Yea @AmpBenzScientist there was one more, i'm not sure we talked about it yet.
Have You ever heard of DARPA Cyber Grand Challange?
@PawelK I wasn't inactive while I was silent. I have a problem with the Xbox One and it not being cracked. 8 cores and fast memory are very useful. It seems that the only feasible way to run unauthorized code is through browser exploits.
It seems to me that only going after the AMD Secure Platform ARM core and hitting the TPM would result in a usable break. I had various ideas about how to exploit it but that system is the most secure Microsoft product of all time.
Now You really made me wanna look into it. You know how to b8d me.
@PawelK All of that just to run Linux. That was my goal and also to save a rather capable device from becoming E waste.
8 cores on the Jaguar arch (pre Zen) and 8GB of GDDR5, I think, are the reward. The containers used for emulation and apps only allow around 4GB to be utilized. It's still a custom chipset but close enough that an exploit on the PSP could potentially work.
I was thinking about using an FPGA with 20K LUTs to intercept or change some checks. The system is locked down tight. I think it's a Cortex A7 core that resides in the Processor.
Everything about the original Xbox One was a solid design. I hate the X Clamp but I understand that it could expand under heat to make better contact with the CPU. They understood that cold air sinks and exhaust the hot air up through a nicely designed duct. They still used garbage thermal paste on the chips.
I couldn't get ahold of my Artic Silver 5 that I trust so I bought some thermal paste from Best Buy. The active ingredient is Zinc Oxide (yes the same as sunscreen) and it actually brought the temperatures down.
The GPU has an equivalent in computers. It just makes me angry that the potential is just wasted on games. The fast ram is the most impressive part as a Laptop A10 quad core from the previous gen can perform about 75% as well. The newer models X and S have more powerful hardware but the security seems to be about the same.
Where exactly could such an FPGA get plugged into the chain?
@PawelK That's a great question. Perhaps the Ethernet port would reveal useful information. I considered using two. Without a very expensive lab, the best route I saw was Ethernet. I believe the PSP communicates over Ethernet to verify new firmware and potentially other things. There should be a path to the PSP through Ethernet.
@PawelK The security keys are no joke. The security seems to be mainly handled by the PSP and the TPM thing. I think the new consoles also have the "Pluto" chip which is another layer. My guess is that the Pluto chip is intended to stop such attacks.
Perhaps they got sloppy and something could be revealed by RE the New Consoles to find out how to exploit the Decade old hardware.
@AmpBenzScientist
It must generate some query to server to check for updates, i'd try to wireshark it and check whether there are patterns between comms on same box 1 each time same version to update from and 2 same box different versions and 3 inter- between different boxes.
You might be looking in a right direction, SW update was way, that some sameschwung tvs got craiged.