Hacking the Xbox

Recommendations

Info

44 Hacking the Xbox: An Introduction to Reverse Engineering Binary and Hexadecimal Numbers (continued) Bin Dec Hex Bin Dec Hex 0000 0 0 1000 8 8 0001 1 1 1001 9 9 0010 2 2 1010 10 A 0011 3 3 1011 11 B 0100 4 4 1100 12 C 0101 5 5 1101 13 D 0110 6 6 1110 14 E 0111 7 7 1111 15 F Table 2-2: Binary, decimal, and hexadecimal conversion table. The heart of a CPU is a tiny, but very fast, memory called the register file. Multiple pieces of data can be written into and read out of a register file each processor clock cycle. Data from the register file is fed into an execution unit called the arithmetic logic unit (ALU). The function computed by the ALU is controlled by instructions fetched from memory. Once the data has been processed by the ALU, it can either be written back into the register file, or stored into memory. One important performance feature of almost every modern CPU is a memory access accelerator called a cache. Caches are small, fast memories that store copies of data and instruction snippets that are likely to be used in the near future by the CPU core. Caches are slower than register files but faster than main memory; likewise, caches store more data than a register file, but store less data than main memory. One important feature of the Xbox CPU cache to be aware of is that it is a writeback cache. Writeback caches allow copies of data stored inside the CPU to be out of sync with what exists in main memory. This timing difference can complicate attempts to trace CPU execution by observing external memory traffic alone. The cache memory can also be leveraged by security routines to hide intermediate computation results from someone observing the memory bus. Northbridges and Southbridges The terms Northbridge and Southbridge are vernacular specific to the PC architecture. They refer to the two basic support chips that are found in virtually every PC. A Northbridge chip connects the CPU to main memory as well as any high-performance expansion busses, such as AGP and PCI. A Southbridge chip hangs off of the Northbridge chip and contains all of the extra peripherals that are found in a typical PC — parallel, serial, USB, mouse, keyboard, IDE controllers, audio codecs,
Chapter 2 - Thinking Inside the Box 45 and more. Dividing the PC architecture into these three main modules — CPU, Northbridge and Southbridge — enables PC designers to mix and match different kinds of memory architectures with a diverse selection of processors and peripherals. The connection between the Northbridge and the Southbridge chipsets varies from chipset to chipset. In the case of the Xbox, a high performance, narrow parallel bus called HyperTransport is employed as the connection between the functional equivalent of the Northbridge and Southbridge chips. The bus is only 8 bits wide in each of two directions, but it is clocked at 200 MHz and data is sampled on each clock edge so the effective peak transfer rate is 400 Mbytes/second in each direction. A Northbridge chip is connected to a CPU via a bus called the Front Side Bus (FSB). In the case of the Xbox, the FSB is a 64-bit 133 MHz bus that uses AGTL+ logic levels. Knowing and understanding the kinds of connections between chips is crucial in reverse engineering because the kind of connection will dictate how difficult it is to intercept data going between various components. The details of the relatively easier bus to tap, the HyperTransport bus, are discussed in Chapter 8, “Reverse Engineering Xbox Security.” In the Xbox, the Southbridge is a chip designed by nVidia called the MCPX; it is a derivative of the nVidia nForce MCP Multimedia and Communications Processor. The Northbridge chip was also designed by nVidia, and it is called the NV2A GPU. Both the Northbridge and Southbridge chips were manufactured by TSMC (Taiwan Semiconductor Manufacturing Corporation). The NV2A combines both a GPU (Graphics Processing Unit) and the traditional memory and expansion bus controllers found in most Northbridge chips. As explained previously, combining the graphics processor and the Northbridge allows system designers to merge the graphics memory into main memory, at some performance penalty. RAM The Xbox motherboard employs 64 MB of DDR SDRAM for the main memory. DDR SDRAM stands for Double Data-Rate Synchronous Dynamic Random Access Memory. By combining synchronization and DDR techniques, the aggregate bandwidth of the Xbox main memory achieves 6.4 Gigabytes/second. A RAM is basically a table of information that is indexed by the CPU. Each location in RAM has a unique index number called its address, and as the name “random access” implies, there are no restrictions on the order of data access in a RAM. 1 1 Actually, SDRAMs can have a few restrictions on memory access patterns (such as page modes and burst modes) for performance reasons. The “random” moniker is intended to differentiate RAMs from First-In, First-Out (FIFO) and Last-In, First-Out (LIFO) style memories where data is accessed using a strict set of ordering rules.
Page 1:
Hacking the Xbox An Introduction to
Page 4 and 5:
The US government is far and away t
Page 7 and 8:
Hacking the Xbox An Introduction to
Page 9:
In memory of Aaron Swartz
Page 12 and 13: x Hacking the Xbox: An Introduction
Page 14 and 15: xii Hacking the Xbox: An Introducti
Page 17: Acknowledgments I would like to tha
Page 20 and 21: 2 Hacking the Xbox: An Introduction
Page 28 and 29: 10 Hacking the Xbox: An Introductio
Page 85 and 86: CHAPTER 4 Building a USB Adapter Ca
Page 87 and 88: Strategy Chapter 4 - Building a USB
Page 89 and 90: Chapter 4 - Building a USB Adapter
Page 91 and 92: CHAPTER 5 Replacing a Broken Power
Page 93 and 94: Chapter 5 - Replacing a Broken Powe
Page 95 and 96: Strategy Chapter 5 - Replacing a Br
Page 101 and 102: Figure 5-6: The final cable assembl
Page 105: Chapter 5 - Replacing a Broken Powe
Page 112 and 113:
94 Hacking the Xbox: An Introductio
Page 114 and 115:
Page 116 and 117:
Page 118 and 119:
100 Hacking the Xbox: An Introducti
Page 120 and 121:
Page 122 and 123:
Page 124 and 125:
Page 126 and 127:
Page 128 and 129:
Page 130 and 131:
Page 132 and 133:
Page 134 and 135:
Page 137 and 138:
CHAPTER 8 Reverse Engineering Xbox
Page 139 and 140:
Chapter 8 - Reverse Engineering Xbo
Page 141 and 142:
Page 143 and 144:
Page 145 and 146:
clearance for motherboard component
Page 147 and 148:
Page 149 and 150:
Page 151 and 152:
Page 153 and 154:
Page 155 and 156:
CHAPTER 9 Sneaking in the Back Door
Page 157 and 158:
Chapter 9 - Sneaking in the Back Do
Page 159 and 160:
Page 161 and 162:
Page 163 and 164:
Page 165 and 166:
Page 167:
Note Chapter 9 - Sneaking in the Ba
Page 170 and 171:
Page 172 and 173:
Page 174 and 175:
Page 176 and 177:
Page 179 and 180:
CHAPTER 11 Developing Software for
Page 181 and 182:
Chapter 11 - Developing Software fo
Page 183 and 184:
Page 185 and 186:
Page 187 and 188:
Page 189 and 190:
Page 191 and 192:
CHAPTER 12 Caveat Hacker Reverse en
Page 193 and 194:
Chapter 12 - Caveat Hacker 175 tech
Page 195 and 196:
Chapter 12 - Caveat Hacker 177 type
Page 197 and 198:
Chapter 12 - Caveat Hacker 179 art
Page 199 and 200:
Chapter 12 - Caveat Hacker 181 tres
Page 201 and 202:
Chapter 12 - Caveat Hacker 183 Also
Page 203 and 204:
Chapter 12 - Caveat Hacker 185 oppo
Page 205 and 206:
Chapter 12 - Caveat Hacker 187 inte
Page 207 and 208:
Chapter 12 - Caveat Hacker 189 Such
Page 209:
Chapter 12 - Caveat Hacker 191 his
Page 212 and 213:
Page 214 and 215:
Page 216 and 217:
Page 218 and 219:
Page 220 and 221:
Page 222 and 223:
Page 224 and 225:
Page 226 and 227:
Page 228 and 229:
Page 230 and 231:
Page 232 and 233:
Page 234 and 235:
Page 236 and 237:
Page 238 and 239:
Page 240 and 241:
Page 242 and 243:
Page 244 and 245:
Page 246 and 247:
Page 248 and 249:
Page 250 and 251:
Page 252 and 253:
Page 255 and 256:
APPENDIX D Getting Started with FPG
Page 257 and 258:
Appendix D - Getting Started with F
Page 259 and 260:
Page 261 and 262:
Page 263:
Page 266 and 267:
Page 268 and 269:
Page 270 and 271:
Page 272 and 273:
Page 275 and 276:
APPENDIX F Xbox Hardware Reference
Page 277 and 278:
Appendix F - Xbox Hardware Referenc
Page 279 and 280:
Appendix F - Xbox Hardware Referenc
Page 281 and 282:
DVD-ROM Power Connector Appendix F
Page 283:
Fan Connector Appendix F - Xbox Har
Page 286 and 287:
268 continuity mode, in DMMs 19 Cop
Page 288 and 289:
270 Molex 76 Moore’s Law 5 Mosis
Page 290 and 291:
272 Virtex-II FPGA 123 Visor 139, 1
show all

Hacking the Xbox

Create successful ePaper yourself

Delete template?

Save as template?