digital media centralization: xbox 360 capability enhancement dylan merida eastern kentucky...
TRANSCRIPT
DIGITAL MEDIA CENTRALIZATION:
XBOX 360 CAPABILITY ENHANCEMENT
Dylan MeridaEastern Kentucky University
Dept. of Technology, CEN
2
OUTLINE Motivation for centralization of digital media Introduction to FreeNAS and X360
modification Problem statement: Centralize media &
unlock X360 platform to run unsigned code Proposed solution: Virtualize FreeNAS, build
USB SPI Flasher, & perform JTAG/SMC hack on X360
Results: Custom built FreeBOOT image running in single-NAND mode
3
OUTLINE (CONT.)
Conclusions: The importance of open platforms and homebrew software in the future
Future Work: Expanding on the idea by building or porting open source software to the platform
Q & A
4
MOTIVATION Digital media should have
high availability throughout the home network and internet
The absence of Network Attached Storage (NAS) causes disorganization of data between PCs and laptops
5
MOTIVATION (CONT.)
Physical media is cumbersome and antiquated.
HDDs and SSDs have the capacity to replace physical multimedia collections
Consolidated digital media should be accessible through networked home theater devices
Existing multimedia platforms (Xbox 360) should be open and free to run open source software
6
7
INTRODUCTION FreeNAS can suit file sharing needs through
CIFS (samba), FTP, NFS, TFTP, AFP, RSYNC, Unison, iSCSI (initiator and target) and UPnP
FreeBSD, UNIX, and Linux have a long standing performance issues with CIFS/SMB Rooted in the lack of kernel tuning,
asynchronous I/O, and large r/w SMB variant FreeBSD 7.2 introduced tuning and newer
Samba daemons added the large r/w SMB variant
8
INTRODUCTION (CONT.)
FreeNAS 0.7.1 (4/11/2010) is based on FreeBSD 7.1, includes AIO, and Samba is compiled with it
NFS is the file sharing protocol of choice in UNIX world and its performance was much higher
Only Windows Vista & 7 Enterprise and Ultimate Editions include: Subsystem for UNIX-based applications (SUA) Client for NFS v3
9
10
INTRODUCTION (CONT.) Xbox 360 platform was chosen as network
media player because: Its existing multimedia support (No MKV
support) An abundance of processing power Recent scene developments and breakthroughs
12/23/2006: Xbox 360 King Kong Shader Exploit Utilizes a bug in the Hypervisor to allow
unsigned code execution (e.g. run Linux) Only works on Xbox Kernel version 4532 and
4548 Xbox Kernel version is currently at 9199 (April,
2010)
11
INTRODUCTION (CONT.) The System Management Controller (SMC)
is an 8051/8052 core inside the Southbridge It manages the power sequencing, and is always
active when the Xbox 360 has (standby or full) power applied
JTAG/SMC Hack to run unsigned code New way to exploit the well-known 4532 kernel
~ 5 sec Verified to work until the 849x-update (Summer
09) Requires bridging 3 points on the GPU JTAG: Two
with switching diodes and one with a resistor Requires read and write to NAND using SPI bus
12
13
PROBLEM STATEMENT Home and enterprise networks need an
effective solution for data storage and multimedia centralization
SANs allow direct hardware access, but rely on the host PC for file system duties
To fully utilize this data store, network media players need to support open source software
14
PROPOSED SOLUTION
1. Virtualize FreeNAS to create a NAS and test its performance speed with CIFS/SMB sharing to the host OS
2. Build USB SPI Programmer to facilitate quick NAND read and write in under 6min LPT port is similar cost with ~50min write
duration
3. Install JTAG/SMC hack & flash X360 NAND4. Run homebrew code (Linux, Dashboards,
Emulators, Media Players, XBMC one day)
15
SOLUTION STEPS
Step 1: Virtualize FreeNAS 0.7.1 (revision 5127) Install VirtualBox
v3.1.4 Create new FreeBSD
VM Allocate 512MB of
RAM Create 2GB
dynamically expanding VDI
Load FreeNAS LiveCD Install to HDD Opt 9 Reboot & configure Set up partitions,
shares, and CIFS/SMB
16
17
SOLUTION STEPS
Step 2: Build USB SPI Programmer with PIC MC Purchase parts Build programmer or
use ISP on Willem Flash PIC with full
image Build SPI flashing
circuit Insert PIC into socket Install NandPro 2.0e
software on PC Install USB NandPro
driver
18
19
ISP HEADER
20
21
SOLUTION STEPS
Step 3: Install JTAG/SMC hack & flash X360 NAND Make sure its kernel
2.0.7371.0 or lower Check X360 revision Solder adapter to
X360 NAND SPI Use USB SPI flasher
to dump NAND Check for exploitable
CB version from NAND
If exploitable, install JTAG/SMC hack shown on the left
22
CHECK KERNEL VERSION
23
24
25
26
27
SOLUTION STEPSExploitable CB Versions Xenon: 1921 or lower is
Exploitable (exception: 8192 IS EXPLOITABLE)
Zephyr: 4558 or lower is Exploitable (exception: 4580 IS EXPLOITABLE)
Falcon: 5770 or lower is Exploitable
Jasper 16mb: 6712 or lower is Exploitable
Jasper Arcade (256/512): 6723 or lower is Exploitable
NandPro & FreeBOOT nandpro usb: -r16 7371.bin Extract your original image
ibuild x -d temp\ -p [cpu key] -b [1bl key] 7371.bin
Extract "9199.zip" to data Copy config files from
"temp" to "data" directory Choose or patch SMC Build FreeBOOT 0.032
imageibuild c freeBOOT -c [console] -d data\ -p [cpu key] -b [1bl key] bin\image.bin bin\fuses.bin
nandpro usb: -w16 FREEBOOT.bin
Step 3: Install JTAG/SMC hack & flash X360 NAND
28
SOLUTION STEPSStep 4: Run homebrew and open source code
Acquire XeXMenu v1.1 LiveCD from Xbins
Burn to CD, boot on X360, and connect ether
FTP will be accessible from network
Mod in external HDD or use FAT32 formatted USB
FTP over to HDD a GOD to boot FreeStyle Dash
29
30
31
32
RESULTS The FreeNAS box can store and share large
amounts of media to the network The X360 is now completely open to run
any homebrew software necessary The X360 homebrew scene is exploding
with new projects and ports of software Many emulators are already complete with
an N64 emulator and video plugin rewrite in the works
33
34
35
36
37
CONCLUSIONS Open platforms are important because they
promote competition between software vendors
For the X360, Microsoft has a complete lock down on what goes on their platform and royalty fees
Open source software allows: bits of pre-existing code to be reused Us to learn from our mistakes The intelligence of a large collective human
effort to improve software and patch its security flaws quickly
38
CONCLUSIONS (CONT.) I’ve learned:
The workings of hardware and software NAS solutions
A great deal about FreeBSD, FreeNAS and UNIX filesystems
The intricate workings of the Xbox 360 hardware and its low level software kernel
Serial Peripheral Interface Bus and JTAG connections
SATA bus interfacing and connections To greatly improve my soldering skills and
patience How to virtualize FreeNAS, Mac OS X Leopard,
etc
39
FUTURE WORK
The project could be expanded through: Programming of a useful application for the
X360 Porting another software or emulator to the
platform Setting up software raid on FreeNAS Modifying X360 games like Halo 3 Finding a way to stream X360 in real-time across
the network
40
REFERENCES DIPERT, B. (2009). Accelerating consumers' NAS adoptions:
ASSESSING YOUR PRODUCT OPTIONS. EDN, 54(12), 30-37. Retrieved from Academic Search Premier database.
Sangani, K. (2009). An audiophile's utopia. Engineering & Technology (17509637), 4(18), 28-29. doi:10.1049/et.2009.1804.
Andrews, J., & Baker, N. (2006). Xbox 360 System Architecture. IEEE Micro, 26(2), 25-37. Retrieved from Academic Search Premier database.
USB SPI Flasher with PIC18F2455 - now with source and binaries. (2009, August 31). XboxHacker BBS. Retrieved February 18, 2010, from http://www.xboxhacker.org/index.php?PHPSESSID=11dbecdaecf4f96fd9beae4cfa37c234&topic=12306.0
USB SPI Flasher with PIC18F2455 - TECHNICAL thread ONLY. (2009, September 17). XboxHacker BBS. Retrieved February 18, 2010, from http://www.xboxhacker.org/index.php?topic=13850.0
41
ACKNOWLEDGEMENTS
Vigs Chandra and Jeff Kilgore for all their help and guidance over the years
Free60: http://free60.org/Main_Page FreeNAS: http://freenas.org/ Xbox Hacker:
http://www.xboxhacker.org/ Xbox-Scene: http://xboxscene.com/
42
QUESTIONS?
Thank you for your time!
Contact Information:Dylan MeridaPhone: (859) 955-0066Email: [email protected]