
Xbox Architecture - timeoperator
https://www.copetti.org/projects/consoles/xbox/
======
joezydeco
Bunnie Huang’s _Hacking The Xbox_ is a great read, and it’s available as a
free ebook:

[https://bunniefoo.com/nostarch/HackingTheXbox_Free.pdf](https://bunniefoo.com/nostarch/HackingTheXbox_Free.pdf)

------
TeaDude
I know nothing about the actual underlying architecture but from the
(credible) sources I've heard from apparently it's a really nice API hiding an
absolutely unholy mess and that's why emulation has been so poor for so long.

~~~
elcomet
If the API is nice, shouldn't the emulation be easy ? Since the emulator
doesn't have to care about security / hacks.

Or do you mean that the API only nice in theory, but is actually not nice in
practice (lot of undocumented corner cases, or bugs, that games might rely on)
?

~~~
TeaDude
I have no idea about the specifics but from what I've heard developers really
liked the XBOX (despite it's unholy internals) so I'd say the API was actually
nice.

As for HLE based on the API it's definitely possible but there's probably tons
of nasty corner cases and that's my theory on why it's never been done. That
and the chance of games with their own proprietary APIs existing and thus they
won't work with that solution.

------
saagarjha
I'm just looking at the motherboard layout at the very top of the article, and
it's really strange to my non-expert eyes. The CPU is off to one side, and the
_GPU_ is the thing in the middle. And the SDRAM is all split up and far away
from the CPU! Is this some sort of game-console specific thing?

~~~
phire
The xbox (like many consoles, n64, gamecube, xbox360, wii, wii u, xbox one,
ps4, switch ps5, XSX) has unified memory, as in the CPU and GPU share the same
sdram.

The only way to do this is to have one chip (It's always the GPU. The GPU
needs more memory bandwidth) connected directly to the dram, and the second
chip (CPU) has to send memory requests to the second chip.

Though, this console dates to a time when CPUs didn't typically have dram
controllers onboard. PCs usually relied on a northbridge chip to have the dram
controllers, along with the routing to all peripherals (PCI/AGP) and present a
nice tidy Front-side-bus that the CPU understands. In the case of the xbox,
the GPU is acting as a combined Northbridge/GPU (a design that was common at
the time in low-cost desktops and laptops)

Unified memory has a large number of advantages for consoles. It lowers cost.
It gets rid of copying delays between GPU and CPU memory and it allows the
game developer to dynamically allocate memory to the GPU or CPU depending on
their needs.

~~~
fulafel
Why would it be impossible to have >1 chip access the SDRAM? Like Amiga did.

Especially if the GPU already had custom silicon for it.

Whether it would be good engineering (cost, time to market, risks) is of
course another issue.

~~~
rasz
Amiga worked exactly the same way. All memory access to the so called "Chip"
ram had to go thru Agnus. CPU address lines didnt touch ram chips directly.
CPU was just a passenger riding on the back of powerful GPU.

[https://www.pmsoft.nl/amiga/A500-block-
diagram.jpg](https://www.pmsoft.nl/amiga/A500-block-diagram.jpg)

~~~
fulafel
Notice the data bus is shared but the address bus is not in the pic. So there
was arbitration by Agnus but the data didn't go through it.

~~~
rasz
Low level implementation detail. Agnus is the memory controller here, handling
refresh and addressing. Block diagram tristate latch (74LS244 & 74LS373 in
real hardware) should be considered part of the chipset (controlled by Gary).
Take away Agnus(or even Gary) and CPU cant do anything, cant really say there
is any ">1 chip access the SDRAM" here. We would have to go back all the way
to C64 to say cpu and graphic chip share same sdram bus ~equally.

------
person_of_color
For the Xbox 360, they ditched Intel and went for PowerPC. Microsoft then
bought a bunch of PPC Mac Pros from Apple for development since they shared
the same ISA :D

~~~
messe
That entire generation of consoles, the Xbox 360, PS3 and Wii (and then
arguably the Wii U) were all some form of PowerPC.

The following generation though everything switched to more commodity
hardware, with the PS4 and Xbox One using x86_64 processors and the Switch
using an almost off-the-shelf SoC from nvidia.

EDIT: Gamecube was also PPC.

------
walrus01
I still remember the "Xbox is HUGE" jokes from 2001.

~~~
crazysim
Fun fact: The PS5 is huger than the Xbox!

------
loa_in_
> It is speculated that Microsoft may have left that code from prototype/debug
> units, so for the purposes of his research (possibly accidental, since this
> block exposes the types algorithms that Microsoft applied). In conclusion,
> this was considered garbage code [...]

I can't parse this excerpt

~~~
flipacholas
Fixed, thanks

------
MayeulC
A few tidbits not included in the article:

* Some emulator do exists. The earlier attempts were just API translation layers that work a bit like wine: translate the function calls to native system APIs on windows. As time went, tricks and workarounds were piling up, especially as some games used lower level HW functionality (writing in registers, etc), which provided difficult to emulate, and game executables had to be patched, thus making the emulators a collection of special cases. Such emulators include Xenia, Cxbx (and derivatives such as shogun's version, dxbx, etc).

* More recently, efforts turned to low-level emulation, with complete emulation of the Xbox GPU, using a codebase derived from QEMU: XQEMU, and more recently XEMU (mborgeson's fork, focused on trying less-proven tricks and workarounds to maximize compatibility). Both are being developed in the open (XQEMU's development process might be slightly more open), and reverse-engineering is ongoing.

* There is also an ongoing effort to port ReactOS to both the Xbox and XQEMU (probably using the official nvidia NV2A driver): [https://reactos.org/wiki/Install_ReactOS_on_Xbox](https://reactos.org/wiki/Install_ReactOS_on_Xbox)

* Big names (among others) on the emulation scene: mborgeson, JayfoxRox, Espes, Shogun

* Bunnie Huang’s _Hacking The Xbox_ was mentioned by another commenter, but _17 Mistakes Microsoft Made in the Xbox Security System_ is also an interesting read about working around the Xbox security mechanisms: [https://xboxdevwiki.net/17_Mistakes_Microsoft_Made_in_the_Xb...](https://xboxdevwiki.net/17_Mistakes_Microsoft_Made_in_the_Xbox_Security_System)

* I cannot stress enough how [https://xboxdevwiki.net/](https://xboxdevwiki.net/) is a great resource for information. Other links: [https://xqemu.com/](https://xqemu.com/) [https://github.com/xqemu/xqemu/](https://github.com/xqemu/xqemu/) [https://xemu.app/](https://xemu.app/) [https://github.com/mborgerson/xemu/wiki#content-top](https://github.com/mborgerson/xemu/wiki#content-top) [https://shogun3d-cxbx.blogspot.com/](https://shogun3d-cxbx.blogspot.com/)

* There is a big discord community, some rooms are bridged with IRC on freenode, I also bridged #xqemu on Matrix: [https://xboxdevwiki.net/Main_Page/Header](https://xboxdevwiki.net/Main_Page/Header)

------
transpute
Xbox One architecture talk (2019):
[https://www.platformsecuritysummit.com/2019/speaker/chen/](https://www.platformsecuritysummit.com/2019/speaker/chen/)

 _> Every game console since the first Atari was more or less designed to
prevent the piracy of games and yet every single game console has been
successfully modified to enable piracy. However, this trend has come to an
end. Both the Xbox One and the PS4 have now been on the market for close to 6
years, without hackers being able to crack the system to enable piracy or
cheating. This is the first time in history that game consoles have lasted
this long without being cracked to enable piracy. In this talk, we will
discuss how we achieved this for the Xbox One. We will first describe the Xbox
security design goals and why it needs to guard against hardware attacks,
followed by descriptions of the hardware and software architecture to keep the
Xbox secure. This includes details about the custom SoC we built with AMD and
how we addressed the fact that all data read from flash, the hard drive, and
even DRAM cannot be trusted. We will also discuss the corresponding software
changes we made to keep the system and the games secure._

~~~
vmception
Well this is false.

But I can say that I became disinterested in piracy when they made getting
games more convenient than piracy. When they made using the hardware closer to
its full potential part of the default experience. When they got the pricing
right for these “premium” but pretty basic features. And of course, personally
having the disposable income to afford the content because I would have never
been a customer when I was pirating, only an unpaid evangelist of the
franchise.

~~~
jariel
"And of course, personally having the disposable income to afford the content"

I think this is most of the story.

I mean, it's fun to hack, but a lot of people's ideology about a lot of things
go out the window as soon as they have a regular job and can afford to buy
regular stuff and see these things as pretty much regular products and
services.

~~~
vmception
Where I would disagree is when I think about Xbox and PS2, they had hardware
to be media centers. They had compelling region locked content that just
couldn't be used. Hacking any of that meant hacking all of that, and now you
could also download games which was faster and more convenient than going to
the store. And play Japanese games you couldn't get anyway.

Future generations of consoles made that default behavior, and games are
released in multiple continents at the same time with their respective
localization. American flagship games are now more appealing and engaging than
their Japanese counterparts.

Its not just the money.

~~~
m4rtink
More importantly they no longer do the stupid region locking & on the Switch
for example you can even buy digital games from other countries eshops.

