Hacking A question about 1BL

overlord00 · Feb 15, 2012

So ever since the days of the KK hack, the 1BL code has been known and used, and is an important part of what the scene knows about the booting of the XBOX.
I have been doing some reading lately and pretty much stumbled onto this question;
where did tmbinc get this information from?

The 1BL is, and quoting from FREE60.org "Stored in CPU rom, decrypts and starts CB bootloader".
a better explaination was given again on FREE60.org "Buried deep inside the CPU die, this ~32kb of ROM code is responsible for reading the 2BL from NAND-flash and decrypts it into the embedded SRAM in the CPU"
How the crap did he manage to get this code? Dump something from the CPU? use assembly to read back and go through until he found something that might be useful?

I have tried to read as best i can about this, but havnt really been able to get any information whatsoever. Its as if he pulled it out of no where.
Does anyone know what sort of process was used or what this sort of thing would have you be doing?
tmbinc seems like a genius. (and in all cases probably is)
Anyone clear even a part of this up for me?

Thanks all.

DinohScene · Feb 15, 2012

boot0 also lies inside the Wii CPU and is dumped, or at least known.

If you have full control over the hardware you can read out ANYTHING you want to.
It just takes a lot of knowledge and programming skills to achieve it.

overlord00 · Feb 15, 2012

which really doesnt answer anything

"If you have full control over the hardware you can read out ANYTHING you want to."
yeah, but to have full control, dont you need to know things... like 1BL?

DinohScene · Feb 15, 2012

KK hack loaded a Linux distro via unencrypted shaders into the memory (which wasn't checked by the HV etc etc)

From there you can read out anything you want and decrypt it with a normal computer.
Or for some stuff let the 360 decrypt it on-the-fly.

I don't know how Felix did this but this is about as accurate as I can guess.

It basically the same with dumping DS/GBA games, DVD drive FW, PS2 BIOS dumping, NAND dumping etc.
Read it out and save it, then build tools to decrypt them.

overlord00 · Feb 15, 2012

actually, thats pretty informative.
Thanks again DinohScene.

I hadnt concidered the KK hack didnt need any real information about the system to perform its hack.
Well, that's one (possible) step closer to the truth...

DinohScene · Feb 15, 2012

You're welcome ;]

The same can be applied to reading out the FW of a Slim 360 drive.
It can be read out but cannot be written to unless you preform a hardware hack.

Hacking A question about 1BL

A motherfucking birdplane

Gay twink catboy

A motherfucking birdplane

Gay twink catboy

A motherfucking birdplane

Gay twink catboy

Similar threads

Popular threads in this forum