Hacking the Xbox
Hacking the Xbox
Hacking the Xbox
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
100<br />
<strong>Hacking</strong> <strong>the</strong> <strong>Xbox</strong>: An Introduction to Reverse Engineering<br />
initializing <strong>the</strong> JTAG interface. Interestingly, TRST# was tied to <strong>the</strong><br />
internal ground plane, in a difficult to access area, permanently deactivating<br />
<strong>the</strong> JTAG mechanism. Fur<strong>the</strong>r inspection of <strong>the</strong> <strong>Xbox</strong> mo<strong>the</strong>rboard<br />
revealed hints that <strong>the</strong> TRST# signal was stripped out at <strong>the</strong> last minute.<br />
(The biggest hint of a missing via is a hole in a power trace perfectly<br />
sized for a via near a cluster of vias dedicated to JTAG signals, as shown<br />
in Figure 6-3.)<br />
Ano<strong>the</strong>r blow to <strong>the</strong> JTAG approach for extracting <strong>the</strong> secret ROM is<br />
<strong>the</strong> fact that Intel’s JTAG scan codes are proprietary. Reverse engineering<br />
<strong>the</strong> codes to a level where I could use <strong>the</strong>m for extracting <strong>the</strong> secret boot<br />
data was a major project on its own.<br />
Giving up on <strong>the</strong> JTAG approach, <strong>the</strong> next method for extracting <strong>the</strong> secret<br />
ROM was to strip <strong>the</strong> packaging off of <strong>the</strong> CPU, GPU, and MCPX and to<br />
inspect <strong>the</strong> bare die with a microscope and search for any candidate ROM<br />
structures. Package removal or “decapsulation” was accomplished by bathing<br />
<strong>the</strong> chips in fuming hot sulfuric acid. (I don’t recommend trying this<br />
approach at home; one time I spilled <strong>the</strong> toxic, corrosive solution all over<br />
myself and thankfully, my protective gear was consumed instead of my<br />
skin. Fuming sulfuric consumes organic material faster than a burning<br />
flame.) Fuming nitric, also very toxic and dangerous, can also be used. While<br />
I have not tried it myself, reports indicate that fuming nitric is more effective<br />
at removing <strong>the</strong> epoxy encapsulation, especially in situations where selective<br />
package removal is desired.<br />
The manual inspection approach using a traditional visible light microscope<br />
offered some hope; however, <strong>the</strong> technique is limited by <strong>the</strong> physics of<br />
light. Not even <strong>the</strong> best visible microscopy technology can resolve a 150 nm<br />
transistor, since <strong>the</strong> shortest wavelength of light is 450 nm (corresponding<br />
to <strong>the</strong> color blue). I was hoping <strong>the</strong> secret code would be stored on <strong>the</strong><br />
chips using a traditional array ROM structure, with <strong>the</strong> metal lines defining a<br />
1 or a 0 etched into <strong>the</strong> top metal layers which can be identified with an<br />
optical microscope. The use of a hard-wired ROM structure is motivated by<br />
cost: FLASH ROMs and fuse-based PROMs require extra processing and<br />
manufacturing steps that can add significantly to <strong>the</strong> cost of <strong>the</strong> system,<br />
whereas <strong>the</strong> use of top metal layers would be motivated by risk management<br />
on <strong>the</strong> designer’s part. Top metal layers are <strong>the</strong> coarsest layers (so<br />
coarse that an optical microscope may resolve <strong>the</strong>m), and are thus <strong>the</strong><br />
cheapest layers to change if <strong>the</strong>re is a bug in <strong>the</strong> ROM code. Also, during<br />
initial bring-up, <strong>the</strong> top layer is <strong>the</strong> easiest to cut and jumper using a chip<br />
repair machine knows as a FIB (focused ion beam) machine. Unfortunately,<br />
a quick glance at <strong>the</strong> chip under <strong>the</strong> microscope revealed no such structures.<br />
At this point, <strong>the</strong> only remaining option for extracting <strong>the</strong> secret ROM<br />
was to probe <strong>the</strong> live <strong>Xbox</strong> hardware, in an effort to capture <strong>the</strong> code<br />
during loading into <strong>the</strong> <strong>Xbox</strong> processor. Eavesdropping for code<br />
upstream of <strong>the</strong> Southbridge chip and <strong>the</strong> FLASH ROM meant probing<br />
ei<strong>the</strong>r <strong>the</strong> Front Side bus, <strong>the</strong> Northbridge-Southbridge bus, or <strong>the</strong> main<br />
memory bus. We’ll discuss <strong>the</strong> trade-offs of executing <strong>the</strong>se probing<br />
approaches in Chapter 8, after a short introduction to basic security<br />
concepts in <strong>the</strong> next chapter.