A question about 1BL

Discussion in 'Xbox 360 - Hacking & Homebrew' started by overlord00, Feb 15, 2012.

Feb 15, 2012

A question about 1BL by overlord00 at 12:52 PM (606 Views / 0 Likes) 5 replies

  1. overlord00
    OP

    Member overlord00 A motherfucking birdplane

    Joined:
    Sep 12, 2009
    Messages:
    664
    Country:
    Australia
    So ever since the days of the KK hack, the 1BL code has been known and used, and is an important part of what the scene knows about the booting of the XBOX.
    I have been doing some reading lately and pretty much stumbled onto this question;
    where did tmbinc get this information from?

    The 1BL is, and quoting from FREE60.org "Stored in CPU rom, decrypts and starts CB bootloader".
    a better explaination was given again on FREE60.org "Buried deep inside the CPU die, this ~32kb of ROM code is responsible for reading the 2BL from NAND-flash and decrypts it into the embedded SRAM in the CPU"
    How the crap did he manage to get this code? Dump something from the CPU? use assembly to read back and go through until he found something that might be useful?

    I have tried to read as best i can about this, but havnt really been able to get any information whatsoever. Its as if he pulled it out of no where.
    Does anyone know what sort of process was used or what this sort of thing would have you be doing?
    tmbinc seems like a genius. (and in all cases probably is)
    Anyone clear even a part of this up for me?

    Thanks all.
     
  2. DinohScene

    Member DinohScene The Gift of Dino

    Joined:
    Oct 11, 2011
    Messages:
    12,873
    Location:
    В небо
    Country:
    Antarctica
    boot0 also lies inside the Wii CPU and is dumped, or at least known.

    If you have full control over the hardware you can read out ANYTHING you want to.
    It just takes a lot of knowledge and programming skills to achieve it.
     
  3. overlord00
    OP

    Member overlord00 A motherfucking birdplane

    Joined:
    Sep 12, 2009
    Messages:
    664
    Country:
    Australia
    which really doesnt answer anything :P

    "If you have full control over the hardware you can read out ANYTHING you want to."
    yeah, but to have full control, dont you need to know things... like 1BL? :P
     
  4. DinohScene

    Member DinohScene The Gift of Dino

    Joined:
    Oct 11, 2011
    Messages:
    12,873
    Location:
    В небо
    Country:
    Antarctica
    KK hack loaded a Linux distro via unencrypted shaders into the memory (which wasn't checked by the HV etc etc)

    From there you can read out anything you want and decrypt it with a normal computer.
    Or for some stuff let the 360 decrypt it on-the-fly.

    I don't know how Felix did this but this is about as accurate as I can guess.

    It basically the same with dumping DS/GBA games, DVD drive FW, PS2 BIOS dumping, NAND dumping etc.
    Read it out and save it, then build tools to decrypt them.
     
  5. overlord00
    OP

    Member overlord00 A motherfucking birdplane

    Joined:
    Sep 12, 2009
    Messages:
    664
    Country:
    Australia
    actually, thats pretty informative.
    Thanks again DinohScene.

    I hadnt concidered the KK hack didnt need any real information about the system to perform its hack.
    Well, that's one (possible) step closer to the truth...
     
  6. DinohScene

    Member DinohScene The Gift of Dino

    Joined:
    Oct 11, 2011
    Messages:
    12,873
    Location:
    В небо
    Country:
    Antarctica
    You're welcome ;]

    The same can be applied to reading out the FW of a Slim 360 drive.
    It can be read out but cannot be written to unless you preform a hardware hack.
     

Share This Page