[Music] so next uh up is Marcus gastan uh he's going to be presenting on a really really cool story of his years of research into the the Xbox uh the original Xbox um he kind of runs the gamut from like you know deep Hardware to software and uh it was it was such an enjoyable story when then when we uh when he dry run it we Jordan and I were just like fascinated the the whole time um so uh we think you'll you'll find it just as intriguing so please welcome [Applause] [Music] [Applause] [Music] Marcus all right uh good afternoon everybody and thank thanks for making it back from lunch and staying through this far into the conference here so my name is Marcus Calin and this is full stack reverse engineering of the original Microsoft Xbox uh so this is a deeply personal story for me uh and it's a fleeting Glimpse at about 4,000 hours of hobbyist research uh obviously nobody is paying my company to research the original Xbox uh we have better things to do um but these 4,000 hours capture about 3 years uh I spent in this dark windowless home office uh which slowly spiraled into this full-blown lab hosting dozens of hardware and software projects pertaining to the original Xbox uh I made a number of significant technical breakthroughs on the software side for the original Xbox but for the purpose of this talk uh I'm just going to focus predominantly on uh a handful of Hardware oriented projects that kind of tricked me into becoming an electrical engineer of sorts um so who am I uh I'm a security researcher by trade I have an extensive background in reverse engineering part analysis Boutique exploitation uh I used to play ctfs a long time ago as part of rpis SEC um but I'm probably best known for my Ida plugins so uh people that have used Lighthouse or tenant or uh the patching plugins or the AVX research like uh that's me so um uh yeah now I focus I try to focus on just problems that I personally find interesting uh but my last conference stock was six years ago at CCC in Germany in 2018 uh I came out of retirement specifically uh to support this conference and uh my friends and uh I'm so incredibly proud to be here uh but the talk I gave at CCC back in 2018 Illustrated uh the tedious process of developing zero day exploits for browsers uh but what do zero days have to do with the original Xbox and why should all of you folks care about Hardware so this small room is filled with I don't know 100 of the some of the best most proficient software verse Engineers uh but most of you also probably double as vulnerability researchers uh and for those that don't know anything about vulnerability research we often search for bugs or clever asymmetries uh as some uh more formal people like to call them uh that we can abuse to take full control of software and systems uh but it's always kind of bothered me that the small cabal of researchers producing the most elaborate software gymnastics often lack any understanding of Hardware uh it almost feels disrespectful to our trade in a sense uh you spend 12 hours sitting at a computer each day uh don't you want to know how they work uh and so I won't be able to distill 4,000 hours of technical Hardware Concepts I learned over these years into a 1hour technical talk uh this is just really the tip of the iceberg uh but the uh all the specifics I learned tumbling down this Rabbit Hole you're going to have to go learn on your own uh but yeah if you go as deep as I did and you make it back here uh you might SE seeing these unique asymmetries that neither domain will uh recognize in total isolation uh I think there's a real chance it might change the way that you think about exploiting software run times that maybe previously you thought might be impossible uh and so poking undocumented Mio registers to tweak C latencies and RAM that could serve as some primitive to induce memory corruption otherwise perfect code or how raising the temperature of a chip might actually make your race condition more reliable uh if you don't believe me that's also okay I hope this talk at least encourages you to try to do some things that are far outside your existing skill set uh so this is a high level agenda of the talk I'll provide a bit of background on the console some general purpose tips to get you interested um in hardware and then cover a variety of increasingly ludicrous Hardware projects uh I tackled along the way so yeah let's talk about the original Xbox uh it launched in 2001 this was Microsoft's first Venture into the console industry uh it's best known for Halo Master Chief Xbox Live land parties uh getting online play viable uh at home on a console uh but under the hood the system was effectively a streamlined personal computer of the early 2000s it had a DVD drive an 8 GB uh hard drive uh it was an Intel based board with a purpose built Nvidia GPU which also doubled as its Northbridge uh INF for reference this is kind of like the system architecture uh we'll revisit this diagram several times uh throughout the this presentation so I don't want to spend too much time here for now but uh yeah uh but yeah this this console is part of my origin story when I was 12 years old in two in the mid 2000s I managed to get my hands on this book hacking the Xbox by um bunny uh Andrew Wang and uh I it was followed by Vivid memories of solderan mod mod chips into my Xbox I was uh you know solder fumes everywhere I'm like uh trying not to damage my Xbox but uh ears can be uh after learning a little bit of the hardware and getting the mod chip in my Xbox I started opening Xbox game executables in Ida 4.9 uh I had no idea uh what x86 assembly was I didn't even know how to program yet but uh I was trying and that's kind of like a common theme of this talk uh you just got to throw yourself out there and start doing stuff um oops uh so yeah over the past 20 years though uh some really incredible first-party resources for the original Xbox have leaked out onto the internet uh this includes a complete mid-development snapshot of the Xbox Source tree from 2002 uh as well as full Hardware schematics uh number of the original design documents that Microsoft use when manufacturing the Xbox um and from an educational point of view it's a complete gold mine like imagine getting to study low-level OS programming thread scheduling memory management Hardware io on a real world consumer device uh with its original production code base uh it's actually like freaking incredible so uh yeah the Le sourc tree uh is completely selfcontained basically just builds out of the box um it's kind of surreal that you could think of something that complex uh you know it's like imagine like oh let me just build Windows on my machine that's kind of what's going on here uh and so uh there's a few little things you got to do to get it working on Hardware um but it's such a awesome amazing resource uh to just read through the code and just like not even if you I don't know it's NT code is something of the most beautiful code uh in the world in my opinion uh but yeah this is a screenshot of me building the BIOS from uh early uh April 2021 uh the sry leaked into the hands of hackers though about 20 years ago and this is what really kicked off the whole home brew scene for the original Xbox back in the day uh nobody knows exactly where it came from some say it was an intern at Microsoft that stole it others claim is a breach uh it doesn't really matter at this point but it's a snapshot of the entire tree tagged as build 4400 and so sometimes it's called The 4400 leak um and it's a pretty fun exercise to to just go through and diff that Source tree against the various production ROMs that got shipped on the Xboxes and like go through and Port your patches or like uh try to reverse engineer the binary uh fixes that they made later in development uh back to the sourc tree uh but yeah this slide provides a high level overview of the BIOS it's more for reference um for those that want to flip through this in the future uh we're not going to talk too much about software again uh we're going to keep moving in the interest of time so I a talk that illuminated my journey as a software researcher learning to go deep on Hardware so let's flip over to actually working with Hardware um this is kind of what my Hardware bench looked like pretty early on uh I'd actually uh strongly recommend getting things like an oscilloscope which you see on the right side there uh and like the BGA station on the left like those were some well the oscilloscope I purchased early on but like uh until you know what you're doing I I I would say hold off on those um this is what I would recommend is like your starter lab ,000 you don't need to spend more than that like and you can get like the best equipment for doing the most mechanical things uh and this is not Xbox specific in anyway this applies to every single device research that you will do if you're popping embedded targets or researching other things uh this is uh $1,000 goes a long long way um so if you're at this conference I know you can your you or your employer can 100% afford a thousand dollars to change your life so um uh and another thing I want to stress to you uh is just I I highlighted in red but get a good trinocular microscope because it makes everything way easier even if you're sting or not just inspecting the board and like doing different things like uh you will become a 10 times better um like Hardware person just by having a good microscope so spend $500 up front or whatever actually get you don't you can buy this exact one this is exactly what I have and so um yeah but getting started into Hardware hacking like you really should just uh start practicing with soldering stuff uh to whatever border or Target you're looking at on the Xbox it's very common to uh like solder to this point which is called the d0o point and on the left side there's also the LPC header uh um sometimes there's quick solder boards that people would solder onto the board to tap certain points and reroute certain signals uh and this is all just getting familiar with soldering using flux cleaning up the board with isopr alcohol and stuff like that um and yeah being able to install pin headers is a is a big trait or a big like common skill of just basic Hardware hacking uh be it playing around with Xbox or if you're researching some device uh that has a debug uh some unpopular debug Port um yeah you're going to want a solder header on there so you can like easily put logic analyzer probes on there do other things with it um for reference this is a mod ship that I use for about 99% of my research uh doing the software kernel hacking side of things uh I could easily flash it over the network to load new custom bios images that I was compiling via the source tree um allowing me to iterate pretty quickly and play around with the the hardware uh historically one of the most advanced Xbox mods that normal people will do um is trying to solder extra RAM chips onto the motherboard in place of the unpopulated pads and so you could actually upgrade your console from 64 megabytes to 128 megabytes of ram um and uh yeah it's kind of a fun achievement to be like oh I I've hand soldered RAM chips before um but then it can get even crazier uh someone actually realized uh for the final version of Xbox where they removed uh the extra r pads you can actually stack the RAM chips on top of each other and just route the chip select line um and apparently there's some precedence for this in history and so this is kind to like a zoomed in version um but yeah you know it's like uh I remember when uh I showed a a friend this picture they were like do you have hands of a surgeon like what is going on um so uh let's get into actual instead of just the the fundamentals and just the mechanical process of soldering things uh how I started getting into the hardware engineering side uh so when I was doing all this research I usually had just one retail unit sitting on my my desk you don't need a development kit you don't need a debug kit don't spend your money on that you I did almost all my work on retail units uh and I had this little board on the front of it you can see on the front left there it's this little USB board hanging off um but every now and then my uh Colonel debugger kept getting stuck for some reason it kept hanging and I'd see the board just flashing the rxtx like crazy um and so uh and to give a little bit more context this is basically an Xbox serial us USB adapter it uh outputs uart from it it essentially lets you get uart out of the console uh pretty easily into USB um so then you could just like connect to use putty or something on Windows or specifically um I would hook up wind buug uh and so you could kernel debug using windbg uh 4.0 uh you could actually debug the Xbox kernel um and uh yeah this is just flipping back a slide this is actually how I routed it out and so I'd put the mod chip on theof cable and I would route out the front so I had easy access to the USB um but yeah uh if you want to experience a total fever dream you could even do Source debugging or or with the latest wind wind debug preview um debugging a 20-year-old console with source and symbols like it's it's a total trip um but anyway going back to that little serial adapter uh what happened is it it was getting stuck for some reason my windbg sessions would just hang sometimes when I was dumping a lot of memory and so I started like trying to figure out what was going on and I started trying to figure out how to use this oscilloscope I'd actually bought like two or three years prior um and oscilloscopes are kind of advanced when you're a software person you don't really know uh the hardware side of things but um I started probing signals and essentially what you're seeing is like the the purple signal signal this is like one of the the LPC signals which will go to that little uh uh serial board um the purple signal at the top is the uh is what that signal was on the board like on the motherboard itself but then the yellow is at the end of my ribbon and I started learning and asking around talking to my e friends and they're like well this is called ringing go read about this stuff um and so I started learning a little bit more of like the analog topics of um of uh hardware and if you actually go to that issue on GitHub you'll see my process it's almost like a blog post kind of unrolled of me trying to figure out what the hell's going on and me answering my own questions because nobody else was answering my questions um and so there's more pictures and stuff there uh but yeah I essentially had to open kead which uh is the this uh PCP uh design tool essentially and uh it's most commonly used by hobbyists for doing hobbyist Hardware engineering of any sorts um at first I didn't like it I was trying to be like oh I want to go learn Altium or Eagle like the high-end Ida pros of like the but it's like no just use kecat it's actually pretty good um and so uh you kind of have like two main workflows which is editing the schematics or editing the PCB layout um and one of the great things about uh like getting into the hardware engineering side or one of the great methods of I guess getting deeper into that uh knowing nothing is just editing an existing project not trying to go make your own PCB and circuit and whatever but just editing an existing open source project to add some feature or fix fix some issue and uh something that I did was add these damping resistors and that's something that I had learned um from my you know starting to learn about the mechanics of Hardware uh and based on my discussions with friends uh and sure enough um uh you can see this is a before and after of the ringing before adding those dampening resistors and now the signal looks much more normal and blocky um and so it it was pretty cool to see that result uh but along the way I was also like like I don't want a usbb port on this anymore I want USBC because I don't want more cables floting around my desk uh trying to modernize it so like if you're trying to find a good project or something take an existing board add a USBC port to it instead of whatever they're using like mini um and so uh another really cool part of it is ordering it generating the Gerber files and setting them off to get manufactured at jlc PCB or PCB way um it's so cool to be like holy crap like I made this is this mine um uh and this is kind of what it looks like fully assembled uh so uh anyway that actually ended up fixing the issues this is what I ended up using for the duration of all my other software research uh and so yeah there's like some this is a good way to kind of get started into Hardware the hardware engineering side of things if you're a software person um all right now things are going to get a lot crazier uh and so Bill Gates secret bondwire so I started getting more adventurous uh with uh my Hardware Antics uh as I kept digging more and more into this history of the console and all these uh leaked resources and leaked data sheets and stuff like that um I turned my attention to the mcpf and this is the South Bridge uh and it looks like this um if you've ever heard about the whole story about how Microsoft had to trash a bunch of or Nvidia had to trash a bunch of chips and almost went bankrupt because Microsoft was like oh we don't want those anymore like they have an insecure um romen them um it's it was this trip uh and so the nvd mcpx uh is stands for the Media communication processor and South Bridges typically are responsible for handling peripheral IO of your computer things like your USB ports or networking or IDE or SATA um or access to flash or the BIOS trip um it's like you don't want networking like your your ethernet wires going straight to your CPU right like that would you would need a million pins off your CPU for like all the various peripherals and so everything usually would go through the South Bridge um but there's a really interesting thing um in the history of the Xbox there's actually the mcpx X2 and the mcpx X3 um and specifically the the X2 chips were used in debug kits and development kits and they uh the difference was that they did not have uh what was historically called The Secret boot ROM the the the source of the chain of trust um and uh so I was flipping through the data sheet this leaked data sheet from 20 years ago um 25 years ago now uh and something caught my eye uh was reading about this x mode operation um somewhere in the data sheet uh and I actually don't really like the mcpx data sheet it's kind of it does not have as many details I would have liked but this caught my eye um essentially and I realized them talking about the internal ROM being disabled or enabled this is again the the first instructions that will boot uh or run on the CPU out of boot essentially uh but they I saw that oh wait okay I think this is what the the difference is between the xm2 chips and the xm3 chips um is one has the retail boot ROM enabled with the the security and goes out to all the consumers but then the development consoles could technically kind of boot anything um but there is this other language that caught my eye specifically about these internal Bond pads and bond pads being powered off the vd3 ring and that this could potentially be toggled and I was like what what exactly does that mean and so like any good Xbox Moder trying to Pirate games um I got the chip x-rayed um and this was like one of the moments where me as a software person stopping to look at this like I got the images back from the professional lab and I was like it was it took my breath away it actually took my breath away and it was like this really cool thing because I sent this chip in and it was just like a chip that was important to me uh and just seeing the bond wires expand out in like the BGA pads I was like this is something you never see in software uh but to give a little idea of what you're seeing is uh essentially there's a silicon die in the center um there's the ball grid array on the bottom all the little solder balls that will connect the chip to the board um and then there's all these little Gold Bond wires that are spewing off the Silicon in in multiple tiers to various pads uh to rout out to the the BGA um but I didn't send just one chip to get X-ray I sent two um and so like any good reverse engineer I was like let me just open it in bendi like I want to compare these chips uh but well not bendi Bond if because we're going to be looking for differences in the bond wires here um and it pointed me to this region of the chip uh and this is what they look like side by side so the X2 the the mcpx X2 the dev chips are on the left and the mcpx uh the retail one is on the right uh and when we start tracing out the wires I actually went around the whole chip and traced out all the wires um but this is what it looks like it's still a little bit messy trying to figure out what's going on here but if we remove essentially the blue wires the the teal wires were kind of like the inner uh row of um Bond pads and the red wires uh I marked as the outer wires uh and so now if we take away the blue and we're just looking at the red um we can see that there's something different going on here um and so adding a little bit more topography uh we have a ground plane and then we have what is the 3.3 volt ring running around the silicon and I saw this little Gold Bond wire I was like could that be it could that be what they're talking about uh and it was kind of like seeing gold you know you know I told you we're like digging through things that no people have any sense to be digging through uh and I got a little bit of Gold Fever uh and so here it is without the uh the um the overlays or whatever if you look carefully you can kind of see that little black shadow of a wire um on the ground plane on the left and then uh reaching out to the 3.3 plane on the right uh so then we're going to dig for it and so to give you some ense of scale this is what the chip looks like that's my hand um I just have it in like some BGA reballing jig just to hold it steady for now uh and resuming in a little bit and here's this little hole I started hand Milling with uh essentially a grinding pen a PCB grinding pen I should have taken a picture of it um but all these pictures are multiple years old at this point um and this is the hole that I started digging down and so this is about a millimeter across um it looks much larger on screen uh and I started expanding on it and we have the x-rays on the left and now we have uh the expanded P hole and this was just a throwaway chip on the right I was just digging to see okay am I on the right track here and so you're peeling back the layers uh and on the far right I ultimately peeled back part of that 3.3 ring um if we zoom in even further I think I found them right I think I found these two little Bond wires peeking out down there uh and to give you some more sense of scale that if you tonight or even right now if you pluck a piece of your hair I'm trying to modify chips you know this this this Bond wire that is three times thiner than human hair uh I'm trying to solder to this thing uh in this tiny little hole that's about a millimeter across um and so uh for those of you that are familiar with Dupont connectors um this is drawn to scale I promise I drew it to scale in Photoshop um and so the entire console security is hinging on this invisible string one single thread of gold um and I said all right let's try to BGE it um and so uh essentially going back to the data sheet it looks like uh you know I pulled up the this part of the 3.3 plane um I think I might now be in PC mode maybe the Chip is going to be booting in PC mode I don't really know exactly what the other wire is there maybe it's the other bit that can be controlled here like it might make sense uh but I have to do something about it and so this is a side profile of I've cut into the this is a crater that I have burrowed through multiple layers of the the PCB of the substrate essentially and those are two little Gold Bond wires sticking out um and so I started using my hair and a little bit of solder mask to start painting around this hole at microscopic scale because I don't have a brush or something that size and so here I am painting around trying to Mas off all the copper so I don't blow this chip up um leaving just that one little fluck of gold at the bottom uh and this is what it looks like uh and so I've painted I it's a bit hard to see but there's a shimmer of gold at the bottom and uh and I was like okay great uh now what and so I tried a few different things but ultimately what I came up with was I learned about this thing called conductive epoxy which is like this epoxy resin that can uh be cured with heat um but they have like little bits of silver or like conductive material in there to uh use uh to pass signals and whatnot um because the thing is like I I tried using solder I tried using paste to try to bodge this but it it this is this is the best solution that I came up with I don't know I invite someone else to try to come up with a better one um but the idea was I would put this condu conductive epoxy in I'd put 42 gauge wire into that hole and hopefully then I've created my own little pin of sorts to this like Bond wire um and so this was kind of the plan uh you know I don't really know what I'm doing again uh any hardware person would be like what is going on like what are you trying to do here um and so I left the other Bond wire floating thinking maybe it'll be Z volts I don't really know hoping that would disable the secret ROM and then whatever the hell this other wire is I'm like well I should probably hook that back up to 3.3 cuz otherwise I don't know what the Chip's going to do um and so this is roughly kind of what's going on this is what it looks like I then Mass it over again with some more stuff because not only have I now done this bodge um but I also have to get the chip back on the board and so this is a BGA chip um and uh that which means I need to put it under this BGA station and this this ignores the whole me taking the chip off trying not to kill it and get it reball and and everything but at this point I'm putting the chip back on I've attempted my bodge um I'm trying to disable the secret ROM essentially make it a Dev chip of sorts of disabled the root of trust um and the system still boots but unfortunately it's still booting in retail mode so this was kind of a fail um but no good story happens from things going right uh and so I tried a few more times um unfortunately it did not end up working out uh we just lost a timer by the way down here um but uh the um uh it was a good attempt um and I tried a few more times I didn't want to try too much but it was a fun adventure I was glad I could at least see that Gold Bond wire I think there's something there and I invite someone to try again but it's a very aggressive process um trying to get the chips on and off the board as well as um doing the bodge is insanely invasive uh but I kept moving uh I moved on to looking at the system management controller for a little bit um and so the system management controller is this part of the board uh and it's essentially just a simple P 16 uh it monitors very it has it has a very simple amount of logic it monitors uh eject button presses DVD Trace State um it will drive the fan pulsewidth modulation to set the fan speed and stuff like that um but there's four kilobytes of code in this that Microsoft wrote um which is not really significant from a security point of view but it seems like a really fun challenge uh and I worked on this for a little bit uh there's a few subtle differences between the retail and Dev chps but it doesn't matter too much but uh there's a blog post I I linked down there which is worth pursuing but here's some of the stuff I was doing uh and so this is a chip on just a basic Flash Reader uh it has the readout protection enabled so I couldn't actually read the chip out um or these the the secret 4 kilobytes um and so I was trying to use nitric acid I've never Decap this before like I don't have a wet lab like I'm a software person again uh are tricking myself into trying to be a hardware person and so I was absolutely destroying some chips and these were just you could buy blank chips you should buy blank chips not test on your real Target because you might only have one of those um you know and it was in the middle of winter and so there's snow on the ground so I don't want to go outside so I'm trying to set up by this little window the most hobo like chip decapping station ever um uh but you know I was incrementally getting better you just you know practice makes perfect right um and so basically putting chips on this little hot plate dropping a single drop of acid on them trying to expose to Silicon Dy uh because the idea is there's a a common attack which is called like UV eraser attacks the idea being um you can sometimes expose a silicon die and um use UV light to erase the configuration bit that would control whether readout protection is enabl and so I was trying to get down to that and I was trying while trying to keep the chip functioning essentially uh and so here it is under UV light I tried a few things it was not working um this is essentially uh another fail but what we were able to confirm um and I do know some people that are still kind of working on this and I invite you if if anyone in this audience comes back next year and say hey I dumped this fromom I'll make sure that Peter and Jordan get the talk accepted here um but we were able to confirm that the configuration bits within the Silicon are in this small region uh and uh so the the readout logic is also in that region and this is a picture from the the fly logic um blog post from this is honestly like 10 15 years old at this point but the chip is uh based on everything that they said it this is one of the more hardened chips and it has a physical fuse that blows and basically they had to shoot a laser to cut a trace in a specific point of the Silicon to actually ground out the the readout protection um fuse line such that they could read it out and that's a lot of uh equipment cost um onetime equipment cost that I don't think I would ever apply again honestly but like the idea of doing transistor level reverse engineering is fascinating to me I did some of it back in college honestly um but even just doing um the uh polishing and uh delayering of silicon and image it well enough to be able to reverse engineer logic uh can be expensive let alone laser um lasering it or using a fib so uh that's another challenge I'll put out there um i' I've given you the ingredients and this blog post I think outlines what you need to do um and so if someone comes with a p comes up with the delayered pictures I'm happy to help I I'll dig right into reverse engineering the Silicon um uh for a while I also started um instead of trying to dump the ROM just reimplementing it and so learning how to use logic analy analyzers with 30 channels on it and starting to uh monitor all the logic and reimplement it on a new raw myself and so I got that about 90% done before I stopped uh so we'll keep moving onto the next adventure which is CPU interposers uh and so this is what the CPU looks like on the original Xbox this is an Intel Pentium 3 essentially it was running at 733 Mega mehz um and uh yeah it's it was actually a mobile um CPU meant for laptops or in the mor mobile form factor uh but back in the day there was this legendary console called the uh dreammax 1480 by this Taiwanese company called frch and uh what's really interesting is that they had come up with this method of upgrading the CPU on the console to a, 1400 MHz Celeron um which is effectively double the speed of the original uh CPU speed and so this is a comparison of uh the original CPU versus the upgraded one and this is a server class uh toatin essentially um and this was considered the Pinnacle of the Pentium 3 era like people clung to these CPUs they're they're legendary um amongst Intel Fabs uh but you can see the M much faster core much bigger C size um and one of the big problems though is that they have a completely different footprint one is bj2 micro it's essentially a laptop CPU versus socket 370 and this is what they look like this is the size differential of them and one is a BGA chip and one is a pin grid array is it's got 300 gold pins on it you can literally fit the the original CPU within the well of the the server class tottin and so the tottin were normally designed to be plugged into sockets like this and so this is called um yeah uh socket 370 or PGA 370 uh that's kind of what it would look like um but the solution that frch had developed back in the day was to develop this BGA 2 to PGA 370 CPU interposer you can actually find the patent for it still online on Google if you search for this um you'll find it uh and they have this like Nifty little diagram that looks kind of cool but they also have this like um pretty crunchy schematic there uh and so I was like this was a legendary mod back in the day but a lot of people kind of wrote it off first of all it came out towards the end of the Xbox area there's probably only 100 or 200 of those consoles ever made by this company um and there's a few hobbyists who kind of recreated the interposer privately and would like uh they they would sand down the interposer and make their own like over like the years uh but a lot of them had kind of dropped off the face of Earth like nobody's heard from them anymore so it's almost like a lost start of doing these CPU upgrades but there's one guy on eBay still selling these cloned interposers um I was kind of like well what if this dude gets hit by a bus like I I'm like I think this is a fascinating piece of the history of the console and I was kind of worried about like um first of all I want to do the mod so I was like okay let me get some of those but then like I was also like what if he just disappears and so um I wanted to learn more about the underlying of it not just sanding it down and copying something I actually like learning things and so um I started uh using the patented schematic or whatever and started rebuilding it uh in kead so this was uh like the second or third like I think this this was essentially like the second board that I had actually made myself uh in kead uh there's one there there was like one or two very minor projects that I just don't have time to mention in in this talk but uh so I started laying it out um this is the most advanced thing that I've ever done I don't really know what I'm doing um I'm starting to try to like figure out the layout and kind of glancing at these these ones that I had also bought um and uh Key's pretty cool so you can also get like a 3D visualization of your board um but then I was like talking with some friends some of my e friends and they're like oh why do you have all these dog years we have these things called via in pad nowadays which is very accessible to um hobbyist uh uh specifically um and so like you know this was me like the learning process being like Oh I guess I don't need to like move these over I can put them on the pads themselves uh but to start building my own interposer I was reading all these Intel I was spending hundreds of hours reading all the Intel data sheets on which you can find for the old processors back in the day like nowadays all that stuff is like super n super proprietary all that stuff um but Intel used to publish a lot of platform recommendations and motherboard design references and data sheets for the processors and so I started building this thing out and this is going to be a six layer PCB and so most hobbyists are normally have a two- layer PCB maybe four but we're actually we need six for this and um and so I got it laid out the components uh the schematic done the components roughly laid out and I start routing this thing you know and I keep reading about impedance and guidelines of like Trace width and and Mills uh for like distance between the packaging and the the decoupling capacitors you know and I keep going and I keep routing and I keep reading and I keep routing and I keep reading and there's all this math and I'm like holy like have I gone too far like maybe I should just go back to being a software reverser and writing plugins like I a pro right and so um uh but then you finally get to the end and you get these things ordered and you're holding them and you're like holy crap like I made this thing um and uh so yeah there's three layers of routing um for about 150 digital signals I think with two inner ground planes for shielding and a a plane for power routing some amount of power routing too and so now we have to install it and so this is a the retail motherboard before doing any modifications to it again here's a CPU we have to start by taking the CPU off and uh so we put it in the BGA station we heat it up we pull it off the board's of MK there's all these little solder balls floating around um and so you got to go through you got to Wick that all up and um you uh you end up hopefully you don't tear any pads like it's a little bit of a process uh I also ended up getting these like these are called like uh stencil Quicks I think um they're not necessary but I was like a little bit worried about how aggressive this mod was going to be and like I didn't want to cause bridging under what will be my interposer you'll see why and so basically this is a um like a capton stencil that you can actually put down um uh on the board to help with alignment as well as masking of potential Vias around and like um it was kind of like a neat little trick uh and this is what it looked like on the board and so um uh over the original uh BGA pads of the CPU um but we actually need to put uh so we need to put these uh 76 or 0.76 millimet solder balls on the bottom of the um interposer um and you can actually see this name uh by ryy 119 um there's a lot of like interesting toxicity and drama within like these retro communities that I did not realize until I entered so I had to do most of my stuff quietly and privately and anonymously CU there's some very Ecentric personalities um in these communities and so uh to cause some misdirection and confusion I would occasionally anonymously publish things under other other people's names um and so ryy is uh um someone I know uh and uh but yeah anyway continuing uh so there's quite a bit of precision going into all this design of the um interposer um and so you can actually see if you look around the corners there's these two little caps that are right next to like that is you know millimeter like submillimeter Precision that I was having on both aligning the BGA pads and everything as well as around components on the motherboard um and so it looks you know just seeing me laying out the interposer it's like oh maybe that's not too bad but there's like this landscape that I also have to account for on the board um but you put it down we put it back under the BGA station and we run it through a cycle and we get the interposer attached but then we have to go through uh because we have these pins it's a PGA chip that we're trying to put onto the interposer and uh those pins are normally spens to go in a socket but we don't have a socket we have a bunch of pads and so you have to go through this like almost process of cake pasting this interposer with a different alloy of solder paste which I'll explain in a second um and this is kind of what it looks like you have 370 little Blobs of uh low melt solder paste essentially um on the composer and you have to drop the CPU onto this and these pads are about half a mill half a millimeter and so you have to be so precise and like if you mess it up you get you have like a little bit of nudging you can kind of do um and this is kind of what's going on this is what it looks like uh so we have this new CPU sitting on top of this interposer um and we have two different Alloys of solder paste and the reason that we need that um is that they have different melting points and so we've already attached the interposer um but now we're trying to attach the CPU to the interposer um and if we heat it up too much it would cause all the balls under the interposer to squish and so we actually uh we we Ed the lower the lower temperature solder paste to just Reflow the the Bismuth paste such that the CP will now adhere to the interposer without disturbing all of the balls that we have used to attach it to the motherboard and so um yeah we go under the BJ station for like the third time here um and here it is just closer up I guess um and this is uh right when the processes started but this is uh one of the prettiest pictures too one of those like magical moments of me being a software person doing this Hardware stuff uh I I like self-titled this this as like the um the sacred Pines it almost feels like this holy Forest of golden trees and stumps and uh and so you can see the past starting to Reflow slightly it's liquefied um and then it it turns into this like magic like you know these stumps around the uh the PGA pins um and so uh this was again such like a visually striking experience for me as a software person going through all this Hardware stuff all right so we got the CPU on the board um there's a few other small things you kind of got to do not really to the BGA station this is just me kind of like pulling it off um but the uh you have to like tweak the voltage like the the Vore whatever to be lower um but uh essentially uh yeah it was time to try booting the up and here it is the system is booting like uh and it's like no no party tricks it's actually booting on this new CPU you can see it going through the boot animation I don't have any other hard drives or anything in there so it's not going to boot into anything but it was like uh a crazy adventure to get to this point because the thing is if I Mis routed one of the signals to the wrong pad or maybe the trace length matching that I did was not quite sufficient or maybe one of the BGA balls bridged or maybe I forgot a component on the interposer how the hell are you going to debug this like how do you figure out which part of the the process you messed up on and so you have to be so precise in this like um uh I had to be so so precise I guess in in this process of building this thing um and it was like quite this like Adventure and it I mean it was so rewarding but we're not done yet we got to this point we got this new CPU on but how you know how do we even cool this thing and so I I had to start learning how to use CAD tools like Fusion 360 um I started like mapping out the board because again I have to worry about the geography um and so like that's the GPU heat snc on there but I had to design a whole new bracket to go on the board to hold it as well as this kind of like x-clamp brace that I put on the bottom to help prevent board flux a little bit um so I had to go buy a 3D printer um never bought a 3D printer before like again like I'm way out of my depth here trying to learn all this new uh but I I built this I had it printed in pet G to help withstand potential temperatures around it a little bit better than things like pla would um and so you don't have to go as far as using carbon fiber nylon but um using pet G at least is good for up to like 100 Celsius or 120 Celsius or something like that um and then again this was like this x clamp because the it's interesting because original Xbox motherboards would actually warp a little bit with their uh original bracket um over and over the past 20 years and so but the fact that I was going to be putting a bigger heat sink on this thing and building this new bracket I'm like let me build this kind of like stressor clamp lamp and um and so uh but I had to start figuring out okay wait let me design a heat SN I've never designed a heat SN before either again I'm a software a software person uh I'm like simulating thermal properties of different Alloys because I'm like well just in case you know I I I don't know uh what's going to happen here um and uh getting these technical drawings or whatever generated and finally they arrived um and I was like oh damn these look pretty cool like again I made this like is this mine um and this is what it looks like so we finally got to this point of like having this beautiful console that now has this upgraded CPU and I can play halflife in 30 frames per second um and this is what it looks like so this is a video it's up on YouTube and on the left you can see the retail on the right you can see I actually have the console overclock that's a whole another discussion um we're not going to go into that today because we don't have time but um you can see on retail it's running 13 frames per second like and uh on the upgrade CPU we're at 30 and so I tried my best to try to like show side by side what's going on here um and this is halflife 2 running on the original Xbox which was an amazing Port by itself um uh and so yeah this clip's about a minute but um anyway uh halflife 2 is a very CPU demanding game so not every game will benefit from having a CPU upgrade uh and there was some really clever stuff that I did on the software side to help resolve this 20-year-old myth of like oh like CPU upgrades are a gimmick because it breaks all the games um there is some really clever engineering I did on the software side to essentially repair compatibility to help um with virtually all titles uh on the original appbox and that really helped kick off this Renaissance of people looking back at the CPU upgraded consoles and this install process and interposers and be like wait we can actually do this and so this is kind of like the new like the new like oh wow this is the the dream to achieve is getting a CPU upgrade console so this is also what I would consider probably the most insane console mod that we'll ever see because uh there's too many um bespoke CPUs and apus and whatever in the modern consoles that will never able to replace a consumer part like this again uh and so I actually went on to uh um Revis the interposer a little bit more now that I'm like okay it actually worked um and so I did a little bit of muning and uh cleaned up a few like Trace routings just because I was a little bit picky and I was like oh like we can make it prettier and whatever um but then on the far right I actually uh built an entirely new interposer going forward I'm no longer reverse engineering the past but I'm building new things and uh I'm not really going to talk about it here but this is what it looks like uh because I have a whole blog post on it on the rep to blog and so some of you may have seen this but what I did is I proved a 20-year-old Theory written in a book by the hackers of old um that the original Xbox could have been hacked or the original secret boot ROM could have been dumped using Intel x86 JTAG debugging and to do that uh I had it was like assembling the um Infinity Stones I had to find these old bespoke like x86 JTAG Hardware debuggers which are almost impossible to find let alone the super proprietary ND hard uh software um and then figuring out how to even you know first of all get the signals out of the CPU and like there's there's a lot of stuff but if you go read that blog post it's an amazing journey um and then even bunny you know that the person who wrote the original book hacking the Xbox from back in the day was like holy and so it's cool like this you know this trajectory um uh that I went on uh uh but yeah uh so the epilog um so last spring I roughly stopped hacking on uh the Xbox uh I was served a non-mas interrupt that kind of cut to the core of my being um and so 13 years ago I uh met an electrical engineer that changed my life uh they were tenacious and brutally competitive intellectual confident of mine uh and they pushed me so much further to do some of the crazy that you saw here uh more so than I ever would have on my own and it was a quiet intensely private space between us um and this was before we found our way out of college and onto these stages um we uh we bonded deeply over our past and uh constantly challenged each other's ambition uh what we lacked in technical Talent technical Talent we always made up through like sheer willpower um and we didn't always see eye to eye on things which was so great uh we had distinct approaches because she knew hardware and I knew software um but this is how we tested our understanding and mo motivated each other other to dig uh not just down to bedrock but through it um and so in the Years following went on to found security firms that we once dreamed and schemed about in school and so in 2017 I founded rep two systems and uh shortly after Sophia founded margin research in 2018 uh the contrasting views the light in the dark uh and you know we would have go each other on just two kids thinking we needed to prove something to the world or maybe just each other but I valued my solitude and we quietly spurred one another uh as we kind of carved our path through the industry but when Sophia passed unex unexpectedly last spring um I took a step back from technical work and hobbyist research and even my own business for a period uh just metabolizing kind of the gravity of this loss and so Soh was important to a lot of people I know that uh I'm just a small piece of her grand Mosaic um but she had she had much better friends than me um and uh but she's the one person that always pushed me to do crazy things and she had such a huge impact so uh yeah um I uh entered my 30s IID kind of ask myself when the next phase of my life was supposed to start and this was obviously it uh to it's different for a lot of people I think but for me uh death was kind of like a doorway and watching it open into my windowless little cave that i' had scrolled Myself Away in for so long um it was kind of like light flooding into my dark lab and uh she uh entrusted me with the special part of her spirit and kind of tugged me out of this dark place and pushed me back out into the world uh finding my way back onto the stage for the first time in years and so I promptly dispersed um my Xbox collection among the hackers and the friends that i' had made um I got rid of almost everything else uh tossing the remainder of my life into this little van uh and I left New York um you know I I was like we got to get uncomfortable and go big again um and it's what she would have wanted and so I'm starting a new chapter in a new place no longer in a dark cave uh uh making new friends and reconnecting with old ones um all around the world so if you've been seeing more of me these past six months you know why um and so I cherish every artifact that I still have of Sophia and I can't replace her presence or Grace but I hope that you recognize her warmth and curiosity next time we meet um so yeah some conclusions be ambitious um ignorance is bliss when you don't know better you can do in crazy you can do crazy impossible things U hug your friends and special acknowledgements to all the people that helped me for um hacking on the Xbox some that go back 20 years some of these people that I've known uh some of the people I grew up with um and so yeah thanks that's it if you want to reach out you can find me Doom aol.com still chatting with my good old buddies all [Applause] right can can I have uh uh add take pictures take pictures of your friends too that was one of my lessons learned another one it looks like too bonus slide what yeah you have bonus slides this just just an extra okay all right do you have any questions behind you beer um regarding the P 16 and trying to bypass the code protection um I apologies if I missed it but um are you familiar with the Heart of Darkness attack um I don't think I'm in the Heart of Darkness chat I am in the Silicon prawn attack so no uh no uh I don't think so is the pick that you're looking at code protected per page like is there um different segments and Pages um I can't remember off the top of my head and again some of this research is like three years old that's fine I just um and I'd be happy to talk later too um the Heart of Darkness attack I think Andrew TIY presented it at a bsides in the UK and with some of the pick microcontrollers the code protection is uh configurable for the banks and so when you override a single Bank you wipe that one but if you can sacrifice a bank and then get your code custom code in there and then you internally write the code to dump the other regions out on the pins and then you do that with a second chip and you override a separate Bank to recover the original bank that might be a way to do that and it doesn't work on all the picks because I know from personal experience that um not all of them are the same but that might work if the code protection is configurable per Bank um yeah I I want to say so it has been a while but I want to say that it was actually just one um readout protection bit I do not I have heard of like the uh individual page base like yeah or being able to protect only regions of the code but I'm pretty sure it was just a single fuse controlling all of that protection so yeah but um and I did look at pick family uh the prior pick families and the later pick families but this pick family in particular the pi the the the model I listed um seems immune to most of the historical attacks um as well as yeah in fly logic even we like we tried all these things like this is what we had to resort to was uh essentially uh using a laser probe station to cut a wire or Fib so yeah did you also happen to try like chip whisper any type of like glitching I do have some of that stuff uh unfortunately that's a whole another talk that maybe will happen one day and so that is some of the spaces that I moved into post um yeah excellent thank you anybody else I'm not and that's a good point and so Travis Goodspeed All of You Know Travis good speed um I talk with him probably once a year at Recon for a couple hours or something and he was like it's not fair to call yourself a software person anymore and that's true um you know there's a little bit of imposter syndrome right that happens with all trade and so um if you have any hardware questions you know who to ask now all right um so yeah all right round of applause [Applause] [Music] [Music] Back To Top