Timing Attack

[robinsod]

The timing attack is working well now, the software has ben released for testing and if no major problems are found then it will be available at the end of the week. The first release will require an Infectus modchip and a "home made" PIC interface. I thought I would release the details of the PIC today to give people a chance to order parts, build and test the hardware.

Schematic (horrible, hand drawn & scanned):

http://rapidshare.com/files/56303514/schematic.pdf.html

Parts List:

IC1 LM339
IC2 LM339
IC3 74HC08
IC4 PIC16F876A 20MHz
IC5 MAX232 or equivalent

1 * LED
1 * 20MHz Crystal

16 * 1K 0.25W 5%
1  * 10K 0.25W 5%
1  * 680R 0.25W 5%
1  * 330R 0.25W 5%
1  * 5K6 0.25W 5%

2 * 22pF Ceramic Cap
9 * 100nF Ceramic Cap

Please note, 100nF decoupling caps across every ICs power supply pins seems to reduce the noise on the power supply and VRef lines. Reduced noise = Less jitter in the timing measurements which is a good thing

PIC Boot Loader, got this from Microchip site, repeated here for you convenience:

http://rapidshare.com/files/56303731/PIC16F87xA_bootloader_v9-50.zip.html

PIC Source (build with CCSC PCW) & Precompiled Binary:

http://rapidshare.com/files/56303807/Post4.zip.html

Document:

http://rapidshare.com/files/56304123/Downgrading_the_Xbox360.doc.html

Tomorrow I will release the tool that will build downgradable flash images. Hopefully by then the 2.0.1888 file set will be available in "the usual places"

I would like to keep this thread reasonably clean for updates/bug reports etc so perhaps we need a stupid questions thread.... Tumba!?!?

EDIT: Don't panic if you find this a bit too technical or don't fancy making your own PIC interface, Infectus are now hard at work designing a daughterboard to replace it

[jelle2503]

thanks! great research.

you reckon when time passes by and research/development continues, timing attack will become more applyable to the low-end pc user?

meaning homebrew 360 would be more available to the "wider audience"

and what about this daughterboard? will it be the thingy in between the xbox and pc? hope it comes with clear instructions, since that PIC16F87xA_bootloader_v9-50 stuff makes no sense to me.

[SteZZz]

Following the news for a while now and it's going good I see!
Anyway thanks for doing such a good work.
Btw to react on the point how to get more people to do these actions for there x360, downgrading and testing it all. Maybe it's a good idea to think about making good tutorials or movies showing how things need to be done. Consider the risks and possibilities. Etc. makes it attractive and user-friendly, the more the better.
Well spot you soon

[Terracide]

Great work!
Will this also work on XBOX's that do not have the kernel native to downgrade to? I mean like the X360 Elite... can i downgrade that to a kernel it never had?

[rufusb]

this is my version, i am working on a cleaner Vref for the comparators using a high precision voltage reference and using a buffer to divide it to .65 then feed it to all the comparators.  i will be posting this as soon as i complete my analysis using the new vref.
here is a clear schematic for you who want to build your own!

http://rapidshare.com/files/56483927/xbox360_downgrader.pdf.html

ill be working on board layouts and also improving the circuit!
stay tuned.
great work robinsod

[robinsod]

thanks! great research.

you reckon when time passes by and research/development continues, timing attack will become more applyable to the low-end pc user?

and what about this daughterboard? will it be the thingy in between the xbox and pc? hope it comes with clear instructions, since that PIC16F87xA_bootloader_v9-50 stuff makes no sense to me.

Do you mean the PC or the user is low end? This tool should run on almost any PC, its not very demanding. Infectus are working on a daughter board that you will be able to buy - so all this confusing technical stuff will become irrelevant in a month or two.

Great work!
Will this also work on XBOX's that do not have the kernel native to downgrade to? I mean like the X360 Elite... can i downgrade that to a kernel it never had?

Yes, part of the process of downgrading is to build a complete 1888 flash image that will boot on any retail hardware

this is my version, i am working on a cleaner Vref for the comparators using a high precision voltage reference and using a buffer to divide it to .65 then feed it to all the comparators.  i will be posting this as soon as i complete my analysis using the new vref.
here is a clear schematic for you who want to build your own!

http://rapidshare.com/files/56483927/xbox360_downgrader.pdf.html

Great, a decent schematic, thank you

As for a tutorial, why not RTFM? There's a link to a nice doc at the top of the thread

[atiman]

Grats!

When you say any retail hardware... You mean any retail hardware that has the same 2BL code as the 1888 image (i.e fw<=5766 so far) ?
Or do you think there will be a way to replace 2BL in this 1888 image if 2nd row of efuse is blown up in future retail hardware?

[robinsod]

When you say any retail hardware... You mean any retail hardware that has the same 2BL code as the 1888 image (i.e fw<=5766 so far) ?

Yes.

Or do you think there will be a way to replace 2BL in this 1888 image if 2nd row of efuse is blown up in future retail hardware?

No. If I remeber correctly the 2nd line of eFuse defense is embedded in the signed part of CB. So if/when there's a fix for the timing attack and a new CB is released we will need a new hack.

[Disabled]

Great work!
I read the read the older threads for a couple of days the last time this got posted on XS and remember that this attack took quite some time to perform. How long do you need to perform the attack? (Just the attack, not the soldering and building and such)

[gigabite]

quote from robinsod

How long to find the key? That depends on the key at 2 - 2.5 seconds per guess, a maximum, of 4096 guesses (average 2048).....2 or 3 hours

The process is completely automated so you can leave it running overnight

gigabite

[robinsod]

I just heard from one of the testers (not that I want to steal his thunder),

"it tooks 1hour and 5minutes to guess all my hash
FE 8A 5A DE F6 12 97 AD CC D9 38 68 69 84 93 B2
which has an average byte value of 0x98"

[Geremia]

Great job Robinsod, you hardware project is more than great My best congrats and respect

excuse my delayed post, but i had to reassemble some files/directory/ideas here, test something.., i've quite a mess here

I'm proud to have been a tester, it has been a new occasion to learn something more.

I have some problems on the 7th byte which was not right guessed every time i tested (inconsistent time measurements, i suppose you already have a workaround), but the overall time was 1hour and 5 minutes (escluding the delay caused by my 7th byte)(well, with a tiny small change to the pic code that seems to be near +15% faster).


I had dash 5759 with 4 blown fuses
I successfully booted a clean 1888, then upgraded to 4532, then kk exploit (proper iXtreme patched kk iso, so with addictional DMI, PFI, Video), then dumped keyvault and got my CPU key finally.

Since i removed R6T3 resistor, now i can reflash my original 5759 image with no further lockdown counter manipulation, so "as nothing happened"

This sounds great

thanks again 

BTW, the post4.hex posted here seems to not work correctly, as robinsod told me there is a problem with the bootloader with short hex lines.
here fixed http://rapidshare.com/files/56560201/Post4.rar.html

[Geremia]

Oh, btw, a few notes for the ones that are going to build the downgrader.

You could encounter problems in flashing the bootloader into the pic.

I have a JDM programmer selfpowered from erial cable, didn't work, probably with external 5v supply it works, but ICprog probably is not good for this pic.
It worked with willem with a ICSP adapter (it's just a socket and few wires) with software WinPic800
http://www.winpic800.com//descargas/WinPic800.zip
Willem + willem software or ICprog didn't work, i had pic fuses not writed correctly.

[XFear]

I have a question, most propably its already answered but can't find it. When you upgrade to 4552 there is a e-fuse blown. I never removed the resistor so I do have a couple of blown e-fuses I suspect. I want to try this 'downgrader' but my question is: When I update to 4552 again will there be a new e-fuse blown? If that happens, isn't it quite easy to check on live how many fuses are blown and if you have more e-fuses blown than should to ban?

[robinsod]

I have a question, most propably its already answered but can't find it. When you upgrade to 4552 there is a e-fuse blown. I never removed the resistor so I do have a couple of blown e-fuses I suspect. I want to try this 'downgrader' but my question is: When I update to 4552 again will there be a new e-fuse blown? If that happens, isn't it quite easy to check on live how many fuses are blown and if you have more e-fuses blown than should to ban?

When you upgrade to 4532 a new fuse will be blown, yes. 4532 and every update since blows a fuse, the worst case is then

4532  1
4548  2
4552  3
5759  4
5799  5

So, unless I have missed one, the maximum number of fuses that should be blown in unmodified boxes is 5.

If you have less than 5 blown fuses (coz you didn't apply every update) then it's no problem, upgrade to 4532, get your CPU key and then use the NAND tool to increment the LDV in the CF section of your original dump by one. Put that back and it's as if nothing ever happened.

If you have 5 (or more) blown fuses then its a little more tricky and I would suggest for ultimate stealth you may want to temporarily remove the resistor, update to 4532, get your keys and then replace the resistor & original flash image. Again, it's like nothing happened

[CoolkcaH]

Is it possible / relatively easy to make a resistor switch? Anyone tried that?
With an automated switch connected to an infectus someone could make a program that checks everything automatically and downgrades/upgrades as needed without traces of what happened. That way we could all play with homebrew / live at least until a fixed update is released...am I right?

[robinsod]

Is it possible / relatively easy to make a resistor switch? Anyone tried that?
With an automated switch connected to an infectus someone could make a program that checks everything automatically and downgrades/upgrades as needed without traces of what happened. That way we could all play with homebrew / live at least until a fixed update is released...am I right?

It's a good suggestion but a bit OTT I think. The trouble is the resistor is a tiny little SMT device. Most people wont have 5 blown fuses, at least I dont think they will Also, you only need to go through this once.

[vax11780]

When you upgrade to 4532 a new fuse will be blown, yes. 4532 and every update since blows a fuse, the worst case is then

4532  1
4548  2
4552  3
5759  4
5799  5

So, unless I have missed one, the maximum number of fuses that should be blown in unmodified boxes is 5.

What happens if you start at 5799, downgrade, upgrade to 5799, downgrade, etc? Do you run out of fuses, or does the firmware hang if 5799 boots with 6 (or more) fuses blown?

VAX

[jelle2503]

Infectus are working on a daughter board that you will be able to buy - so all this confusing technical stuff will become irrelevant in a month or two.

that's what i wanted to hear. less technical stuff would be great.

so this daughterboard, will be the replacement of the PIC interface? sounds like a great idea 

to downgrade you need to have quite a bit of technical knowledge.

anyway the suggestion about making a decent tutorial would be nice. making it more noobfriendlyer would mean more homebrew community
there's alot of info on this website to read about.. true.. but it's scattered all around and on so many pages..

hope to see raised interest, and quicker development of homebrew on 360! i still love xbox1 homebrew..

[Icekiller]

Infectus are working on a daughter board that you will be able to buy - so all this confusing technical stuff will become irrelevant in a month or two.

that's what i wanted to hear. less technical stuff would be great.

so this daughterboard, will be the replacement of the PIC interface? sounds like a great idea 

to downgrade you need to have quite a bit of technical knowledge.

anyway the suggestion about making a decent tutorial would be nice. making it more noobfriendlyer would mean more homebrew community
there's alot of info on this website to read about.. true.. but it's scattered all around and on so many pages..

hope to see raised interest, and quicker development of homebrew on 360! i still love xbox1 homebrew..

'noobie' friendler won't make homebrew scene anybetter.. those 'noobies' won't be able to program... so only homebrew user.. aka people who are going to complain about it or be greatfull about something..

Besides.. Did you even download the everything in the first post? isn't really too technical (atleast thats what i think about it..) you need a bit of soldering knowledge etc.. but you would need to have that any way to install the infectus modchip.