When Microsoft entered the gaming console market with the release of the Xbox, it stood out from the competition due to its use of a relatively standard Intel CPU and NVIDIA GPU solution. This led to discussions about the console’s potential for running custom code. Although the console’s security was eventually hacked, there were still questions about whether the secret boot ROM could be dumped using the CPU’s JTAG interface.
To answer this question, Markus Gaasedelen set out to dump the secret code. He found that the code could be intercepted as it traveled from the South to the North Bridge of the Xbox because Microsoft had left this path unencrypted. However, the JTAG interface on the CPU was disabled through the TRST# pin, which was connected to ground. This meant that the JTAG interface could only be activated by removing the CPU and adding an interposer.
One challenge encountered during the process was maintaining system integrity, which was enforced by an onboard PIC16 MCU. With the CPU connected to a JTAG debugger, the system integrity check failed, necessitating an external injection of the signal on the I2C bus to prevent the PIC16 from resetting the system. Despite these obstacles, the secret bootrom code was successfully dumped via JTAG.
The original Xbox console was extensively hacked, leading to the development of projects like Xbox Media Center (XBMC), now known as Kodi. However, Microsoft learned from this experience and has since implemented increasingly robust security measures in their subsequent consoles. As a result, it is unlikely that similar hacking opportunities will arise in the future.
——————————————————–
Click Here For The Original Story From This Source.
