Xbox Series entra na mira dos ráqui!

[albanibr]

flat_z e specter ​

​

AMD 4800S Bios has been dumped, could be useful for Xbox Series X reverse engineering (and maybe, possibly, PS5?)​

BY WOLOLO · MARCH 6, 2024

An “anonymous” security researcher has released a dump of the AMD 4800S Main Bios, Backup Bios, Rom and Fuses. This material could be useful for security researchers, in particular to learn more about the Xbox X. The PS5 scene might also benefit, to some extent.

What is the AMD 4800S and why does the hacking scene care?​

The AMD 4800S is basically the APU used in the XBox Series X, with a deactivated GPU. It is believed that these APUs are “imperfect” Xbox chips that get repurposed by AMD. From eurogamer:

What if you could take the Zen 2 CPU cores found within Xbox Series X and PlayStation 5, transplant them onto a PC motherboard, install Windows and actually play PC games on them? Short of hacking the console and somehow crafting drivers for it, it’s a pipedream, but we can do the next best thing. AMD recently – and somewhat stealthily – released the 4800S Desktop Kit for Chinese OEMs. It’s a Micro ATX motherboard built around the Xbox Series X APU, shipping with 16GB of GDDR6 memory. The integrated GPU is disabled, but it is possible to install Windows on it, you can attach a decent graphics card – and yes, you can play PC games on an Xbox CPU.
The idea that this product even exists is baffling, but there is some logic to it. Not every PS5 or Series X chip that makes it off the production line is functional. There can be imperfections in the silicon that write off the chip – or parts of it. In this case, AMD chooses chips with defective GPUs, disables that graphics component and uses the CPU portion only. As you’ll see in the accompanying video – and indeed in the headline image – we can be sure it is Series X silicon because if you put the two chips side by side, they’re a match.

Something similar exists for the PS5, and that is the AMD 4700S. If that name rings a bell, that’s because the PS5 scene was excited about acquiring one of those not so long ago.
Hardware glitch attacks, firmware investigation, and other reverse engineering attempts could all yield information about that CPU, and, by extension, the Xbox series X. It is possible that potential vulnerabilities on the 4800S could be ultimately replicated on the Xbox X, assuming the chips and their firmwares are similar enough.
Furthermore, whatever the Xbox scene could learn about the similarities between the 4800S and the console’s APU, could potentially be replicated with the PS5’s 4700S. There’s a possibility that the 4700S and the 4800s have enough similarities that hardware/Firmware attacks on one system could be replicated on the other.

AMD 4700s CPU . Photo by @aschilling
Of course a lot of “ifs” in this, but if a respected hacker such as Flat_z believes it’s worth looking into this chip, there has to be good reasons.

Download AMD 4800S Bios​

The archive includes MD 4800S Main Bios, Backup Bios, Rom, and Fuses.
You can download the files here. I expect they will disappear quickly.

Release: IDA ASP Loader by SpecterDev​

BY WOLOLO · MARCH 7, 2024

Following yesterday’s release/leak of the AMD 4800S Bios, PlayStation scene developer SpecterDev has released a plugin for IDA/IDA Pro that will help you load those files in your favorite debugger.
This goes without saying, but if you don’t know what this is about, this tool is probably not for you.

What is IDA ASP Loader and why does it matter?​

I have a lengthy explanation on what the AMD 4800S is and why we like it here, but bottom line is that these CPUs are very close to those of the Xbox X, and, to some extent, the PS5. Getting knowledge about their firmware could in return help understanding and reverse-engineer the current gen gaming consoles.
In this context, IDA ASP Loader is just taking the scene one step closer to open the binary files and start reverse engineering them. (Note: ASP here stands for AMD Secure Processor)
From the developer:

Simple loader plugin for IDA to load AMD-SP or PSP firmware binaries. Will try to load bootloader blobs unpacked by PSPTool.

A lot of effort has been put by the hacking community into reverse engineering multiple aspects of the AMD CPUs. This means the Xbox X/PS5 scenes don’t have to start everything from scratch when it comes to digging inside the consoles’ APUs. The PSPReverse repository, in particular, will be useful to anyone wanting to dig into the 4800S, as mentioned by SpecterDev.

Comparison of AMD 4800s and Xbox X APU, picture by Eurogamer

Download and Install IDA ASP Loader​

Note: You will need IDA to install this plugin. Most likely IDA Pro is required here, and considering the price tag of this particular piece of software, generally speaking unless you’re a professional security researcher (and your company pays for the license), you’re probably SOL.
You can download the IDA ASP Loader plugin here.

Installation​

Copy repo contents or script into [ida root]/loaders.

Notes​

• Load addresses are currently hardcoded as there’s no easy way to dynamically deduce them. It’s possible a given binary doesn’t load at a correct address (open an issue)
• PSP files have some different magics, known ones are supported but there may be some binaries that have currently unsupported magics and won’t be recognized (open an issue)

fonte:

Release: IDA ASP Loader by SpecterDev - Wololo.net

Following yesterday’s release/leak of the AMD 4800S Bios, PlayStation scene developer SpecterDev has released a plugin for IDA/IDA Pro that will help you load those files in your favorite debugger. This goes without saying,...

wololo.net

AMD 4800S Bios has been dumped, could be useful for Xbox Series X reverse engineering (and maybe, possibly, PS5?) - Wololo.net

An “anonymous” security researcher has released a dump of the AMD 4800S Main Bios, Backup Bios, Rom and Fuses. This material could be useful for security researchers, in particular to learn more about the...

wololo.net