How the Original Xbox Security was Defeated | MVG

We'd certainly like to have you remove that if you could...

"Ran out of time" -- We aren't afraid of 20min videos!

The original XBOX UI is still beautiful to look at. Has that Matrix, late 90s, early 2000s look, but doesn't look cheesy, just looks futuristic. While you really can't have a modern UI this simple, I do wish we had the option of different looks that aren't just cheaply made amateur nonsense. Give the XBOX4 a modern UI built on this original look with all the animations, etc, and they'll sell an extra 10million units.

Is it worth mentioning that Microsoft tried to hide the fact that the game ports were electrically USB, they just changed the shape? That was something that annoyed me on the original design, thankfully they included standard USB ports on the 360!

Hmm, yes interesting. I know some of these words.

To be fair Microsoft representatives did eventually compliment the efforts of the modding community.

Corrections and notes: - 5:18 The sniff was done between MCPX and NV2A (target being the CPU further down) [correct in voice-over, but broken visualization]. - 5:59 bunnies method wasn't too relevant itself; just that the MCPX dumps allowed for analysis and finding various exploits in the early boot process. This allowed circumventing checks of the flash ROM validity by exploiting MCPX bugs. It was almost entirely irrelevant to the kernel patching itself (it just made the installation of patched kernels easily possible). - 5:59 What did allow for easier kernel patching was Microsofts internal struggle with its employees, who kept leaking code and internal details. - 7:33 The expensive part is not a motherboard redesign (MS kept redesigning it anyway). The expensive part would probably be a change of the intel CPU design, which would significantly raise costs. The MCPX/MCPD on the other hand was developed specifically for Xbox and nForce motherboards and was cheaper to fabricate with the built-in ROM from the start. - 8:10 The MCPX 1.1 basically moves code from the MCPX into the flash (FBL) and verifies it using TEA; I believe the FBL still uses RC4. - 8:10 TEA itself is not insecure, however, the way MS used it was known to be insecure. - 8:10 There were other known exploits in the MCPX 1.1 (inherited from MCPX 1.0; such as visor and mist, mentioned in the outro); and A20 was also already possible with MCPX 1.0 (as a software-only solution instead of bunnies attack). - 8:34 The 1.6 Xcyclops (chip with Xbox Logo to the left) contains the ROM and SMC; Xcalibur (chip with Xbox Logo to the right) is only a video encoder. At least this is currently believed to be the case. - 9:05 There was security for savegames, but savegame encryption keys were dumped from the kernel, so another machine could modify savegames. Without the MCPX dumps (and kernel dumps), this might have taken a bit longer. I also believe the bunnie-phone-call was about the still-encrypted flash contents, hence: ROM image (which also contains the plaintext copyright message, shown on his website). There was a back-and-forth with MS about his actual MCPX research being published, so it would be weird for MS to give him a call afterwards (as the legal situation was settled; quote: "I got a grudging thumbs up, so to speak, from Microsoft on my Xbox reverse engineering work"). All to the best of my knowledge, for updated information, check http://xboxdevwiki.net/ - JayFoxRox

When it comes to these extremely detailed videos about how security was defeated in the gaming world, I wouldnt mind if these videos were an hour long to be honest. They are very detailed, extremely accurate, and you sure did all of the research anyone could possibly do on the subject. That shows true passion for what you do, and you do a great service for the community. Thank you.

Forgot reason 4, to play games from other regions on region locked hardware. That's why I got work-arounds for my Gamecube, and my PS2.

This Xbox on the video is absolutely gorgeous

Being that I have always enjoyed embedded electronics and hardware hacking (and plan on double majoring in CS and EE), I enjoyed this video covering security flaws in consumer electronics. Please make more of these!!!

Imagine someone watching this on their OG Xbox through Linux

A great video! You've managed to capture the history nicely there! I have a lot of fond memories of the old XBOX =D

Dat voicemail... first time I hear that, it is gold! I find it really fascinating to learn how exactly security got breached on all the different consoles, wether via hardware or software or a mix of the two. That was told in great detail yet succint and moving at a fast pace, and with your usual flair. Very well done, MVG! that was one really enjoyable vid yet again!

Thank you so much for this video! I love seeing this kind of content on the game systems from my childhood, especially now that many of the original sources on forums and the like are long since gone. Thanks again and looking forward to more!

Looking forward to the 360 video. Thanks

7:41 haha “Xbox 2”. Like they thought that Microsoft knows how to count

Nothing is better than a new MVG video with a cup of coffee in the morning.

I love these kinds of channels. Super cool things I never knew about and done in a very good format with a great host. I could watch these all day.

9:21 I remember seeing an old photo circulated around, where one of the save files had a Debian logo on it, so that could be one of the hacked save files.