How the Xbox 360 Hypervisor Security was Defeated | MVG
Vložit
- čas přidán 7. 07. 2019
- Part two of my retrospective on the Xbox 360 security. In this episode we look at the Xbox 360 Hypervisor and the different methods used to defeat it
► Part 1 Here - • How the Xbox 360 DVD S...
► Consider supporting me - / modernvintagegamer
Sources :
► PlayStation3 PPC64 Linux, does it still work? - • PlayStation3 PPC64 Lin... 0
► RGH 2.0 on Jasper Xbox - • RGH 2.0 on Jasper Xbox...
Social Media Links :
► Check me out on Facebook : / modernvintagegamer
► BandCamp : modernvintagegamer.bandcamp.com/
► The Real MVP Podcast : player.fm/series/the-real-mvp
► Follow me on Twitter : / modernvintageg
#Xbox360 #Hypervisor #MistakesWereMade - Hry
I know this is random, but thanks for porting Doom on the PSP!
He did that along time ago
did his port have music? the one i found didnt
@@ChaseMC215 still needs recognition
@@antblaster9k unfortunately no but it was amazing back then
This dude is a genius... He even did it with the switch! This dude is so good I think he can port Doom to a toaster with no problems.. He's a master at coding and hacking..
*Bank gets robbed without anyone noticing because of a security issue
MVG: "mistakes were made"
Software piracy is not theft.
@jlstugart04 it should be.
@jlstugart04 Legality and morality are independent quantities. Many things which are moral are illegal and many things which are legal are immoral.
@jlstugart04 Game piracy isn't truly illegal. It's immoral yes, but it doesn't directly contribute to a loss. Pirates generally don't buy anyways; if they truly wanna support, they will buy. Even in the case of people refusing to buy, it's most likely because of their financial conditions.
Just because you were born in a shitty ass country with low salary, doesn't mean you don't deserve to enjoy some games to avert eyes from their current shitty life.
If consoles have better region pricing, people from lower income countries would also buy games legit. But bruh, some countries have like $300 average salary but $60 game and some extra on tax. I don't mind third worlders pirating not gonna lie. First worlders that earn 10x the salary a month though should support the dev.
He isnt wrong
Getting those RGH boot timings down can be a fine art and a test of patience. I've had systems be in range of anywhere from instaboot to 5 minutes, which is why I always loved the JTAG. No fuss, no timings to mess with! Excellent video, my dude.
THIS IS WHY IT DOESNT LOAD IMMEDIATELY. Thanks
@Arnold101Knight it depends which chip you are using. if you were using the hardware from xecuter, the boots times wasn't that good, in my case.
The squirt 360 was the best chip, boot within 30sec
My rgh is instant.
Yep once you had your JTAG in place, it was as simple as pressing the power button to launch the modded dash, or press the eject button with power off to boot into XeLL
Do you guys remember the old days when by just one sd card and a file you could hack your wii and play unlimited games
Letter bomb was easier. Didn't even need a supported game.
With an unpatched switch now it's a micro SD and a paperclip
@@PenguinCinema Paperclip would be a bitch. Took forever to get my 3D-printed RCM jig to even work so I set autoRCM after 2 or 3 uses.
@@PenguinCinema Never use a paperclip. Hard, scratchy metal and joycon pins dont go well together.
Never had a wii, but i'm getting my first Xbox360 so i can play some exclusive games like Rumble Rose XX, DOA4 etc.
Some seriously skilled people out there in the hacking community.
No matter how secure you think your code is, there will be someone out there that can beat it.
Red team / Blue team. Black Hat / White Hat we need them all. Companies are really negligent when it comes to our data. It's unfortunate
I believe that there is a always someone from the hacking/modding community that works from Microsoft/Sony.
@randomguy8196 Yet people don't understand it. And the task of the security is not to be unhackable at all it is just to make it hard and take a lot of time and efforts so it doesn't worth for the average consumer. So Microsoft won this battle - most people olay legit copies of the games
Haha, you said "beat it".
@randomguy8196 Security is to buy time.
Linux is like Skyrim, it’ll eventually run on anything
More like doom
@@retropcs88 the both of you guys just blew my brains
hell yeah skyrim on gameboy
@@yourick1953 knowyourmeme.com/photos/1281547-the-elder-scrolls-v-skyrim
I want to see linux on something like a gameboy or DS
Their protection lasted exactly as long as they needed it to, it really was a fantastic piece of security.
Except for the dvd back, that was just dumb, what were they thinking?
Their protection still somewhat lasts. There is still no softmod out that works on any recent version. Only one, and that was patched pretty quickly (EDIT: also, that one softmod is also super old). If you want a modded Xbox 360, your only choice is a hardmod, and it's going to stay like that for years to come.
Imagine if companies put this much effort into securing our machines for us, instead of from us...
Profound.
It's much harder to secure a machine that the attackers all have physical access to. They probably could make an almost unhackable computer but it would be so limited in features it would be like using a console/iPhone as your main PC. Every bit of software that runs on it has to be approved by them etc.
All this is what makes console modding so much fun.
Except that if say Microsoft release a fully open console, expect to pay many times as much for it as you usually would. They protect it because the price of the hardware is subsidised by the games they sell. If people pirate games...then they make a loss. If people don't play games and use for linux etc...they make a loss.
It's completely fair, imo.
@@Fennecbutt well said
@@Fennecbutt Except that there DVD exploit which was discovered much earlier and never really fixed already allowed piracy. All of the effort put into making and defeating hypervisor exploits was about homebrew.
The engineering behind the Xbox 360 security was quite ingenius. I must commend Microsoft engineers for very very creative security.
Lmfao
Yeah, those RRODs worked perfectly.
@@JohnnyReb1976 RRODs had nothing to do with security idiot, RRODs were because of the cpu.
@@JohnnyReb1976I mean.. nothing beats homebrew like a system that stops working for completely different reasons.
@@JohnnyReb1976 That was actually a TSMC manufacturing defect, the only thing Microsoft could've potentially done is powered the consoles on and off when they reached the target temps before launch. At least they actually fixed them for free unlike Sony's yellow light of death which they would charge for if it was out of warranty, which was only like 90 days, 1/12th the warranty of the 360 (3 years).
I wouldn't call the 360 a dead system.
Phil Spencer himself even said that there are at least 10 million Xbox 360 players online to this day.
Majority of those are in "Developing Nations" & that's cool. Games are usually made for consles 3 yrs after U.S end of life
The era of JTAGs and MW2 was amazing, feel lucky to have been there lol.
The golden days of jtags and cod 4/mw2 :D
Yep, joining a random lobby, getting a kill and suddenly you're Prestige 10 with everything unlocked....
@@RGInquisitor I dont think a console game was ever hit by modding as hard as mw2 was with jtags. Definitely not on xbox at least
AlterIWNet was king.
@@samsurace5713 Indeed! The thing I liked the most is that most of the modded lobbies you happened by weren't used to screw with people; they were fun! I remember one lobby, the only map in circulation was Highrise and the game had little gravity, so if you jumped you would practically fly off the map, and players ran very fast too! If you ran too much, you would either fall off the sides of the map to your death or you would bounce off of something and fly to your doom. The score limit was only 5 kills, and the only usable class was with a .44 Magnum with a tac-knife, Marathon Pro, Commando Pro, and Lightweight Pro.
My friends and I had so much fun in that lobby that we were really disappointed when it was shut down...
Love this series. Please do something on XBOX One too.
Ps. I know it's not hacked. That's what is interesting and annoying about it.
@@KarlRock XB1 nhi chaye, PS4 ka hack chaye. :D
Xbox One pulled most hackers out with their Dev mode, and Microsoft security team is much larger than Sony, even that the OS of PS4 is based on open-source softwares, it is still need to be maintained by Sony team themselves.
It’s never been hacked
6:09 "It controls all the power functions,
controls the fans,
handles system resets
and various other commands."
Talk about good rhyming.
Hmm, the Xbox 360 Hypervisor security is quite protective! 😇🤘🏻💕
Quite!
Temperently, but as soon as you jailbroke the 360, Microsoft is far passed fuck!
yep
Without reset glitch bug it was impossible to hack x360 after updates with jtag fixes. So, yes, supervisor is very secure and effective and x360 a badass to hack. We had luck that reset glitch existed.
The hypervisor isn't even the crazy part, that's pretty simple & straight forward. The crazy part is data encrypted on the bus's and the rom-on-chip. Those things are *very* hard to by-pass. Only other setup I've seen like that is the iPhone, and as far as I know that security hasn't been cracked yet. Even with the San Bernadino shooter and Apple was ordered to help the FBI, they were only able to allow unlimited tries & brute force, not crack the HW encryption.
Soldered my first JTAG in late 2009 on my falcon board 360.
It died pretty fast with a RROD. I just sold it off because I didn't want to spend any time or money to get it reballed.
Then in early 2010 I bought a premade jtagged 360 with a jasper board and that is still working to this day.
I even drilled a hole on top of the case to add a fan that draws in air into the case. I also replaced the back fan with 2 noiseblocker 60mm fans.
Now it is almost completely silent and runs much cooler than with just the stock fan.
How cool though, like what temperature in Idle and with heavy usage ?
Why do that with a Jasper? They’re arguably the best cooler of the entire Xbox line up and stay pretty cool either way.
@@thefox17906 Because it won't sound like a jet taking off and because it's fun to mod stuff even if it isn't a necessary mod.
Also, better cooling generally means longer hardware life.
Well if you have any experience with the phat consoles you’d know the stock fans for the Jasper/falcon v2 can be put to 40% iirc which meant it was quiet and still stayed below 60*c. Adding extra fans is just unnecessary
Never change this into music, it’s too iconic
Some corrections:
- The JTAG hack was not patched until Summer 2009 when the 8XXX kernel was released which overwrites the CB.
- Zephyr, Falcon, Opus, and Jasper are all able to be JTAG'd using slightly different wiring, either using ROL or AUD_CLAMP (assuming 7371 or below). The Kronos motherboard shipped with a patched CB, which patched the SMC hack. Some Kronos have been found that were not patched, though.
- The lower left port on the Xenon board is not the CPU JTAG port, but the Southbridge/SMC LED JTAG port. This is why on Zephyr and later when most of this port was removed, one of the wires goes to the Ring of Light instead. The CPU JTAG port is J8C1, on the upper right of the board.
- The Reset Glitch Hack can be made very reliable, depends on install, tuning, and chip used. RGH1.2 can instaboot Falcon, Jasper, and Kronos on latest dashes. S-RGH can instaboot Trinity and Corona. There isn't really a reason to use R-JTAG anymore because of that.
Good to know
I quite enjoy your retrospectives, they're excellent and very chill. I'd also like to thank you for all the joy your emulator ports have brought me. Your work probably brings more comfort than anyone will ever know.
"The King Kong Exploit" why is that phrase so funny to me 😂
BOWSER0897 thought I was the only one 🤣
These security retrospectives are some of your best content MVG. Especially with how hard it is becoming to find old forum threads and such. Keep up the excellent work!
I love the fact that you're not just a random youtuber covering the known stuff, but you also have the skills to back you up, like coding etc.
I absolutely love these videos about how the security measures of systems were bypassed. So thank you.
Dude you are so amazing. I'm having flashbacks from when I was 15, and did my first jtag. I just found your channel and you have inspired me to dust off my console and redo the HDD and organize the files.
I STILL have my launch console Xenon jtag. Obviously it RROD'd, but I had it reballed.
I love these videos - your knowledge of the intricacies of these systems is incredible and always blows me away, keep it up man!
Fun conspiracy theory: xbox red ring was a anti piracy measure to replace hackable xboxes. (I joke but I thought it was funny)
Funny enough we had a few modded and a single legit xbox, our single Legit Xbox was the only one to get RRD.
@@carlangelo653
Fan crapped out?
@@ChaseMC215 Fan isn't always the case. Mine was rrod'ed just from sitting. I didnt even use it. After some weeks of sitting, I decided to play some and was greeted with an rrod. I opened the system up and it was clean. (I cleaned it before, as the disc tray belts were slipping and not opening the disc tray.)
@@h4z11s4
My disc drive is just stuck
While it WOULD be funny, it was just terribly rushed engineering
Love your videos man always so informative and the production is always amazing too.
P.s love the intro song its so good.
Man I really love these videos, they are the perfect balance of information and story without getting too technical.
I wish companies would just allow its customers to mod their devices as they see fit, we’ve paid for it after all.
They never will, because modding wether intentional or not enables piracy. No company would agree to that.
@@carlangelo653 it would be a thing if you could run effective anti-piracy on the game itself. But as we know the state of things on the PC...
Fluffy Bunny Arrr
But on pc, pc makers does not get sales royalties, but console manufacturers do.
@@poopyjohn8182 well, they can open up the system. This will mean no publisher want to work for their system though. We know what happens next, no game, no system. It will eventually fail itself in the end, the hacking and homebrew community can't sustain it. It will either failed like Ouya or become niche console like MiSTer or Analogue. For better or worse, aiming for mainstream market meaning you need mainstream publisher support.
Love your videos man! They're always so interesting to listen to👍
I always loved tech but watching your vids really motivated me to change my major and really get into it. Thanks and bunch!!
Always look forward to your videos Mondays. It makes my work day go by quicker!
amazing work man, this is videogame History at its best. Very hard to find all this info summarized and explained in such a good way.
oh hahah- saw this in my home feed and thought it was an old video! i love that phrase, too, tho: Mistakes Were Made. streamer Vinesauce uses it a lot, so its cemented in my consciousness. anyway, thanks for all your hard work, friend!
"MVG has uploaded"
*Happiness noise*
[Husky happiness noise]
*squee*
6:08
It controls all the power functions, controls the fans,
Handels system reset and various other commands.
Nice rhymes there
Great vid! Small correction though, I think you meant 16 Bits, not bytes when you were talking about the lockdown counter. 16 Bytes has way, way more possibilities than 4096.
Meanwhile the Nintendo switch has full Homebrew quicker than any modern console before
Illuminati
Nintendo is full of artards.
I love hacking consoles and this one truly amazed me regard the pace and ease it was hacked. Trying to get into RCM without the use of a 3D printed jig is a massive pain in the ass, I managed to do it like 2x in about 2 weeks before my jig finally arrived.
Perhaps it's an intentional thing. If it makes people wanna buy switches just so they can mess around with them, what's the harm in that. Heck, if there's one thing I enjoy, it's occasionally watching mod videos for Pokemon Let's Go. An open system, is a fun system
didint help the switch os is just on top of android like a shell.
4:01 People still play Ridge Racer 6 online, I’m not kidding. There’s a semi-active community that does weekly competitions on Saturdays :D But the main community races every day until 11pm EST!
I love this series so much, I went from seeing your vids around youtube to checking my sub box for your uploads within weeks! Thanks for the content
I never knew back then, But would just like to say Thank You for your port of Mame 360 back when I got my 1st Jtag 360 many years ago.
this explains why I had a king Kong copy that randomly showed up in my house that my nephew brought
Wow. I don't I could have come close to cracking that. Just insane!
4:38 Wow....the Blade Dashboard is timeless. I just took it for granted and didn't appreciate how good the UI design was. Way ahead of its time in 2005.
I've been waiting for this video for so long!! I love this series!
Forever the “MISTAKES WERE MADE” guy.
"we love our customers and want our consoles to be used forever"
*spends millions to ensure the console is garbage in 10 years*
"our consoles are dying extremely quickly and nobody can use them"
*weak-ass extended warranty and plugging their ears*
just saw part 1 the other day and was looking forward to this video!
amazing technical descriptions. incredible how people figure this stuff out.
I absolutely love that the Xbox Original & 360 are STILL worth talking about in 2019! I was initially uncertain if Microsoft could pull of a console. Overall, they have done a fantastic job of competing in the console market through the years. Woot!
I'm early and can't think of a witty comment to make so I would just like to thank you for all these awesome videos and all the cool stuff you have done with homebrew over the years.
Just wanna say thank you for making this awesome content, it is atm one of the most enjoyable and interesting channels in my sub list.
I’ve waited a long time for this moment. These security exploit videos are awesome.
Woke up early somehow. Saw this posted.
Today is going to be a good day.
I think you meant that the lockdown counter is 16 *bits*, not bytes. Brute forcing 16 bytes is a LOT harder.
Love the "Aesthetical" music seems pretty good for these type of videos.
All of that was remarkable from both sides. Thank you for putting this together.
I love these videos, and the "Mistakes Were Made" title gets me every time. 😂 Thanks for making 'em!
Was really looking forward to this episode. This is what intrigues me. Keep up the great hacking/homebrew based videos!
I was hoping to see how the sausage is made but this'll do... this'll do.
Bruh.. you are smart as hell and you make awesome synthwave spacejams... I don't sub to many channels, and get notifications for even less, but you're proudly one of them.
Another Great Video MvG, love the windjammers shirt as well!
So King Kong - who, if i remember correctly, is a villain - saved the day for XBox homebrewers.
I quite like this mental image of sorts. :3
‘Twas beauty that killed the beast
Going by your logic, any wild animal caught and held in captivity is a villain...
I was just playing my RGH 360 before watching this video. Awesome machine for emulation!
So was i ;)
What emus could you recommend?
Thomas Newfield I use vba360 (gba), genesis plus 360 (genesis), fba next (arcade /cps1, 2 & 3), snes360 (snes) and pcsxr-360 2.1.0 v2 (ps1). They are pretty good and easy to set up.
i love these type of videos! It makes it so much easier just to send someone a link to your informational video if they wanna know the history!
Thank you! I’ve been waiting for this video
So... are you uploading every Monday now?
No
Sure seems like it
he has been doing it for a few months i believe
Thank you for making these videos. Your like the only one who mades videos of this quailty about it.
Great analysis, detail, and history. Thank you!
Really great series! Keep it up! I really like seeing the history of hackers v companies.
Thanks for making these videos. I live learning about weird niche histories like these and this series in particular got me in to the homebrew scene. I've even made a homebrew app (very basic script) for the Switch.
EDIT: Also, XBox One hacks soon, maybe.
What an awesome channel. I love it and thos channel now has me hunting down ps2 and xbox originals now at goodwill and salvation armys locations so I can hack it and gift it to my young nephews that missed out on the older video games
Great video!! I have a suggestion. I wanna know if you could make a video about ps4 and it’s security flaws. I’ve seen a jail broken ps4 and it is really cool.
Thanks and have a good day.
Nothing special as far as i know. Just some javascript exploit stuff with full access.
Hello MVG. I just wanted to let you know that I love the content, level of technical insight and presentation. You are a great host, cheers mate.
Great great video... I loved it... I would also like to see how older consoles where defeated, and i very much like to see videos about how emulation works i am sure many many more would like that too. Again, many many thanks for the countless amount of hours you put in these awesome videos. Thanks!
360 is one of my favorite all time consoles. The modding on 360 was always so much fun to do. Still got my Jtag jasper sat in my room
Kameo was actually first made for original xbox.. there is even prototype on hiddenpalace to download for it but then moved to 360.
The development was even begun on the Gamecube, before Microsoft bought Rare. Also, the original Xbox version of Kameo is nearly complete, I think the only thing non working is the final boss battle. Else the entire game is playable
I get so happy when I see a new video pop up on my feed
Thanks for all the details and your work, have learned alot!
It may be worth noting that the reason that unsigned code was executed under the KK exploit, rather than just sitting as a regular asset file, was actually due to unsigned shader code being compiled at runtime rather than being distributed as an already compiled.
Maybe in a bonus video you could talk about the burnable kiosk disc that was found very early on, which was burnable and bootable on retail consoles. It had a demo of King Kong, which is what spurred interest in the game for being a hack entry point and was blacklisted in an early dashboard update. Had the vulnerable code in the hypervisor been introduced on launch (instead of 4xxx), the first couple of dashboards could be completely exploited without even opening the console. The disc also had the game Hexic HD on it, which was found to be an Adobe Flash emulator for Xbox 360 that just ran the Hexic game. You could actually swap out the game with your own flash game and play it on a retail console! I had these events documented in the /r/360hacks "scene history" page with more details.
Wait really? There’s a burnable Xbox 360 kiosk Disc?
@@RaysGamingChannel2003 Yup. Blacklisted from running in later dashboard updates.
How does 16 byte translate to 4096 trys? Even if you confused bits and bytes in the script that won't match.
Maybe accidentally did (2^8)*16 ?
well, it must be 16 bits, so 2^16 equals 65536, which are not too many tries either
I guess number of those fuses is 4096.
If it's 16 bytes then it's a 128-bit key, which isn't what's in the script but it'd be an understandable key length back when the hardware was finalized circa 2004
Good question.
If I did my research and math right, 16 bytes can have 340,282,366,920,938,000,000,000,000,000,000,000,000 different combinations, while 16 bits can have 65535. I'm more likely to be wrong about that bigger number, but frankly I don't care because even if it's 50 trillion off it wouldn't make much of a difference.
You would have to divide 65535 by 16 to get to (roughly) 4096.
Yep, doesn't make sense to me either. Perhaps there's something about hashes that we don't understand?
i really enjoy your content, so fun to know all those fun facts on how thinks where broken and what they did to try and fix :) thanks a lot for this quality content
I just wanted to say that your intro music is so perplexing, I'm quite sure I've heard it somewhere outside of your other videos, yet it seems like you are the creator, or so your desc would suggest. It might be a newbie observation, but let me just say if that's so, you are massively talented all around! Keep up the good work. And if anyone's able to suggest where my deja vu comes from, I would be very appreciative :D
So I had my Xbox 360 in 2011? It came with R-JTAG? It boots very slow and indeed sometimes does not boot at all, then someday around 2013 it never boots up again, and I take it to a "dealer" to get it fix, after the "fix" it boots very quickly everything works just fine, anyone idea what kind hack is my Xbox 360 using?
Efuses?
How many available updates could even be possible with those?
IIRC, the Xbox 360 CPU had over 700 of them from factory. That's plenty of room for updates
Excellent video as always MVG!
I just watched part 1 an hour ago and was waiting for this!
i still use xbox360 in 2019
"It requires only 4096 tries"
ONLY four thousand and ninety-six tries.
Keep in mind that a computer doing something that many times is almost instantaneous. In a single second, the Xbox 360's CPU goes through 3,200,000,000 clock cycles, and it probably takes a fraction of just one of those clocks to try it that many times.
Hmm… good point
@@zach_c That's nothing for a CPU lol.
A few years later we have RGH 3.0 chipless insta-boot. Kinda tricky, but man, life is good.
It’s amazing, I’ve actually just bought another RGH for a trip down memory lane. Got me into programming and now I do it as a profession
Why is your content so interesting everytime you never seem to bored me.
i love this stuff man
Let's go! I've been on this for a while the xbox 360 is my favorite console!
Thumbnail:
Shows original Xbox 360
“Mistakes were made”
Me: That could mean one of two things, take a guess what they are.
It's amazing how the community figured out all that. Great video
Ive watched this so many times, its so amazing.
Security
*exists*
Hackers
"I'm about to end this man's whole career"
Hmmm, what about Xbox One? 🤔
I mean.... the PS4 got jailbroken, so what about Xbox One?
The legendary RGH and JTAG, thank for this awesome video, Awesome content as always,but this is more than that :)
Your videos are simply AMAZING
Now security is baked into the CPU, good luck reverse engineering a CPU. If Microsoft has done everything correctly, it's going to be really hard to hack the Xbox one. I think we got lucky with the 360.
we dont need to hack the xbox one
the dev tools are right there, its called dev mode.
first
I love these videos so much. I remember all of this, but not in such detail. Great nostalgia.
I've been waiting so long for this video