Showing the modchip installed into a powered up Xbox, most of the board space taken up by a small Pi Pico board. A wire taps into the motherboard, and a blue LED on the modchip is lit up.

An Open XBOX Modchip Enters The Scene

If you’ve ever bought a modchip that adds features to your game console, you might have noticed sanded-off IC markings, epoxy blobs, or just obscure chips with unknown source code. It’s ironic – these modchips are a shining example of hacking, and yet they don’t represent hacking culture one bit. Usually, they are more of a black box than the console they’re tapping into. This problem has plagued the original XBOX hacking community, having them rely on inconsistent suppliers of obscure boards that would regularly fall off the radar as each crucial part went to end of life. Now, a group of hackers have come up with a solution, and [Macho Nacho Productions] on YouTube tells us its story – it’s an open-source modchip with an open firmware, ModXO.

Like many modern modchips and adapters, ModXO is based on an RP2040, and it’s got a lot of potential – it already works for feeding a BIOS to your console, it’s quite easy to install, and it’s only going to get better. [Macho Nacho Productions] shows us the modchip install process in the video, tells us about the hackers involved, and gives us a sneak peek at the upcoming features, including, possibly, support for the Prometheos project that equips your Xbox with an entire service menu. Plus, with open-source firmware and hardware, you can add tons more flashy and useful stuff, like small LCD/OLED screens for status display and LED strips of all sorts!

If you’re looking to add a modchip to your OG XBOX, it looks like the proprietary options aren’t much worth considering anymore. XBOX hacking has a strong community behind it for historical reasons and has spawned entire projects like XBMC that outgrew the community. There’s even an amazing book about how its security got hacked. If you would like to read it, it’s free and worth your time. As for open-source modchips, they rule, and it’s not the first one we see [Macho Nacho Productions] tell us about – here’s an open GameCube modchip that shook the scene, also with a RP2040!

Continue reading “An Open XBOX Modchip Enters The Scene”

Using JTAG To Dump The Xbox’s Secret Boot ROM

When Microsoft released its first entry into the video game console market with the Xbox, a lot of the discussions at the time revolved around the fact that it used a nearly off-the-shelf Intel CPU and NVIDIA GPU solution. This made it quite different from the very custom consoles from Nintendo and Sony, and invited thoughts on running custom code on the x86 console. Although the security in the console was hacked before long, there were still some open questions, such as whether the secret boot ROM could have been dumped via the CPU’s JTAG interface. This is the question which [Markus Gaasedelen] sought to answer.

The reason why this secret code was originally dumped by intercepting it as it made its merry way from the South to the North Bridge (containing the GPU) of the Xbox was because Microsoft had foolishly left this path unencrypted, and because the JTAG interface on the CPU was left disabled via the TRST# pin which was tied to ground. This meant that without removing the CPU and adding some kind of interposer, the JTAG interface would not be active.

A small issue after the harrowing task of desoldering the CPU and reinstalling it with the custom interposer in place was to keep the system integrity check (enforced by an onboard PIC16 MCU) intact. With the CPU hooked up to the JTAG debugger this check failed, requiring an external injection of the signal on the I2C bus to keep the PIC16 from resetting the system. Yet even after all of this, and getting the secret bootrom code dumped via JTAG, there was one final system reset that was tied to the detection of an abnormal CPU start-up.

The original Xbox ended up being hacked pretty thoroughly, famously giving rise to projects like Xbox Media Center (XBMC), which today is known as Kodi. Microsoft learned their lesson though, as each of their new consoles has been more secure than the last. Barring some colossal screw-up in Redmond, the glory days of Xbox hacking are sadly well behind us.

Picture of the modification as it's being performed, with an extra chip stacked on top of the original, extra magnet wire connection going to the chip select line pin

Original XBox V1.6 RAM Upgrade Stacks TQFP Chips

RAM upgrades for the original XBox have been a popular mod — you could relatively easily bump your RAM from 64MB to 128MB. While it wouldn’t give you any benefit in most games written to expect 64MB, it does help with emulators, game development, and running alternative OSes like Linux. The XBox PCB always had footprints for extra RAM chips, so RAM upgrades were simple – just get some new RAM ICs and solder them onto the board. However, in the hardware revision 1.6, these footprints were removed, and RAM upgrades on v1.6 were always considered impossible.

[Prehistoricman] brings a mod that makes RAM upgrades on v1.6 possible using an old trick from the early days of home computers. He’s stacking new RAM chips on top of the old ones and soldering them on in parallel. The overwhelming majority of the RAM lines are shared between chips, which is what makes this mod possible – all you need to connect to the extra chips is magnet wire for extra RAM chip select lines, which are, thankfully, still available on the board. He shares a tutorial with plenty of illustrations, so it should be easier for you to perform this mod, in case you’re stuck with a newer console that doesn’t have the RAM chip footprints left onboard.

We just covered an original XBox softmodding tutorial, so this is as timely as ever! If you’re looking to read about the 128MB mod, this is a good place to start.

We thank [DjBiohazard] for sharing this with us!

“Hacking The Xbox” Released For Free In Honor Of [Aaron Swartz]

Hacking the Xbox Cover

[Bunnie], the hardware hacker who first hacked into the original Xbox while at MIT, is releasing his book on the subject for free. The book was originally released in 2003, and delves into both the technical and legal aspects of hacking into the console.

The book is being released along with an open letter from [Bunnie]. He discusses the issues he faced with MIT legal and copyright law when working on the project, and explains that the book is being released to honor [Aaron Swartz]. [Swartz] committed suicide in January following aggressive prosecution by the US government.

The book is a great read on practical applications of hardware hacking. It starts off with simple hacks: installing a blue LED, building a USB adapter for the device’s controller ports, and replacing the power supply. The rest of the book goes over how the security on the device was compromised, and the legal implications of pulling off the hack.

[Bunnie]’s open letter is worth a read, it explains the legal bullying that hackers deal with from a first hand prospective. The book itself is a fantastic primer on hardware hacking, and with this release anyone who hasn’t read it should grab the free PDF.