More Insight into XBOX 360 Hacking
February 9, 2008 by usacomputertec.
Yesterday I discovered a whole new world of Trusted Computing in the XBOX 360 that I had never heard of on the Internet or anywhere before.
I was going in for a job interview at a computer repair / video game arcade / XBOX repair shop. The first thing that they asked me was if I knew much about XBOX 360s. I told them that the only thing I knew was how they worked. I had never taken one apart before and worked on it. I asked them what the problem was. They told me that the original CD/DVD drive had broken inside and they took it out and sent the XBOX 360 to Microsoft for repairs 3 times and each time they got it back they would stick an XBOX 360 game into the console and it said to please put it into an XBOX 360. So the XBOX was having an identity crisis of sorts or was it a trusted computing program in the game itself? They told me that they had been working on the problem for 3 weeks now trying to fix it themselves. So what was the problem?
Lets think back to the chain of trust that the XBOX uses (video here). First the secret BIOS checks the flash memory and passes trust to it and then it checks the hardware and software and passes trust to it and then it checks the game in the drive and passes root access to it. So where were we going wrong here? The XBOX 360 would play DVDs and CDs. So where were we breaking the chain of Trust? Well the secret Bios was passing control to the flash and to the HD software and playing DVDs and CDs. For some reason when we stuck in a Game and it tried to verify that it was an XBOX 360 it panicked. My conclusion was that every piece of hardware had a hardware ID of sorts and that the BIOS was to check all of them against each other to make sure that the system matched. The game however did not see that all of them matched up the way they were suppose to so It said it didnât like us.
So I wanted to see the two XBOX 360 CD/DVD drives. Both had the same model number on them and both looked identical from the outside. But I was suspicious. Why was this drive twice as thick as a standard CD/DVD drive and enclosed in a strange metal cage? I looked at the model number more closely and found a strange unidentified number underneath that ended in 014 and the other new one was 009 if I remember which was which. So now we took the outer shells off and looked at the circuit boards. Both boards looked identical to most people but if you really looked the circuits had different shapes and different resisters in different places. Also the big chips that were in the same place had different numbers on them even though they were the same brand. It had a Panasonic controller chip. So I instructed the guy to exchange the boards (which had the same connectors) between the new and old drives. We put the new drive back in with the old board and the games played.
Before I knew that they had the old drive still I figured they would have to call Microsoft and explain the problem to them and hope that 1. they understood and 2. they agreed that it could be a possibility.
We are not done here. Then the guy asked me if we could add more RAM by putting ram chips on top of the old ones in there. I said that if itâs so picky about the hardware being just right then I would not try it because it probably would not work. Besides that it could hurt the Linux hacking ability by changing memory addresses.
Somewhere in a forum on the net a man claimed that his friend had a 100MB program that put files into Windows XP and turned it into the XBOX 360 game system without needing the secret BIOS or any of the hardware. That got us thinking. What if you could add these files into WINE and convert it into an XBOX 360? What would be the problem? Iâll tell you the problem. 1. The software probably canât be modified due to the End User License Agreement, 2. The game might try to verify the XBOX 360, 3. WINE runs slow. However this might also give us the free Cenelera weâve been looking for like PlayOnLinux.
If anyone can use this information to do further XBOX 360 hacking please have at it.
You cannot post until you login.