Xbox Hacking Eric L Frederich COT 4810 Sept
Xbox Hacking Eric L. Frederich COT 4810 Sept 14 2004
Xbox Hacking • • Xbox Overview Xbox Hardware Hacking Legal Issues Software
Overview • • 733 MHz Celeron CPU Ethernet Sound Video USB 8 – 10 GB hard disk drive DVD Rom
Xbox Hardware Hacking • Boot ROM • Cipher • Garbage // key initialization routine unsigned char K[256]; // 0 x. FFFFC 80 in flash unsigned char S[256]; // 0 x 10000 in SDRAM for( i = 0; i < S[i] = i; } j = 0; for( i = 0; i < // RC-4 would j = (j + K[i] // swap S[i], temp = S[i]; S[i] = S[j]; S[j] = temp; } 256; i++ ) { do j = (j + K[i] + S[i]) % 256 + S[j]) % 256; S[j] // decryption routine unsigned char cipher. Text[16384]; // 0 x. FFFFA 000 in FLASH unsigned char plain. Text[16384]; // 0 x 400000 in SDRAM for( index = 0 x 400, i = 0, k = 0; index > 0; index-- ) { // xbox version t = (X[i] ^ cipher. Text[k]) % 256; plain. Text[k] = t; // swap( S[i], S[t] ); temp = S[i]; S[i] = S[t]; S[t] = temp; i = (i + 1) % 256; k++; }
Xbox Hardware Hacking What’s with this boot ROM ? ? ? • Address and or data line scrambling • Secondary crypto processor • Boot code contained in the processor – Expensive – Changed from AMD to Intel at last moment • Boot code contained in the chipset
Xbox Hardware Hacking What’s with this boot ROM ? ? ? • Extracting the ROM image • Decrypting it ( RC-4 / 128 ) – Sliding window – Histogram • Symmetric Cipher – Generate your own code
Xbox Hardware Hacking Running your own code • LPC Bus – Manufacturing costs – Development • Modchips
Legal Issues • Illegal – Modified Microsoft BIOS’s – Binaries (built with illegal copies of XDK) • Emulators • Media Players • Homemade games • Legal – Microsoft-free BIOS’s • Cromwell Linux – XDK-free Binaries • Gentoox Linux
Xbox Software Hacks • Game save overflows • Permanent overflows http: //www. xbox-linux. org/docs/007 analysis. html
Xbox Links / References http: //www. xbox-scene. com http: //www. xbox-linux. org/ http: //www. xboxhacker. net http: //www. modchipman. com Hacking the Xbox: an introduction to reverse engineering Andrew “bunnie” Huang No Starch Press, Inc. San Francisco 2003
- Slides: 13
