
Firstly, a look at how the processor executes code on the 360. The Xbox 360's CPU is based around the PowerPC architecture, which is well-suited to virtualisation. The hypervisor is a program on the system which can provide the operating system with virtual hardware or limit its access to memory, so a program running on top of a hypervisor thinks it is running inside a single virtual machine and talking directly to the hardware, rather than within another operating system.
On the Xbox 360, the hypervisor program is the bottom line, running in kernel mode (which means it has unlimited access to the system's hardware). The operating system runs on top of the hypervisor in user mode, and its access is meted out by the hypervisor. This means that the hypervisor can emulate the original Xbox without the 360's operating system being involved.
The security implications are unfortunately clear: nothing is going to get past the hypervisor unless it's vetted by Microsoft, and the hypervisor's security is most likely built in to the boot sequence with cryptographic signing to prevent tampering.
However, as a feature, the hypervisor holds interesting implications--if it becomes possible to tap into the boot sequence and load alternative operating systems, then it will be easy to switch between them at will, neither affecting the state of the other. For gaming, the entire virtual machine could be saved to disc thus pausing the game exactly--and the saved machine could be modified (yes, for cheating). Different consoles could be virtualised as well as different sets of hardware, so gamers could try out other game platforms and operating systems.
In conclusion, the architecture developed for the 360, including its hypervisor, contains some exciting possibilities--the easily-virtualised PowerPC can be fully taken advantage of by the hypervisor. However, Microsoft have locked down the 360 and it's not going to be easy for third parties to get inside the console's security, so end users are denied the opportunity to fully take advantage of the console's hardware.
Reader Comments (Page 1 of 2)
11-29-2005 @ 1:30PM
Jon said...
I can usually follow these types of things, but this made absolutely no sense!?#@
Reply
11-29-2005 @ 1:57PM
AJay17 said...
Lol, your not alone. I didn't understand it either.
Reply
11-29-2005 @ 3:04PM
Brian said...
This could be very cool, but its going to take some time to figure out how to crack it. I just need to get a (close to launch day) 360 so that mine wont be 'fixed' by microsoft once someone finds a way to break into the hypervisor.
Reply
11-29-2005 @ 3:58PM
Edge of Blade said...
Fully take advantage?
Of course this starts with "unlocking potential" and ends with "[email protected]". Why can't people not mod a system? Are you looking for a way to kill the Xbox because it is clear thats what ends up happening. You know where it leads, yet you are bound and determined to rush there as soon as possible.
Get a life outside of your basement and away from the soldering fumes...please.
Reply
11-29-2005 @ 4:02PM
BardSarcasm said...
All Microsoft has done is raised the bar for hackers. "Impossible" is a relative term to a time rich, money poor ambitious technofile. I give it 8 weeks before we see serious tested and proven 360 crack and a year before commerically available mods. Let the erosion begin ...
Reply
11-29-2005 @ 4:03PM
CHILL_down said...
Microsoft just wants it to take forever to hack it...but it will happen!!! IT WILL BE GREAT!
Reply
11-29-2005 @ 4:11PM
stinio said...
in depth?
Reply
11-29-2005 @ 4:32PM
Monsta said...
I assume that the hypervisor works along the same sort of lines as the one of the IBM I series machines. A computer with multiple Power 5 cores. The operating systems are then installed on top of the Hypervisor which control access to the hardware underneath it. Depending on how far diplaced the x360 is from the standard IBM version (this could be either very close as microsoft has tried to builf a console to make the best of the ability of the IBm processors or completely different if Msoft wanted to get away from a the IBm version and develop something mroe suited to their needs.
As teh article says if you can get into the boot sequence or gain control of the hypervisor then the possibilities for this machine are immense. Linux would be a piece of p*ss, Unix would be fairly simple after tgat who knows
Reply
11-29-2005 @ 5:06PM
edeus said...
Great quick read. Not sure what the other comments were about, I found it written quite well and easy to understand.
I'm excited! :)
Reply
11-29-2005 @ 5:53PM
sew3521 said...
I found this article to be writen very well considering what it is talking about. I cant wait for the mods to start comeing out for the 360.
In responce to Edge of Blade,
Xbox modding is alot more then cheating. I have a modded box and i can say i have never cheated during a game. Check out xbins and sites like halomods.com to see why the xbox modding community is such a great thing, and of course XBMC is always going to be the ultimate xbox app.
Reply
11-29-2005 @ 6:27PM
Ravo_5002 said...
I think the best way 2 hack this baby is 2 get a crack into the xex encryption. Bruteforcing would be the way 2 do this. Since pc's are getting faster and faster there must be a (distributed?) way 2 get it cracked. There are also alot of Superfast clusters out there wich are not 2 tightly secured, so maybe someone with more xbox knowledge then me can figure out the public key and someone with a bit more guts then me can hack into one of the supercomputers and load up a bruteforce decrypter (RSA?). Do a google and you will see a list of uni's with some massive processing power.
Also, modchip makershave 7 figure numbers now on thier bank accounts and they could build up quite some processing power and earn their cash back by selling the 1st crack.
jm2c
Ravo_5002
Reply
11-29-2005 @ 6:32PM
Black Guy said...
Modding is always a concern for honorable online players like myself. I have a quit playing several games in the past because of some sorry-ass-no-skill-having-cheater who ruins the fair & competive playing field for everyone. The justifications I heard for cheaters are just pathetic. I bought PGR3 for X360 3 days after the X360 release. By the time I got on Live, I ran into some serious players and I got my ass handed to religiously. Did I quit? Did I consider looking for a cheat code to even the field? Would I mod my system to give me the competive edge? Nah... I stuck with it and I'm now ranked 357th on the game(I was near last in the beginning). If u can't hang then don't play the game. Bottom Line!
Modding adds cool features to your system - I understand that - but its disgusting when its used to ruin the game for others and if their caught, I agree their system (serial #) should be banned or disabled.
Reply
11-29-2005 @ 7:04PM
Black Guy said...
Even if a hack is managed, this sounds like it would be a pain for the average genius to implement.
Reply
11-29-2005 @ 7:27PM
pepe2004 said...
WTF with the second comment?, thanks to xbox been hacked the possibilities of that console went to the heaven, it plays absolutly anything you want. Thanks to that that console become the best console ever made. If people use that hack to buy piratery, did that means people can't use the console for the amasing things it does?.
Reply
11-29-2005 @ 7:35PM
Ace25 said...
Sorry, but "brute forcing" the 360 is not going to be possible. Heck, the first Xbox has never had its key cracked by brute force. Even with all the CPU power in the world right now it would take 100's if not 1000
's of years to brute force a 4096 encryption key.
But as far as modding (circumventing the security) I am sure that will be accomplished within 6 months. Heck, just look at a pic of the 360 motherboard. There are 3 different "LPC" style solder points on the motherboard (for testing/troubleshooting I assume). So if MS has incorporated a way to get into the box via those points, its just a matter of time before someone finds an exploit (and come on ppl, this is MS we are talking about! Not exactly known for their security are they?) Breaking the Hypervisor itself may not be possible, but somehow tricking it to think the software you want to run is legit (think font expoit on the xbox) may be the answer.
Reply
11-29-2005 @ 7:42PM
VZ3 said...
Ravo_5002, you said you think it would be possible to crack the encryption using brute force. I'm sorry to say but a key lengths that are likely to be used on Xbox360 take virtually forever to crack on any currently known brute force methods, even with the computing power of all supercomputers and PCs in the world today combined.
Reply
11-29-2005 @ 7:42PM
dude said...
I really hope the 360s security is eventually cracked!. I have an original modded xbox with a 200gig hd and its fu*@ing great!. Apps like XBMC are excellent and the fact it can be used as a pc with linux is cool too. If the 360 ever does get cracked then like the article above say the possibilities would be immense!. However, even although there is alot of money to be made by mod chip makers its going to take a very long time before we see any kind of off the shelf 360 chip mod. From what i've been reading microsoft have spent alot of time getting the security done properly this time round. It might never even happen!. But its early days yet and I live in hope!
Reply
11-29-2005 @ 8:08PM
Ace25 said...
Sorry, but "brute forcing" the 360 is not going to be possible. Heck, the first Xbox has never had its key cracked by brute force. Even with all the CPU power in the world right now it would take 100's if not 1000
's of years to brute force a 4096 encryption key.
But as far as modding (circumventing the security) I am sure that will be accomplished within 6 months. Heck, just look at a pic of the 360 motherboard. There are 3 different "LPC" style solder points on the motherboard (for testing/troubleshooting I assume). So if MS has incorporated a way to get into the box via those points, its just a matter of time before someone finds an exploit (and come on ppl, this is MS we are talking about! Not exactly known for their security are they?) Breaking the Hypervisor itself may not be possible, but somehow tricking it to think the software you want to run is legit (think font expoit on the xbox) may be the answer.
Reply
11-30-2005 @ 8:27AM
Corey said...
I agree that hacking for cheating sucks, but I love my modded box with XBMC on it. I have a 250gig HD in it and I love that I can fit all 50 of my games on it and don't have to swap CD's to play a different game when I get bored with the one I'm playing, just simply hit a special button combo all at the same time and machine reboots and I select a different game to play. That alone is worth the mod. In fact many of the new features of the Xbox360 came from reasons and things that the modding community was doing with their original xboxs. There was even an interview I read a while back that of a couple of the designers and they were talking about the xbox360 being modded and they said they think it will inevitably happen but they have taken measures to make it harder and they think less people will want to do it, because they can now do many of the things people were doing with original modded xboxes.
Reply
11-30-2005 @ 10:29AM
Edge of Blade said...
To return to my previous comments...Modding your Xbox into a PC will KILL the platform. You are cutting MS out of the money it has invested for. Remember that this system is sold at a lost. Thats why everyone wants to mod it...cheap computer. Think about that for a second. If you are not buying the licenced software for the system, you are sticking it to MS (I guess thats what the juvenile Linux users want). MS sees the loss and stops (or gives less effort) supporting the platform. Every Xbox that gets modded is a cut into MS. You make sure that MS investment in you stays merely an outflow and they never make that cash back. Do you want MS to keep putting out great game systems like this?
Reply