> Whether PC users, our core readership, will be interested in actually emulating Xbox One, looks unlikely. The 2013 system’s game library is largely overlapped in better quality on the PC platform.
And this explains why it's stayed unhacked so long. There was very little incentive to hack the system when the games are all playable on a PC. Pirates, cheaters, archivists, and hackers could just go there. Microsoft's best security measure was making something nobody cared enough about to hack in the first place
The other major incentive for hacking the console Microsoft removed was for the first time on a modern mainstream home console to allow side loading of homebrew code/emulators etc. The console supported a developer mode that allowed side loading of third party applications, so folks could get emulators and other traditionally "banned" content on the console through an officially supported route.
There's a great presentation by Tony Chen on the Xbox One's security features:
"side loading", I know this term is the one used but I think should be pushed back against with just using the standard "installing"/"install". It makes the control point clearer and (should be) unsettling when you can't "install" software on hardware you own.
It's a great point. As a geek I used to think those details don't matter, but it turns out language shapes society and how humans think way more than I understood.
We need to catch up on this because the people who know how to use language for propagandizing don't have the best intentions in mind.
But using the original term is not enough. We need to combat their word-twisting by upping them. We need a way to convey "their way of installing stuff by default is inferior and an attack on liberty".
Something like:
- direct install: installing as we always did
- caged install: installing through a locked store.
Maybe somebody better at marketing can find a good way to do this. In fact, we should have a whole site and community to organize together and shift the narrative on all nerdy things: formats, open web, DRM, patents, etc.
We have been weak on these points for so long because we care much more about solving tech problems than selling them. But openness is being eaten away under our noses. Has been for years.
I think sideloading is a fine term when it is a consumption device. No one buys a video game console expecting to be able to install anything they want. As a matter of fact, there is an argument that restricting what can be installed is a feature. By maintaining control of the hardware, they can eliminate entire classes of problems that someone might run into. That is to say, when you let your kid play on the switch, you don't want to have to troubleshoot how they got the thing borked from installing malware.
That said, I do think words matter and I always point out that the reason these systems are locked down is because of Digital Restrictions Management. I also refuse to buy anything from Sony because they changed their mind about letting me install linux on the PS3.
I just think side loading is good way to describe installing custom software on a non-general purpose computer, and that not every computer needs to be general purpose. It's significantly better than the previous terms of hacking, cheating, stealing, and voiding your warranty.
I tend to draw a distinction - side loading usually infers a supported but not mainstream way of installing applications - this xbox for example cannot side load without you paying a small fee to enable the developer mode, and the vast majority of software will be obtained via retail discs or the Xbox store. It's not a generic "install" mechanism native to the out of the box experience for the console - you have to do some extra work for this avenue to open.
When I think of "install" I think of general purpose OSes which can install software from almost any source no questions asked, or use the native out of the box support for software installations.
The similar distinction exists with android and iOS, and is probably why the term is popular in those communities too.
If nothing else, the term sideload makes very clear on platforms with native appstores or locked down distribution channels (consoles, phones...) that the install did not come from the native channels. Installs from game discs or the xbox store are inherently different from developer mode software and using the same term "install" for both disguises this fact.
Yeah I listened to a podcast with Corey Doctorow (inventor of the term "enshittification") and he made this point quite well, to the point where I have completely removed "side loading" from my vocabulary. It's installing software on the computer I own.
I'm very much of the opinion that PS3's linux support massively delayed its exploitation. And not just because it provided a path for homebrew/linux.
A lot of the early hacking focused on trying to breach the hypervisor from otheros. The hypervisor turned out to be quite secure, people smashed their heads against it for years until it finally fell to a memory glitching attack.
But turns out it was so much easier to just attack gameos with a USB exploit. The hypervisor did nothing to prevent it, and would then just decrypt games for you (because gameos was trusted)
I've seen this argument, but I strongly suspect that it's a cope argument. "We couldn't get in... because... we didn't care to! Even though we've hacked literally every other object on the planet just because."
The proof in the pudding of this will be when the Nintendo Switch 2 reaches 2035 with no cracks. That's my prophecy; that this time around the cat actually will catch the mouse. Between NVIDIA's heavily revised glitch-resistant RISC-V security architecture and Nintendo's impeccable microkernel, there's nowhere left to hide. DRM may turn out to have been a very slow long battle to "victory," not a "this will always be defeated."
Now if only Sony would let us even have a smidgen of our own code on our Playstations. But nope, Sony would rather gatekeep that one to Hell and back.
Instead, they keep stripping stuff off the console. I'm still so annoyed that PS5 doesn't even have an integrated web browser anymore (especially trying to troubleshoot network issues from the console itself).
But hey, Sony can leave bullshit exploit vectors open like PPPoE clients on the console itself (why? just use a router?)...
There is this general vibe online that the newer generation xboxen are either bad, worse than playstation, or a straight up failure.
My series x, combined with gamepass, is by a very large margin the most at-home-entertainment bang I have gotten for my buck.
Before then I had what could be regarded as a "vintage" gaming PC: 1st gen i7 (nehalem?), a gts 450 and some amount of ram. An upgrade (read: full replacement) was desperately needed. This was in the middle of the crypto gpu boom, so a decent GPU alone would've wiped my budget. I settled for an xbox as it was cheaper than a ps5.
I've always seen myself as part of the pc master race, and thought consoles to be very limited. But man, it just worked, the games just worked, and gamepass made it all a total steal.
Even now, when our 3 month old baby is settled for the night, me and my wife's preferred entertainment is a session of bg3 over watching tv.
This is true, but it is also true that the Xbox One's security architecture and mitigations were ahead of its time. It would've taken a while to hack even with stronger incentives to hack it.
>The 2013 system’s game library is largely overlapped in better quality on the PC platform.
I get what this essentially means, but for those of us with a certain amount of love of language (or pedantry), it's fascinating to try and parse this literally because I don't quite think it works as intended.
Clearly the intended meaning is something like eclipsed in quality. And it may be overlapped in the sense that the same games are separately available on PC. But overlap isn't a relation of quality; quality is generally better or worse when it's comparative. So it's like a smushed together way simultaneously saying the selection of games on Xbone overlaps with what's available on PC and is also better quality on PC.
One thing PC does not have are the Xbox/Xbox 360 updated games. Microsoft did a great job of making the old games playable on Xbox One with better resolution, performance, etc. It would be nice to play the exclusive games of those consoles on PC through this.
Yeah, you couldn't be more wrong here. The exact same people who thoroughly destroyed the 360 badly wanted to attack this system - they were just outgunned.
Pretty much, if you provide what people want elsewhere you will reduce the demand to crack the original system.
One of the reasons the Wii U was slow to be hacked was because Android TV boxes had come along plus things like Ouya/Nvidia shield, and it basically took away a lot of demand for a console turned into TV unit to use hacked software.
It still happened but not so quiclkly. Not like the original Wii which didnt really have much similar to it at the time.
Also getting a dev account and loading up RetroArch/emulators in general is trivial. Best use of an Xbox one for sure. Well documented and exploited at this point.
Not the same as emulating its titles, but a lot of interest in the Xbone/series line (outside of actual console users) is the dev accounts. So I imagine a lot more effort went there first.
The Xbox One has been emulated though (well not emulated, it's a compatibility layer like Wine). Before this hack, there was Collateral Damage. We were able to dump games with the exploit.
Minecraft: Xbox One Edition (the Legacy version) was of keen interest to our community as it would be playing LCE natively on a PC if you used a compatibility layer which never happened before.
So a few of my LCE cult friends contributed to WinDurango which was pretty much dead before they joined, and got Minecraft: Xbox One Edition to work.
Of course, you'd ask "why don't you just play Minecraft on PC normally?" Legacy Console Edition has so many minute differences and details that it's impossible to discuss all of them--things as big as the Minigames and as small as the mipmaps.
And then LCE source code from 2014 got leaked and that had a native PC port. Oh well.
No it doesn’t explain it. This is legitimately a difficult target. Did you watch the talk?
The people that MS hired to make and break this were top notch, and there is definitely incentive to maintain control over a content platform. This dude has been at this for /years/. I’ve been a fly on the wall on all sides to observe this.
There has been a lot of interest in underground / pirate communities to hack this, but that’s not the only reason why people hack things.
This is great news. Hopefully this opens the floodgates towards emulation and homebrew. Not that there are really any exclusives, but it would be interesting.
Voltage glitching attacks are pretty brutal to defend against because you're essentially fighting physics, not software. You can write perfect code and still get bypassed by someone manipulating the electrical signals at the right microsecond..
Amazing talk. Here's a quick writeup if you don't want to watch the full hour or don't have enough hardware knowledge to follow what Markus is talking about, as he goes very fast, in some cases too fast to even let you read the text on his slides. It's mandatory to use the pause key to understand the full details even if you have a deep understanding of every relevant technology, of which he explains none.
The Xbox uses a very advanced variant of the same technologies that also exist on smartphones, tablets and Secure Boot enabled PCs. When fully operational the Xbox security system prevents any unsigned code from running, keeps all code encrypted, proves to remote servers (Xbox Live) that it's a genuine device running in a secure state, and on this base you can build strong anti-piracy checks and block cheating.
The Xbox has several processors and what follows applies to the Platform Security Processor. When a computer starts up (any computer), the CPU begins execution in a state in which basically nothing works, including external communication and even RAM. Executions starts at a 'reset vector' mapped to a boot ROM i.e. the bytes are hard-wired into the silicon itself and can't be changed. The boot ROM then executes instructions to progressively enable more and more hardware, including things like activating RAM. Until that point the whole CPU executes out of its cache lines and can't use more memory than exists on-die.
Getting to the state where the Xbox can achieve all its security goals thus requires it to boot through a series of chained steps which incrementally bring the hardware online, and each step must verify the integrity of the next. The boot ROM is only 19kb of code and a few more kb of data, and can't do much beyond just activating RAM, the memory mapping unit (called MPU on the Xbox), and reading some more code out of writeable flash RAM. The code it reads from flash RAM is the second stage bootloader where much more work gets done, but from this second stage on it can be patched remotely by Microsoft. So if bugs are found there or in any later stage, it hardly matters because MS can issue a software update and detect remotely on Xbox Live servers if that upgrade was applied, so kicking out cheaters and pirates. The second stage boot loader in turn loads more code from disk, signature checks and decrypts it, sets up lots of software security schemes like hypervisors and so on, all the way up to the OS and the games.
Therefore to break Xbox security permanently you have to attack the boot ROM, because that's the only part that can't be changed via a software update. It's the keys to the kingdom and this is what Markus attacked. Attacking the boot ROM is very, very hard. The Xbox team were highly competent:
• Normally the bringup code would be written by the CPU or BIOS vendors but MS wrote it all in house themselves from scratch.
• The code isn't public and has never leaked. To obtain it, someone had to decode it visually by looking at the chip under a scanning electron microscope and map the atomic pictures to bits and then to bytes.
• Having the code barely helps because there are no bugs in it whatsoever.
So, the only way to manipulate it is to actually screw with the internals of the CPU itself by "glitching", meaning tampering with the power supply to the chip at exactly the right moment to corrupt the state of the internal electronics. Glitching a processor has semi-random effects and you don't control what happens exactly, but sometimes you can get lucky and the CPU will skip instructions. By creating a device that reboots the machine over and over again, glitching each time, you can wait until one of those attempts gets lucky and makes a tiny mistake in the execution process.
Glitching attacks predate the Xbox and were mostly used on smartcards until the Xbox 360, which was successfully attacked this way. So Microsoft knew all about them and added many mitigations, beyond "just" writing bug free code:
1. The boot ROM is full of randomized loops that do nothing but which are designed to make it hard to know where in the program the CPU has got to. Glitching requires near perfect timing and this makes it harder.
2. They hardware-disabled the usual status readouts that can be used to know where the program got up to and debug the boot process.
3. They hash-chain execution to catch cases where steps were skipped, even though that's impossible according to program logic.
4. They effectively use a little 'kernel' and run parts of the boot sequence as 'user mode' programs, so that if sensitive parts of the code are glitched they are limited in how badly they can tamper with the boot process.
And apparently there are even more mitigations added post-2013. Markus managed to bypass these by chaining two glitch attacks together, one which skipped past the code that turned on the MMU, which made it possible to break out of one of the the usermode 'processes' (not really a process) and into the 'kernel', and one which then was able to corrupt the CPU state during a memcpy operation, allowing him to take control of the CPU as it was copying the next stage from flash RAM.
If you can take control of the boot ROM execution then you can proceed to decrypt the next stage, skip the signature checks and from there do whatever you want in ways that can't be detected remotely - however, the fact that you're using a 2013 Phat device still can be.
I would imagine jail breaking modern PlayStations and Xboxes would not be as interesting as the PS3 or Xbox 360. The modern generations are too close to PCs. I miss the time when console makers were also making interesting CPUs and, sometimes, GPUs.
BTW, what would be the specs for a Xbox 360? I remember the PS3 was a rather limited Linux workstation because it lacked RAM (and tge hypervisor limited access to the GPU - a limitation gone when jailbroken), but I haven’t read much about the 360 and its own weird PowerPC.
Physical possession of a machine is pretty hard to make secure. It's a different level of secure, an order of magnitude less secure than remote attackers. This is expected?
The "unhackable" label has always been a liability, not a feature. In my experience, the moment a vendor publicly declares something unbreakable, they've handed researchers the most compelling motivation possible. It's less a security posture and more a recruitment poster.
292 comments
> Whether PC users, our core readership, will be interested in actually emulating Xbox One, looks unlikely. The 2013 system’s game library is largely overlapped in better quality on the PC platform.
And this explains why it's stayed unhacked so long. There was very little incentive to hack the system when the games are all playable on a PC. Pirates, cheaters, archivists, and hackers could just go there. Microsoft's best security measure was making something nobody cared enough about to hack in the first place
There's a great presentation by Tony Chen on the Xbox One's security features:
> https://www.platformsecuritysummit.com/2019/speaker/chen/
Examples of the kinda software you can put on the Xbox One in developer mode:
> https://xboxdevstore.github.io/
We need to catch up on this because the people who know how to use language for propagandizing don't have the best intentions in mind.
But using the original term is not enough. We need to combat their word-twisting by upping them. We need a way to convey "their way of installing stuff by default is inferior and an attack on liberty".
Something like:
- direct install: installing as we always did
- caged install: installing through a locked store.
Maybe somebody better at marketing can find a good way to do this. In fact, we should have a whole site and community to organize together and shift the narrative on all nerdy things: formats, open web, DRM, patents, etc.
We have been weak on these points for so long because we care much more about solving tech problems than selling them. But openness is being eaten away under our noses. Has been for years.
That said, I do think words matter and I always point out that the reason these systems are locked down is because of Digital Restrictions Management. I also refuse to buy anything from Sony because they changed their mind about letting me install linux on the PS3.
I just think side loading is good way to describe installing custom software on a non-general purpose computer, and that not every computer needs to be general purpose. It's significantly better than the previous terms of hacking, cheating, stealing, and voiding your warranty.
When I think of "install" I think of general purpose OSes which can install software from almost any source no questions asked, or use the native out of the box support for software installations.
The similar distinction exists with android and iOS, and is probably why the term is popular in those communities too.
If nothing else, the term sideload makes very clear on platforms with native appstores or locked down distribution channels (consoles, phones...) that the install did not come from the native channels. Installs from game discs or the xbox store are inherently different from developer mode software and using the same term "install" for both disguises this fact.
A lot of the early hacking focused on trying to breach the hypervisor from otheros. The hypervisor turned out to be quite secure, people smashed their heads against it for years until it finally fell to a memory glitching attack.
But turns out it was so much easier to just attack gameos with a USB exploit. The hypervisor did nothing to prevent it, and would then just decrypt games for you (because gameos was trusted)
The proof in the pudding of this will be when the Nintendo Switch 2 reaches 2035 with no cracks. That's my prophecy; that this time around the cat actually will catch the mouse. Between NVIDIA's heavily revised glitch-resistant RISC-V security architecture and Nintendo's impeccable microkernel, there's nowhere left to hide. DRM may turn out to have been a very slow long battle to "victory," not a "this will always be defeated."
Instead, they keep stripping stuff off the console. I'm still so annoyed that PS5 doesn't even have an integrated web browser anymore (especially trying to troubleshoot network issues from the console itself).
But hey, Sony can leave bullshit exploit vectors open like PPPoE clients on the console itself (why? just use a router?)...
My series x, combined with gamepass, is by a very large margin the most at-home-entertainment bang I have gotten for my buck.
Before then I had what could be regarded as a "vintage" gaming PC: 1st gen i7 (nehalem?), a gts 450 and some amount of ram. An upgrade (read: full replacement) was desperately needed. This was in the middle of the crypto gpu boom, so a decent GPU alone would've wiped my budget. I settled for an xbox as it was cheaper than a ps5.
I've always seen myself as part of the pc master race, and thought consoles to be very limited. But man, it just worked, the games just worked, and gamepass made it all a total steal.
Even now, when our 3 month old baby is settled for the night, me and my wife's preferred entertainment is a session of bg3 over watching tv.
>The 2013 system’s game library is largely overlapped in better quality on the PC platform.
I get what this essentially means, but for those of us with a certain amount of love of language (or pedantry), it's fascinating to try and parse this literally because I don't quite think it works as intended.
Clearly the intended meaning is something like eclipsed in quality. And it may be overlapped in the sense that the same games are separately available on PC. But overlap isn't a relation of quality; quality is generally better or worse when it's comparative. So it's like a smushed together way simultaneously saying the selection of games on Xbone overlaps with what's available on PC and is also better quality on PC.
One of the reasons the Wii U was slow to be hacked was because Android TV boxes had come along plus things like Ouya/Nvidia shield, and it basically took away a lot of demand for a console turned into TV unit to use hacked software.
It still happened but not so quiclkly. Not like the original Wii which didnt really have much similar to it at the time.
Not the same as emulating its titles, but a lot of interest in the Xbone/series line (outside of actual console users) is the dev accounts. So I imagine a lot more effort went there first.
Minecraft: Xbox One Edition (the Legacy version) was of keen interest to our community as it would be playing LCE natively on a PC if you used a compatibility layer which never happened before.
So a few of my LCE cult friends contributed to WinDurango which was pretty much dead before they joined, and got Minecraft: Xbox One Edition to work.
Of course, you'd ask "why don't you just play Minecraft on PC normally?" Legacy Console Edition has so many minute differences and details that it's impossible to discuss all of them--things as big as the Minigames and as small as the mipmaps.
And then LCE source code from 2014 got leaked and that had a native PC port. Oh well.
> Microsoft's best security measure was making something nobody cared enough about to hack in the first place
Maybe that's what they're trying to achieve with Windows as well.
The people that MS hired to make and break this were top notch, and there is definitely incentive to maintain control over a content platform. This dude has been at this for /years/. I’ve been a fly on the wall on all sides to observe this.
There has been a lot of interest in underground / pirate communities to hack this, but that’s not the only reason why people hack things.
Irl noop and forced execution control flow to effectively return true.
B e a utiful
I wonder if, assuming they continue making Xbox, they find a way to mitigate this in the next generation.
https://news.ycombinator.com/user?id=gaasedelen
The Xbox uses a very advanced variant of the same technologies that also exist on smartphones, tablets and Secure Boot enabled PCs. When fully operational the Xbox security system prevents any unsigned code from running, keeps all code encrypted, proves to remote servers (Xbox Live) that it's a genuine device running in a secure state, and on this base you can build strong anti-piracy checks and block cheating.
The Xbox has several processors and what follows applies to the Platform Security Processor. When a computer starts up (any computer), the CPU begins execution in a state in which basically nothing works, including external communication and even RAM. Executions starts at a 'reset vector' mapped to a boot ROM i.e. the bytes are hard-wired into the silicon itself and can't be changed. The boot ROM then executes instructions to progressively enable more and more hardware, including things like activating RAM. Until that point the whole CPU executes out of its cache lines and can't use more memory than exists on-die.
Getting to the state where the Xbox can achieve all its security goals thus requires it to boot through a series of chained steps which incrementally bring the hardware online, and each step must verify the integrity of the next. The boot ROM is only 19kb of code and a few more kb of data, and can't do much beyond just activating RAM, the memory mapping unit (called MPU on the Xbox), and reading some more code out of writeable flash RAM. The code it reads from flash RAM is the second stage bootloader where much more work gets done, but from this second stage on it can be patched remotely by Microsoft. So if bugs are found there or in any later stage, it hardly matters because MS can issue a software update and detect remotely on Xbox Live servers if that upgrade was applied, so kicking out cheaters and pirates. The second stage boot loader in turn loads more code from disk, signature checks and decrypts it, sets up lots of software security schemes like hypervisors and so on, all the way up to the OS and the games.
Therefore to break Xbox security permanently you have to attack the boot ROM, because that's the only part that can't be changed via a software update. It's the keys to the kingdom and this is what Markus attacked. Attacking the boot ROM is very, very hard. The Xbox team were highly competent:
• Normally the bringup code would be written by the CPU or BIOS vendors but MS wrote it all in house themselves from scratch.
• The code isn't public and has never leaked. To obtain it, someone had to decode it visually by looking at the chip under a scanning electron microscope and map the atomic pictures to bits and then to bytes.
• Having the code barely helps because there are no bugs in it whatsoever.
So, the only way to manipulate it is to actually screw with the internals of the CPU itself by "glitching", meaning tampering with the power supply to the chip at exactly the right moment to corrupt the state of the internal electronics. Glitching a processor has semi-random effects and you don't control what happens exactly, but sometimes you can get lucky and the CPU will skip instructions. By creating a device that reboots the machine over and over again, glitching each time, you can wait until one of those attempts gets lucky and makes a tiny mistake in the execution process.
Glitching attacks predate the Xbox and were mostly used on smartcards until the Xbox 360, which was successfully attacked this way. So Microsoft knew all about them and added many mitigations, beyond "just" writing bug free code:
1. The boot ROM is full of randomized loops that do nothing but which are designed to make it hard to know where in the program the CPU has got to. Glitching requires near perfect timing and this makes it harder.
2. They hardware-disabled the usual status readouts that can be used to know where the program got up to and debug the boot process.
3. They hash-chain execution to catch cases where steps were skipped, even though that's impossible according to program logic.
4. They effectively use a little 'kernel' and run parts of the boot sequence as 'user mode' programs, so that if sensitive parts of the code are glitched they are limited in how badly they can tamper with the boot process.
And apparently there are even more mitigations added post-2013. Markus managed to bypass these by chaining two glitch attacks together, one which skipped past the code that turned on the MMU, which made it possible to break out of one of the the usermode 'processes' (not really a process) and into the 'kernel', and one which then was able to corrupt the CPU state during a memcpy operation, allowing him to take control of the CPU as it was copying the next stage from flash RAM.
If you can take control of the boot ROM execution then you can proceed to decrypt the next stage, skip the signature checks and from there do whatever you want in ways that can't be detected remotely - however, the fact that you're using a 2013 Phat device still can be.
BTW, what would be the specs for a Xbox 360? I remember the PS3 was a rather limited Linux workstation because it lacked RAM (and tge hypervisor limited access to the GPU - a limitation gone when jailbroken), but I haven’t read much about the 360 and its own weird PowerPC.
Hardware you own should be yours to understand.
https://github.com/exploits-forsale/collateral-damage
What's new here is that this compromises the entire system security giving access to the highest privilege level.