Sneaking Past the Hypervisor

Hackers are working on figuring out the guts of the XBox 360, and so far it doesn’t seem like there’s been much real progress. Lots of discovery of what’s in there, and finding where the walls are, but the walls don’t seem to be in any danger.

The XBox 360 uses a hypervisor architecture. My own speculation is that there’s code in the CPU which verifies the boot ROM using a public key encryption system before calling it, so that until the key is broken, nobody’s going to be getting past that boot sequence.

One possibility, I think, would be to let the XBox 360 boot up to the point where it’s past the checks and executing “trusted” code, and then swap in a different bank of memory. Like how EMM used to work on the PC or how on the C64 you could take the BASIC ROM image and write it into the RAM underneath it, then turn the ROM off and modify the RAM underneath to hack the BASIC code.

This would take some seriously talented and committed hackers.