I'm gonna be honest, I thought the story was over when they started talking about "oh hey here's this hypervisor code that loads extensions", because obviously extensions are going to be a massive increase in attack surface. But even then, the system wasn't actually broken by the extension being badly designed; the extension was just the most useful target to use the actual attack on.
How the hell has this the Xbox 360 hypervisor remained basically impenetrable? You'd think at some point, someone would write and sign a hypervisor extension with a cripplingly bad memory safety bug. Hell, Apple's PPL[0] has better hardware isolation than Xenon's hypervisor mode[1] and it still gets 0wned more often.
[0] Page Protection Layer. On Apple processors, every ARM exception level has a corresponding guarded exception level that has privileges over the regular one; chiefly corresponding to memory management.
[1] On Xenon, the hypervisor runs in "real mode" plus HRMOR; Apple PPL's GL1/2 still have virtual memory and page table permissions.
> You'd think at some point, someone would write and sign a hypervisor extension with a cripplingly bad memory safety bug.
I'd hazard a guess that the Apple hardware is easier to work on than a video game console. Your already sitting in front of a general purpose computer running programming tools. A video game console is the antitheses of that.
Assigning dollar values to this kind of work gets messy, fast.
Imagine if someone iterated on the exploit presented in the article so that it became a persistent "softmod" - who gets the funds?
Bounties also discourage open collaboration. For example, if person A has the first half an exploit chain and person B has the second, they're each incentivised to keep the information to themselves and try to get a full chain on their own to claim the bounty. Of course, this assumes they're financially motivated - but if they're not there's no point in the bounty in the first place.
Bounties are free work contests for any potential beneficiary
And the benefactor is designed by a committee who cant even agree on the value, winding up tossing pennies at the problem hoping someone in Malaysia salivates
The Xbox 360/PS3 era of video game consoles is probably the hardest era to emulate. Subsequent generations of consoles are essentially the same hardware as regular computers, just with a custom OS (and known hardware profile, certainly a benefit over regular consumer PCs). But that era of video game consoles is the last gasp of the custom hardware design of earlier consoles, which is substantially harder to emulate because the hardware just doesn't look like what modern hardware looks like.
Furthermore, said era is also right after Denard scaling came to an end, which means that current hardware doesn't have that much better specs, at least in easy-to-use form, than the hardware of the time. If any game tried to take the hardware to its limits, it would be a real struggle to emulate it with regular computers.
Xbox 360 and PS3 emulators are still borderline unusable on my new-ish PC. They're slow, glitchy, and/or hard to set up. Related to what the other commenter said, anyone who says these are good must have a lot of time to deal with it, whereas I just want the equivalent of sticking the disc into the console.
GameCube is the newest thing I've had a decent experience emulating, and even that isn't 100% unless it's Melee with the Slippi optimizations (n.b. did not try DS or Switch).
I wonder about that too. New console supports only a subset of 360 games somehow, and with different enhancements.
The 360 could also play original Xbox games without much exception, but it was noticeably slower than the original. Halo 2 on 360 has a shorter render distance.
If you want to emulate a current console, try emulating the switch. I haven't looked into it much, but apparently it works better on modern hardware than on the switch itself. Not surprising given the switch aging hardware and power limit.
But the supposedly working Switch emulators only have experimental Mac support at best. Also idk if the CPU arch is really the hard part in general... we never got an Xbox 360 emulator for PPC Mac ;)
Xbox 360 emulation is still really bad for most games, despite what some YouTubers would have you believe. But let's say in a few years it does become substantially better. There's still:
• Nostalgia
• Authenticity
• Compatibility
• Preservation
• Cost of entry
Even if 360 emulation does become practical, a 360 will still be cheaper than any gaming PC capable of playing those games.
Just this week a PC port of the 360 version of Sonic Unleashed was released that was accomplished via static recompilation techniques. It plays flawlessly and is really quite an impressive release. If this is possible now then emulation of these consoles might not be the only avenue to preserving their history.
There's no meaningful technological difference between what that static recompilation tool can do for you vs. what hacking up Xenia can. I'd also hazard a guess that that port's GitHub repo will get DMCA'd eventually, and rightfully so.
I really don't know why people keep doing this to themselves and to the communities they claim to love. This is about as far from a clean-room reimplementation and porting effort as humanly possible. It's not a forward-thinking, sustainable preservation effort at all.
Yes, but the graphics system for the game was completely reworked by people familiar with Sega's proprietary Hedgehog Engine. A straight recompile would have been unplayable.
Very cool to see people still working on hacking the 360. I used the RGH on my 360 years ago. Was really fun back in the day going through all the cat and mouse that went on.
A soft mod would be cool as the RGH does require soldering some very tiny wires to some very tiny pads and I remember seeing posts of many people lifting pads trying to do this mod. But in the end I had a perfect install on my 360 and would boot almost every time on the first try.
Do the people who hack 360s also know how to prevent them from inevitably red-ringing? Cause that's the biggest thing discouraging me from buying another (my other 2 went red).
It's the same issue that was behind NVDAs "soldergate" fuck-up that ended up permanently souring the relationship between them and Apple.
The core is EU's regulation on lead free solder, which led to a number of people finding out that thermal cycling on the solder led to thermal stresses. Workarounds were identified and any solder formulations since then don't suffer from that issue, so the fix is a complete re-balling of affected chips... a work not for those faint of heart.
Complicating the issue is that this was also an early generation of chiplet so there are two levels of bga. motherboard to processing unit and processing unit to chip_actual. the latter commonly are referred to as "bumps" to distinguish from "bga" which attaches the chip_structure to the mother board. A lot of the problem was in the bumps for this chiplet like sub assembly. and while reballing bga is a tricky but well understood process. my understanding is that reballing bumps is nearly impossible.
I'm European, I actually support RoHS - it was just the original cause because everyone up to it getting in force was accustomed to classic, decades-proven leaded solder.
Why not blame the EU? It is just a well known fact that non-leaded soldier has inferior properties to leaded soldier, which require careful engineering to work around, and still remain somewhat unresolved.
At this point, the directive may have caused more e-waste and environmental damage from part failures than the damage the original leaded soldier would have caused.
Not every model of the 360 will inevitably red ring. Those were typically only the "fat" models and there are some fixes to prevent it from happening. It usually just involves changing to some better quality thermal paste & reflowing the board.
The problem is internal to the CPU packaging, there isn’t a way to fix it externally. Later 65nm (both GPU/CPU) it’s almost a non-issue, but any others will almost definitely red ring at some point, all you can do is delay the inevitable.
I can't help but think that XBox 360 emulation is the only long term path that exists for the 360, which is concerning because only Xenia to my knowledge exists and it's still experimental.
I've not modded my 360E, and it was probably one of the very last 360s built, but I've never had any problems with it, still play on it, and my understanding is there are fewer and less dire problems with it than the prior 360 and S.
Xbox security has certainly come a long way since the OG Xbox, which featured a pin header that may as well have had "insert modchip here" printed next to it.
I'm gonna be honest, I thought the story was over when they started talking about "oh hey here's this hypervisor code that loads extensions", because obviously extensions are going to be a massive increase in attack surface. But even then, the system wasn't actually broken by the extension being badly designed; the extension was just the most useful target to use the actual attack on.
How the hell has this the Xbox 360 hypervisor remained basically impenetrable? You'd think at some point, someone would write and sign a hypervisor extension with a cripplingly bad memory safety bug. Hell, Apple's PPL[0] has better hardware isolation than Xenon's hypervisor mode[1] and it still gets 0wned more often.
[0] Page Protection Layer. On Apple processors, every ARM exception level has a corresponding guarded exception level that has privileges over the regular one; chiefly corresponding to memory management.
[1] On Xenon, the hypervisor runs in "real mode" plus HRMOR; Apple PPL's GL1/2 still have virtual memory and page table permissions.
> You'd think at some point, someone would write and sign a hypervisor extension with a cripplingly bad memory safety bug.
I'd hazard a guess that the Apple hardware is easier to work on than a video game console. Your already sitting in front of a general purpose computer running programming tools. A video game console is the antitheses of that.
and here I am having trouble even removing the case! haha.
Gotta stab it hard in those holes.
Its not that hard when you get the hang of it and have the right tools.
That was not their point.
tour de force - I'm very impressed.
I wish there was somewhere I could toss cash into a softmod bounty.
Assigning dollar values to this kind of work gets messy, fast.
Imagine if someone iterated on the exploit presented in the article so that it became a persistent "softmod" - who gets the funds?
Bounties also discourage open collaboration. For example, if person A has the first half an exploit chain and person B has the second, they're each incentivised to keep the information to themselves and try to get a full chain on their own to claim the bounty. Of course, this assumes they're financially motivated - but if they're not there's no point in the bounty in the first place.
Bounties are free work contests for any potential beneficiary
And the benefactor is designed by a committee who cant even agree on the value, winding up tossing pennies at the problem hoping someone in Malaysia salivates
at this point is there any reason to use xb360 hardware? emulation on modern hardware has gotta be substantially better
The Xbox 360/PS3 era of video game consoles is probably the hardest era to emulate. Subsequent generations of consoles are essentially the same hardware as regular computers, just with a custom OS (and known hardware profile, certainly a benefit over regular consumer PCs). But that era of video game consoles is the last gasp of the custom hardware design of earlier consoles, which is substantially harder to emulate because the hardware just doesn't look like what modern hardware looks like.
Furthermore, said era is also right after Denard scaling came to an end, which means that current hardware doesn't have that much better specs, at least in easy-to-use form, than the hardware of the time. If any game tried to take the hardware to its limits, it would be a real struggle to emulate it with regular computers.
so, the challenge is what’s interesting, or any specific title or application?
Xbox 360 and PS3 emulators are still borderline unusable on my new-ish PC. They're slow, glitchy, and/or hard to set up. Related to what the other commenter said, anyone who says these are good must have a lot of time to deal with it, whereas I just want the equivalent of sticking the disc into the console.
GameCube is the newest thing I've had a decent experience emulating, and even that isn't 100% unless it's Melee with the Slippi optimizations (n.b. did not try DS or Switch).
> Xbox 360 and PS3 emulators are still borderline unusable on my new-ish PC.
How did you manage to achieve that? What specs are we talking?
10th gen i5(? might be another gen I forget), 16GB RAM, RTX 2060ti, Win10
Could you be a bit more specific regarding that CPU? That's a very wide range.
> Xbox 360 and PS3 emulators are still borderline unusable on my new-ish PC.
This is unfortunate as a decade ago Microsoft had an internal emulator for Xbox 360 that ran at near native speed.
I am curious if that emulator is what it used to play Xbox360 games on newer x64 based Xbox models, or if they are using a different code base.
Either way, technically it is possible for the experience to be good!
I wonder about that too. New console supports only a subset of 360 games somehow, and with different enhancements.
The 360 could also play original Xbox games without much exception, but it was noticeably slower than the original. Halo 2 on 360 has a shorter render distance.
If you want to emulate a current console, try emulating the switch. I haven't looked into it much, but apparently it works better on modern hardware than on the switch itself. Not surprising given the switch aging hardware and power limit.
Now that you mention it, I tried that once and gave up. The amount of confusion like this makes me not want to try again (Reddit post from 4mo ago): https://www.reddit.com/r/yuzu/comments/1gkdr5x/whats_the_mos...
Seems like these projects keep getting into legal trouble, shut down, then forked.
The Switch is a mainstream-ish ARM system. IIRC it maps really well to Apple's M system.
But the supposedly working Switch emulators only have experimental Mac support at best. Also idk if the CPU arch is really the hard part in general... we never got an Xbox 360 emulator for PPC Mac ;)
An Xbox Series S does a fine job of playing Xbox 360 games and doesn't cost much.
> There are 632 games that have been made backward compatible out of 2,155 that have been released for Xbox 360.
It's also going to struggle without a disk drive to play my physical collection.
https://en.wikipedia.org/wiki/List_of_backward-compatible_ga...
Xbox 360 emulation is still really bad for most games, despite what some YouTubers would have you believe. But let's say in a few years it does become substantially better. There's still:
• Nostalgia
• Authenticity
• Compatibility
• Preservation
• Cost of entry
Even if 360 emulation does become practical, a 360 will still be cheaper than any gaming PC capable of playing those games.
Just this week a PC port of the 360 version of Sonic Unleashed was released that was accomplished via static recompilation techniques. It plays flawlessly and is really quite an impressive release. If this is possible now then emulation of these consoles might not be the only avenue to preserving their history.
There's no meaningful technological difference between what that static recompilation tool can do for you vs. what hacking up Xenia can. I'd also hazard a guess that that port's GitHub repo will get DMCA'd eventually, and rightfully so.
I really don't know why people keep doing this to themselves and to the communities they claim to love. This is about as far from a clean-room reimplementation and porting effort as humanly possible. It's not a forward-thinking, sustainable preservation effort at all.
Yes, but the graphics system for the game was completely reworked by people familiar with Sega's proprietary Hedgehog Engine. A straight recompile would have been unplayable.
Very cool to see people still working on hacking the 360. I used the RGH on my 360 years ago. Was really fun back in the day going through all the cat and mouse that went on.
A soft mod would be cool as the RGH does require soldering some very tiny wires to some very tiny pads and I remember seeing posts of many people lifting pads trying to do this mod. But in the end I had a perfect install on my 360 and would boot almost every time on the first try.
Do the people who hack 360s also know how to prevent them from inevitably red-ringing? Cause that's the biggest thing discouraging me from buying another (my other 2 went red).
The red ring is caused by underfill that is too soft that let's the solder bumps break. It's a BGA packaging problem and there's no fix.
It's the same issue that was behind NVDAs "soldergate" fuck-up that ended up permanently souring the relationship between them and Apple.
The core is EU's regulation on lead free solder, which led to a number of people finding out that thermal cycling on the solder led to thermal stresses. Workarounds were identified and any solder formulations since then don't suffer from that issue, so the fix is a complete re-balling of affected chips... a work not for those faint of heart.
Complicating the issue is that this was also an early generation of chiplet so there are two levels of bga. motherboard to processing unit and processing unit to chip_actual. the latter commonly are referred to as "bumps" to distinguish from "bga" which attaches the chip_structure to the mother board. A lot of the problem was in the bumps for this chiplet like sub assembly. and while reballing bga is a tricky but well understood process. my understanding is that reballing bumps is nearly impossible.
Sounds like a R&D problem. Why the dig at the EU?
I'm European, I actually support RoHS - it was just the original cause because everyone up to it getting in force was accustomed to classic, decades-proven leaded solder.
Did they need to have a longer transition period? Looks like it went into enforcement only 2 or 3 years after it was approved.
Why not blame the EU? It is just a well known fact that non-leaded soldier has inferior properties to leaded soldier, which require careful engineering to work around, and still remain somewhat unresolved.
At this point, the directive may have caused more e-waste and environmental damage from part failures than the damage the original leaded soldier would have caused.
You should remember the bioaccumulative properties of lead.
Lead: The most extensively spread toxic environmental contaminant (2024): https://www.sciencedirect.com/science/article/abs/pii/B97803...
The Urban Lead (Pb) Burden in Humans, Animals and the Natural Environment (2022): https://pmc.ncbi.nlm.nih.gov/articles/PMC8812512/
Sure you're not thinking of the PS3 or did both of them actually suffer the same issue?
Both of them experience the same issue. Though it's a yellow light instead of the ring on the Xbox.
IIRC the PS3 issues were a mix of the RSX die cracking and the NEC Tokin caps giving out, not a solder issue.
It was an industry wide problem.
Somehow out of everyone I know with one or both consoles, 100% of 360s got red ring, 0% of PS3s got yellow light.
Fat or slim PS3? Mine experienced a YLOD circa 2010 while the slim that replaced it still works to this day.
Mostly the fat PS3. And the fat 360 too.
Not every model of the 360 will inevitably red ring. Those were typically only the "fat" models and there are some fixes to prevent it from happening. It usually just involves changing to some better quality thermal paste & reflowing the board.
https://www.ifixit.com/Guide/Xbox+360+Red+Ring+of+Death+Fix+...
This video does a deep dive on the subject:
https://www.youtube.com/watch?v=24KbVf1AD1c
He suggests that all of the fat models will eventually red ring due to being stress tested at the factory. Not sure how true that is.
RIP Felix has a much better video that explains the cause of the failure.
Factory stress isn't the cause. It was a bad design.
You misread, that's not what I wrote.
The problem is internal to the CPU packaging, there isn’t a way to fix it externally. Later 65nm (both GPU/CPU) it’s almost a non-issue, but any others will almost definitely red ring at some point, all you can do is delay the inevitable.
I can't help but think that XBox 360 emulation is the only long term path that exists for the 360, which is concerning because only Xenia to my knowledge exists and it's still experimental.
Maybe it's easier at this point to reverse-engineer Halo 3 into a Windows build
Edit: wait https://store.steampowered.com/app/1064271/Halo_3/ Well it'd still be nice to get the original experience and not to deal with Steam.
I've not modded my 360E, and it was probably one of the very last 360s built, but I've never had any problems with it, still play on it, and my understanding is there are fewer and less dire problems with it than the prior 360 and S.
Ah, I remember I had one of the first series where they forgot to remove the JTAG pins
Xbox security has certainly come a long way since the OG Xbox, which featured a pin header that may as well have had "insert modchip here" printed next to it.