Print

[XanTium]

Free60 Project Updates Overview and More ...-- Posted by XanTium on November 30 01:31 EST
Here's an overview of some of the progress made by the Free60 Project over the last few days. For those who missed earlier news the project aims to port open source operating systems like GNU/Linux to the Xbox360.

* Some info about the stock HD: It's a Samsung or Seagate drive, it's not locked, a FATX partition exists on the drive, 360's serial number is required when formatting a HDD so possible encryption of serial # into HDD info,  so far no reason to believe content on HD is encrypted. There's also a full pin-out of the SATA connector and some more info about the drive content. Check it out here.

* Boot initialization details of the PowerPC 64-bit 970FX CPU. This is not the Xbox360 CPU, but it's probably similar. There are also some technical details/guesses about the architecture of the 360 CPU, you can check it out here.

* The Xbox360 can read iPod and standard USB flashdrives using HFS+, FAT(32)(?) filesystem. More about USB here.

* Lot's of info about the chips used on the Wifi Adapter PCB is available here.

* The (US) Xbox 360 ships with kernel and dashboard 2.0.1888.0, upon the first live update the dashboard and kernel are updated to (D:2.0.2241.0 - K:2.0.2241.0) BK:2.0.1888.0. It's speculated that a backup of 2.0.1888.0 remains in the backup kernel storage. The kernel is probably encrypted with per-box key and stored at offset 0 in flash. More here.

* Some info about UPnP (Universal Plug and Play): it runs on TCP port 1026 and seems to adhere to UPnP MediaRenderer Specifications. The 360 also uses UPnP to talk to Windows Media Connect and routers. Read more here.

* XEX File Format Speculation/Info: "XEX is the executable file format used by the Xbox 360 operating system. It seems to be a crypto and packing container for PPC PE executable files, comparable to UPX or TEEE Burneye. This would give more creedence to reports of .xex's being gigs large. Such speculation is also fueled by the presence of what appear to be clear text file and folder names. If games are Gigabyte sized .xex files then it's likely the 360 knows how to grab the section it needs into memory and decrypt/decompress on demand, instead of traditional all at once extraction. The executable code seems to be crypted, though, there exists some uncrypted XEX files in the wild.
A XEX file is composed of the following:
-A 32 bytes XEX Header
-Variable-length program/section headers
-Program/Section content "
More including info about Cryptography and Structure of the XEX File here and specifically about the Backwards Compatibility XEX update here.
Also more technical info about the XEX file format on this XBH thread. They found a SHA1 sums in default.xex (BC update file). More at source(xboxhacker.net)

More on http://www.free60.org/wiki/Documentation

[TSOPrano]

It just dawned on me. If the tsop houses the dashboard (afaik) does that not mean writing is enabled? How does it update to a new dashboard? Surely only those of us with HDDs aren't only getting the updates.

[cONEction]

QUOTE(TSOPrano @ Nov 30 2005, 10:50 AM)

It just dawned on me. If the tsop houses the dashboard (afaik) does that not mean writing is enabled? How does it update to a new dashboard? Surely only those of us with HDDs aren't only getting the updates.

Good question,
So the dashboard is stored somewhere on TSOP, since not everyone has a HDD(core systems)

[sick_mate_xbox]

QUOTE(cONEction @ Nov 30 2005, 09:07 PM)

Good question,
So the dashboard is stored somewhere on TSOP, since not everyone has a HDD(core systems)

that makes me think, if M$ wanted to update the dashboard on our x360's does that mean it flashes the TSOP itself? i see a possible soft mod (IMG:style_emoticons/default/biggrin.gif)

[PITABoy]

You get the updates from live and you need the HD for live afaik so you probabally need some storage device even if it is only temporary for the bios image. Then it does look like it flashes the actual flash and keeps a backup of the origional. Where does it keep the backup? Is it on the HD <-- that would be great so that we could look at the code and hack it. However it might also be stored in another "slot" on the flash such as many of the modchips on the market today. We will just have to wait and see.

[cONEction]

some ppl think that hacking xbox360 is very hard due the hypervisor and stuff, sure there might be not a way to change the bootloader , but the system does have some kind of check when you put a game in it, so maybe a hack like PS2 will be found that catches the signal and fake the signal at precise timing.

I dont know , but how did Enigmah chip worked on XBOX? it was working very diffrently than all other modchips available

THese are the steps:

dumping games through network using some kind of software exploit
dumping important TSOP, bootloader, dashboard data
finding more about the game boot sequense and the data that is involved
trying to find some more exploits:))

that woulb be a good start

[trey85stang]

QUOTE(PITABoy @ Nov 30 2005, 03:26 PM)

You get the updates from live and you need the HD for live afaik so you probabally need some storage device even if it is only temporary for the bios image. Then it does look like it flashes the actual flash and keeps a backup of the origional. Where does it keep the backup? Is it on the HD <-- that would be great so that we could look at the code and hack it. However it might also be stored in another "slot" on the flash such as many of the modchips on the market today. We will just have to wait and see.

hdd or mem card is needed for live according to xbox.com

[TSOPrano]

Yes, but core boxes can still be upgraded. You can burn the dashboard updates to a CD-R (if I can recall... maybe not at this point in the game but I remember reading that somewhere).

The point here is not that Xbox Live updates the tsop but that the tsop IS write enabled.

[jwin767]

this thoery is going on if the flash is backed - up on the harddrive

Wait a sec just been thinking about this a while IF it flashes the TSOP what happens if the flash goes bad??? MAYBE we could some how get hold of the "Backup" flash (if it is true), replace it with hacked flash, make the 360 do a bad flash upgrade, and use the "backed up" (AKA our now replaced flash) and get the 360 to reflash itself with the older (and now hacked) flash.

its just a quick idea

This post has been edited by jwin767: Dec 9 2005, 02:48 AM

[Arakon]

there's a backup dashboard in case the flash goes bad, HOWEVER the dashboard and the tsop don't contain the bios, so hacking it would be completely useless in the first place.
plus, in your scenario, it'd flash the tsop with a "bad" dash since it would no longer be signed, then sense it was bad, and flash it again with the "bad" dash from the backup flash, resulting in an infinite loop.