The hypervisor and its implications

by Jennie Lees { Nov 29th 2005 at 12:30PM }

We're taking an in-depth technical look at one of the Xbox 360's features, its hypervisor. The Xbox 360 contains a hypervisor to provide security for the system--good news for Microsoft, bad news for hackers, as Microsoft has included it as part of its plans for a hack-proof 360. What are the implications of this for gamers and for those who wish to experiment with their console?

Firstly, a look at how the processor executes code on the 360. The Xbox 360's CPU is based around the PowerPC architecture, which is well-suited to virtualisation. The hypervisor is a program on the system which can provide the operating system with virtual hardware or limit its access to memory, so a program running on top of a hypervisor thinks it is running inside a single virtual machine and talking directly to the hardware, rather than within another operating system.

On the Xbox 360, the hypervisor program is the bottom line, running in kernel mode (which means it has unlimited access to the system's hardware). The operating system runs on top of the hypervisor in user mode, and its access is meted out by the hypervisor. This means that the hypervisor can emulate the original Xbox without the 360's operating system being involved.

The security implications are unfortunately clear: nothing is going to get past the hypervisor unless it's vetted by Microsoft, and the hypervisor's security is most likely built in to the boot sequence with cryptographic signing to prevent tampering.

However, as a feature, the hypervisor holds interesting implications--if it becomes possible to tap into the boot sequence and load alternative operating systems, then it will be easy to switch between them at will, neither affecting the state of the other. For gaming, the entire virtual machine could be saved to disc thus pausing the game exactly--and the saved machine could be modified (yes, for cheating). Different consoles could be virtualised as well as different sets of hardware, so gamers could try out other game platforms and operating systems.

In conclusion, the architecture developed for the 360, including its hypervisor, contains some exciting possibilities--the easily-virtualised PowerPC can be fully taken advantage of by the hypervisor. However, Microsoft have locked down the 360 and it's not going to be easy for third parties to get inside the console's security, so end users are denied the opportunity to fully take advantage of the console's hardware.

Reader Comments (Page 1 of 1)

Jon @ Nov 29th 2005 1:30PM

I can usually follow these types of things, but this made absolutely no sense!?#@

AJay17 @ Nov 29th 2005 1:57PM

Lol, your not alone. I didn't understand it either.

Brian @ Nov 29th 2005 3:04PM

This could be very cool, but its going to take some time to figure out how to crack it. I just need to get a (close to launch day) 360 so that mine wont be 'fixed' by microsoft once someone finds a way to break into the hypervisor.

Edge of Blade @ Nov 29th 2005 3:58PM

Fully take advantage?

Of course this starts with "unlocking potential" and ends with "h2cheats@microsoft.com". Why can't people not mod a system? Are you looking for a way to kill the Xbox because it is clear thats what ends up happening. You know where it leads, yet you are bound and determined to rush there as soon as possible.

Get a life outside of your basement and away from the soldering fumes...please.

BardSarcasm @ Nov 29th 2005 4:02PM

All Microsoft has done is raised the bar for hackers. "Impossible" is a relative term to a time rich, money poor ambitious technofile. I give it 8 weeks before we see serious tested and proven 360 crack and a year before commerically available mods. Let the erosion begin ...

CHILL_down @ Nov 29th 2005 4:03PM

Microsoft just wants it to take forever to hack it...but it will happen!!! IT WILL BE GREAT!

stinio @ Nov 29th 2005 4:11PM

in depth?

Monsta @ Nov 29th 2005 4:32PM

I assume that the hypervisor works along the same sort of lines as the one of the IBM I series machines. A computer with multiple Power 5 cores. The operating systems are then installed on top of the Hypervisor which control access to the hardware underneath it. Depending on how far diplaced the x360 is from the standard IBM version (this could be either very close as microsoft has tried to builf a console to make the best of the ability of the IBm processors or completely different if Msoft wanted to get away from a the IBm version and develop something mroe suited to their needs.

As teh article says if you can get into the boot sequence or gain control of the hypervisor then the possibilities for this machine are immense. Linux would be a piece of p*ss, Unix would be fairly simple after tgat who knows

edeus @ Nov 29th 2005 5:06PM

Great quick read. Not sure what the other comments were about, I found it written quite well and easy to understand.

I'm excited! :)

sew3521 @ Nov 29th 2005 5:53PM

I found this article to be writen very well considering what it is talking about. I cant wait for the mods to start comeing out for the 360.

In responce to Edge of Blade,
Xbox modding is alot more then cheating. I have a modded box and i can say i have never cheated during a game. Check out xbins and sites like halomods.com to see why the xbox modding community is such a great thing, and of course XBMC is always going to be the ultimate xbox app.

Ravo_5002 @ Nov 29th 2005 6:27PM

I think the best way 2 hack this baby is 2 get a crack into the xex encryption. Bruteforcing would be the way 2 do this. Since pc's are getting faster and faster there must be a (distributed?) way 2 get it cracked. There are also alot of Superfast clusters out there wich are not 2 tightly secured, so maybe someone with more xbox knowledge then me can figure out the public key and someone with a bit more guts then me can hack into one of the supercomputers and load up a bruteforce decrypter (RSA?). Do a google and you will see a list of uni's with some massive processing power.

Also, modchip makershave 7 figure numbers now on thier bank accounts and they could build up quite some processing power and earn their cash back by selling the 1st crack.

jm2c

Ravo_5002

Black Guy @ Nov 29th 2005 6:32PM

Modding is always a concern for honorable online players like myself. I have a quit playing several games in the past because of some sorry-ass-no-skill-having-cheater who ruins the fair & competive playing field for everyone. The justifications I heard for cheaters are just pathetic. I bought PGR3 for X360 3 days after the X360 release. By the time I got on Live, I ran into some serious players and I got my ass handed to religiously. Did I quit? Did I consider looking for a cheat code to even the field? Would I mod my system to give me the competive edge? Nah... I stuck with it and I'm now ranked 357th on the game(I was near last in the beginning). If u can't hang then don't play the game. Bottom Line!

Modding adds cool features to your system - I understand that - but its disgusting when its used to ruin the game for others and if their caught, I agree their system (serial #) should be banned or disabled.

Black Guy @ Nov 29th 2005 7:04PM

Even if a hack is managed, this sounds like it would be a pain for the average genius to implement.

pepe2004 @ Nov 29th 2005 7:27PM

WTF with the second comment?, thanks to xbox been hacked the possibilities of that console went to the heaven, it plays absolutly anything you want. Thanks to that that console become the best console ever made. If people use that hack to buy piratery, did that means people can't use the console for the amasing things it does?.

Ace25 @ Nov 29th 2005 7:35PM

Sorry, but "brute forcing" the 360 is not going to be possible. Heck, the first Xbox has never had its key cracked by brute force. Even with all the CPU power in the world right now it would take 100's if not 1000
's of years to brute force a 4096 encryption key.

But as far as modding (circumventing the security) I am sure that will be accomplished within 6 months. Heck, just look at a pic of the 360 motherboard. There are 3 different "LPC" style solder points on the motherboard (for testing/troubleshooting I assume). So if MS has incorporated a way to get into the box via those points, its just a matter of time before someone finds an exploit (and come on ppl, this is MS we are talking about! Not exactly known for their security are they?) Breaking the Hypervisor itself may not be possible, but somehow tricking it to think the software you want to run is legit (think font expoit on the xbox) may be the answer.

VZ3 @ Nov 29th 2005 7:42PM

Ravo_5002, you said you think it would be possible to crack the encryption using brute force. I'm sorry to say but a key lengths that are likely to be used on Xbox360 take virtually forever to crack on any currently known brute force methods, even with the computing power of all supercomputers and PCs in the world today combined.

dude @ Nov 29th 2005 7:42PM

I really hope the 360s security is eventually cracked!. I have an original modded xbox with a 200gig hd and its fu*@ing great!. Apps like XBMC are excellent and the fact it can be used as a pc with linux is cool too. If the 360 ever does get cracked then like the article above say the possibilities would be immense!. However, even although there is alot of money to be made by mod chip makers its going to take a very long time before we see any kind of off the shelf 360 chip mod. From what i've been reading microsoft have spent alot of time getting the security done properly this time round. It might never even happen!. But its early days yet and I live in hope!

Ace25 @ Nov 29th 2005 8:08PM

Corey @ Nov 30th 2005 8:27AM

I agree that hacking for cheating sucks, but I love my modded box with XBMC on it. I have a 250gig HD in it and I love that I can fit all 50 of my games on it and don't have to swap CD's to play a different game when I get bored with the one I'm playing, just simply hit a special button combo all at the same time and machine reboots and I select a different game to play. That alone is worth the mod. In fact many of the new features of the Xbox360 came from reasons and things that the modding community was doing with their original xboxs. There was even an interview I read a while back that of a couple of the designers and they were talking about the xbox360 being modded and they said they think it will inevitably happen but they have taken measures to make it harder and they think less people will want to do it, because they can now do many of the things people were doing with original modded xboxes.

Edge of Blade @ Nov 30th 2005 10:29AM

To return to my previous comments...Modding your Xbox into a PC will KILL the platform. You are cutting MS out of the money it has invested for. Remember that this system is sold at a lost. Thats why everyone wants to mod it...cheap computer. Think about that for a second. If you are not buying the licenced software for the system, you are sticking it to MS (I guess thats what the juvenile Linux users want). MS sees the loss and stops (or gives less effort) supporting the platform. Every Xbox that gets modded is a cut into MS. You make sure that MS investment in you stays merely an outflow and they never make that cash back. Do you want MS to keep putting out great game systems like this?

joe @ Nov 30th 2005 8:51PM

Basically what it means is that the hypervisor is the controller of the software running
Which means that it runs in lower � level and talks to the hardware directly. It tell the memory to release or cache.
Kind of like the windows manager, only its via hardware, it loads the xbox software into memory directly then it controllers what is �on� and what is �off� via the hypervisor Whether it�s the the Xbox 360 os or the original Xbox os both are saved in a virtual state and they are saved in memory as a virtual machine. so it possible to save the state of the software and then jump into another state via the hypervisor, what it means is that say ur able to get linux onto the hard dive, if you could get into the hypervisor you could then
Tell the hypervisor to switch to that virtual machine kernel (linux) and then run it in emulations or switch back via the hypervisor to 360 os or lets say mac osx, or whatever runs on powerpc chips. Or if the y port a divx movie player or something like that.

Very Useful now all we need a a mircosoft engineer to explain the hypervisor boot sequence. :)

Agamemnon @ Dec 1st 2005 12:28AM

Brute Forcing the xbox 360 is pretty much out of the question. It would take so long that it wouldn't be worth it, and by the time its done you and I would be dead. Before it would even be close to done someone would find an easier way.
The possibilites that present themselves if one could take control of the hypervisor would be very interesting.

sean1818 @ Dec 1st 2005 2:47AM

Seem's to me that they're making it easier, rather than harder for modders to make their way into the xbox security, now all one needs to do is gain access to the hypervisor and viola you've unlocked the entire potential of the xbox. Though it will most likely require a "hard" mod to the motherboard to compromise it, I doubt that will take long at all, nothing is impenetrable, and new security measures only lengthen the amount of time it takes to obliterate them.

sean1818 @ Dec 1st 2005 3:08AM

In reply to the 22nd comment about modding and microsoft's "loss". Firstly most systems are sold at a "loss" and it is undetermined what Microsoft is actually losing if anything at all (the loss is assumed by an independant agency guestimating what microsoft "could" pay for the system to be manufactured) Roughly 90% of the people I know that have modded their systems do it for reasons far beyond that of piracy. Yes piracy is possible, but assuming that someone would purchase a game if they weren't able to recieve an illegitamate copy for cheaper or virtually nothing is naive, many people that do engage in piracy admit that they wouldn't have, in the first place, purchased the game due to their inability to afford it. So assuming the other 10% of the modding community which is an extemely small fraction of the owners of xbox would have purchased their microsoft software without the ability to pirate you wind up with less than 1% of microsoft's profits lost to it. The difference between bits and bucks is immense, and the false claim's made by companies "suffering" piracy is absurd. Lastly my "modded" xbox has been more than simply a "cheap pc" as you refer to it. My xbox honing a 250 gigabyte hard drive, has applications allowing me to control all my media from one central location, it tunes into internet radio stations, records live television, plays back all video formats, loads games faster and plays/switches between them easier than the original design of flipping through discs, I OWN about 60 retail purchased xbox games, every single one of my games are downloaded onto my hard drive and played with better performance through my hard drive, I can reset my xbox in the middle of the game with the controller, switch to music or a movie, engage in various outlets of online play WIHTOUT xbox live or a PC involved. I can stream digital media, emulate my favorite older consoles (NES GENESIS ATARI!!!) I can run an operating system to allow me to use common pc programs such as irc, internet browsing, etc...all from the comfort of my living room couch. I love my modded xbox, and i also own an untouched xbox which I use to play on xbox live with my games which costs me 50 bux a year, that i'm glad to pay to MS for their wonderful LIve experience. I feel no shame for what i've done to and with my xbox, and MS profits greatly from my enthused love of my console, if i didn't like it so much i probably wouldn't have spent all that cash on it... profit loss..pfft, they should be MAKING the modchips IMO. /rant

jennie @ Dec 1st 2005 8:54AM

#23: all the security is stored right on the chip -- it's not going to be easy to get in and it'll definitely need to be a hardware mod, from what we know now.

By the way we have had confirmation that the hypervisor is indeed a feature of the 360 -- no more speculation :)

Blob @ Dec 1st 2005 9:14AM

Dang it looks like M$ Covered all bases this time.... Brute force hacking the 360 prob wouldn't work at all as we all know the boot hypervision looks for the signed boot image on this sucker and remember the first xbox wouldn't run unsigned code (Back up games etc...) Unless it was modded which was piece of cake when others could flash the tsop and all of that. But now it looks for a signed OS / Code to boot. No one ever was able to duplicate that signed code or whatever to get it to boot on a unmodded box they were only able to expiolt the 1st box due to serveral hardware loose ends but now they have to have some type of signed code or whatever to get the new box to boot it. The only way I think this new box can be modded is by getting a rogue M$ employee which has access to the signing tools and whatever to sign one of the modded oses or whatever these hackers have out there planned for the xbox 360... I don't see how that is possible after all whoever does the signing of the apps and games at M$ prolly doesn't want to lose his job @ M$ But nothing is impossible so let's just sit back and see :-)

Dan @ Dec 1st 2005 1:25PM

Of course as many have pointed out, brute forcing will probably not be possible. But just think how funny it would be to have lots of original xboxes clustered to brute force the xbox 360. And how ironic it would be if they succeded in doing so!

Archon129 @ Dec 1st 2005 2:48PM

Edge of Blades, when the original Xbox came out, it too was sold at a loss and look how well the system did. Microsoft is not going to stop supporting the system because a small percentage of its users mod the system. If your argument had any truth to it then Microsoft would have thrown in the towel a long time ago. They do not make money off the system, almost no company does that. It's the games they make money off of. Granted, some people copy or download their games. But let me tell you that just as many people use the mod for legitimate purposes such as the larger HD support and XBMC. Seriously, the larger HD is well worth the money for the mod.

Dan @ Dec 2nd 2005 4:37AM

Hacking the hypervisor will most likely take so long it will not be a problem. It may be done towards the end of the XBOX 360 life or even long after that (4-6 years). If that holds true then Microsoft won. :)

VZ3 @ Dec 3rd 2005 3:46PM

sean1818, you said it should be easy for modders to crack the box because only supervisor would have to be compromised. Maybe you are not realising, that supervisor is a part of the CPU. In order to hack it would require modifications at chip level. While I'm not saying it would be completely impossible for someone to start decapping the CPU and modifying the chips with laser or so, the costs would become so great that there would not be much point. Definitely it wouldn't be doable by end users at home.