Print

[tul18]

QUOTE(paulmedynski @ Feb 19 2011, 08:41 PM)

Hey folks,

Does anyone have complete details on how the CPU key is generated at manufacture time?  I'm interested in knowing what the inputs are and how they end up forming the key.  I'm finding it difficult to find anything relevant via Google.

Thanks,
-Paul

you are searching for the holy grail, forget it, no1 will provide you some help, because prolly no1 knows nothing bout it :S

[paulmedynski]

I recall having read something about it a while ago, but I'll be dammed if I can find the article again!

I'm pretty sure that a bunch of eFuses are "randomly" blown at manufacture time, and those form part of the CPU key.  I'm just wondering if anyone has information on how many eFuses are used, and where they are located within the CPU key (ie are bits 1-40 of the key mapped directly to the first 40 eFuses).  Also, are there other pieces of information (perhaps the console serial number) that are used as inputs to generate the CPU key?

Any thoughts?

-Paul

[Juvenal1228]

again, no one knows for sure, but to the best of my knowledge, and if you have ever had a JTAG you gather this info.

1. CPU key and serial #/console ID are not tied to each other, as you can swap the serial and such for xbl unban
2. CPU key is stored in the fuses on the CPU, on line 3/4 and 5/6
3. line 3 & 5 are the first half (they are duplicates) and line 4 & 6 are the second half (again, dubs of eachother)
4. Other lines of eFuses are used for blacklisting old bootloaders and kernels I.E. a new fuse is burned after some updates to prevent booting older (possibly insecure) kernels/bootloaders I.E. when they blocked the JTAG hack


My guess is the CPU key is indeed random, or as random as a computed event can be.