Hacking A question about 1BL

overlord00

overlord00

A motherfucking birdplane
OP
Member
Level 4
Joined
Sep 12, 2009
Messages
661
Trophies
0
XP
482
Country
So ever since the days of the KK hack, the 1BL code has been known and used, and is an important part of what the scene knows about the booting of the XBOX.
I have been doing some reading lately and pretty much stumbled onto this question;
where did tmbinc get this information from?

The 1BL is, and quoting from FREE60.org "Stored in CPU rom, decrypts and starts CB bootloader".
a better explaination was given again on FREE60.org "Buried deep inside the CPU die, this ~32kb of ROM code is responsible for reading the 2BL from NAND-flash and decrypts it into the embedded SRAM in the CPU"
How the crap did he manage to get this code? Dump something from the CPU? use assembly to read back and go through until he found something that might be useful?

I have tried to read as best i can about this, but havnt really been able to get any information whatsoever. Its as if he pulled it out of no where.
Does anyone know what sort of process was used or what this sort of thing would have you be doing?
tmbinc seems like a genius. (and in all cases probably is)
Anyone clear even a part of this up for me?

Thanks all.
 
DinohScene

DinohScene

Gay twink catboy
Global Moderator
Level 29
Joined
Oct 11, 2011
Messages
22,530
Trophies
4
Location
Восторг
XP
22,743
Country
Antarctica
boot0 also lies inside the Wii CPU and is dumped, or at least known.

If you have full control over the hardware you can read out ANYTHING you want to.
It just takes a lot of knowledge and programming skills to achieve it.
 
overlord00

overlord00

A motherfucking birdplane
OP
Member
Level 4
Joined
Sep 12, 2009
Messages
661
Trophies
0
XP
482
Country
which really doesnt answer anything :P

"If you have full control over the hardware you can read out ANYTHING you want to."
yeah, but to have full control, dont you need to know things... like 1BL? :P
 
DinohScene

DinohScene

Gay twink catboy
Global Moderator
Level 29
Joined
Oct 11, 2011
Messages
22,530
Trophies
4
Location
Восторг
XP
22,743
Country
Antarctica
KK hack loaded a Linux distro via unencrypted shaders into the memory (which wasn't checked by the HV etc etc)

From there you can read out anything you want and decrypt it with a normal computer.
Or for some stuff let the 360 decrypt it on-the-fly.

I don't know how Felix did this but this is about as accurate as I can guess.

It basically the same with dumping DS/GBA games, DVD drive FW, PS2 BIOS dumping, NAND dumping etc.
Read it out and save it, then build tools to decrypt them.
 
overlord00

overlord00

A motherfucking birdplane
OP
Member
Level 4
Joined
Sep 12, 2009
Messages
661
Trophies
0
XP
482
Country
actually, thats pretty informative.
Thanks again DinohScene.

I hadnt concidered the KK hack didnt need any real information about the system to perform its hack.
Well, that's one (possible) step closer to the truth...
 
DinohScene

DinohScene

Gay twink catboy
Global Moderator
Level 29
Joined
Oct 11, 2011
Messages
22,530
Trophies
4
Location
Восторг
XP
22,743
Country
Antarctica
You're welcome ;]

The same can be applied to reading out the FW of a Slim 360 drive.
It can be read out but cannot be written to unless you preform a hardware hack.
 

Site & Scene News

Go to forum More news

Popular threads in this forum

360 won't connect to the internet/sign into xbox live no matter what

Controller Not Working in 1 Game Specifically

Save file problem

Hacking  Dual nand hdd upgrade?

Missing resistor near pll

General chit-chat
Help Users
  • No one is chatting at the moment.
    SylverReZ @ SylverReZ: douche