1, so, it seems that MS prefers security above the ability to update their code ...

[TheSpecialist]

QUOTE(steblublu @ Nov 22 2005, 07:42 PM)

right after poweron, It was the MCPX that actually contained the "real" bootsector and overwrote the flash bios' top 200 bytes which contained the "decoy" boot sector.... then proceeded to initialize the x-code area, then decrypted the 2bl image into RAM (using the 16bit key found in the MCPX.  the 2bl then handled the kernel decryption.

[steblublu]

QUOTE(TheSpecialist @ Nov 23 2005, 02:56 AM)

That's what I said, MCPX=southbridge So, like I said, in the XBOX 1 M$ thought that security was more important than the ability to update their code.

[lordvader129]

i think you are all missing the piint, yes the TSOP on the xbox was flash updatable, but MS never did any updates once the xbox left the factory, when they needed an update they just changed the code on the new production xboxes, they didnt issue any updates to ones that were already in the market, in fact in most cases they couldnt as the new kernel wasnt compatible with the old versions

although its also possible they used an EPROM, which would mean they can still update it after it leaves the factory, but it would make it near impossible for us to reflash it

[BCfosheezy]

QUOTE(lordvader129 @ Nov 22 2005, 10:48 PM)

i think you are all missing the piint, yes the TSOP on the xbox was flash updatable, but MS never did any updates once the xbox left the factory, when they needed an update they just changed the code on the new production xboxes, they didnt issue any updates to ones that were already in the market, in fact in most cases they couldnt as the new kernel wasnt compatible with the old versions

[steblublu]

[double post... delete me!]

[BCfosheezy]

QUOTE(steblublu @ Nov 23 2005, 02:46 AM)

they didn't issue any updates because there was never a major defect found.  period.

[lordvader129]

the xbox TSOP was NEVER written to after it left the factory, not in an official capacity anyway, it was not write enabled

even if there was a major flaw in the kernel it would have had to be sent back for reprogramming, either by bridging the points or more likely with a test clip

since im sure MS would trade low cost for security im guessing they would have used a OTPROM, and just counted on desoldering it and putting a new one on if there were any problems, since it would have to be sent back anyway

think about it, would you entrust a kernel update to the consumer? they turn their 360 off in the middle of it and it becomes a brick, theyd end up doing more costly repairs that way than if they just made the chip a write-once

i highly doubt the 16mb chip contains the kernel, as with all the dashbaord updates and Live downloads this chip will be erased and rewritten multiple times, MS wouldnt risk putting the kernel on this chip and having it get erased

i would be checking all these things, but i dont have a 360, if i did i wouldnt be posting id be mapping traces

[lordvader129]

QUOTE(Avenger 2.0 @ Nov 23 2005, 01:23 PM)

You don't have to erase the whole chip to make an update (like new dashboard or setting).

[lordvader129]

the 512 bytes would have been written to the TSOP image in RAM, not the TSOP chip itself

EDIT: after rereading a few bunnie articles it seems i was slightly mistaken, the bootloader doesnt patch the kernel image in main RAM, but rather within the processor caches for security reasons

http://web.mit.edu/b...IM-2002-008.pdf

just because the TSOP "trusts" the MCPX doesnt change the fact that the chip was not physcially write enabled

look at the following examples:

winbond TSOP: this chip cannot be partially erased, in order to write a new 512bytes code the chip would have to be completely erased and rewritten on each boot, meaning if you turn the xbox on and off quickly the TSOP will have been erased and not rewritten, and youd frag

xyclops: its generally agreed this is an OTPROM (could be wrong though) how do you write to a non-writable chip on every boot?

plus, how would you propose they write the "decoy" boot sector back to the TSOP on power-off? in cases of power being instantaneously lost theres no way

[blerik]

It's very possible that the key for each console is different. Look up "eFuse" on google, it's an IBM invention that allows you to change bits on a processor, like a PROM...

--Blerik

[Shadowlaw]

Well you can be assured that they have been a lot more clever this time. For example, just using a magic number at the end of your Flash ROM image and encrypting it with the key was enough to make the first Xbox believe it was valid. By now there will be some hard-to-break cyphered checksum involved, which basically invalidates this approach. Who cares about writing the TSOP if the box will not execute the code anyway. (And believe me, it won't).

My guess it will be 1+ year before this box will be broken, unless MS has done something really stupid (and contrary to what most of you seem to think, they are really not so dumb at all).