Hacking Stupid question, "burnt fuses"

[petethepug]

I have never heard of burnt fuses before in certain consoles, and people have said "look in the xbox 360 section."

https://gbatemp.net/threads/switch-...t-has-downgrade-protection-with-fuses.478820/

I'm going to be Homebrewing my Switch so just curious.

 

[DinohScene]

Microsoft implemented eFuse protection in the Xenon CPU, a total of 786 bits iirc.
Part of the eFuses make up the CPU key, one line makes up if it's a Retail or Devkit and the rest make up the Lock Down Value.
The LDV is used to determine the proper bootloader and what not.

Microsoft blew some fuses with some kernel updates, if the console detects a bootloader which didn't match what the expected LDV is, the console would halt to boot.
However, the RGH (discovered in ~'10) circumvents the LDV part of the eFuses by glitching the 2nd bootloader, allowing it to load up older bootloaders (which are locked out by the eFuses) which in turn, allow for booting of hacked kernels.

Also, the 360 has a small resistor which could be unsoldered to prevent the console from blowing fuses.
This can only be done on JTAG/RGH consoles.
Retail units will get bricked.

 

[petethepug]

So it just prevents booting other applications and if triggers are set, an "eFuse" will self destruct the console or prevent the application from booting?

I'm kind of confused to. Whats the difference between a retail console and a non-retail console? (Does non-retail refer to DevKit console.)

 

[DinohScene]

eFuses are only used upon boot.
There's no application that can touch them (XeLL can but that's a different story)
The eFuses will prevent an older bootloader from booting in a normal console, hence you cannot downgrade (you could in earlier kernels with a timing attack but it was slow)

Basically, if you downgrade your console without changing the Lock Down Value in the NAND (which you need the CPU key for, which is also part of the eFuse set) the value of the eFuses (LDV) don't match up with what the console expects (current set of eFuses) and the console refuses to boot.

Retail consoles can boot games and the non-retail consoles (test kits, XDKs, stress kits etc) only can do debugging.
Part of the eFuse set is responsible for identifying which is which.

These are the same for every retail console and the same for every devkit etc, but the eFuses in the retail consoles aren't the same as the XDKs.
Those fuses get blown in the factory upon first boot.
After that comes the CPU key, a key that's unique to every console and is used to encrypt and decrypt everything console side.
Part of the fuseset make up the CPU key and this is also blown inside the factory.

Neither Microsoft nor you could change this.

After that come the rest of the eFuses, which are blown every few updates to prevent downgrading and running older kernels.


I've typed this all from memory and tried to be as clear as possible on it and make it easy to understand.

TL;DR, the eFuses prevents downgrading of the console on early boot.
It's possible to read the value of the fuses in XeLL or Linux, but only updates can blow the last part of the fusesets.

 

[petethepug]

Alright I think I understand now, thanks!

 

[DinohScene]

There's a lot more in depth info about it but basically, it's a hardware system implemented to prevent downgrading and running old kernels.
That's pretty much it.
Aside from the identifier and CPU key, it doesn nothing but preventing downgrading/running older kernels.

Sadly for MS, it got circumvented with the RGH.

 

[brickmii82]

+1 to be stickied

 

[petethepug]

+1 to be stickied

Agreed ^

 

[DinohScene]

I should revise it then, make it more understandable haha.

 

[FAST6191]

While it is good info I am not sure it is essential info that every would be hacker of the 360 wants to know. "Microsoft blows fuses in the CPU which we can not easily change* and that changes what hacks you can use, don't upgrade or run games beyond the time your dash was released until you know where you are at with regards to it all" is pretty much what you need to know, everything else is fluff and curiosities which I am fine with people learning but again not sure it is essential.

*some with university grade gear and many hours on it have managed to do something I believe (decap, find it and then play with an atom force microscope** or similar, all before recapping and resoldering the BGA and hoping you don't go over thermal cycle limits), that and also read the CPU key from the BGA balls (it is hard but you can probe them) which helps with some things. Can't find the link to the paper right now though. If it was just necessary for one 360 to reveal some aspects that were hidden that is one thing (see also hacking the original xbox by bunnie https://www.nostarch.com/xboxfree ) that would be one thing, however for a production or even vanity run it is probably still not worth it.

**it seems all the cool tools are coming down in price to where mortals may be able to do something about it. http://www.afmworkshop.com/atomic-force-microscope-prices.html reckons "From $26,450 to $55,795" for one.

I should also say there are things called resettable efuses which can be used in cases of overload, to isolate segments or as a hard halt to call for a reset/diagnostic/security team. You tend to find them in high end servers, though given it was IBM that holds many of the patents (which in turn made the powerpc chip that runs the 360) that is not all that surprising.

 

[DinohScene]

While it is good info I am not sure it is essential info that every would be hacker of the 360 wants to know. "Microsoft blows fuses in the CPU which we can not easily change* and that changes what hacks you can use, don't upgrade or run games beyond the time your dash was released until you know where you are at with regards to it all" is pretty much what you need to know, everything else is fluff and curiosities which I am fine with people learning but again not sure it is essential.

*some with university grade gear and many hours on it have managed to do something I believe (decap, find it and then play with an atom force microscope** or similar, all before recapping and resoldering the BGA and hoping you don't go over thermal cycle limits), that and also read the CPU key from the BGA balls (it is hard but you can probe them) which helps with some things. Can't find the link to the paper right now though. If it was just necessary for one 360 to reveal some aspects that were hidden that is one thing (see also hacking the original xbox by bunnie https://www.nostarch.com/xboxfree ) that would be one thing, however for a production or even vanity run it is probably still not worth it.

**it seems all the cool tools are coming down in price to where mortals may be able to do something about it. http://www.afmworkshop.com/atomic-force-microscope-prices.html reckons "From $26,450 to $55,795" for one.

I should also say there are things called resettable efuses which can be used in cases of overload, to isolate segments or as a hard halt to call for a reset/diagnostic/security team. You tend to find them in high end servers, though given it was IBM that holds many of the patents (which in turn made the powerpc chip that runs the 360) that is not all that surprising.

Vast majority of the tempers want hacks for free and pretty much being spoon fed to them/
Besides, RGH circumvents the blown fuses part so you can continuously update the console ;p

I agree tho, it's pretty much non-essential info but, someone asked about it and I just simply responded with the knowledge out of the top of me head.

 

[Trumpasaurus]

I'm going to be Homebrewing my Switch so just curious.

I like your confidence. You sure about that? Kek

Vast majority of the tempers want hacks for free and pretty much being spoon fed to them/
Besides, RGH circumvents the blown fuses part so you can continuously update the console ;p

I agree tho, it's pretty much non-essential info but, someone asked about it and I just simply responded with the knowledge out of the top of me head.

And we appreciate the info. Very interesting.
Do you know how many efuses there are? Or is it like a dynamically mutating security measure that's infinite?
This has been asked before by somebody, but I didn't see a direct answer:if updating blows through efuses, how is it that Microsoft or Nintendo don't blow through their allotment of efuses? Would there be only a certain number of times you could update a console's firmware then? Sorry for the dumb questions. I'm a pleb when it comes to this IBM magic.

 

[lisreal2401]

I like your confidence. You sure about that? Kek



And we appreciate the info. Very interesting.
Do you know how many efuses there are? Or is it like a dynamically mutating security measure that's infinite?
This has been asked before by somebody, but I didn't see a direct answer:if updating blows through efuses, how is it that Microsoft or Nintendo don't blow through their allotment of efuses? Would there be only a certain number of times you could update a console's firmware then? Sorry for the dumb questions. I'm a pleb when it comes to this IBM magic.

LDV goes up to 80 I believe - I think it was actually DinohScene I heard from years ago who said if you could blow all 80 fuses, the value would reset to 0 and you could go to any kernel you want, but you can't blow all the fuses yourself since it's dictated by the system updates that are pushed out and lets say even if you had a day one 360 - you'd still never blow all the fuses, even if you ran every dash update since only some blow fuses. And even then - I have a feeling if you were to say, blow the fuses with hacks and get the value set to 0, the console might not boot in a retail state anymore. That part is just guesswork though. I might add, the 360 is still a marvel in terms of security - 12 years and only one exploit purely in software that was fixed within the two years and didn't give you piracy (they fucked up on the DVD drive thing though lol, that was bad)

 

[DinohScene]

I like your confidence. You sure about that? Kek



And we appreciate the info. Very interesting.
Do you know how many efuses there are? Or is it like a dynamically mutating security measure that's infinite?
This has been asked before by somebody, but I didn't see a direct answer:if updating blows through efuses, how is it that Microsoft or Nintendo don't blow through their allotment of efuses? Would there be only a certain number of times you could update a console's firmware then? Sorry for the dumb questions. I'm a pleb when it comes to this IBM magic.

789 bits in total, Fuse line 1 is set by the factory, make up retail/devkit marker, fuse line 2 gets blows rarely, 3-6 make up the CPU key and 7-11 make up the LDV.

Like lisreal said, it can be updated roughly 80 times.
As for what you thought I said, I believe I never said such a thing.
Quite the opposite, once all fuses are burnt, the console can't insert a new bootloader set anymore with any update.
IF MS does it, every kernel after that will theoretically be downgradable, as the LDV is stuck at 80 then.

But yep, the 360 is a marvel of security, until the RGH was discovered.
Fuses wouldn't matter then anymore.

Edit: MS doesn't blow fuses with every update, they occasionally blow fuses with updates.
You can inspect a certain file in a dash update to see if it blows fuses.
Think it was Updatespy.

 

[petethepug]

I like your confidence. You sure about that? Kek

200% positive as long as it has a stable release.

 

[lisreal2401]

789 bits in total, Fuse line 1 is set by the factory, make up retail/devkit marker, fuse line 2 gets blows rarely, 3-6 make up the CPU key and 7-11 make up the LDV.

Like lisreal said, it can be updated roughly 80 times.
As for what you thought I said, I believe I never said such a thing.
Quite the opposite, once all fuses are burnt, the console can't insert a new bootloader set anymore with any update.
IF MS does it, every kernel after that will theoretically be downgradable, as the LDV is stuck at 80 then.

But yep, the 360 is a marvel of security, until the RGH was discovered.
Fuses wouldn't matter then anymore.

Edit: MS doesn't blow fuses with every update, they occasionally blow fuses with updates.
You can inspect a certain file in a dash update to see if it blows fuses.
Think it was Updatespy.

I heard off hand from @Devin years ago - I believe anyway.

 

[DinohScene]

Could probably be yeh.

 

[Trumpasaurus]

LDV goes up to 80 I believe - I think it was actually DinohScene I heard from years ago who said if you could blow all 80 fuses, the value would reset to 0 and you could go to any kernel you want, but you can't blow all the fuses yourself since it's dictated by the system updates that are pushed out and lets say even if you had a day one 360 - you'd still never blow all the fuses, even if you ran every dash update since only some blow fuses. And even then - I have a feeling if you were to say, blow the fuses with hacks and get the value set to 0, the console might not boot in a retail state anymore. That part is just guesswork though. I might add, the 360 is still a marvel in terms of security - 12 years and only one exploit purely in software that was fixed within the two years and didn't give you piracy (they fucked up on the DVD drive thing though lol, that was bad)

It sounds like that would be running an odometer backwards using a powerdrill. Remember that old trick? Getting it to 999,999 when odometers weren't digital - then going back to zero. If we could do that with firmware, that would be amazing.

200% positive as long as it has a stable release.

Well, then, I won't discourage you. We need all the developers we can get. The more advanced security gets as generations go by, people start giving up. It gets way too intense. You have people leaving the scene all the time. Some of them claim: "Why do you want to hack consoles anymore? there's no point in doing it since you can just get a Raspberry Pi or whatever" (I think that was actually failoverfl0w who said that) - I really don't believe that.
I think if the security measures weren't so extensive, they would keep up with the hacking. It just gets to the point where they're spending countless hours and getting nowhere, so they're disheartened with the process. Of course, maybe 10% of it is legitimately them not seeing the need to hack consoles, but trust me... if the security was lax and they could crack right through, you'd better believe they'd be sticking to working on these consoles.

 

[DinohScene]

It sounds like that would be running an odometer backwards using a powerdrill. Remember that old trick? Getting it to 999,999 when odometers weren't digital - then going back to zero. If we could do that with firmware, that would be amazing.

That's pretty much impossible.
MS controls the amount of burnt fuses.
LDV doesn't match what it's expected to be, bootloader panics and the console halts booting.