420 likes | 645 Views
Digital Media Centralization: xbox 360 capability enhancement. Dylan Merida Eastern Kentucky University Dept. of Technology, CEN. OUTLINE. Motivation for centralization of digital media Introduction to FreeNAS and X360 modification
E N D
Digital Media Centralization:xbox 360 capability enhancement Dylan Merida Eastern Kentucky University Dept. of Technology, CEN
OUTLINE • Motivation for centralization of digital media • Introduction to FreeNAS and X360 modification • Problem statement: Centralize media & unlock X360 platform to run unsigned code • Proposed solution: VirtualizeFreeNAS, build USB SPI Flasher, & perform JTAG/SMC hack on X360 • Results: Custom built FreeBOOT image running in single-NAND mode
OUTLINE (cont.) • Conclusions: The importance of open platforms and homebrew software in the future • Future Work: Expanding on the idea by building or porting open source software to the platform • Q & A
MOTIVATION • Digital media should have high availability throughout the home network and internet • The absence of Network Attached Storage (NAS) causes disorganization of data between PCs and laptops
MOTIVATION (cont.) • Physical media is cumbersome and antiquated. • HDDs and SSDs have the capacity to replace physical multimedia collections • Consolidated digital media should be accessible through networked home theater devices • Existing multimedia platforms (Xbox 360) should be open and free to run open source software
INTRODUCTION • FreeNAS can suit file sharing needs through CIFS (samba), FTP, NFS, TFTP, AFP, RSYNC, Unison, iSCSI (initiator and target) and UPnP • FreeBSD, UNIX, and Linux have a long standing performance issues with CIFS/SMB • Rooted in the lack of kernel tuning, asynchronous I/O, and large r/w SMB variant • FreeBSD 7.2 introduced tuning and newer Samba daemons added the large r/w SMB variant
INTRODUCTION (cont.) • FreeNAS 0.7.1 (4/11/2010) is based on FreeBSD 7.1, includes AIO, and Samba is compiled with it • NFS is the file sharing protocol of choice in UNIX world and its performance was much higher • Only Windows Vista & 7 Enterprise and Ultimate Editions include: • Subsystem for UNIX-based applications (SUA) • Client for NFS v3
INTRODUCTION (cont.) • Xbox 360 platform was chosen as network media player because: • Its existing multimedia support (No MKV support) • An abundance of processing power • Recent scene developments and breakthroughs • 12/23/2006: Xbox 360 King Kong Shader Exploit • Utilizes a bug in the Hypervisor to allow unsigned code execution (e.g. run Linux) • Only works on Xbox Kernel version 4532 and 4548 • Xbox Kernel version is currently at 9199 (April, 2010)
INTRODUCTION (cont.) • The System Management Controller (SMC) is an 8051/8052 core inside the Southbridge • It manages the power sequencing, and is always active when the Xbox 360 has (standby or full) power applied • JTAG/SMC Hack to run unsigned code • New way to exploit the well-known 4532 kernel ~ 5 sec • Verified to work until the 849x-update (Summer 09) • Requires bridging 3 points on the GPU JTAG: Two with switching diodes and one with a resistor • Requires read and write to NAND using SPI bus
PROBLEM STATEMENT • Home and enterprise networks need an effective solution for data storage and multimedia centralization • SANs allow direct hardware access, but rely on the host PC for file system duties • To fully utilize this data store, network media players need to support open source software
PROPOSED SOLUTION • VirtualizeFreeNAS to create a NAS and test its performance speed with CIFS/SMB sharing to the host OS • Build USB SPI Programmer to facilitate quick NAND read and write in under 6min • LPT port is similar cost with ~50min write duration • Install JTAG/SMC hack & flash X360 NAND • Run homebrew code (Linux, Dashboards, Emulators, Media Players, XBMC one day)
SOLUTION STEPs Step 1: VirtualizeFreeNAS 0.7.1 (revision 5127) Install VirtualBox v3.1.4 Create new FreeBSD VM Allocate 512MB of RAM Create 2GB dynamically expanding VDI Load FreeNASLiveCD Install to HDD Opt 9 Reboot & configure Set up partitions, shares, and CIFS/SMB
SOLUTION STEPs Step 2: Build USB SPI Programmer with PIC MC Purchase parts Build programmer or use ISP on Willem Flash PIC with full image Build SPI flashing circuit Insert PIC into socket Install NandPro 2.0e software on PC Install USB NandPro driver
SOLUTION STEPs Step 3: Install JTAG/SMC hack & flash X360 NAND Make sure its kernel 2.0.7371.0 or lower Check X360 revision Solder adapter to X360 NAND SPI Use USB SPI flasher to dump NAND Check for exploitable CB version from NAND If exploitable, install JTAG/SMC hack shown on the left
SOLUTION STEPs Step 3: Install JTAG/SMC hack & flash X360 NAND Exploitable CB Versions NandPro & FreeBOOT nandprousb: -r16 7371.bin Extract your original imageibuildx -d temp\ -p [cpu key] -b [1bl key] 7371.bin Extract "9199.zip" to data Copy config files from "temp" to "data" directory Choose or patch SMC Build FreeBOOT0.032 imageibuild c freeBOOT -c [console] -d data\ -p [cpu key] -b [1bl key] bin\image.bin bin\fuses.bin nandprousb: -w16 FREEBOOT.bin • Xenon: 1921 or lower is Exploitable (exception: 8192 IS EXPLOITABLE) • Zephyr: 4558 or lower is Exploitable (exception: 4580 IS EXPLOITABLE) • Falcon: 5770 or lower is Exploitable • Jasper 16mb: 6712 or lower is Exploitable • Jasper Arcade (256/512): 6723 or lower is Exploitable
SOLUTION STEPs Step 4: Run homebrew and open source code Acquire XeXMenu v1.1 LiveCD from Xbins Burn to CD, boot on X360, and connect ether FTP will be accessible from network Mod in external HDD or use FAT32 formatted USB FTP over to HDD a GOD to boot FreeStyle Dash
RESULTS • The FreeNAS box can store and share large amounts of media to the network • The X360 is now completely open to run any homebrew software necessary • The X360 homebrew scene is exploding with new projects and ports of software • Many emulators are already complete with an N64 emulator and video plugin rewrite in the works
CONCLUSIONS • Open platforms are important because they promote competition between software vendors • For the X360, Microsoft has a complete lock down on what goes on their platform and royalty fees • Open source software allows: • bits of pre-existing code to be reused • Us to learn from our mistakes • The intelligence of a large collective human effort to improve software and patch its security flaws quickly
CONCLUSIONS (cont.) • I’ve learned: • The workings of hardware and software NAS solutions • A great deal about FreeBSD, FreeNAS and UNIX filesystems • The intricate workings of the Xbox 360 hardware and its low level software kernel • Serial Peripheral Interface Bus and JTAG connections • SATA bus interfacing and connections • To greatly improve my soldering skills and patience • How to virtualizeFreeNAS, Mac OS X Leopard, etc
FUTURE WORK • The project could be expanded through: • Programming of a useful application for the X360 • Porting another software or emulator to the platform • Setting up software raid on FreeNAS • Modifying X360 games like Halo 3 • Finding a way to stream X360 in real-time across the network
REFERENCES • DIPERT, B. (2009). Accelerating consumers' NAS adoptions: ASSESSING YOUR PRODUCT OPTIONS. EDN, 54(12), 30-37. Retrieved from Academic Search Premier database. • Sangani, K. (2009). An audiophile's utopia. Engineering & Technology (17509637), 4(18), 28-29. doi:10.1049/et.2009.1804. • Andrews, J., & Baker, N. (2006). Xbox 360 System Architecture. IEEE Micro, 26(2), 25-37. Retrieved from Academic Search Premier database. • USB SPI Flasher with PIC18F2455 - now with source and binaries. (2009, August 31). XboxHacker BBS. Retrieved February 18, 2010, from http://www.xboxhacker.org/index.php?PHPSESSID=11dbecdaecf4f96fd9beae4cfa37c234&topic=12306.0 • USB SPI Flasher with PIC18F2455 - TECHNICAL thread ONLY. (2009, September 17). XboxHacker BBS. Retrieved February 18, 2010, from http://www.xboxhacker.org/index.php?topic=13850.0
ACKNOWLEDGEMENTS • Vigs Chandra and Jeff Kilgore for all their help and guidance over the years • Free60: http://free60.org/Main_Page • FreeNAS: http://freenas.org/ • Xbox Hacker: http://www.xboxhacker.org/ • Xbox-Scene: http://xboxscene.com/
Questions? Thank you for your time! Contact Information: Dylan Merida Phone: (859) 955-0066 Email: dmerida@gmail.com