XBOX 360 CPU Glitch allows Homebrew - This 8-Bit Life
Two hackers, Gigli and Tiros, have managed to perform a hardware attack on the Xbox 360’s CPU/GPU and managed to trick it into ignoring its usual boot-time verifications! This is is big news! Pretty soon we’ll start seeing tutorials and modded firmwares. I really hope I can end up with similar functionality on my 360 as I had with my OG XBOX back in the day.
Essentially what they have done is sent a command via i2c to the CPU to underclock it slightly (there is a freely accessible header for i2c @ J2C3 on the MoBo). Then they send a POST_DA message which begins a counter before it boots again. At 20 nanoseconds they send a pulse on CPU_RESET that apparently (when the CPU is underclocked) allows for unsigned code to be run or possibly injected here. I’m not clear on the specifics yet. From there they restore the CPU speed via i2c and the XBOX continues its boot process. It begins loading whatever firware it has been given, here’s where the real fun happens. Since the DRAM isn’t initialized yet it can be patched before being run, from here one could turn off disc hash check error handling and many other things. Since this firmware is RC4 encrypted they simply use a known keystream to simply encrypt their own code.
BTW, the soundtrack to their demo video is… bad. I would mute it if I were you and maybe reach for a nice dubstep track.
This is all really hacky at the moment but what hese guys have done is awesome! They’ve put in some serious work. Pretty soon we’ll be seeing daughter boards with pogo pins to do most of this for us I am sure. But I have a few XBOXen just lying around. I hope that they’ll go into further detail soon about this so that the rest of us can give it a shot.