Slashdot Mirror
Strong Hints On Flashing Your Xbox
customsex writes: "bunnie has written a nice one with pictures documenting his adventure flashing his bios on his xbox. check it." His page also points you to the Sony vs. Connectix case regarding reverse engineering of hardware.
GC=GameCube.
:)
I'd like to disolve that case in acid too.
"...documenting his adventure flashing his bios..."
The story is about his adventure *removing* his bios. It's interesting - you might want to read it.
One of the reasons that windows is so unstable is that some bugs cannot be fixed, for it would break compatablility with some apps that use the bug as a 'feature'.
He was in Russia when he was alleged to have broken the law.
The only problem is the US (plus France, Belgium, Israel & a number of other countries) hve a bad habit of enforcing their laws extraterritorily
IE, outside of their juristiction, like putting out warrents for Columbian & Burmese drug smugglers who have never been within US juristiction (IE the US, or within the US 12 mile line or on a US registed plane or ship in international waters) & thus have never been legally obliged to comply with US laws.
Its a similar case with that Russian coder, even though he was arrested while visiting the US, he was charged for actions taken while he was in Russia, so it was impossible for him to break US laws.
Traditionally there's only 2 charges that can be enforced extra-territorily, but only on ones own citizens - Piracy on the high seas & treason.
Not that it'l make any differances, prosecutors & judges never skip a chance of setting precedents that increase their juristiction.
Mind you it shows how hypocritical the US & Israel are for complaining about Sharon (an Israeli) being indicted in a Belgium court for war crimes that occured in Lebanon.
Because it was Israel & the US that set precedents that led to that Belgium law - look at Israel prosecuting a German for what happened in Germany.
Why does /. have people posting at standard scores >1. Its not like you can see any correlation between quality and the initial score ... quite the opposite really, karma whores dont make very good posters they just know how to get points. Which gets them into trouble when like now they try to contribute something intelligent to a real discussion.
... this bought them some of the space to make room for GeForce3 class hardware with extra vertex shaders etc etc. Although Im pretty sure that even given that the chip is still a whole lot more complex in the X-Box. Their PC chipsets are only weak cousins of the X-Box one.
Anyway you are dead wrong, NVIDIA left heaps of features off the X-Box graphics part of the chipset which are essential for backwards compatibility on the PC
You apparently don't understad the hardware issues at all, or have a desire to learn. I serriously doubt that, if the BIOS is encrypted/compressed that it is heavily so/hard to decode. There aren't alot of crypto devices implemented in hardware that are difficult to circumvent if you have physical access to it. If nothing else, you could remove the crypto crap, and install a regullarly executable BIOS in the flash ROM. May not play XBOX games after being hacked, but as you say(and sooooo many others as well), might make a good MAME/SNES/*insert fav old console here* arcade box. This means that someone must do it, now doesn't it?
This gets on topic towards the end:
Correct me if I'm wrong, but I understand that the HDs in the Xbox are standard IDE drives. I've also read that people have attempted to chain the drives into their PC's IDE loop and mount them, but have been unable to because of a prop filesystem. Seeing as how the drives are 8-10 GB, what if you were to dd if=/dev/xbox of=/spare/drive bs=1024 to a spare drive >10GB (to hold the info). This way you don't damage your Xbox drive and you have a copy of it to play with. The reason?
I have worked with proprietary systems in the past that were (more or less) similar to the Xbox, in that they used standard PC hardware and theory but needed to be secure from hardware "hack" attempts. Microsoft has had the tools to do something similar for a while. Reports state the Xbox is using a W2K kernel. The most associated filesystem with W2K is NTFS. With NTFS it's possible to create an encrypted filesystem. Now, if you wanted to handle the de/crypt as fast as possible where would you put it? In hardware.
Take it a step further. Instead of adding extra de/crypt hardware to the mainboard why not consolidate a little bit more and take it straight to the I/O, that is the BIOS. Perhaps the HD is using an encrypted filesystem that is being handled directly by the BIOS. This would make some sense, since a software part could be broken all to easy. This also protects all components equally. Replace the BIOS and you can't read the HD, replace the HD but the BIOS can't read it (which has been proven).
I venture that if you were to hammer out the details of the filesystem it would provide insight into the working of the BIOS. The sour part of this is that we already know it can be done (to some extent) because we have seen shots of MAME running on Xbox hardware. Though, perhaps that was under different rules since it was an SDK kit.
I'm against picketing, but I don't know how to show it.
It's more of a tools problem than anything else; removing surface-mount devices without damaging anything requires either a desoldering device that can heat up all the pins simultaneously, or a very fine pointed soldering iron and lots of patience. The original author is at MIT, where there are lots of people around who do hardware. That helps.
From an intellectual property standpoint, Microsoft can't object if you replace their ROM contents with something else, like a boot loader for Linux. Something like OpenBIOS.
What you can do is power the HD with a cable from a PC, turn on the PC then the Xbox, wait till the Xbox firmware unlocks the drive, does what it has to do, then goes idle.
Then you turn off the Xbox (drive stays powered), carefully unplug the IDE cable & attach it to your PC's IDE controller instead. Rescan the drives & you should see it AND be able to read from it. Some info here, and elsewhere on those forums.
Reportedly, the filesystem is a variant on the good old FAT, and not even encrypted. There are some differences, but apparently nothing too challenging (but it won't mount as an ordinary FAT partition, of course).
Executables are signed, and modifying the exe invalidates the signature, so that won't be easy to get around. Perhaps replacing the BIOS would help, but you'd want to find out the HD password first...
And yes, the MAME port was done on an SDK kit, which is much more open of course).
Why would anyone engrave "Elbereth"?
All we need is one person to create an X-box game that just flashes in a Linux BIOS and can boot a linux image from CD.
Why bother flashing the ROM?
Just reverse-engineer its contents sufficiently to see how it loads from the CD. Then make a new LILO version-or-replacement that will boot linux (and other stuff) on the X box - perhaps with a soft BIOS under it and/or suitable modifications to certain linux modules that use BIOS services.
The only way I can imagine this failing is if the BIOS runs the entire game in protected mode with no way to subvert it.
Of course flashing the BIOS ROM is cleaner when you're done (except that you can't run the games anymore.)
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
DVD is not included because it would have cost $8 more per box. They decided to let the people who wanted it pay for the license. The DVD codec is stored in the dongle.
The controllers are big because printing smaller circuit boards is expensive. There is a Japanese controller that about half the size of the US controller and they said it would work on the US version.
A guy named Horace designed the logo (he's also done branding work for Nike) and working on the branding. The first concept sketch was done with a green highlighter marker. The color stuck.
The XBox allows ripping of CDs into 128 bit using WMAC codec. The CD tracks can be used to replace game music streams (perhaps by choosing a radio station in your racecar). Volume level is normalized when ripping CDs.
The strategy for the XBox is to provided ease of development. Single platform. No plans to upgrade since that would destroy ease of development.
The XBox uses an extremely stripped Win2K kernel. The original was something like 12MB. The stripped version is around 28kb (I didn't get the exact number). When the XBox boots, the kernel is running in ring 0 and nothing else is running. The game loads all of the remaining libraries. A game could also use completely custom libraries.
No dynamically linked libraries. All libraries are statically linked into games during development. Driver upgrades will only be on new games to prevent DLL incompatibility hell.
The XBox has "strong security". They do a lot of tricks to make sure that you cannot hack the box (regions, copy protection, unauthorized software). A comment was made about unsoldering three chips. Microsoft does all production of disks and all games have been 'encrypted' to run on the XBox. It sounds similar to the DVD encryption, but Microsoft is holding all the keys so that they do not leak.
The developer talking to us said he would like to see Linux running on the box, but thought it unlikely that anyone would get past the security schemes.
They said that no mouse or keyboard would be released. "Not a Trojan horse".
The hard drive has three 700MB partitions that are allocated to the three most recently played games. These partitions are used to cache data from the slow DVD drive. After loading onto the drive, subsequent loads will be must faster.
4.5 MB are allocated for each game to store persistent world data and save games. For example: If you crash into a coffee store in a driving game, the next day you play the windows might be boarded up. A few days later the store has a "Closed for Repairs" sign on it. These world details would be up to the game developer to implement of course, but the potential is there.
Ethernet is enabled out of the box for local networks. The presenting developer was aware of software allowing internet play and seemed happy about it. Microsoft has an online program in the works where you will be able to get software updates for the XBox. Something was said about providing emulators and MAME was mentioned.
Graphics chip is a custom nVidia GeForce3 chip. It is slightly older and probably slightly slower that current consumer chips, but the standard platform will allow games to be much faster since code can be optimized for the standard platform that they are not going to change.
They will release a voice-peripheral with hardware compression that plugs into the controller. This could be used in multiplayer games like Halo for communication. This was described as a work around for not having a keyboard.
The Devkit does not have the security lock on it (which is why MAME was only on a Devkit - I don't think we'll be seeing a consumer version until MS authorizes it). The Devkit has a 9GB hard drive that acts as a DVD simulator. The developer downloads their executable to the hard drive then reboots and the XBox loads it. It can simulate DVD load time too. There is an extra serial port on the Devkit, which is used for kernel debugging. There is also a way to set the game region. The game region might be software settable on the consumer boxes too.
There is a 64MB memory limit. The XBox will crash if this is exceeded. More memory will not be available in the future.
System menus use a vertex shader to do green x-ray effects. The entire vertex shader is stored on the GPU and only polygons are sent to the card once the shader is loaded.
DOA3 has the best 3rd party utilization of the XBox and it uses pixel vertex shaders.
Halo has 8 texturing passes. One of the MS developer beat Halo on the hardest level using only pistol whip.
xbox.bin