Free60

Last updated July 05, 2024

Free60 is the successor to the Xbox Linux Project that aims to put Linux, BSD, or Darwin on the Microsoft Xbox 360 using a software or hardware based "hack". The Xbox 360 uses hardware encryption and will not run unsigned code out of the box.

To date, there are two Linux kernel patchsets available, one for 2.6.21 and one for 2.6.24.3. Three main Linux distributions may be run on the Xbox 360; Gentoo, Debian and Ubuntu Linux, the last two of which are easily installable to the Xbox 360 hard drive by scripts provided by members of the Free60 project.^[2]^[3]^[4]

Execution Method

Since executable code on the Xbox 360 is digitally signed, and runs underneath a hypervisor, an exploit or hack is necessary in order to execute homebrew code. On the Xbox 360, the first exploit which enabled booting of unsigned code relied on a modified DVD-ROM drive firmware, a modified burned disc of the game King Kong (for Xbox 360), and the target console having either one of two vulnerable kernel revisions. Alternatively, a home-made cable may be used to dump and patch the bios with jumpers attached to the appropriate pin header on the motherboard of the console to patch the hypervisor and allows unsigned execution directly at boot, known as the "JTAG/SMC exploit", which was patched after June 2009 but replaced by "Reset Glitch Hack", in 2011, which is applicable on any kernel version on all but the latest revision of the Xbox 360 motherboard (most 360's produced from 2014 until end of production in 2015), one caveat is being a glitch and relies on timing, boot times may be unstable.^[5]

With the original King Kong exploit, the console must launch the modified game which will utilize the software vulnerability to load a small chunk of code that is included on the disc. This code may either initialize the serial port to allow upload of further code to the console, or eject the drive tray and prepare the console to load further code from a specified point on optical media that is then placed in the drive. The latter method involves the readcd binary, made specifically for this cause. The code that readcd executes in this instance is known as XeLL, short for Xenon Linux Loader. XeLL captures CPU threads and launches the Linux kernel from either network (tftp) or optical media as its only purpose, providing a flat device tree for the kernel. In the cases of released 'Live CDs', the readcd binary would typically be included on the modified game disc, which would eject the drive, and a CD containing the XeLL binary as well as the complete Linux kernel and filesystem would be inserted.

Limitations

The readcd method was initially restricted to only Hitachi branded DVD-ROM drives, but now also supports Samsung branded drives.^[6] All other commercially used drives are assumed unsupported, at this point in time the only other drives in use are manufactured by BenQ and Lite-ON.
An older Kernel revision is required on the Xbox 360 itself, which may prove to be hard to find, since connecting to the Xbox Live service applies updates to the console, and many games include updates that must be applied before the game will run. This limitation is not as important as it once was, as it is now known to be possible to downgrade a Kernel greater than the last of the two exploitable Kernels by means of a timing attack.
There are presently no audio drivers written to support the console's internal audio hardware, however a USB audio device can be used.
Some codecs are incompatible with the current display driver, causing some videos to not play. In addition to this, framebuffer and cache issues mean that videos that do play are jumpy after the first few seconds when the cache is full.

Development

One of the main contributors to the Free60 project has developed a method of 3D graphics acceleration on the Xbox 360's GPU (codenamed Xenos) under Linux.^[7]^[8]^[9] This work has been encapsulated into an API for easier use. In order to achieve this acceleration, some data from the Xbox 360's flash needs to be uploaded to the Xenos GPU. This process may be automated to help ensure legality of any 3D graphics acceleration.

Since only a small proportion of Xbox 360's are currently able to execute unsigned code, there has been little development within the Free60 project in recent times. This may to some extent be contrasted to the Free60 predecessor, the Xbox Linux project, which saw far more development as a result of the relative ease of running unsigned code on the Xbox and the ease of porting x86 code to the Xbox's custom Intel Pentium III-based CPU.

To continue development, members of the Free60 project are looking for help.^[10] Perhaps the most important of the help requests is to provide audio drivers; the Free60 members have asked for someone with knowledge of the ALSA kernel component and a SiS966 based motherboard to achieve this.

One project created as a result of the success of Free60 is a Kernel Rebooter.^[11] The goal of this is, after initially loading a vulnerable kernel and exploiting it to gain control of the system, to be able to make the console reload into a modified, unsigned hypervisor and kernel. Being able to reboot into a more recent kernel revision would allow for games to be executed on the console that are dependent on these kernel revisions. This project has seen a certain level of success; there are binary files available (to be launched by the serial loader or readcd) to partially reload the hypervisor.

Related Research Articles

A Linux distribution is an operating system made from a software collection that includes the Linux kernel and often a package management system. They are often obtained from the website of each distribution, which are available for a wide variety of systems ranging from embedded devices and personal computers to servers and powerful supercomputers.

GNU GRUB is a boot loader package from the GNU Project. GRUB is the reference implementation of the Free Software Foundation's Multiboot Specification, which provides a user the choice to boot one of multiple operating systems installed on a computer or select a specific kernel configuration available on a particular operating system's partitions.

Modding is the act of modifying hardware, software, or anything else to perform a function not originally intended by the designer, or to achieve bespoke specification or appearance. The term is often used in reference to video game modding, particularly in regard to creating new or altered content and sharing that via the web. It may be applied to the overclocking of computers in order to increase the frequency at which the CPU operates. Case modding is a popular activity amongst many computer enthusiasts which involves the customization of a computer case or the installation of water cooling technology. In connection with automobiles, modding can connote engine tuning, remapping of a vehicle's engine control unit or customization of the coachwork.

Unified Extensible Firmware Interface is a specification that defines the architecture of the platform firmware used for booting the computer hardware and its interface for interaction with the operating system. Examples of firmware that implement the specification are AMI Aptio, Phoenix SecureCore, TianoCore EDK II, InsydeH2O. UEFI replaces the BIOS which was present in the boot ROM of all personal computers that are IBM PC compatible, although it can provide backwards compatibility with the BIOS using CSM booting. Intel developed the original Extensible Firmware Interface (EFI) specification. Some of the EFI's practices and data formats mirror those of Microsoft Windows. In 2005, UEFI deprecated EFI 1.10.

A softmod is a method of using software to modify the intended behavior of hardware, such as video cards, sound cards, or game consoles in a way that can overcome restrictions of the firmware, or install custom firmware.

In computing, paravirtualization or para-virtualization is a virtualization technique that presents a software interface to the virtual machines which is similar, yet not identical, to the underlying hardware–software interface.

Homebrew, when applied to video games, refers to software produced by hobbyists for proprietary video game consoles which are not intended to be user-programmable. The official documentation is often only available to licensed developers, and these systems may use storage formats that make distribution difficult, such as ROM cartridges or encrypted CD-ROMs. Many consoles have hardware restrictions to prevent unauthorized development.

Xbox Linux was a project that ported the Linux operating system to the Xbox video game console. Because the Xbox uses a digital signature system to prevent the public from running unsigned code, one must either use a modchip, or a softmod. Originally, modchips were the only option; however, it was later demonstrated that the TSOP chip on which the Xbox's BIOS is held may be reflashed. This way, one may flash on the "Cromwell" BIOS, which was developed legally by the Xbox Linux project. Catalyzed by a large cash prize for the first team to provide the possibility of booting Linux on an Xbox without the need of a hardware hack, numerous software-only hacks were also found. For example, a buffer overflow was found in the game 007: Agent Under Fire that allowed the booting of a Linux loader ("xbeboot") straight from a save game.

A free and open-source graphics device driver is a software stack which controls computer-graphics hardware and supports graphics-rendering application programming interfaces (APIs) and is released under a free and open-source software license. Graphics device drivers are written for specific hardware to work within a specific operating system kernel and to support a range of APIs used by applications to access the graphics hardware. They may also control output to the display if the display driver is part of the graphics hardware. Most free and open-source graphics device drivers are developed by the Mesa project. The driver is made up of a compiler, a rendering API, and software which manages access to the graphics hardware.

In computer security, executable-space protection marks memory regions as non-executable, such that an attempt to execute machine code in these regions will cause an exception. It makes use of hardware features such as the NX bit, or in some cases software emulation of those features. However, technologies that emulate or supply an NX bit will usually impose a measurable overhead while using a hardware-supplied NX bit imposes no measurable overhead.

In the context of free and open-source software, proprietary software only available as a binary executable is referred to as a blob or binary blob. The term usually refers to a device driver module loaded into the kernel of an open-source operating system, and is sometimes also applied to code running outside the kernel, such as system firmware images, microcode updates, or userland programs. The term blob was first used in database management systems to describe a collection of binary data stored as a single entity.

OtherOS is a feature of early versions of the PlayStation 3 video game console, allowing user installed software, such as Linux or FreeBSD. The feature was removed since system firmware update 3.21, released on April 1, 2010.

authbind is an open-source system utility written by Ian Jackson and is distributed under the GNU General Public License. The authbind software allows a program that would normally require superuser privileges to access privileged network services to run as a non-privileged user. authbind allows the system administrator to permit specific users and groups access to bind to TCP and UDP ports below 1024. Ports 0 - 1023 are normally privileged and reserved for programs that are run as the root user. Allowing regular users limited access to privileged ports helps prevent possible privilege escalation and system compromise if the software happens to contain software bugs or is found to be vulnerable to unknown exploits.

The Xbox 360 technical specifications describe the various components of the Xbox 360 video game console.

<span class="mw-page-title-main">Ksplice</span> Live patch extension for the Linux kernel

Ksplice is an open-source extension of the Linux kernel that allows security patches to be applied to a running kernel without the need for reboots, avoiding downtimes and improving availability. Ksplice supports only the patches that do not make significant semantic changes to kernel's data structures.

<span class="mw-page-title-main">Linux-libre</span> Version of the Linux kernel without proprietary code

According to the Free Software Foundation Latin America, Linux-libre is a modified version of the Linux kernel that contains no binary blobs, obfuscated code, or code released under proprietary licenses. In the Linux kernel, they are mostly used for proprietary firmware images. While generally redistributable, binary blobs do not give the user the freedom to audit, modify, or, consequently, redistribute their modified versions. The GNU Project keeps Linux-libre in synchronization with the mainline Linux kernel.

Nvidia Optimus is a computer GPU switching technology created by Nvidia which, depending on the resource load generated by client software applications, will seamlessly switch between two graphics adapters within a computer system in order to provide either maximum performance or minimum power draw from the system's graphics rendering hardware.

The hacking of consumer electronics is a common practice that users perform to customize and modify their devices beyond what is typically possible. This activity has a long history, dating from the days of early computer, programming, and electronics hobbyists.

<span class="mw-page-title-main">Dirty COW</span> Computer security vulnerability

Dirty COW is a computer security vulnerability of the Linux kernel that affected all Linux-based operating systems, including Android devices, that used older versions of the Linux kernel created before 2018. It is a local privilege escalation bug that exploits a race condition in the implementation of the copy-on-write mechanism in the kernel's memory-management subsystem. Computers and devices that still use the older kernels remain vulnerable.

Lazy FPU state leak, also referred to as Lazy FP State Restore or LazyFP, is a security vulnerability affecting Intel Core CPUs. The vulnerability is caused by a combination of flaws in the speculative execution technology present within the affected CPUs and how certain operating systems handle context switching on the floating point unit (FPU). By exploiting this vulnerability, a local process can leak the content of the FPU registers that belong to another process. This vulnerability is related to the Spectre and Meltdown vulnerabilities that were publicly disclosed in January 2018.

References

↑ Bugtraq: Xbox 360 Hypervisor Privilege Escalation Vulnerability http://seclists.org/bugtraq/2007/Feb/0514.html
↑ Debian-Etch Installation Guide "Debian-etch - Free60 Project". Archived from the original on July 4, 2008. Retrieved July 7, 2008.
↑ Ubuntu 7.04 Installation Script "Ubuntu7.04 - Free60 Project". Archived from the original on July 4, 2008. Retrieved July 7, 2008.
↑ Ubuntu 7.10 Installation Script "Ubuntu7.10 - Free60 Project". Archived from the original on July 4, 2008. Retrieved July 7, 2008.
↑ Speedy22's Headers and Connectors Tech Info "Archived copy" (PDF). Archived from the original (PDF) on 2006-10-22. Retrieved 2008-07-07.{{cite web}}: CS1 maint: archived copy as title (link)
↑ Gentoo Live CD Xenon Beta 2 Release Notes http://sourceforge.net/project/shownotes.php?group_id=139616&release_id=506402
↑ debugmo.de » fancy
↑ debugmo.de » Fear, triangles!
↑ debugmo.de » Xbox 360 GPU update
↑ Free60 Help "Help - Free60 Project". Archived from the original on July 4, 2008. Retrieved July 7, 2008.
↑ Kernel Rebooter http://www.xboxhacker.net/index.php?topic=8738.0

External links

http://free60.org/

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Bugtraq: Xbox 360 Hypervisor Privilege Escalation Vulnerability http://seclists.org/bugtraq/2007/Feb/0514.html

[2] Debian-Etch Installation Guide "Debian-etch - Free60 Project". Archived from the original on July 4, 2008. Retrieved July 7, 2008.

[3] Ubuntu 7.04 Installation Script "Ubuntu7.04 - Free60 Project". Archived from the original on July 4, 2008. Retrieved July 7, 2008.

[4] Ubuntu 7.10 Installation Script "Ubuntu7.10 - Free60 Project". Archived from the original on July 4, 2008. Retrieved July 7, 2008.

[5] Speedy22's Headers and Connectors Tech Info "Archived copy" (PDF). Archived from the original (PDF) on 2006-10-22. Retrieved 2008-07-07.{{cite web}}: CS1 maint: archived copy as title (link)

[6] Gentoo Live CD Xenon Beta 2 Release Notes http://sourceforge.net/project/shownotes.php?group_id=139616&release_id=506402

[7] ugmo.de » fancy

[8] ugmo.de » Fear, triangles!

[9] ugmo.de » Xbox 360 GPU update

[10] Free60 Help "Help - Free60 Project". Archived from the original on July 4, 2008. Retrieved July 7, 2008.

[11] Kernel Rebooter http://www.xboxhacker.net/index.php?topic=8738.0

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]