Sun 11 Mar 2007
These posts should form a “tutorial of tutorials” of sorts. There are so many good tutorials out there that rather than simply create another one, I’m going to try to help navigate some of the ones that are already available. One of the shortcommings of the existing tutorials is that they don’t always explain why certain steps are taken. Nor do they provide the background information necessary to understand the bigger picture. I hope that these sets of posts will contribute in specifically these areas.
The XBox was simply not intended to run software that wasn’t condoned (approved, signed, sealed and delivered) by Microsoft, that is, it’s not meant to run “homebrew” (also called “unsigned code”), which the “XBox Media Center” is the premier example of. Microsoft took steps to prevent people from being able to run homebrew applications in the design of the XBox itself.
And so, here is one of the paths you can take to circumvent all of Microsoft’s efforts …
Microsoft designed the XBox with two main hurdles preventing the running of homebrew. One is that the BIOS prevents the running of any unauthorized programs. The BIOS is the program that runs when the XBox starts up. It’s stored in a chip on the motherboard refered to as the EEPROM or Flash ROM. A good review of what the XBox BIOS does can be found in this article: Xbox Bios Introduction. The BIOS (which contains the kernel) makes sure that any program that runs is “digitally signed” by Microsoft.
In the EEPROM, along with (or embedded in, depending on how you look at it) the BIOS itself, is the “kernel.”
The kernel is the central component of most computer operating systems (OSs). Its responsibilities include managing the system’s resources and the communication between hardware and software components.
With respect to the XBox, the BIOS and the kernel are referred to interchangeably though this is technically not correct. Technically the BIOS is the start up program that, upon finishing, initiates and passes control to the kernel. In the case of the XBox the kernel is stored in the chip with the BIOS in an encrypted form. Part of what the BIOS does is decrypt the kernel stored in the chip and then run it.
Please keep in mind there is ambiguity, or at least overlapping concepts, in the usage of some of these terms in the tutorials, though in this writeup, I will try to be consistent in my terminology.
The second impediment designed by Microsoft is that the hard drive is locked to the BIOS. That means that the hard drive cannot be read from, or written to, unless it is first unlocked with the right password and key. The password and key are generated from some internal information like the serial number and version and some other pieces of information, resulting in a different password and key for every XBox out there.
The technique outlined below will circumvent both of these impediments.
Modding technique – “Softmod” and “Hotswap” overview
The modding technique I used, and the one that I will lead you through, is called a “softmod.” It’s called a “softmod” because it doesn’t require any changes to the hardware or the addition of any new chips to the motherboard (this is as opposed to a “hardmod”) and is done by exploiting weaknesses in the XBox kernel. A softmod fools the system into loading an alternative BIOS off of the disk rather than from the BIOS chip and is accomplished by replacing some of the system system files on the disk (in this case, the Xbox fonts). Once we’re running our own alternative BIOS we can run “homebrew.”
Legality This is the first place where the question of legality comes in. The program that loads the alternative BIOS requires Microsoft licensed tools in order to be built, so its distribution is illegal (I suggest you don’t distribute it). Whether possessing it is illegal or not, I’m not sure – again, check with a lawyer if you’re concerned, I’m not one. Also, the BIOS that gets loaded is likely a modified BIOS that was originally produced by Microsoft. I think this is less of an issue since you own a legal copy of the BIOS (if you own an XBox). Though again, I’m no lawyer.
There remains the problem of getting the softmod (the alternative BIOS and the means to load it) to the Xbox in order to exploit the operating sytem flaws previously mentioned. In its “retail” state, there is no way to get your own software to the Xbox in order to run it. As mentioned, there is a security protocol which locks the hard-drive so that it cannot operate outside of the Xbox, and there is no straightforward means to add any files that you may want while it remains inside an unmodified Xbox. There are two known solutions to this problem. One is called a “gamesave exploit” and the other is called a “hotswap.”
There are advantages and drawback of each. I chose the “hotswap” technique because I had everything I needed on hand. It’s tougher to come by the things needed for a gamesave exploit. For those interested in a gamesave exploit tutorial, take a look at this article: “How to Go from Xbox to Xbox Media Center in 30 minutes.” Another tutorial is “Krazie’s NDURE 1.1 Softmod with Action Replay and a USB Flash Drive.”
The other option is a “hotswap” and only requires a PC and some guts, and has the added benefit, free of charge, of a small but finite risk of permanent hardware damage to the PC and the Xbox. It involves letting the Xbox unlock the hard drive, and then while it and the PC are powered up, swapping the hard drive into the PC. It’s easier than it sounds and if you’re willing to take the (very real) risk (you have been warned), I’ll lead you through it in the next post.
If you decide you don’t want to take the risk inherent in a “hotswap” or you don’t have a spare PC, then follow the tutorials linked to in the previous paragraph and try the “gamesave” exploit techniques.