Hypervisor
Old notes on the Xbox 360 Hypervisor can be found here: Hypervisor (Old Notes)
What is a Hypervisor?
Like in the PS3, Microsoft protects the integrity of its system with a Hypervisor. Using the virtualization technologies of today's processors, a hypervisor can act as a small piece of code with even higher privileges than the more complex operating system. In theory, even potential flaws in the operating system cannot be exploited since the hypervisor puts up additional restrictions.
In case of the Xbox 360, the hypervisor is responsible for encryption, decryption and the enforcement of access restrictions on memory.
Thanks to the work of an anonymous hacker, a flaw in the hypervisor has been discovered on certain versions of the Xbox 360 kernel, allowing the injection of code, which has not been cryptographically signed by Microsoft.
How It Works
The Hypervisor (HV) is primarily made up of a series of interrupt vectors and system calls that are accompanied by a few cryptography related helper sub-routines. On the 360, the main job of the HV is to manage the security of the system and handle encryption/crypto-signatures of files that will be run. Because of this, the HV is only executed in Real-Mode, with the highest privileges. Memory paging is disabled and the HV can access any memory space on the system, including memory mapped devices, however code run from user-mode (normal mode) cannot read or write to HV space. It is essential to understand how the HV works to understand the lower level of software on the xbox 360.
When an interrupt is generated by the CPU, it jumps to the corresponding handler. When this occurs, the address of the instruction that generated the interrupt is stored in SRR0 and the MSR before the interrupt occurred is stored in SRR1 with bits 33-36 and bits 42-47 loaded with data specific to the interrupt. For every interrupt, the CPU is sent into Real Mode/privileged state, interrupts are the entrance to the HV. Instruction and data relocation is disabled at this time.
When a return from interrupt (rfid) instruction occurs, it copies SRR1 to the MSR, synchronizes context, and jumps to the address stored in SRR0. Unless the Interrupt modified the contents of SRR1, the program will exit privileged state after the MSR is set.
All interrupts are ordered meaning while one is being handled, the CPU will wait until it is finished before handling another. The exception to this is the RESET and MACHINE_CHECK interrupts, these are unorded and can take place at any time. If they occur while another interrupt is being handled, SRR0 and SRR1 will be overwritten by the new handler and context synchronization will be lost. During normal operation of the Xbox 360, the RESET interrupt does not occur and the MACHINE_CHECK interrupt is not recoverable.
Interrupt Vectors
| Vectors | |||||
|---|---|---|---|---|---|
| Offset | Name | ||||
| 0x00000100 | _v_RESET | ||||
| 0x00000200 | _v_MACHINE_CHECK | ||||
| 0x00000218 | _v_MACHINE_CHECK_0 | ||||
| 0x00000300 | _v_DATA_STORAGE | ||||
| 0x00000380 | _v_DATA_SEGMENT | ||||
| 0x00000400 | _v_INSTRUCTION_STORAGE | ||||
| 0x00000480 | _v_INSTRUCTION_SEGMENT | ||||
| 0x00000500 | _v_EXTERNAL | ||||
| 0x00000600 | _v_ALIGNMENT | ||||
| 0x00000700 | _v_PROGRAM | ||||
| 0x00000800 | _v_FPU_UNAVAILABLE | ||||
| 0x00000900 | _v_DECREMENTER | ||||
| 0x00000980 | _v_HYPERVISOR_DECREMENTER | ||||
| 0x00000B9C | _v_Reserved_B9C | ||||
| 0x00000C00 | _v_SYSTEM_CALL | ||||
| 0x00000D00 | _v_TRACE | ||||
| 0x00000A5C | _v_FPU_Assist | ||||
| 0x00000F20 | _v_VPU_UNAVAILABLE | ||||
| 0x00001600 | _v_MAINTENANCE | ||||
| 0x00001700 | _v_VMX_ASSIST | ||||
| 0x00001800 | _v_THERMAL_MANAGEMENT | ||||
Cryptography
Retail 17511 - These offsets are subject to change!
| Cryptography Functions | |||||
|---|---|---|---|---|---|
| Offset | Name | ||||
| 0x00020300 | XeCryptAesCbcMac | ||||
| 0x00023500 | XeCryptMemDiff | ||||
| 0x000226F0 | XeCryptShaInit | ||||
| 0x00022738 | XeCryptShaTransform | ||||
| 0x00020520 | XeCryptBnDw_Copy | ||||
| 0x0000A880 | memcpy | ||||
| 0x0000AD20 | memset | ||||
| 0x00022DB8 | XeCryptSha | ||||
| 0x00022BD0 | XeCryptShaUpdate | ||||
| 0x00022CF0 | XeCryptShaFinal | ||||
| 0x00023170 | XeCryptRc4Key | ||||
| 0x00023218 | XeCryptRc4Ecb | ||||
| 0x00020578 | XeCryptBnQwBeSigFormat | ||||
| 0x00020F00 | XeCryptBnQwNeModMul | ||||
| 0x00021210 | XeCryptBnQw_Copy | ||||
| 0x00020EC8 | XeCryptBnQwNeModInv | ||||
| 0x000244D8 | XeCryptBnQwNeDigLen | ||||
| 0x00024560 | XeCryptBnQwNeMul | ||||
| 0x000211F0 | XeCryptBnQw_Zero | ||||
| 0x00024AF0 | XeCryptBnQwNeAcc | ||||
| 0x00024A40 | XeCryptBnQwNeAdd | ||||
| 0x00024A98 | XeCryptBnQwNeSub | ||||
| 0x000247D0 | XeCryptBnQwNeMod | ||||
| 0x00020910 | XeCryptBnQwNeModExp | ||||
| 0x00024C68 | XeCryptBnQwNeCompare | ||||
| 0x00023108 | XeCryptRc4 | ||||
| 0x00022E98 | XeCryptHmacShaInit | ||||
| 0x00023010 | XeCryptHmacShaFinal | ||||
| 0x00023060 | XeCryptHmacSha" | ||||
| 0x000200F8 | XeCryptAesKey | ||||
| 0x00023008 | XeCryptHmacShaUpdate | ||||
| 0x00021128 | XeCryptBnQwNeRsaPubCrypt | ||||
| 0x00020D28 | XeCryptBnQwNeModExpRoot | ||||
| 0x000211A8 | XeCryptBnQwNeRsaPrvCrypt | ||||
| 0x00021240 | XeCryptBnQw_SwapDwQwLeBe | ||||
| 0x00021840 | XeCryptDes3Cbc | ||||
| 0x00021BC8 | XeCryptDes3Key | ||||
| 0x000217C0 | XeCryptDes3Ecb | ||||
| 0x00021968 | XeCryptDesKey | ||||
| 0x00021710 | XeCryptDesCbc | ||||
| 0x00021270 | XeCryptDesEcb | ||||
| 0x00021C08 | XeCryptDesParity | ||||
| 0x00023278 | XeCryptRotSum | ||||
| 0x00023330 | XeCryptRotSumSha | ||||
| 0x00020550 | XeCryptBnDw_SwapLeBe | ||||
| 0x00020250 | XeCryptAesCtr | ||||
| 0x00020468 | XeCryptBnDwLePkcs1Verify | ||||
| 0x000203A8 | XeCryptBnDwLePkcs1Format | ||||
| 0x00024420 | XeCryptBnQwBeSigDifference | ||||
| 0x00020680 | XeCryptBnQwBeSigVerify | ||||
| 0x00000E14 | HvpRelocateCacheLines | ||||
Utility Functions
| Utility Functions | |||||
|---|---|---|---|---|---|
| Offset | Name | ||||
| 0x00000384 | HvpSetRMCIEx | ||||
| 0x00000398 | HvpSetRMCI | ||||
| 0x000003C4 | HvpZeroCacheLines | ||||
| 0x00000484 | CopyBy64 | Copies 2 x 32 bits at a time | |||
| 0x000004A8 | Sleep | Suspends the processor for 16 cycles*r3.
Usually accompanied by disabling the timebase before its called, as described in the SDK. | |||
| 0x000004D8 | HvpGetTimebase | Gets the current timebase value. If tb = 0, waits until tb != 0 | |||
| 0x0000068C | HvpGetFlashBase | Returns the flash base address | |||
| 0x000006A0 | HvpGetSocMMIORegs | Returns the soc hardware registers base address | |||
| 0x000006B4 | HvpBuildPciConfigRegs | ||||
| 0x000006CC | HvpGetHostBridgeRegs | ||||
| 0x00000E14 | HvpRelocateCacheLines | ||||
| 0x00000EE4 | HvpSaveCachelines | Writes cache blocks back to memory for a given address | |||
| 0x00001804 | HvpFlushSingleTb | ||||
| 0x000029E0 | HvpPhysicalToReal | Returns the real address of the given physical address | |||
| 0x00003358 | HvpRelocateEncryptedToPhysical | Moves data from an encrypted page and returns the new address | |||
| 0x000033D8 | HvpRelocatePhysicalToProtected | Moves data to a protected page and returns the new address | |||
| 0x00003620 | HvpComputeKeyVaultHmacSha | ||||
| 0x00000000 | add more later... | ||||
Invoking The Hypervisor
User-mode code can invoke the Hypervisor at any time through what is called a system call(syscall). System calls are functions set up by the Hypervisor that can preform various tasks on the system, for example getting the value of a special cpu register or printing to the console's post bus. When a system call is preformed, the cpu generates a syscall interrupt and jumps to the appropriate handler. System calls are described more here: System Calls