Slashdot Mirror
Strong Hints On Flashing Your Xbox
customsex writes: "bunnie has written a nice one with pictures documenting his adventure flashing his bios on his xbox. check it." His page also points you to the Sony vs. Connectix case regarding reverse engineering of hardware.
That phone message was pretty funny, the x-box guy sounds pretty nervous/antsy. "We'd uh, like you to remove that rom image, and uh, call us when you do. Or call me and uh, we can talk about it."
One cool thing to note is that this wasn't a lawyer calling him, it was one of the x-box dev guys.
-- Dan
So it looks like hardware hackers only with the appropriate tools and skills.
There was also this tidbit:
If you are looking for the FLASH ROM contents of the XBOX, you won't be able to download them even though I've extracted them. I got a call [recording edited to protect sensitive info] from Microsoft within 12 hours of posting this page regarding the binaries...
Sounds like MS is on the ball on this one, as far as protect their hardware secrets.
"It is a greater offense to steal men's labor, than their clothes"
man pretty smart of microsoft to realize their own mistakes may be required in games
wonder how hard it would be to mod a bios to let you boot up things like Office 2000 or something like that. Not that it would be particularly useful displaying to a TV. Something like geiss would be cool to run on a big screen hi-def tv, though.
Conversely, when will someone get me a program that will let me play DOA3 or other xgames on my PC? I wouldn't think that would be too hard. I think MS should even support it because if we can buy a program to let us buy and run games on our PC, they don't lose money on each console sold.
I have no idea what a GC is, but I imagine it's in alot of pain. Isn't there a more humane way of doing this?
Nobody who can't extract his own would have a use for them until someone writes an Xbox emulator. Even then I guess the emulation can be done with a few device drivers running on nt, instead of writing a whole machine emulation. Bios image may be required in that case too, but probably not.
Gentlemen, you can't fight in here, this is the War Room!
I understand that posting the ROM image is illegal in the states, but does that apply to Europe or Russia or even China? I know that the Xbox is not in release in those places yet but should not stop a small email attachment of the image making it's way overseas and winding up on a web site. Just wondering. Thanks.
Great people don't need people to complete them, great people complete other people. -- Matthew Pawlikowski.
And make money on every game to make up for it?
:)
So, let's all buy an Xbox, convert it to running Linux, and come up with a cool open source development environment to build our own games.
We can destroy MS and get a good gaming console out of it at the same time.
I would also love to make a C64 emulator CDROM with about 500 old games and a nice menuing system to select which games to play, and make the save and load work from all the games as well.
A system like the X-box would be great for that.
Do we really need to post a story everytime some guy plays Halo naked in front of his television?
I was just wondering that if the dumping of the rom will actually help in the emulation of the XBox, since everyone can now examine the bios. Most instructions can be emulated easily as they are similar to PC instructions, UMA can be examined closely too :)
You must defeat Sheng Long to stand a chance.
Uh, some of us like to play the games.
"...documenting his adventure flashing his bios..."
The story is about his adventure *removing* his bios. It's interesting - you might want to read it.
Recall reading the Wired article about the XBox, where they mention that its initial $300 dollar price will be driven down to around $100 as soon as possible. /. itself could run on such an installation. Feel the irony.
Sorry about the low end of the computer market, but it'll be cool when you can drop a grand, pick up a ten-pack of them, and construct your Much-Ballyhooed Beowulf Cluster (MBBC).
Maybe one day
Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
As opposed to hacking an XBox to use Linux (which I agree is a noble pursuit, if not flawed), why not find a cost-effective way to make a "LBox" out of cheap hardware. Put a penguin on the cover or something.
Me, personally, I bought my XBox for playing games and DVDs, like most people. I love fucking around with hardware myself, but this thing is a toy to be played with and enjoyed for me, not a job.
If the xbox BIOS was replaced with LinuxBIOS then that shouldnt that bypass any other protection they put in software.
linuxBIOS project http://www.acl.lanl.gov/linuxbios/
But I'm waiting for someone to hack the new Maytag Neptune washer and dryers, the ones with the 4" plasma touch screen. I want one that will run Linux and play DVDs while I'm doing my laundry. Or actually if I had the washer and dryer I could have one running Linux and the other serving as a game/DVD console, and I could wash my clothes.
cheap labor conservatives - they want to keep you hungry enough to be thankful for minimum wage.
He was in Russia when he was alleged to have broken the law.
The only problem is the US (plus France, Belgium, Israel & a number of other countries) hve a bad habit of enforcing their laws extraterritorily
IE, outside of their juristiction, like putting out warrents for Columbian & Burmese drug smugglers who have never been within US juristiction (IE the US, or within the US 12 mile line or on a US registed plane or ship in international waters) & thus have never been legally obliged to comply with US laws.
Its a similar case with that Russian coder, even though he was arrested while visiting the US, he was charged for actions taken while he was in Russia, so it was impossible for him to break US laws.
Traditionally there's only 2 charges that can be enforced extra-territorily, but only on ones own citizens - Piracy on the high seas & treason.
Not that it'l make any differances, prosecutors & judges never skip a chance of setting precedents that increase their juristiction.
Mind you it shows how hypocritical the US & Israel are for complaining about Sharon (an Israeli) being indicted in a Belgium court for war crimes that occured in Lebanon.
Because it was Israel & the US that set precedents that led to that Belgium law - look at Israel prosecuting a German for what happened in Germany.
The only differance between the Nvidia NForce Xbox chipset & the new Nvidia K7 PC mainboard chipset is that Xbox version is designed for the GTL+ bus, while the K7 PC version is designed for the EV6 bus, other than that they are exactly the same.
Consequently once one has worked out how to master/hack the Xbox BIOS & the propietry MS Xbox file system (to load a PC OS compatible FS), there's no reason why one couldn't load any X86 PC OS on it (the chipset drivers for both versions of the NForce are, or should be the same).
Now if your talking about playing XBox games on a PC, why would you want to? MS is selling them so cheap that they are losing $100 a pop on them, so the big saving would be in utilising the Xbox as a PC, rather than the other way arround.
Maybe you could load Linux on & turn the Xbox into a xbox.
Man, can't you people make it so it just brings up the porn when I poke the buttons? :(
Wha?
Oh! I'm sorry, I thought this was a thread on the XXX-Box. I saw flashing...
Why does /. have people posting at standard scores >1. Its not like you can see any correlation between quality and the initial score ... quite the opposite really, karma whores dont make very good posters they just know how to get points. Which gets them into trouble when like now they try to contribute something intelligent to a real discussion.
... this bought them some of the space to make room for GeForce3 class hardware with extra vertex shaders etc etc. Although Im pretty sure that even given that the chip is still a whole lot more complex in the X-Box. Their PC chipsets are only weak cousins of the X-Box one.
Anyway you are dead wrong, NVIDIA left heaps of features off the X-Box graphics part of the chipset which are essential for backwards compatibility on the PC
Did anyone get to the site and download the ROM image before it was removed? If so, what was the filename so I can go look it up on $P2PNETWORK?
In the spoon, there is no Soviet Russia!
How does MicroSoft find out about these sites before /. does?
I think they are paying some guys to just surf the web looking for stuff that can stuff people from using M$ products.
Man, surf the web all day AND get paid... I'd take that job !
I know it's an odd thing to say, but I would like to congratulate Microsoft on (unusually!) actually being half-decent. Listening to the phonecall, whether he was coached or not, I would congradulate Mr. Thompson on not being a smeghead and actually NICELY asking for the image to be removed.. without threatening legal action over some obscure EULA clause for looking at the motherboard or something :)
This is only partly true. There was a press release from Nintendo the other day and it spend some time talking about the 1.9 Games to Console ratio they obtained. A few days later MS announced that they had the best ratio ever recorded for an initial concole launch of 2.4.
This number is important and the game developers are not fools. They have been in this arean much longer than MS and knows the deal. Second the games sold will be analysed endlessly by all kinds of parameters like age, gender etc, so a significant conversion rate to Linux will have an impact.
Help fight continental drift.
This gets on topic towards the end:
Correct me if I'm wrong, but I understand that the HDs in the Xbox are standard IDE drives. I've also read that people have attempted to chain the drives into their PC's IDE loop and mount them, but have been unable to because of a prop filesystem. Seeing as how the drives are 8-10 GB, what if you were to dd if=/dev/xbox of=/spare/drive bs=1024 to a spare drive >10GB (to hold the info). This way you don't damage your Xbox drive and you have a copy of it to play with. The reason?
I have worked with proprietary systems in the past that were (more or less) similar to the Xbox, in that they used standard PC hardware and theory but needed to be secure from hardware "hack" attempts. Microsoft has had the tools to do something similar for a while. Reports state the Xbox is using a W2K kernel. The most associated filesystem with W2K is NTFS. With NTFS it's possible to create an encrypted filesystem. Now, if you wanted to handle the de/crypt as fast as possible where would you put it? In hardware.
Take it a step further. Instead of adding extra de/crypt hardware to the mainboard why not consolidate a little bit more and take it straight to the I/O, that is the BIOS. Perhaps the HD is using an encrypted filesystem that is being handled directly by the BIOS. This would make some sense, since a software part could be broken all to easy. This also protects all components equally. Replace the BIOS and you can't read the HD, replace the HD but the BIOS can't read it (which has been proven).
I venture that if you were to hammer out the details of the filesystem it would provide insight into the working of the BIOS. The sour part of this is that we already know it can be done (to some extent) because we have seen shots of MAME running on Xbox hardware. Though, perhaps that was under different rules since it was an SDK kit.
I'm against picketing, but I don't know how to show it.
Someone already made an XBOX MAME emulator that supposedly runs at 60fps. However he cant release it because of legal restrictions and it only works on the developer xboxes now. His website is http://www.otakunozoku.com/xbox/
Download the xbox.bin linked at the very top of his page...
;-)
lukewarm@mr-causey:~ > cat xbox.bin
gamecube rulez...
This encryption is going to take a long time to crack!
It's entirely likely MS may revise the BIOS at a later stage, for fixing bugs - if it turns out to be necessary. All console makers do. So long as you don't change the external functionality at all, that's fine.
But what the article was saying is that this is a reasonable move by MS, to increase robustness in the possible case of field flash rom upgrades, or even if multiple versions of the BIOS might be required. I'm sure MS are very aware that the latter case is not a desirable one.
Come to that, I doubt that "flash ugrades in the field" are even possible, let alone planned, or the author probably wouldn't have had to replace the ROM at all. It'd be a major security hole, if you could do that! :-)
Why would anyone engrave "Elbereth"?
I hope this guy did not buy his xbox from CompUSA because I think he may have voided his
$30 two-year warranty
What you can do is power the HD with a cable from a PC, turn on the PC then the Xbox, wait till the Xbox firmware unlocks the drive, does what it has to do, then goes idle.
Then you turn off the Xbox (drive stays powered), carefully unplug the IDE cable & attach it to your PC's IDE controller instead. Rescan the drives & you should see it AND be able to read from it. Some info here, and elsewhere on those forums.
Reportedly, the filesystem is a variant on the good old FAT, and not even encrypted. There are some differences, but apparently nothing too challenging (but it won't mount as an ordinary FAT partition, of course).
Executables are signed, and modifying the exe invalidates the signature, so that won't be easy to get around. Perhaps replacing the BIOS would help, but you'd want to find out the HD password first...
And yes, the MAME port was done on an SDK kit, which is much more open of course).
Why would anyone engrave "Elbereth"?
All we need is one person to create an X-box game that just flashes in a Linux BIOS and can boot a linux image from CD.
Why bother flashing the ROM?
Just reverse-engineer its contents sufficiently to see how it loads from the CD. Then make a new LILO version-or-replacement that will boot linux (and other stuff) on the X box - perhaps with a soft BIOS under it and/or suitable modifications to certain linux modules that use BIOS services.
The only way I can imagine this failing is if the BIOS runs the entire game in protected mode with no way to subvert it.
Of course flashing the BIOS ROM is cleaner when you're done (except that you can't run the games anymore.)
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
DVD is not included because it would have cost $8 more per box. They decided to let the people who wanted it pay for the license. The DVD codec is stored in the dongle.
The controllers are big because printing smaller circuit boards is expensive. There is a Japanese controller that about half the size of the US controller and they said it would work on the US version.
A guy named Horace designed the logo (he's also done branding work for Nike) and working on the branding. The first concept sketch was done with a green highlighter marker. The color stuck.
The XBox allows ripping of CDs into 128 bit using WMAC codec. The CD tracks can be used to replace game music streams (perhaps by choosing a radio station in your racecar). Volume level is normalized when ripping CDs.
The strategy for the XBox is to provided ease of development. Single platform. No plans to upgrade since that would destroy ease of development.
The XBox uses an extremely stripped Win2K kernel. The original was something like 12MB. The stripped version is around 28kb (I didn't get the exact number). When the XBox boots, the kernel is running in ring 0 and nothing else is running. The game loads all of the remaining libraries. A game could also use completely custom libraries.
No dynamically linked libraries. All libraries are statically linked into games during development. Driver upgrades will only be on new games to prevent DLL incompatibility hell.
The XBox has "strong security". They do a lot of tricks to make sure that you cannot hack the box (regions, copy protection, unauthorized software). A comment was made about unsoldering three chips. Microsoft does all production of disks and all games have been 'encrypted' to run on the XBox. It sounds similar to the DVD encryption, but Microsoft is holding all the keys so that they do not leak.
The developer talking to us said he would like to see Linux running on the box, but thought it unlikely that anyone would get past the security schemes.
They said that no mouse or keyboard would be released. "Not a Trojan horse".
The hard drive has three 700MB partitions that are allocated to the three most recently played games. These partitions are used to cache data from the slow DVD drive. After loading onto the drive, subsequent loads will be must faster.
4.5 MB are allocated for each game to store persistent world data and save games. For example: If you crash into a coffee store in a driving game, the next day you play the windows might be boarded up. A few days later the store has a "Closed for Repairs" sign on it. These world details would be up to the game developer to implement of course, but the potential is there.
Ethernet is enabled out of the box for local networks. The presenting developer was aware of software allowing internet play and seemed happy about it. Microsoft has an online program in the works where you will be able to get software updates for the XBox. Something was said about providing emulators and MAME was mentioned.
Graphics chip is a custom nVidia GeForce3 chip. It is slightly older and probably slightly slower that current consumer chips, but the standard platform will allow games to be much faster since code can be optimized for the standard platform that they are not going to change.
They will release a voice-peripheral with hardware compression that plugs into the controller. This could be used in multiplayer games like Halo for communication. This was described as a work around for not having a keyboard.
The Devkit does not have the security lock on it (which is why MAME was only on a Devkit - I don't think we'll be seeing a consumer version until MS authorizes it). The Devkit has a 9GB hard drive that acts as a DVD simulator. The developer downloads their executable to the hard drive then reboots and the XBox loads it. It can simulate DVD load time too. There is an extra serial port on the Devkit, which is used for kernel debugging. There is also a way to set the game region. The game region might be software settable on the consumer boxes too.
There is a 64MB memory limit. The XBox will crash if this is exceeded. More memory will not be available in the future.
System menus use a vertex shader to do green x-ray effects. The entire vertex shader is stored on the GPU and only polygons are sent to the card once the shader is loaded.
DOA3 has the best 3rd party utilization of the XBox and it uses pixel vertex shaders.
Halo has 8 texturing passes. One of the MS developer beat Halo on the hardest level using only pistol whip.
A patent does not prohibit reverse engineering. To the contrary: if the patent is on the entire game console, it should be detailed enough so that people could build another one: a valid patent must describe the invention in sufficient detail that someone of ordinary skill can build one.
That phone message was pretty funny...
Does anybody with an MP3 decoder feel inspired to write a transcript of it for those of us who don't have one set up yet?
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Nobody who can't extract his own would have a use for them until someone writes an Xbox emulator.
Actually, one use for a ROM dump would be to assist in designing a linux loader that runs with the existing BIOS.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
As one of the Halo developers, I can tell you that nobody is going to beat it on the hardest difficulty using only the melee attack. There's just absolutely no way. There are levels full of enemies that are basically immune to melee. It's insane enough when you have all your weapons. :)
We use a variable number of texturing passes on the environment based on how many lights are shining on a surface - the minimum is four and it's easy to get even higher than eight on certain surfaces in a firefight.
- butcher
Afterall it costs much more to midify a chipset than just not enabling them in the BIOS.