How the Xbox Was Hacked

The millennium: a term that few had any use for before 1999, yet seemingly overnight it was everywhere. The turning of the millenium permeated every facet of pop culture. Unconventional popstars like Moby supplied electronica to the mainstream airwaves while audiences contemplated whether computers were the true enemy after seeing The Matrix. We were torn between anxiety — the impending Y2K bug bringing the end of civilization that Prince prophesied — and anticipation: the forthcoming release of the PlayStation 2.

Sony was poised to take control of the videogame console market once again. They had already sold more units of the original PlayStation than all of their competition combined. Their heavy cloud of influence over gamers meant that the next generation of games wasn’t going to start in until the PS2 was on store shelves. On the tail of Sony announcing the technical specs on their machine, rumors of a new competitor entering the “console wars” began to spread. That new competitor was Microsoft, an American company playing in a Japanese company’s game.

“[Microsoft] launches war against Sony for control of the living room.”

– Chris Morris, CNN Staff Writer

I Know Bunnie-Fu

Nearly two years after the world failed to end, Microsoft launched the Xbox on November 15, 2001 in North America. The console was more PC-like than any console that had come before it, featuring an eight gig hard drive, Intel Pentium III CPU, and cutting-edge DVD-ROM drive. Microsoft incorporated DirectX, their collection of Windows APIs, into their machine which is where the console derived its namesake. It was intended to introduce home theater PCs to the masses. The Xbox played games, played music, and with purchase of a proprietary IR remote dongle, it also played DVD movies.

The week after the launch, Xbox owners got an early Christmas present from MIT student Andrew “bunnie” Huang who published his exploits into tinkering with the console. He detailed how to extract the TSOP flash chip from the motherboard along with insights into the contents within. Huang had extracted the Xbox’s BIOS image and posted it for anyone on the Internet to download. He was flirting with fire, because a mere twelve hours after the post he received a cold call from a Microsoft representative. He posted that too.

Voicemail from Microsoft representative regarding Huang’s student webpage

With that kind of information now public knowledge, the first Xbox modchip came up for sale in May of 2002. The Xtender modchip promised to circumvent the copy-protection, break the region lock, and open up the ability to play DVDs without the need for that silly IR dongle. The copy-protection promise was just that, a promise. At the time there was no way to backup Xbox games, the discs were unreadable when inserted into a PC. As a result, modchips became the de facto way to play legal imports from other regions.

If you’d like to get deeper into Xbox hacking, or hardware hacking at all, the man who wrote the hack also wrote the book; check out [bunnie]’s seminal work “Hacking the Xbox“.

Killing Them Softly With This Mod

The Xbox’s roots in PC architecture ran deep. Beyond the Intel x86 CPU and IDE hard drive there were flash memory cards players could use to transfer save game files from their console. What made these memory cards interesting was not their storage capacity but their pinout. The layout of the data lines was curiously similar to USB. So much so that it didn’t take a genius to figure out how to modify an Xbox controller to support using a USB thumb drive instead of a memory card.

Xbox controller USB mod
Modified Xbox controller with female USB adapter.

This simple mod paved the way for files to fly between Xbox and PC. Saves could be reshaped to unlock in-game items far before game developers intended them to be available, and they could also serve as the entry point for something much more devious.

It’s true that no game is perfect, but that especially applied to the Xbox exclusive MechAssault. Ironically, the Microsoft game’s save file provided the exploit into the Xbox’s encrypted HDD that allowed an entire Linux distro to be installed on top of the Xbox OS. Microsoft sought to plug the exploit by issuing their first round of online game patches, but the majority of Xbox owners were playing offline. Similar save exploits were found in several other games and were collectively referred to as Xbox soft mods.

Your average consumer was never going to seek out a modchip solution because soldering irons are, in technical terms, “hot and pokey”. However, the more trivial nature of a Xbox soft mod lowered the bar for entry into hackerdom. Modchip resellers like Lik-Sang sold ready-made Xbox-to-USB adapters as “Developer Tools”, and the whole save-exploit-to-Linux-install process was made even more accessible when it appeared on cable as Tech TV segment.

Linux software optimization came at a fast clip because all of these machines had the exact same spec. Homebrew apps aplenty found a home on the Xbox, everything from arcade emulators to web browsers. One of the most popular homebrew creations was the Xbox Media Center (XBMC) which was dedicated to playing every media codec you could throw at a piece of silicon. XBMC made full use of the Xbox’s broadband Internet capabilities by allowing users to subscribe to audio/video RSS feeds, and it would receive updates for years after Microsoft ended production of the console. The grand irony was that Microsoft’s original plan for the Xbox to be a PC in the living room was fully realized…it just ran Linux.

 

38 thoughts on “How the Xbox Was Hacked

  1. “The grand irony was that Microsoft’s original plan for the Xbox to be a PC in the living room was fully realized…it just ran Linux.”

    1999 is the year of Living Room Linux. :-D

  2. “Your average consumer was never going to seek out a modchip solution because soldering irons are, in technical terms, “hot and pokey””

    Unless I recall wrongly, weren’t the Xecuter modchips solder-free by using pogopins located by using one of the case screws? Trivial to fit either by yourself or one of the ‘phone shops’ that had started popping up everywhere.

  3. Still rocking 2 original xbox modded. One with an Xecuter X3 with front control panel and one withe a Xenium gold. Use them for emulators. XBMP was life for a while until XBMC forked, then used that as my primary dash.

    1. I have a couple too. Mine are soft modded but I actually enjoy using them for emulation for SNES etc. You are one hunny percent correct about XBMC and the forking. Used to rock until it got weird.

  4. The Screensavers not afraid to take on Microsoft. Those were the days!

    The internet had recently caught on. Everyone was getting a computer. Building one’s own was common, even among people who had never previously shown any interest in such techie type things. Linux was already a better desktop than Windows and the masses were going to discover that any day. It looked like maybe the winter was thawing and humanity had finally remembered that tool building and abstract thought were what had pushed it out ahead of the other species and we were going to re-take our place as makers.

    Then everything went to shit. 3dfx went out of business meaning gamers would turn to AMD and Invidia, neither of whom had any interest in supporting an open source operating system. Macromedia was bought out by Adobe leaving Linux users with no new Flash versions just as Flash was taking over the internet. And they still are dead set against a Linux port of Photoshop which for some reason whole markets of creators just can’t fathom the idea there could be any alternatives to. And the masses are dumping all those general purpose computers because their locked-bootloader and in many cases even locked to a particular fruity app store phones are all they want for surfing the internet which has become just facebook, twitter and instagram anyway.

    I wonder how the chimps are doing? Maybe they had a better idea?

    1. Meanwhile, there are currently more *nix devices in the world than Windows. I’m using one right now, it’s called an iPhone. Android makes up most of the rest. We always knew *nix would take over the world, we just thought it would be on the desktop.

  5. I never understood why people wanted to wear out the proprietary CD-drive on a game console using it as a media center when they could do the same with a PC with cheap and easy to replace commodity movable parts.

    1. You would just run XBMC on the xbox and host movies on a networked PC over samba. But to really answer your question, I already bought it to play games and it’s already hooked up to my TV and sound system. Why wouldn’t I use it to play DVDs versus my computer that might just be a pile of shit and is probably hooked up to a much smaller monitor? It’s the convenience factor.

      With the right hacked BIOS, you can even totally disable the DVD drive so that you can remove it and shorten the height of the xbox. Here’s an extreme example of that: https://hackaday.com/2009/08/19/xbox-crammed-into-inch-thick-package/

    2. The Xbox was a perfect fit at a certain time, it was cheap second hand, easy to mod and could play anything in XBMC via RGB or composite. A lot of the media consumed was not using the DVD drive at all. It was for a time hands down the best way to watch media.

    3. At the time, an Xbox was cheaper than a DVD player. The consoles were sold at a loss, which would be made up for by the game sales. That was one of the reasons why Microsoft was afraid of piracy and Linux, people would buy the console, costing MS money, and then not buy any games.

  6. It may be worth pointing out that Xbox modding, or more specifically XBMC, is essentially the birth mother of a lot of current streaming services,and hardware, and obviously Kodi. It laid the grounds for everything from Netflix, to the Amazon FireTV and everything in between. This pretty much set the bar on how to do it, and that people really do want these things. A modded Xbox running XBMC was without a doubt the inspiration for a lot of todays streaming hardware, and XBMC is without a doubt a huge inspiration behind how we use that tech.

      1. What about it? Tivo was just a way to record content and play it later. It wasn’t really anything more than a modernized VCR.

        XBMC running on the Xbox was basically the DIY precursor to commercial products like the Roku and Apple TV. A small (relative to a computer) box you could plug into the TV and it could play streaming content from the Internet or your LAN.

  7. I feel like the leak of the Xbox SDK should be mentioned. At the time it was a huge breach and is what allowed for all the homebrew and everything, except for Linux of course. Otherwise, good article.

    1. And eh… some people had more internal docs and sourcecode. I want to stay anonymous. kernel, dash and networking sourcecode, internal leaks, ms interns working on homebrew. Its why XBMC was never availeble in binairy form, as you needed the SDK, but also, how did they made the multimedia stuff work? just the SDK wasnt enough, or the networking code. Kodi is now much more legal :D but I remember compiling XBMC from the latest sources just to be cutting edge. some IRC channels talked about custom kernels supporting larger harddisks.

      Today you can put a SATA harddisk in your OG xbox :D just buy a cheap adapter and TSOP/Modchip the xbox. its easy. Please remove the clock capacitor people, it might already be leaking. (1.6 xbox does not have one)

  8. Xbox original security was so primitive it’s a poor choice to use as a study on embedded hacking and console hacking..

    Exposed RAM bus lines with no encryption or MMU hashing, multiple exposures for basic JTAG tools, no clock protection, no hardware address isolation, little or no compiler security usage liike DEP, ASLR, KASLR, stack and heap boundary check algorithms, and even the boot-loader was exposed to both hardware and software compromise with no buffer overflows etc..

    Go look how many times the last gen 360 hardware-rev+firmware or One/OneS/OneX hardware+firmware has been jailbroken.. Hint: None

    PS4 is freeBSD with no hardware isolation just a PC grade AMD/ARM TPM that isn’t even used and some compiler flags and jails.. A Walmart laptop out of the box with W10 has better security.. No seriously: it’s harder to get ring 0 exec on Windows 10 than it is on a patched PS4 Pro……… To the point people accidentally do it with public freeBSD vulns..

    PS3 had great hardware but Sony was in charge of most of the code.. Broken AES implementation and SPE exec killed it..

  9. I remember discovering that I had everything I needed to softmod my xbox in my desk already. The first console hack that started it all (at least for me) within 2 weeks I had applied the softmod to about a dozen of my friends machines….. it was the beginning of an era that has yet to close. I love console hacking,poking around behind the curtain is so much fun. Holding your breath on that first reboot…..

  10. I remember those days. The heady realization that just by unplugging my XBOX’s hdd data cable after it had booted and been unlocked, then plugging it into my PC while still powered by the XBOX, left it fully unlocked and ready for whatever I wanted to install on it. …like XBMC. Easiest soft mod ever. I eventually gave it to a friend with MS who loved reliving console glory days with the B.A.E.D. collection when he couldn’t get out of the house. (It really blew my mind that the original XBOX could even run N64 games just fine!)

    P.S. If you swap the 40-pin hdd cable for an 80-pin one, you’ll see 20% faster hdd access. Seriously.

    1. This and add a IDE2SATA adapter, larger, faster sata disks :D (with a modchip/TSOP you dont need to lock it or have support for PATA Password commands. ) so swap, flash the TSOP, add sata and enjoy your (S)NES/PS1/ATARI/C64 Mini that also can play xbox games… and MSX games. Lots of love for the og xbox

  11. This is the best article I’ve read in a long time. I spend a lot of time reading things on the internet and I don’t know why because usually the shit annoys me. I thoroughly enjoyed this through and through and just wanted to thank the writer.

  12. What I miss is the absolutely great library of audio visualization effects. There were ton of it in XBMC of that era.
    It would be so great to have those in kodi.

    The xbox was a great device, unbrickable, in fact no but there was always a way to recover.
    Too bad it was not used by the demoscene as a standard platform like the new amiga/c64 – ok, those don’t share much but it is a fixed in time architecture (or bundle of component i would say) with great community.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.