Hacking the XboxHacking the Xbox

By Donald BurrBy Donald Burr

<dburr@sblug.com><dburr@sblug.com>

What We’ll DiscussWhat We’ll Discuss What is an Xbox?What is an Xbox? What can you do with a hacked Xbox?What can you do with a hacked Xbox?

Upgrade hard driveUpgrade hard drive Back up games onto hard driveBack up games onto hard drive EmulatorsEmulators Media players/media centerMedia players/media center LinuxLinux

How to hack the XboxHow to hack the Xbox Hardware vs. software hacksHardware vs. software hacks

Running Linux on a hacked XboxRunning Linux on a hacked Xbox

What is an Xbox?What is an Xbox? Video game console marketed by MicrosoftVideo game console marketed by Microsoft

Introduced in Fall 2001.Introduced in Fall 2001. Basically an embedded PC.Basically an embedded PC.

Pentium III Celeron @ 733 MHzPentium III Celeron @ 733 MHz 64 MB DDR RAM64 MB DDR RAM 8 GB hard drive8 GB hard drive DVD-ROM driveDVD-ROM drive 10/100 Ethernet10/100 Ethernet 4 x USB 1.1 ports4 x USB 1.1 ports NVIDIA NV2X custom graphics chip (Roughly equivalent NVIDIA NV2X custom graphics chip (Roughly equivalent

to a GeForce 3 MX)to a GeForce 3 MX) OS based on Windows 2000OS based on Windows 2000

You get all of this for $150 ($110 or lower if used)You get all of this for $150 ($110 or lower if used)

Opening the XboxOpening the Xbox

The Innards Exposed!The Innards Exposed!

The motherboard itselfThe motherboard itself

Backside of motherboardBackside of motherboard

Why do you need to hack Why do you need to hack it?it?

If it’s basically like a PC, then why can’t If it’s basically like a PC, then why can’t you just toss in a Linux disk or you just toss in a Linux disk or whatever?whatever?

It’s because of the Microsoft BIOS It’s because of the Microsoft BIOS (TSOP)(TSOP) It will only run “signed” softwareIt will only run “signed” software

Public key cryptographyPublic key cryptography You need to get around this in order to You need to get around this in order to

run third party (“unsigned” software)run third party (“unsigned” software) Unless you have the Microsoft Xbox SDK, Unless you have the Microsoft Xbox SDK,

which can generate signed code…which can generate signed code…

What can you do with a What can you do with a hacked Xbox?hacked Xbox?

Play games made for other regions Play games made for other regions (Europe, Japan, etc.)(Europe, Japan, etc.)

Play DVD’s made for other regions Play DVD’s made for other regions (Region-Free DVD player)(Region-Free DVD player)

Back up games onto the internal HD Back up games onto the internal HD and play them from the HDand play them from the HD No more lost/broken game CD’sNo more lost/broken game CD’s Doesn’t work with Xbox Live games – Doesn’t work with Xbox Live games –

you still need the original CD for thoseyou still need the original CD for those

More hacked Xbox tricksMore hacked Xbox tricks EmulatorsEmulators

Atari, C-64, Arcade machines (MAME), Atari, C-64, Arcade machines (MAME), PlayStation, ADAM, Apple ][, N64, SNES, PlayStation, ADAM, Apple ][, N64, SNES, GameBoy, and many, many, many moreGameBoy, and many, many, many more

Media Players and Media CenterMedia Players and Media Center Xbox Media Center (XBMC)Xbox Media Center (XBMC) Plays audio and video file formatsPlays audio and video file formats Network aware (can stream content from a Network aware (can stream content from a

server)server) And, of course, you can run Linux on it!And, of course, you can run Linux on it! More applications being made every dayMore applications being made every day

Caveat Hacker!!!Caveat Hacker!!!(The Disclaimer of Doom)(The Disclaimer of Doom)

Strictly speaking, hacking/modding your Xbox Strictly speaking, hacking/modding your Xbox is ILLEGALis ILLEGAL Thanks to that lovely piece of legislation we know Thanks to that lovely piece of legislation we know

and love (NOT!), the DMCAand love (NOT!), the DMCA The Xbox BIOS can be seen as a “digital The Xbox BIOS can be seen as a “digital

encryption device”encryption device” And according to the DMCA, circumventing such a device And according to the DMCA, circumventing such a device

is illegalis illegal

That having been said, I have NOT heard of That having been said, I have NOT heard of any cases where individuals were prosecutedany cases where individuals were prosecuted Microsoft has gone after some companies that sell Microsoft has gone after some companies that sell

mod chips, however no individuals who have mod chips, however no individuals who have bought modchips have been prosecuted.bought modchips have been prosecuted.

More DisclaimersMore Disclaimers

Neither I, nor SBLUG, can or will be held Neither I, nor SBLUG, can or will be held responsible if you screw up, destroy, or responsible if you screw up, destroy, or maim yourself or your Xboxmaim yourself or your Xbox Remember, you ARE voiding your warranty!Remember, you ARE voiding your warranty!

Nor can we be held responsible if anyone Nor can we be held responsible if anyone takes legal action against youtakes legal action against you However, both we and the Xbox community However, both we and the Xbox community

think that this is highly unlikely.think that this is highly unlikely.

Fight for your Rights!Fight for your Rights!

This is an excellent example of “Fair This is an excellent example of “Fair Use” and why we should fight to Use” and why we should fight to protect our Fair Use rights.protect our Fair Use rights.

See the EFF for more info and to get See the EFF for more info and to get involvedinvolved http://www.eff.org/http://www.eff.org/

Another VERY IMPORTANT new law Another VERY IMPORTANT new law that WILL affect things like this – The that WILL affect things like this – The INDUCE ActINDUCE Act So important, it deserves its own slideSo important, it deserves its own slide

The INDUCE ActThe INDUCE Act This all stems from the Sony v. Universal This all stems from the Sony v. Universal

Supreme Court decision ruled in 1984Supreme Court decision ruled in 1984 Universal sued Sony over the Betamax VCR Universal sued Sony over the Betamax VCR

– because it could be used to copy/pirate – because it could be used to copy/pirate moviesmovies

Sony argued that VCR’s have legitimate Sony argued that VCR’s have legitimate uses and so shouldn’t be banneduses and so shouldn’t be banned

The Supreme Court agreed in this landmark The Supreme Court agreed in this landmark decisiondecision

However, this ruling is now being However, this ruling is now being threatened by Big Mediathreatened by Big Media

How does this affect me?How does this affect me? It’s a matter of legal precedentIt’s a matter of legal precedent

The Betamax decision set the precedent that The Betamax decision set the precedent that allowed the development of other digital devicesallowed the development of other digital devices

iPodsiPods TiVO/ReplayTVTiVO/ReplayTV CD and DVD burnersCD and DVD burners ComputersComputers And yes, hacked Xboxen too…And yes, hacked Xboxen too…

Big Media doesn’t like this!Big Media doesn’t like this! They want to control what content you can get, and They want to control what content you can get, and

how you can use ithow you can use it This would effectively stifle technical innovation and This would effectively stifle technical innovation and

Open Source projects under a mass of legal red tapeOpen Source projects under a mass of legal red tape Fight the Power!!!Fight the Power!!!

Hacking the XboxHacking the Xbox

Two methodsTwo methods Software hackingSoftware hacking Hardware hackingHardware hacking

Which one you use depends on Which one you use depends on several factorsseveral factors Vintage of your XboxVintage of your Xbox Your skills at solderingYour skills at soldering Availability of software hacks/exploitsAvailability of software hacks/exploits How daring you areHow daring you are

Software hackingSoftware hacking The easiest hacking methodThe easiest hacking method Requires no additional tools (except for the Requires no additional tools (except for the

software that the exploit needs). No software that the exploit needs). No disassembly required.disassembly required.

Typical hacker stuff – exploiting Typical hacker stuff – exploiting vulnerabilities, buffer overflows, etc. in vulnerabilities, buffer overflows, etc. in software (games) to get the Xbox to run your software (games) to get the Xbox to run your own codeown code

Problem is, with the latest OS upgrades (esp. Problem is, with the latest OS upgrades (esp. Xbox Live!), they have patched a lot of these Xbox Live!), they have patched a lot of these vulnerabilities.vulnerabilities. So they only work with older/unpatched Xboxes and So they only work with older/unpatched Xboxes and

software.software. You’ll have to resort to hardware hacking instead…You’ll have to resort to hardware hacking instead…

Some example software Some example software exploitsexploits

Splinter Cell save-game exploitSplinter Cell save-game exploit MechAssault Audio ExploitMechAssault Audio Exploit Bert + Ernie Font ExploitBert + Ernie Font Exploit Many moreMany more

Hardware hackingHardware hacking

Works where software hacking doesn’tWorks where software hacking doesn’t Hardware hacking requires a “mod chip”Hardware hacking requires a “mod chip” Mod chips available for all Xbox versionsMod chips available for all Xbox versions

Even those where software hacking doesn’t workEven those where software hacking doesn’t work Some assembly requiredSome assembly required Requires you to open the XboxRequires you to open the Xbox

Hence voids your warranty.Hence voids your warranty. Some soldering is required for new XboxesSome soldering is required for new Xboxes Special precautions required when using Xbox Special precautions required when using Xbox

LiveLive

Some terminologySome terminology

TSOPTSOP The Xbox’s built in BIOSThe Xbox’s built in BIOS Does not allow third party/unsigned software to runDoes not allow third party/unsigned software to run

LPCLPC Low Pin Count – a sort of “bus” that mod chips hook Low Pin Count – a sort of “bus” that mod chips hook

intointo D0 pinD0 pin

A pin on the motherboard that is used by a mod A pin on the motherboard that is used by a mod chip to “interrupt” the normal booting of the Xbox, chip to “interrupt” the normal booting of the Xbox, to insert its own BIOS in place of the standard Xbox to insert its own BIOS in place of the standard Xbox TSOP BIOS.TSOP BIOS.

How it WorksHow it Works Normally the Xbox runs the code in TSOP Normally the Xbox runs the code in TSOP

when it is turned onwhen it is turned on Mod chip triggers the D0 line, interrupts Mod chip triggers the D0 line, interrupts

the normal boot, and runs the code on the the normal boot, and runs the code on the mod chipmod chip

Mod chip contains a flash memory chip Mod chip contains a flash memory chip that you can flash your own BIOSes onthat you can flash your own BIOSes on 1 MB = 4 x 256K BIOSes1 MB = 4 x 256K BIOSes

Mod chip allows you to select from any of Mod chip allows you to select from any of these BIOSes, or boot the standard Xbox these BIOSes, or boot the standard Xbox TSOP.TSOP.

Types of BIOSesTypes of BIOSes

TSOPTSOP Original Microsoft BIOS on motherboardOriginal Microsoft BIOS on motherboard Only runs signed codeOnly runs signed code Required for Xbox LiveRequired for Xbox Live

Live checks BIOS checksum when logging inLive checks BIOS checksum when logging in If it doesn’t match, your Xbox is BANNED from If it doesn’t match, your Xbox is BANNED from

LiveLive You can buy an EEPROM code that can un-ban You can buy an EEPROM code that can un-ban

your Xbox, but that is a risky propositionyour Xbox, but that is a risky proposition

More BIOSesMore BIOSes

EvoX BIOSEvoX BIOS A hacked version of the Microsoft BIOS A hacked version of the Microsoft BIOS

(TSOP)(TSOP) Removes the encryption checkRemoves the encryption check

Allows signed and unsigned code to runAllows signed and unsigned code to run Lets you play standard Xbox games as well Lets you play standard Xbox games as well

as other software (Linux, emulators, Media as other software (Linux, emulators, Media Center, etc.)Center, etc.)

WILL NOT work with Xbox Live (fails the WILL NOT work with Xbox Live (fails the checksum test)checksum test) You WILL get banned!!!You WILL get banned!!!

Yet Another BIOSYet Another BIOS

““Cromwell” BIOSCromwell” BIOS Completely engineered from scratchCompletely engineered from scratch More or less like a standard PC BIOSMore or less like a standard PC BIOS Will NOT run standard Xbox software, Will NOT run standard Xbox software,

signed or unsignedsigned or unsigned Used for booting and running Linux Used for booting and running Linux

ONLYONLY Only use if you intend to dedicate your Only use if you intend to dedicate your

Xbox to LinuxXbox to Linux

Mod chipsMod chips

There are many mod chips out thereThere are many mod chips out there XecutorXecutor XeniumXenium ChameleonChameleon SmartXXSmartXX X-ChipX-Chip And a whole bunch of othersAnd a whole bunch of others

I went with the XeniumI went with the Xenium

Xenium ICE is my recommendationXenium ICE is my recommendation Solderless (unless you have a 1.6 Xbox)Solderless (unless you have a 1.6 Xbox) No DIP switches – everything is software No DIP switches – everything is software

programmableprogrammable 1 MB BIOS chip1 MB BIOS chip

Allows you to flash up to 4 x 256K BIOSesAllows you to flash up to 4 x 256K BIOSes Easy to use, menu driven interfaceEasy to use, menu driven interface Software protection against accidental Software protection against accidental

“bad flashes”“bad flashes” Only mod chip out there now that works Only mod chip out there now that works

with v1.6 Xboxeswith v1.6 Xboxes

What you getWhat you get

Solderless kit

LED display connector

Pin header for motherboard

Mod chip

USB port converter

LED display

How to install itHow to install it You have to download the instructions!!You have to download the instructions!!

http://www.xbox-scene.com/http://www.xbox-scene.com/ For V1.0-1.5For V1.0-1.5

Remove solder from LPC points (if v1.0)Remove solder from LPC points (if v1.0) Install rivets (optional)Install rivets (optional) Seat solderless adapterSeat solderless adapter Insert D0 wire into D0 pointInsert D0 wire into D0 point Seat Xenium chip on solderless adapterSeat Xenium chip on solderless adapter

Installation for v1.6 Xboxes is a bit more Installation for v1.6 Xboxes is a bit more involved, and requires solderinginvolved, and requires soldering

Installing on a v1.6 XboxInstalling on a v1.6 Xbox

Rebuild the LPC port (if you have a Rebuild the LPC port (if you have a V1.6 Xbox)V1.6 Xbox)

Install the pin header in the LPC Install the pin header in the LPC portport

Seat the Xenium chip on the pin Seat the Xenium chip on the pin headerheader

Solder wire from D0 point on Solder wire from D0 point on motherboard on D0 point on Xeniummotherboard on D0 point on Xenium

The LPC portThe LPC port

Rebuilding the LPC portRebuilding the LPC port

Installing Xenium and Installing Xenium and D0 wireD0 wire

Modchip Installed… Now Modchip Installed… Now What?What?

Time to go software hunting!Time to go software hunting! Go to EFnet IRC channel #xbinsGo to EFnet IRC channel #xbins

Good EFnet server – irc.umich.edu port 6667Good EFnet server – irc.umich.edu port 6667 /msg xbins !list/msg xbins !list Follow the directionsFollow the directions Bookmark that IRC siteBookmark that IRC site

You WILL need to go back there and do the You WILL need to go back there and do the “/msg xbins !list” if you want to FTP stuff in “/msg xbins !list” if you want to FTP stuff in the futurethe future

What should I get?What should I get?

EvoX hacked BIOSEvoX hacked BIOS Slayer’s EvoX Install DiskSlayer’s EvoX Install Disk

The “Knoppix” of Xbox moddersThe “Knoppix” of Xbox modders One disk that contains the “best of the One disk that contains the “best of the

best” in Xbox softwarebest” in Xbox software Makes it very easy to installMakes it very easy to install

A Linux distributionA Linux distribution GentooX is easiest to installGentooX is easiest to install Xebian takes a bit more effort to installXebian takes a bit more effort to install

First, install the BIOSFirst, install the BIOS Boot your newly modded XboxBoot your newly modded Xbox

Xenium OS menu should appearXenium OS menu should appear If nothing happens, or the Xbox light flashes red, check If nothing happens, or the Xbox light flashes red, check

your connections!your connections! Now we need to find a way to get the BIOS file Now we need to find a way to get the BIOS file

onto the Xboxonto the Xbox Xenium OS has a built in FTP serverXenium OS has a built in FTP server

FTP the BIOS file onto the internal hard driveFTP the BIOS file onto the internal hard drive Or you can burn a CD or DVD with the BIOS file on itOr you can burn a CD or DVD with the BIOS file on it Or, easiest yet, whip out your USB pen drive!Or, easiest yet, whip out your USB pen drive!

Use the Xenium menu to add an entry for the new Use the Xenium menu to add an entry for the new BIOSBIOS Might as well add an entry for the default BIOS (TSOP) Might as well add an entry for the default BIOS (TSOP)

tootoo

Slayers EvoX InstallSlayers EvoX Install

Burn it to a CD or DVDBurn it to a CD or DVD Boot your modded Xbox with the Boot your modded Xbox with the

hacked BIOS, with this disk in the hacked BIOS, with this disk in the drivedrive

Follow the on screen promptsFollow the on screen prompts If you want to upgrade your Xbox’s If you want to upgrade your Xbox’s

hard drive, do this now!!hard drive, do this now!! SAVE YOUR ORIGINAL HARD DRIVE – SAVE YOUR ORIGINAL HARD DRIVE –

you may need it!you may need it!

It’s time for some It’s time for some demos!demos!

First, the non-Linux software First, the non-Linux software (but it’s still Open Source!)(but it’s still Open Source!)

Installing LinuxInstalling Linux

Get the Linux BIOS file onto the Xbox Get the Linux BIOS file onto the Xbox (same procedure as with getting the (same procedure as with getting the EvoX BIOS on there)EvoX BIOS on there)

Burn the install diskBurn the install disk Boot install disk using the Linux BIOSBoot install disk using the Linux BIOS Follow the directionsFollow the directions If you can’t see the screen, you can If you can’t see the screen, you can

continue the install by SSH’ing into the continue the install by SSH’ing into the boxbox

About Keyboards and About Keyboards and MiceMice

If you intend to use your Xbox as a Linux If you intend to use your Xbox as a Linux console, you will need an adapter to plug console, you will need an adapter to plug in a USB keyboard and mouse.in a USB keyboard and mouse.

Xenium ICE kit comes with oneXenium ICE kit comes with one Also one is available from Microsoft for Also one is available from Microsoft for

free (+$6.95 shipping/handling)free (+$6.95 shipping/handling) Xbox controller can be used as a mouse-Xbox controller can be used as a mouse-

like device, but it’s not good for fine like device, but it’s not good for fine grained cursor control.grained cursor control.

If you’d rather use a PC monitor instead of If you’d rather use a PC monitor instead of a TV, there are Xbox VGA converter boxes.a TV, there are Xbox VGA converter boxes. Check here – Check here – http://www.lik-sang.com/http://www.lik-sang.com/

And now some And now some Linux demosLinux demos

Cool things you can do withCool things you can do with

Linux on an XboxLinux on an Xbox

Some Final NotesSome Final Notes Xboxen tend to be rather picky about Xboxen tend to be rather picky about

the burned media that they can readthe burned media that they can read Some Xboxes don’t work with CD-R’s, but Some Xboxes don’t work with CD-R’s, but

work fine with CD-RW’swork fine with CD-RW’s There are even some Xboxes that work with There are even some Xboxes that work with

only specific brands of mediaonly specific brands of media If CD media doesn’t work, try DVD media.If CD media doesn’t work, try DVD media.

Use –RW’s to avoid burning through blank disksUse –RW’s to avoid burning through blank disks Forget about –RAM, no Xbox will support itForget about –RAM, no Xbox will support it

If your burn doesn’t seem to work, keep If your burn doesn’t seem to work, keep trying!trying!

For More InformationFor More Information Xbox SceneXbox Scene

http://www.xbox-scene.com/http://www.xbox-scene.com/ The mother of all sites - you can get The mother of all sites - you can get

EVERYTHING hereEVERYTHING here Including links for purchasing modchips and Including links for purchasing modchips and

downloading softwaredownloading software Great FAQs and forums tooGreat FAQs and forums too

Linux on Xbox (in general)Linux on Xbox (in general) http://www.xbox-linux.org/http://www.xbox-linux.org/

GentooXGentooX http://gentoox.shallax.com/http://gentoox.shallax.com/

XebianXebian http://www.xbox-linux.org/Xebianhttp://www.xbox-linux.org/Xebian

More ResourcesMore Resources Microsoft USB Keyboard AdapterMicrosoft USB Keyboard Adapter

http://www.xbox.com/pso2/keyboardadapter.hthttp://www.xbox.com/pso2/keyboardadapter.htmm

Lik Sang – source of other Xbox Lik Sang – source of other Xbox accessories, including VGA adaptersaccessories, including VGA adapters http://www.lik-sang.com/http://www.lik-sang.com/

EFF – fight for your rights!EFF – fight for your rights! http://www.eff.org/http://www.eff.org/

The INDUCE Act – Fight the Evil!The INDUCE Act – Fight the Evil! http://www.savebetamax.org/http://www.savebetamax.org/

Feel free to e-mail meFeel free to e-mail me dburr@sblug.comdburr@sblug.com

The EndThe End

Thanks for coming!Thanks for coming!