Jump to content


Photo

Xbox Bios Kernel Patches


  • Please log in to reply
9 replies to this topic

#1 professor_jonny

professor_jonny

    X-S Enthusiast

  • Members
  • 5 posts

Posted 06 October 2012 - 11:35 AM

I know it is a long shot but I'm
I'm wondering would any one have any ida pro database files ".idb" files of a disassembled Xbox bios, source code any thing really that i may use for help in implementing a few patches?.

I'm wanting to implement a the ability to delay boot for a few seconds to enable the Xbox to work with sata to ide bridge boards.

Id like to disable the pic watch dog timer or extend it as if i hold reset via hardware means the watch dog timer resets the Xbox causing the ide to reinit making the sata adaptor not work.

With the advent of 1 and 2 tb hdd's its a no brainer to take advantage of their price and size as the problem is that they init to slow and the Xbox throws an error before the hdd and adaptor are ready.

I would also like to patch executables on the fly to make them run at the correct speed when run on an Xbox with upgraded processor.

I can do assembly programming but dissecting a kernel is beyond my skills I can't tell code from data in most cases.

If i had some formatting in the code it would help a lot.

If someone may be able to point me in the correct direction or offer some help ? that would be great.

cheers Jono



#2 ldotsfan

ldotsfan

    X-S Messiah

  • Dev/Contributor
  • PipPipPipPipPipPipPip
  • 3,100 posts
  • Xbox Version:v1.1
  • 360 version:unknown

Posted 06 October 2012 - 04:52 PM

You'll need xbtool to pack and unpack xboxkrnl.img. These threads might be useful:

1. http://forums.xbox-s...howtopic=742801
2. http://forums.xbox-s...howtopic=710509

Look for Xbox Flirt file to use with IDA Pro. But please don't ask me for any files.

I have no idea if the stock xbox bios actually talks to PIC controller. Cromwell does so through xcode: http://xbox-linux.cv.....pe=text/plain

It might be simpler to design a standard SATA-PATA adapter to do the delay - something along the line of XT-IDE project of Vintage Computer forum.

Sidetrack: I have been interested in exploring the ideas behind rmenhal's ext2/3 extension for nkpatcher: http://forums.xbox-s...howtopic=341684.

Finally: Try your luck and send a PM to oz_paulb or xman954 to see if you can get any pointers.

Edited by ldotsfan, 06 October 2012 - 04:52 PM.


#3 professor_jonny

professor_jonny

    X-S Enthusiast

  • Members
  • 5 posts

Posted 07 October 2012 - 12:27 AM

I Have managed to unpack the xbox bios the hard way before i found out about xbtool :-).
I have been in contact with paul bartholemu and he has helped me out some what so far.
He recently re posted on his xbox blog some usefull info after i have been chatting to him:
http://hackspot.net/XboxBlog/?p=1

Thanks for the info I have now found what im looking for I believe :-).



#4 ldotsfan

ldotsfan

    X-S Messiah

  • Dev/Contributor
  • PipPipPipPipPipPipPip
  • 3,100 posts
  • Xbox Version:v1.1
  • 360 version:unknown

Posted 07 October 2012 - 03:36 AM

Good luck on your endeavor.

3 other sources of useful information:
1. Xbox Linux Mailing List archives. I found torne's patch to xbox linux kernel for xbpartitoner support among the many gems. It is also useful to understand the train of thought for the devs for xbox linux .
2. The source code for nkpatcher kernel patcher which forms the foundation for the Ndure softmod.
3. dr_oldschool's patch for nkpatcher for VGA support. It's a different problem but a search for his posts revealed the approach he took to overcome the hurdle.

Did oz_paulb mention anything about overcoming the 2.2TB limit of the xbox kernel for hdd size?



#5 ldotsfan

ldotsfan

    X-S Messiah

  • Dev/Contributor
  • PipPipPipPipPipPipPip
  • 3,100 posts
  • Xbox Version:v1.1
  • 360 version:unknown

Posted 07 October 2012 - 04:25 AM

Now I figured out why I found the contents of oz_paulb's blog familiar - it was posted here.

And I found something interesting

QUOTE

Scratch register values

The original kernel uses this register (0x1B) to "remember" some information across a reboot, and interprets its contents after rebooting. The PIC itself probably makes no interpretation of this register. The register is a bitmask with the following values:
Value Description
0x01 eject after boot
0x02 display error message after boot
0x04 skip boot animation
0x08 run dashboard no matter what


I wonder what 0x08 really means/does.

#6 professor_jonny

professor_jonny

    X-S Enthusiast

  • Members
  • 5 posts

Posted 07 October 2012 - 05:21 AM

I did not ask about the 2.2tb kernel limitation, but i will have a chat with him at a later stage.
the flirt file i found only lists d3d and direct sound routines ill keep looking and see what i can find around i have not searched very well yet.

All of the above will be good resources for when i get stuck.

cheers professor_jonny


#7 shambles1980

shambles1980

    X-S Freak

  • Members
  • PipPipPipPipPip
  • 1,092 posts
  • Location:wales uk
  • Xbox Version:v1.2
  • 360 version:v4.0 (jasper)

Posted 08 October 2012 - 01:12 AM

QUOTE(ldotsfan @ Oct 7 2012, 04:25 AM) View Post

I wonder what 0x08 really means/does.



sounds like a way to bypass error 16..

but in that context i would not know lol. it does sound like some sort of dvd boot skip feature or something at the least.

Edited by shambles1980, 08 October 2012 - 01:24 AM.


#8 ldotsfan

ldotsfan

    X-S Messiah

  • Dev/Contributor
  • PipPipPipPipPipPipPip
  • 3,100 posts
  • Xbox Version:v1.1
  • 360 version:unknown

Posted 08 October 2012 - 01:24 PM

QUOTE(shambles1980 @ Oct 8 2012, 08:12 AM) View Post

but in that context i would not know lol. it does sound like some sort of dvd boot skip feature or something at the least.


You were close actually, I did some digging in the xbox mailing list and came up with this:

QUOTE

1B (R/W): SMC_CMD_SCRATCH_REGISTER: This is a 1 byte R/W register whose
contents survive reset.
The contents of this register are not used at all by the SMC, as far as I
know. It just holds data for the operating system. The Xbox kernel uses
this register to communicate with itself across reboots. The flags are
defined below (all have been found):
01: SMC_SCRATCH_EJECT_AFTER_BOOT: Eject the tray after rebooting.
02: SMC_SCRATCH_DISPLAY_ERROR: Kernel panic after rebooting.
04: SMC_SCRATCH_NO_ANIMATION: Don't show the Xbox animation.
08: SMC_SCRATCH_RUN_DASHBOARD: Run the dashboard after rebooting regardless
of whether there is an executable disk present.


#9 shambles1980

shambles1980

    X-S Freak

  • Members
  • PipPipPipPipPip
  • 1,092 posts
  • Location:wales uk
  • Xbox Version:v1.2
  • 360 version:v4.0 (jasper)

Posted 08 October 2012 - 05:35 PM

then it sounds like the force clock set feature i guess.
I imagine that its a matter of detect clock if not set then do the 08 thing.

which is the cause of the error 16 in a lot of ways.

i guess that situation would be more logical than any sort of inbuilt debug feature.

#10 professor_jonny

professor_jonny

    X-S Enthusiast

  • Members
  • 5 posts

Posted 16 October 2012 - 01:02 PM

QUOTE(ldotsfan @ Oct 7 2012, 03:36 PM) View Post

Did oz_paulb mention anything about overcoming the 2.2TB limit of the xbox kernel for hdd size?


From What I have seen the kernel uses 32 bit adressing for sector size to access the hardware you would have to extend it to adress the extended space of the hdd you would need mad skills to do that it means patching a lot of code.
It would probally mean an update to all tools that work with the hdd I guess, pc tools included if you were to format beyond 2tb.

I have a xbox music mixer disk that you can eject it when the xbox is running in retail and not have the console reset so i guess those flags are set by the program to stop the pic from resetting the console etc...
so it is probally a dvd boot skip on reset or somethhing like that.

The flirt signatures list common calls from the xdk and labels them as they often proform a series of code sequences , an idc loader or plugin would make it so much easier i know xorloser made them for the ppc chiip in the xbox360 but i have not found the like for the xbox xbe format.

















0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users