diff --git a/docs/NAVIGATION.md b/docs/NAVIGATION.md index a0ccc5a..9c1e0f3 100644 --- a/docs/NAVIGATION.md +++ b/docs/NAVIGATION.md @@ -1,62 +1,67 @@ - [Home](index.md) -- Hardware - - [SKU List](retail-xone-skus.md) - - [Codenames](codenames.md) - - [Console revisions](console-revisions.md) - - [CPU](cpu.md) - - [Southbridge](southbridge.md) - - [eMMC / Flash](emmc-flash.md) - - [Wifi](wifi.md) - - [Ethernet](ethernet.md) - - [Optical Disc Drive](optical-disc-drive.md) - - [ODD Update Logs](optical-disc-drive/odd-firmware-update-log.md) - - [RF unit](rf-unit.md) - - [XDK Transfer device](xdk_transfer.md) -- Software - - [Firmware](firmware.md) - - [Bootanimation](bootanimation.md) - - [Bootloaders](bootloaders.md) - - [Certificates](certificates.md) - - [Flash (XBFS)](xbox-boot-file-system.md) - - [Southbridge filesystem (SBFS)](southbridge-file-system.md) - - [Hard drive](harddrive.md) - - [Security Processor](security-processor.md) - - [USB NTFS Overrides](usb-ntfs-overrides.md) - - [Telemetry](telemetry.md) - - [Protocol URIs (Deep links)](protocol-URIs.md) - - [Xbox Game Disc](xbox-game-disc.md) - - [XEO3 Emulator](xeo3.md) - - xeo3/*.md - - [Xbox Operating System](xbox-operating-system.md) - - [Xbox UI](xbox-ui.md) - - [Xbox WinRT](winmd.md) - - [XCRDUtil](xcrdutil.md) - - [DefaultApp](default-app.md) - - [Kiosk](kiosk.md) - - [Exploits](exploits.md) +- Security + - [General Security design](security/general-security-design.md) + - [Security Processor (AMD PSP)](security/security-processor.md) + - [Certificates](security/certificates.md) + - [Exploits](security/exploits.md) - exploits/*.md - - [Unauthorized Xbox Device Lockout](unauthorized-device-lockout.md) +- Boot + - [Bootloaders / Bootchain](boot/bootloaders.md) + - [Soutbridge filesystem (SBFS)](boot/southbridge-file-system.md) + - [Boot filesystem (XBFS)](boot/xbox-boot-file-system.md) + - [VBI (Virtual boot image)](boot/vbi.md) + - [NTFS USB overrides](boot/usb-ntfs-overrides.md) + - [Bootanimation](boot/bootanimation.md) +- Console models + - [Console revisions](console-models/console-revisions.md) + - [Retail SKUs](console-models/retail-xone-skus.md) + - [Devkit types](console-models/devkit-types.md) +- Hardware + - [CPU](hardware/cpu.md) + - [Southbridge](hardware/southbridge.md) + - [eMMC / Flash](hardware/emmc-flash.md) + - [Wifi](hardware/wifi.md) + - [Ethernet](hardware/ethernet.md) + - [Optical Disc Drive](hardware/optical-disc-drive.md) + - [ODD Update Logs](hardware/odd-firmware-update-log.md) + - [RF unit](hardware/rf-unit.md) + - [XDK Transfer device](hardware/xdk_transfer.md) +- Operating system + - [Firmware](operating-system/firmware.md) + - [Hard drive layout](operating-system/harddrive-partitioning.md) + - [Telemetry](operating-system/telemetry.md) + - [Protocol URIs (Deep links)](operating-system/protocol-URIs.md) + - [Xbox Operating System](operating-system/xbox-operating-system.md) + - [Xbox UI](operating-system/xbox-ui.md) + - [XCRDUtil](operating-system/xcrdutil.md) + - [DefaultApp](operating-system/default-app.md) + - [Kiosk](operating-system/kiosk.md) + - [Xbox Virtual Drives (XVD)](operating-system/xbox-virtual-drive.md) + - [Unauthorized Xbox Device Lockout](operating-system/unauthorized-device-lockout.md) +- Games + - [Xbox Game Disc](games/xbox-game-disc.md) + - [XEO3 Emulator](games/xeo3-x360-classic-xbox-emulator.md) + - [Savegames](games/savegames.md) - Xbox Live - [Xbox Live Error Codes](xbox-live/hresult-error-codes.md) - [XSTS Token](xbox-live/xsts-token.md) - [Update Groups](xbox-live/update-group-ids.md) - [Update CDN APIs and Downloads](xbox-live/update-cdn.md) - File formats - - [Update.cfg](update-cfg.md) - - [Xbox Virtual Drives (XVD)](xbox-virtual-drive.md) - - [XVI](xvi.md) - - [XCT](xct.md) - - [VBI](vbi.md) - - [Savegames](savegames.md) + - [Update.cfg](file-formats/update-cfg.md) + - [XVI](file-formats/xvi.md) + - [XCT](file-formats/xct.md) - Development - - [PC tools](pc_tools.md) - - [Devkit types](devkit-types.md) - - [Setting up your console](setup-dev-mode.md) - - [Compiling for xbox](compiling-for-xbox.md) - - [Installing Compatible Software](installing-compatible-software.md) - - [Creating your own Windows User](creating-a-win-user.md) - - [Xbox Device Portal](device-portal.md) - - dev-portal-api/** - - [XTF APIs](xtf-apis.md) - - xtf-apis/*.md + - [PC tools](development/pc_tools.md) + - [Setting up your console](development/setup-dev-mode.md) + - [Compiling for xbox](development/compiling-for-xbox.md) + - [Installing Compatible Software](development/installing-compatible-software.md) + - [Creating your own Windows User](development/creating-a-win-user.md) + - [Xbox Device Portal](development/device-portal.md) + - [Xbox WinRT](development/winmd.md) + - development/dev-portal-api/** + - [XTF APIs](development/xtf-apis.md) + - development/xtf-apis/*.md +- Misc + - [Codenames](misc/codenames.md) - [FAQ](faq.md) diff --git a/docs/files/SYSTEMRW.zip b/docs/_binaries/SYSTEMRW.zip similarity index 100% rename from docs/files/SYSTEMRW.zip rename to docs/_binaries/SYSTEMRW.zip diff --git a/docs/files/XboxUnattend-master-20190919.zip b/docs/_binaries/XboxUnattend-master-20190919.zip similarity index 100% rename from docs/files/XboxUnattend-master-20190919.zip rename to docs/_binaries/XboxUnattend-master-20190919.zip diff --git a/docs/files/ms-xb1-edge-exp-master.zip b/docs/_binaries/ms-xb1-edge-exp-master.zip similarity index 100% rename from docs/files/ms-xb1-edge-exp-master.zip rename to docs/_binaries/ms-xb1-edge-exp-master.zip diff --git a/docs/files/xsymlink.zip b/docs/_binaries/xsymlink.zip similarity index 100% rename from docs/files/xsymlink.zip rename to docs/_binaries/xsymlink.zip diff --git a/docs/XVD_visual_format-2.pdf b/docs/_files/XVD_visual_format-2.pdf similarity index 100% rename from docs/XVD_visual_format-2.pdf rename to docs/_files/XVD_visual_format-2.pdf diff --git a/docs/bluehat-2019-the-xbox-one-story/slide_00.jpg b/docs/_files/bluehat-2019-the-xbox-one-story/slide_00.jpg similarity index 100% rename from docs/bluehat-2019-the-xbox-one-story/slide_00.jpg rename to docs/_files/bluehat-2019-the-xbox-one-story/slide_00.jpg diff --git a/docs/bluehat-2019-the-xbox-one-story/slide_01.jpg b/docs/_files/bluehat-2019-the-xbox-one-story/slide_01.jpg similarity index 100% rename from docs/bluehat-2019-the-xbox-one-story/slide_01.jpg rename to docs/_files/bluehat-2019-the-xbox-one-story/slide_01.jpg diff --git a/docs/bluehat-2019-the-xbox-one-story/slide_02.jpg b/docs/_files/bluehat-2019-the-xbox-one-story/slide_02.jpg similarity index 100% rename from docs/bluehat-2019-the-xbox-one-story/slide_02.jpg rename to docs/_files/bluehat-2019-the-xbox-one-story/slide_02.jpg diff --git a/docs/bluehat-2019-the-xbox-one-story/slide_03.jpg b/docs/_files/bluehat-2019-the-xbox-one-story/slide_03.jpg similarity index 100% rename from docs/bluehat-2019-the-xbox-one-story/slide_03.jpg rename to docs/_files/bluehat-2019-the-xbox-one-story/slide_03.jpg diff --git a/docs/bluehat-2019-the-xbox-one-story/slide_04.jpg b/docs/_files/bluehat-2019-the-xbox-one-story/slide_04.jpg similarity index 100% rename from docs/bluehat-2019-the-xbox-one-story/slide_04.jpg rename to docs/_files/bluehat-2019-the-xbox-one-story/slide_04.jpg diff --git a/docs/bluehat-2019-the-xbox-one-story/slide_05.jpg b/docs/_files/bluehat-2019-the-xbox-one-story/slide_05.jpg similarity index 100% rename from docs/bluehat-2019-the-xbox-one-story/slide_05.jpg rename to docs/_files/bluehat-2019-the-xbox-one-story/slide_05.jpg diff --git a/docs/bluehat-2019-the-xbox-one-story/slide_06.jpg b/docs/_files/bluehat-2019-the-xbox-one-story/slide_06.jpg similarity index 100% rename from docs/bluehat-2019-the-xbox-one-story/slide_06.jpg rename to docs/_files/bluehat-2019-the-xbox-one-story/slide_06.jpg diff --git a/docs/bluehat-2019-the-xbox-one-story/slide_07.jpg b/docs/_files/bluehat-2019-the-xbox-one-story/slide_07.jpg similarity index 100% rename from docs/bluehat-2019-the-xbox-one-story/slide_07.jpg rename to docs/_files/bluehat-2019-the-xbox-one-story/slide_07.jpg diff --git a/docs/bluehat-2019-the-xbox-one-story/slide_08.jpg b/docs/_files/bluehat-2019-the-xbox-one-story/slide_08.jpg similarity index 100% rename from docs/bluehat-2019-the-xbox-one-story/slide_08.jpg rename to docs/_files/bluehat-2019-the-xbox-one-story/slide_08.jpg diff --git a/docs/bluehat-2019-the-xbox-one-story/slide_09.jpg b/docs/_files/bluehat-2019-the-xbox-one-story/slide_09.jpg similarity index 100% rename from docs/bluehat-2019-the-xbox-one-story/slide_09.jpg rename to docs/_files/bluehat-2019-the-xbox-one-story/slide_09.jpg diff --git a/docs/bluehat-2019-the-xbox-one-story/slide_10.jpg b/docs/_files/bluehat-2019-the-xbox-one-story/slide_10.jpg similarity index 100% rename from docs/bluehat-2019-the-xbox-one-story/slide_10.jpg rename to docs/_files/bluehat-2019-the-xbox-one-story/slide_10.jpg diff --git a/docs/bluehat-2019-the-xbox-one-story/slide_11.jpg b/docs/_files/bluehat-2019-the-xbox-one-story/slide_11.jpg similarity index 100% rename from docs/bluehat-2019-the-xbox-one-story/slide_11.jpg rename to docs/_files/bluehat-2019-the-xbox-one-story/slide_11.jpg diff --git a/docs/bluehat-2019-the-xbox-one-story/slide_12.jpg b/docs/_files/bluehat-2019-the-xbox-one-story/slide_12.jpg similarity index 100% rename from docs/bluehat-2019-the-xbox-one-story/slide_12.jpg rename to docs/_files/bluehat-2019-the-xbox-one-story/slide_12.jpg diff --git a/docs/bluehat-2019-the-xbox-one-story/slide_13.jpg b/docs/_files/bluehat-2019-the-xbox-one-story/slide_13.jpg similarity index 100% rename from docs/bluehat-2019-the-xbox-one-story/slide_13.jpg rename to docs/_files/bluehat-2019-the-xbox-one-story/slide_13.jpg diff --git a/docs/bluehat-2019-the-xbox-one-story/slide_14.jpg b/docs/_files/bluehat-2019-the-xbox-one-story/slide_14.jpg similarity index 100% rename from docs/bluehat-2019-the-xbox-one-story/slide_14.jpg rename to docs/_files/bluehat-2019-the-xbox-one-story/slide_14.jpg diff --git a/docs/bluehat-2019-the-xbox-one-story/slide_15.jpg b/docs/_files/bluehat-2019-the-xbox-one-story/slide_15.jpg similarity index 100% rename from docs/bluehat-2019-the-xbox-one-story/slide_15.jpg rename to docs/_files/bluehat-2019-the-xbox-one-story/slide_15.jpg diff --git a/docs/bluehat-2019-the-xbox-one-story/slide_16.jpg b/docs/_files/bluehat-2019-the-xbox-one-story/slide_16.jpg similarity index 100% rename from docs/bluehat-2019-the-xbox-one-story/slide_16.jpg rename to docs/_files/bluehat-2019-the-xbox-one-story/slide_16.jpg diff --git a/docs/bluehat-2019-the-xbox-one-story/slide_17.jpg b/docs/_files/bluehat-2019-the-xbox-one-story/slide_17.jpg similarity index 100% rename from docs/bluehat-2019-the-xbox-one-story/slide_17.jpg rename to docs/_files/bluehat-2019-the-xbox-one-story/slide_17.jpg diff --git a/docs/bluehat-2019-the-xbox-one-story/slide_18.jpg b/docs/_files/bluehat-2019-the-xbox-one-story/slide_18.jpg similarity index 100% rename from docs/bluehat-2019-the-xbox-one-story/slide_18.jpg rename to docs/_files/bluehat-2019-the-xbox-one-story/slide_18.jpg diff --git a/docs/bluehat-2019-the-xbox-one-story/slide_19.jpg b/docs/_files/bluehat-2019-the-xbox-one-story/slide_19.jpg similarity index 100% rename from docs/bluehat-2019-the-xbox-one-story/slide_19.jpg rename to docs/_files/bluehat-2019-the-xbox-one-story/slide_19.jpg diff --git a/docs/bluehat-2019-the-xbox-one-story/slide_20.jpg b/docs/_files/bluehat-2019-the-xbox-one-story/slide_20.jpg similarity index 100% rename from docs/bluehat-2019-the-xbox-one-story/slide_20.jpg rename to docs/_files/bluehat-2019-the-xbox-one-story/slide_20.jpg diff --git a/docs/bluehat-2019-the-xbox-one-story/slide_21.jpg b/docs/_files/bluehat-2019-the-xbox-one-story/slide_21.jpg similarity index 100% rename from docs/bluehat-2019-the-xbox-one-story/slide_21.jpg rename to docs/_files/bluehat-2019-the-xbox-one-story/slide_21.jpg diff --git a/docs/bluehat-2019-the-xbox-one-story/source.txt b/docs/_files/bluehat-2019-the-xbox-one-story/source.txt similarity index 100% rename from docs/bluehat-2019-the-xbox-one-story/source.txt rename to docs/_files/bluehat-2019-the-xbox-one-story/source.txt diff --git a/docs/default-app/defaultapp1.png b/docs/_files/default-app/defaultapp1.png similarity index 100% rename from docs/default-app/defaultapp1.png rename to docs/_files/default-app/defaultapp1.png diff --git a/docs/default-app/defaultapp2.png b/docs/_files/default-app/defaultapp2.png similarity index 100% rename from docs/default-app/defaultapp2.png rename to docs/_files/default-app/defaultapp2.png diff --git a/docs/default-app/defaultapp3.jpg b/docs/_files/default-app/defaultapp3.jpg similarity index 100% rename from docs/default-app/defaultapp3.jpg rename to docs/_files/default-app/defaultapp3.jpg diff --git a/docs/devkits/series_s_release_xdk.png b/docs/_files/devkits/series_s_release_xdk.png similarity index 100% rename from docs/devkits/series_s_release_xdk.png rename to docs/_files/devkits/series_s_release_xdk.png diff --git a/docs/devkits/series_x_xdk.jpg b/docs/_files/devkits/series_x_xdk.jpg similarity index 100% rename from docs/devkits/series_x_xdk.jpg rename to docs/_files/devkits/series_x_xdk.jpg diff --git a/docs/devkits/xbox_one_phat_xdk.webp b/docs/_files/devkits/xbox_one_phat_xdk.webp similarity index 100% rename from docs/devkits/xbox_one_phat_xdk.webp rename to docs/_files/devkits/xbox_one_phat_xdk.webp diff --git a/docs/devkits/xbox_one_s_xdk.jpg b/docs/_files/devkits/xbox_one_s_xdk.jpg similarity index 100% rename from docs/devkits/xbox_one_s_xdk.jpg rename to docs/_files/devkits/xbox_one_s_xdk.jpg diff --git a/docs/devkits/xbox_one_x_testkit.jpg b/docs/_files/devkits/xbox_one_x_testkit.jpg similarity index 100% rename from docs/devkits/xbox_one_x_testkit.jpg rename to docs/_files/devkits/xbox_one_x_testkit.jpg diff --git a/docs/devkits/xbox_one_x_xdk.jpg b/docs/_files/devkits/xbox_one_x_xdk.jpg similarity index 100% rename from docs/devkits/xbox_one_x_xdk.jpg rename to docs/_files/devkits/xbox_one_x_xdk.jpg diff --git a/docs/files/durango_southbridge_soc.gif b/docs/_files/durango_southbridge_soc.gif similarity index 100% rename from docs/files/durango_southbridge_soc.gif rename to docs/_files/durango_southbridge_soc.gif diff --git a/docs/emmc-flash/0_durango_read_nand_mb1.png b/docs/_files/emmc-flash/0_durango_read_nand_mb1.png similarity index 100% rename from docs/emmc-flash/0_durango_read_nand_mb1.png rename to docs/_files/emmc-flash/0_durango_read_nand_mb1.png diff --git a/docs/emmc-flash/1_durango_read_nand_mb2.png b/docs/_files/emmc-flash/1_durango_read_nand_mb2.png similarity index 100% rename from docs/emmc-flash/1_durango_read_nand_mb2.png rename to docs/_files/emmc-flash/1_durango_read_nand_mb2.png diff --git a/docs/emmc-flash/2_durango_read_nand_sdcard_pinout.png b/docs/_files/emmc-flash/2_durango_read_nand_sdcard_pinout.png similarity index 100% rename from docs/emmc-flash/2_durango_read_nand_sdcard_pinout.png rename to docs/_files/emmc-flash/2_durango_read_nand_sdcard_pinout.png diff --git a/docs/emmc-flash/3_durango_read_nand_smcreset.png b/docs/_files/emmc-flash/3_durango_read_nand_smcreset.png similarity index 100% rename from docs/emmc-flash/3_durango_read_nand_smcreset.png rename to docs/_files/emmc-flash/3_durango_read_nand_smcreset.png diff --git a/docs/emmc-flash/4_durango_read_nand_r4d2.png b/docs/_files/emmc-flash/4_durango_read_nand_r4d2.png similarity index 100% rename from docs/emmc-flash/4_durango_read_nand_r4d2.png rename to docs/_files/emmc-flash/4_durango_read_nand_r4d2.png diff --git a/docs/emmc-flash/5_durango_read_nand_3v3.png b/docs/_files/emmc-flash/5_durango_read_nand_3v3.png similarity index 100% rename from docs/emmc-flash/5_durango_read_nand_3v3.png rename to docs/_files/emmc-flash/5_durango_read_nand_3v3.png diff --git a/docs/emmc-flash/6_durango_read_nand_gnd.png b/docs/_files/emmc-flash/6_durango_read_nand_gnd.png similarity index 100% rename from docs/emmc-flash/6_durango_read_nand_gnd.png rename to docs/_files/emmc-flash/6_durango_read_nand_gnd.png diff --git a/docs/emmc-flash/7_durango_read_nand_connection.png b/docs/_files/emmc-flash/7_durango_read_nand_connection.png similarity index 100% rename from docs/emmc-flash/7_durango_read_nand_connection.png rename to docs/_files/emmc-flash/7_durango_read_nand_connection.png diff --git a/docs/kiosk-mode/kiosk_console.jpg b/docs/_files/kiosk_console.jpg similarity index 100% rename from docs/kiosk-mode/kiosk_console.jpg rename to docs/_files/kiosk_console.jpg diff --git a/docs/optical-disc-drive/plds_dg6m1s_label.JPG b/docs/_files/optical-disc-drive/plds_dg6m1s_label.JPG similarity index 100% rename from docs/optical-disc-drive/plds_dg6m1s_label.JPG rename to docs/_files/optical-disc-drive/plds_dg6m1s_label.JPG diff --git a/docs/optical-disc-drive/plds_dg6m1s_pcb_back.JPG b/docs/_files/optical-disc-drive/plds_dg6m1s_pcb_back.JPG similarity index 100% rename from docs/optical-disc-drive/plds_dg6m1s_pcb_back.JPG rename to docs/_files/optical-disc-drive/plds_dg6m1s_pcb_back.JPG diff --git a/docs/optical-disc-drive/plds_dg6m1s_pcb_front.JPG b/docs/_files/optical-disc-drive/plds_dg6m1s_pcb_front.JPG similarity index 100% rename from docs/optical-disc-drive/plds_dg6m1s_pcb_front.JPG rename to docs/_files/optical-disc-drive/plds_dg6m1s_pcb_front.JPG diff --git a/docs/optical-disc-drive/plds_dg6m1s_pcb_mounted.JPG b/docs/_files/optical-disc-drive/plds_dg6m1s_pcb_mounted.JPG similarity index 100% rename from docs/optical-disc-drive/plds_dg6m1s_pcb_mounted.JPG rename to docs/_files/optical-disc-drive/plds_dg6m1s_pcb_mounted.JPG diff --git a/docs/optical-disc-drive/plds_dg6m2s_label.JPG b/docs/_files/optical-disc-drive/plds_dg6m2s_label.JPG similarity index 100% rename from docs/optical-disc-drive/plds_dg6m2s_label.JPG rename to docs/_files/optical-disc-drive/plds_dg6m2s_label.JPG diff --git a/docs/optical-disc-drive/plds_dg6m2s_pcb_back.JPG b/docs/_files/optical-disc-drive/plds_dg6m2s_pcb_back.JPG similarity index 100% rename from docs/optical-disc-drive/plds_dg6m2s_pcb_back.JPG rename to docs/_files/optical-disc-drive/plds_dg6m2s_pcb_back.JPG diff --git a/docs/optical-disc-drive/plds_dg6m2s_pcb_front.JPG b/docs/_files/optical-disc-drive/plds_dg6m2s_pcb_front.JPG similarity index 100% rename from docs/optical-disc-drive/plds_dg6m2s_pcb_front.JPG rename to docs/_files/optical-disc-drive/plds_dg6m2s_pcb_front.JPG diff --git a/docs/optical-disc-drive/plds_dg6m2s_pcb_mounted.JPG b/docs/_files/optical-disc-drive/plds_dg6m2s_pcb_mounted.JPG similarity index 100% rename from docs/optical-disc-drive/plds_dg6m2s_pcb_mounted.JPG rename to docs/_files/optical-disc-drive/plds_dg6m2s_pcb_mounted.JPG diff --git a/docs/rf-unit/1811151450_Nuvoton-Tech-ISD9160FI_C79806.pdf b/docs/_files/rf-unit/1811151450_Nuvoton-Tech-ISD9160FI_C79806.pdf similarity index 100% rename from docs/rf-unit/1811151450_Nuvoton-Tech-ISD9160FI_C79806.pdf rename to docs/_files/rf-unit/1811151450_Nuvoton-Tech-ISD9160FI_C79806.pdf diff --git a/docs/rf-unit/isd9160f_pinout.png b/docs/_files/rf-unit/isd9160f_pinout.png similarity index 100% rename from docs/rf-unit/isd9160f_pinout.png rename to docs/_files/rf-unit/isd9160f_pinout.png diff --git a/docs/rf-unit/rf_unit_phat_back.jpg b/docs/_files/rf-unit/rf_unit_phat_back.jpg similarity index 100% rename from docs/rf-unit/rf_unit_phat_back.jpg rename to docs/_files/rf-unit/rf_unit_phat_back.jpg diff --git a/docs/rf-unit/rf_unit_phat_front.jpg b/docs/_files/rf-unit/rf_unit_phat_front.jpg similarity index 100% rename from docs/rf-unit/rf_unit_phat_front.jpg rename to docs/_files/rf-unit/rf_unit_phat_front.jpg diff --git a/docs/rf-unit/rf_unit_slim_back.jpg b/docs/_files/rf-unit/rf_unit_slim_back.jpg similarity index 100% rename from docs/rf-unit/rf_unit_slim_back.jpg rename to docs/_files/rf-unit/rf_unit_slim_back.jpg diff --git a/docs/rf-unit/rf_unit_slim_front.jpg b/docs/_files/rf-unit/rf_unit_slim_front.jpg similarity index 100% rename from docs/rf-unit/rf_unit_slim_front.jpg rename to docs/_files/rf-unit/rf_unit_slim_front.jpg diff --git a/docs/hardware/M1037358-004/back.jpg b/docs/_files/skus/M1037358-004/back.jpg similarity index 100% rename from docs/hardware/M1037358-004/back.jpg rename to docs/_files/skus/M1037358-004/back.jpg diff --git a/docs/hardware/M1037358-004/front.jpg b/docs/_files/skus/M1037358-004/front.jpg similarity index 100% rename from docs/hardware/M1037358-004/front.jpg rename to docs/_files/skus/M1037358-004/front.jpg diff --git a/docs/hardware/M1037358-004/sticker.jpg b/docs/_files/skus/M1037358-004/sticker.jpg similarity index 100% rename from docs/hardware/M1037358-004/sticker.jpg rename to docs/_files/skus/M1037358-004/sticker.jpg diff --git a/docs/hardware/X877750-003/back.jpg b/docs/_files/skus/X877750-003/back.jpg similarity index 100% rename from docs/hardware/X877750-003/back.jpg rename to docs/_files/skus/X877750-003/back.jpg diff --git a/docs/hardware/X877750-003/front.jpg b/docs/_files/skus/X877750-003/front.jpg similarity index 100% rename from docs/hardware/X877750-003/front.jpg rename to docs/_files/skus/X877750-003/front.jpg diff --git a/docs/hardware/X877750-003/sticker.jpg b/docs/_files/skus/X877750-003/sticker.jpg similarity index 100% rename from docs/hardware/X877750-003/sticker.jpg rename to docs/_files/skus/X877750-003/sticker.jpg diff --git a/docs/hardware/X887998-010/back.jpeg b/docs/_files/skus/X887998-010/back.jpeg similarity index 100% rename from docs/hardware/X887998-010/back.jpeg rename to docs/_files/skus/X887998-010/back.jpeg diff --git a/docs/hardware/X887998-010/front.jpeg b/docs/_files/skus/X887998-010/front.jpeg similarity index 100% rename from docs/hardware/X887998-010/front.jpeg rename to docs/_files/skus/X887998-010/front.jpeg diff --git a/docs/hardware/X902472-006/back.jpeg b/docs/_files/skus/X902472-006/back.jpeg similarity index 100% rename from docs/hardware/X902472-006/back.jpeg rename to docs/_files/skus/X902472-006/back.jpeg diff --git a/docs/hardware/X902472-006/front.jpeg b/docs/_files/skus/X902472-006/front.jpeg similarity index 100% rename from docs/hardware/X902472-006/front.jpeg rename to docs/_files/skus/X902472-006/front.jpeg diff --git a/docs/setup-dev-mode/vs_setup_dev_mode.png b/docs/_files/vs_setup_dev_mode.png similarity index 100% rename from docs/setup-dev-mode/vs_setup_dev_mode.png rename to docs/_files/vs_setup_dev_mode.png diff --git a/docs/wifi/wifi_module_cable_phat_back.jpg b/docs/_files/wifi/wifi_module_cable_phat_back.jpg similarity index 100% rename from docs/wifi/wifi_module_cable_phat_back.jpg rename to docs/_files/wifi/wifi_module_cable_phat_back.jpg diff --git a/docs/wifi/wifi_module_cable_phat_front.jpg b/docs/_files/wifi/wifi_module_cable_phat_front.jpg similarity index 100% rename from docs/wifi/wifi_module_cable_phat_front.jpg rename to docs/_files/wifi/wifi_module_cable_phat_front.jpg diff --git a/docs/wifi/wifi_module_pcb_phat_back.jpg b/docs/_files/wifi/wifi_module_pcb_phat_back.jpg similarity index 100% rename from docs/wifi/wifi_module_pcb_phat_back.jpg rename to docs/_files/wifi/wifi_module_pcb_phat_back.jpg diff --git a/docs/wifi/wifi_module_pcb_phat_decapped.jpg b/docs/_files/wifi/wifi_module_pcb_phat_decapped.jpg similarity index 100% rename from docs/wifi/wifi_module_pcb_phat_decapped.jpg rename to docs/_files/wifi/wifi_module_pcb_phat_decapped.jpg diff --git a/docs/wifi/wifi_module_pcb_phat_front.jpg b/docs/_files/wifi/wifi_module_pcb_phat_front.jpg similarity index 100% rename from docs/wifi/wifi_module_pcb_phat_front.jpg rename to docs/_files/wifi/wifi_module_pcb_phat_front.jpg diff --git a/docs/wifi/wifi_module_pcb_slim_back.jpg b/docs/_files/wifi/wifi_module_pcb_slim_back.jpg similarity index 100% rename from docs/wifi/wifi_module_pcb_slim_back.jpg rename to docs/_files/wifi/wifi_module_pcb_slim_back.jpg diff --git a/docs/wifi/wifi_module_pcb_slim_front.jpg b/docs/_files/wifi/wifi_module_pcb_slim_front.jpg similarity index 100% rename from docs/wifi/wifi_module_pcb_slim_front.jpg rename to docs/_files/wifi/wifi_module_pcb_slim_front.jpg diff --git a/docs/winuserguide/wiki1.png b/docs/_files/winuserguide/wiki1.png similarity index 100% rename from docs/winuserguide/wiki1.png rename to docs/_files/winuserguide/wiki1.png diff --git a/docs/winuserguide/wiki2.png b/docs/_files/winuserguide/wiki2.png similarity index 100% rename from docs/winuserguide/wiki2.png rename to docs/_files/winuserguide/wiki2.png diff --git a/docs/xbox-ui/xboxui_schema.png b/docs/_files/xboxui_schema.png similarity index 100% rename from docs/xbox-ui/xboxui_schema.png rename to docs/_files/xboxui_schema.png diff --git a/docs/xdk_transfer/XDKTransfer.jpg b/docs/_files/xdk_transfer/XDKTransfer.jpg similarity index 100% rename from docs/xdk_transfer/XDKTransfer.jpg rename to docs/_files/xdk_transfer/XDKTransfer.jpg diff --git a/docs/xdk_transfer/thumb_transfer_back.jpg b/docs/_files/xdk_transfer/thumb_transfer_back.jpg similarity index 100% rename from docs/xdk_transfer/thumb_transfer_back.jpg rename to docs/_files/xdk_transfer/thumb_transfer_back.jpg diff --git a/docs/xdk_transfer/thumb_transfer_front.jpg b/docs/_files/xdk_transfer/thumb_transfer_front.jpg similarity index 100% rename from docs/xdk_transfer/thumb_transfer_front.jpg rename to docs/_files/xdk_transfer/thumb_transfer_front.jpg diff --git a/docs/xdk_transfer/transfer_back.jpg b/docs/_files/xdk_transfer/transfer_back.jpg similarity index 100% rename from docs/xdk_transfer/transfer_back.jpg rename to docs/_files/xdk_transfer/transfer_back.jpg diff --git a/docs/xdk_transfer/transfer_front.jpg b/docs/_files/xdk_transfer/transfer_front.jpg similarity index 100% rename from docs/xdk_transfer/transfer_front.jpg rename to docs/_files/xdk_transfer/transfer_front.jpg diff --git a/docs/xdk_transfer/xdk_transfer_block_diagram.png b/docs/_files/xdk_transfer/xdk_transfer_block_diagram.png similarity index 100% rename from docs/xdk_transfer/xdk_transfer_block_diagram.png rename to docs/_files/xdk_transfer/xdk_transfer_block_diagram.png diff --git a/docs/xdk_transfer/xdk_transfer_teardown.png b/docs/_files/xdk_transfer/xdk_transfer_teardown.png similarity index 100% rename from docs/xdk_transfer/xdk_transfer_teardown.png rename to docs/_files/xdk_transfer/xdk_transfer_teardown.png diff --git a/docs/xbox-live/xsts-token-structure.png b/docs/_files/xsts-token-structure.png similarity index 100% rename from docs/xbox-live/xsts-token-structure.png rename to docs/_files/xsts-token-structure.png diff --git a/docs/bootanimation.md b/docs/boot/bootanimation.md similarity index 100% rename from docs/bootanimation.md rename to docs/boot/bootanimation.md diff --git a/docs/bootloaders.md b/docs/boot/bootloaders.md similarity index 100% rename from docs/bootloaders.md rename to docs/boot/bootloaders.md diff --git a/docs/southbridge-file-system.md b/docs/boot/southbridge-file-system.md similarity index 100% rename from docs/southbridge-file-system.md rename to docs/boot/southbridge-file-system.md diff --git a/docs/usb-ntfs-overrides.md b/docs/boot/usb-ntfs-overrides.md similarity index 100% rename from docs/usb-ntfs-overrides.md rename to docs/boot/usb-ntfs-overrides.md diff --git a/docs/vbi.md b/docs/boot/vbi.md similarity index 100% rename from docs/vbi.md rename to docs/boot/vbi.md diff --git a/docs/xbox-boot-file-system.md b/docs/boot/xbox-boot-file-system.md similarity index 75% rename from docs/xbox-boot-file-system.md rename to docs/boot/xbox-boot-file-system.md index 9a1647e..a042747 100644 --- a/docs/xbox-boot-file-system.md +++ b/docs/boot/xbox-boot-file-system.md @@ -91,33 +91,33 @@ Size: 0x10 ## File Entries -| Index | Name | Format | Plaintext | Information | Per console | -| ----- | ------------ | ------ | --------- | --------------------------------------------- | ----------- | -| 01 | 1smcbl_a.bin | binary | no | SMC bootloader, slot A | no | -| 02 | header.bin | binary | yes | XBFS header | no | -| 03 | devkit.ini | binary | no | devkit ini | unknown | -| 04 | mtedata.cfg | binary | no | MTE data | unknown | -| 05 | certkeys.bin | binary | yes | [SP/SMC Bootcap cert](certificates.md) | yes | -| 06 | smcerr.log | binary | no | SMC error log | no | -| 07 | system.xvd | xvd | yes | SystemOS VM partition | no | -| 08 | $sosrst.xvd | xvd | yes | SystemOS restore | no | -| 09 | download.xvd | xvd | yes | Download ??? | no | -| 10 | smc_s.cfg | binary | no | SMC config - static | unknown | -| 11 | sp_s.cfg | binary | partially | [SP - static (console cert)](certificates.md) | yes | -| 12 | os_s.cfg | binary | no | OS config - static | unknown | -| 13 | smc_d.cfg | binary | no | SMC config - dynamic | unknown | -| 14 | sp_d.cfg | binary | no | SP config - dynamic | unknown | -| 15 | os_d.cfg | binary | no | OS config - dynamic | unknown | -| 16 | smcfw.bin | binary | no | SMC firmware | unknown | -| 17 | boot.bin | binary | no | [Bootloaders](bootloaders.md) | unknown | -| 18 | host.xvd | xvd | yes | HostOS partition | no | -| 19 | settings.xvd | xvd | yes | Settings | no | -| 20 | 1smcbl_b.bin | binary | no | SMC bootloader, slot B | no | -| 21 | bootanim.dat | binary | yes | [Bootanimation](bootanimation.md) | no | -| 22 | sostmpl.xvd | xvd | yes | SystemOS template | no | -| 23 | update.cfg | binary | yes | Update config / log? | unknown | -| 24 | sosinit.xvd | xvd | yes | SystemOS init | no | -| 25 | hwinit.cfg | binary | no | Hardware init config | unknown | +| Index | Name | Format | Plaintext | Information | Per console | +| ----- | ------------ | ------ | --------- | --------------------------------------------------------- | ----------- | +| 01 | 1smcbl_a.bin | binary | no | SMC bootloader, slot A | no | +| 02 | header.bin | binary | yes | XBFS header | no | +| 03 | devkit.ini | binary | no | devkit ini | unknown | +| 04 | mtedata.cfg | binary | no | MTE data | unknown | +| 05 | certkeys.bin | binary | yes | [SP/SMC Bootcap cert](../security/certificates.md) | yes | +| 06 | smcerr.log | binary | no | SMC error log | no | +| 07 | system.xvd | xvd | yes | SystemOS VM partition | no | +| 08 | $sosrst.xvd | xvd | yes | SystemOS restore | no | +| 09 | download.xvd | xvd | yes | Download ??? | no | +| 10 | smc_s.cfg | binary | no | SMC config - static | unknown | +| 11 | sp_s.cfg | binary | partially | [SP - static (console cert)](../security/certificates.md) | yes | +| 12 | os_s.cfg | binary | no | OS config - static | unknown | +| 13 | smc_d.cfg | binary | no | SMC config - dynamic | unknown | +| 14 | sp_d.cfg | binary | no | SP config - dynamic | unknown | +| 15 | os_d.cfg | binary | no | OS config - dynamic | unknown | +| 16 | smcfw.bin | binary | no | SMC firmware | unknown | +| 17 | boot.bin | binary | no | [Bootloaders](../boot/bootloaders.md) | unknown | +| 18 | host.xvd | xvd | yes | HostOS partition | no | +| 19 | settings.xvd | xvd | yes | Settings | no | +| 20 | 1smcbl_b.bin | binary | no | SMC bootloader, slot B | no | +| 21 | bootanim.dat | binary | yes | [Bootanimation](../boot/bootanimation.md) | no | +| 22 | sostmpl.xvd | xvd | yes | SystemOS template | no | +| 23 | update.cfg | binary | yes | Update config / log? | unknown | +| 24 | sosinit.xvd | xvd | yes | SystemOS init | no | +| 25 | hwinit.cfg | binary | no | Hardware init config | unknown | Note: Only XVD header is plaintext, data portion is encrypted as usual. Per Console: Is file encrypted via console specific keys or locked to console by SocId. @@ -132,7 +132,7 @@ Access to the Flash from SystemOS is possible via the provided pipes: ## Tools -[QuantumTunnel](https://github.com/XboxOneResearch/QuantumTunnel) - (.NET Core) XBFS dumping tool that runs in [SystemOS](xbox-operating-system.md#system) to dump the XBFS from the console. It does require Administrator/NT System privileges. +[QuantumTunnel](https://github.com/XboxOneResearch/QuantumTunnel) - (.NET Core) XBFS dumping tool that runs in [SystemOS](../operating-system/xbox-operating-system.md#system) to dump the XBFS from the console. It does require Administrator/NT System privileges. [xvdtool (XBFSTool)](https://github.com/emoose/xvdtool) - (.NET Core)Parsing / extraction of a raw XBFS image. diff --git a/docs/codenames.md b/docs/codenames.md deleted file mode 100644 index 6702119..0000000 --- a/docs/codenames.md +++ /dev/null @@ -1,37 +0,0 @@ -# Codenames - -This page contains a list of known internal codenames for hardware, software, accesories, or other components of the Xbox one. - -| Codename | Product / App Name | Category | Description or Comments | -|----------|-------------|------|------| -| Arden/Sparkman | Codename(s)? for the Xbox Series S/X secure AMD enclave | Hardware | N/A | -| Keystone | A [cancelled](https://kotaku.com/xbox-game-pass-keystone-microsoft-halo-infinite-1849790199) Xbox Streaming platform / hardware device | Hardware | N/A | -| Cordova | Codename for one of the Xbox One ODD hardware revisions | Hardware | N/A | -| Lancaster | Codename for one of the Xbox One ODD hardware revisions | Hardware | N/A | -| Monterey | Codename for one of the Xbox One ODD hardware revisions | Hardware | N/A | -| Argos | Codename for the [Zebra prototype controller](https://x.com/TorusHyperV/status/1690416005564993536?s=20) hardware | Hardware | N/A | -| Geneva | Presumably, codename for some uncertain controller prototype hardware | Hardware | N/A | -| Nui / nuisensor | Kinect | Hardware | Internal name for Kinect, still used in official APIs and drivers | -| Petra | Presumably, a codename of an earlier Kinect prototype hardware version | Hardware | N/A | -| Nazca | Presumably, a codename of an earlier Kinect prototype hardware version | Hardware | N/A | -| Ameri | Presumably, a codename of an earlier Kinect prototype hardware version | Hardware | N/A | -| Durango | Codename for the retail Xbox One PHAT day One mainboard revision | Hardware | NOTE: Durango was also used during 2012-2013 to refer to Xbox One alpha prorotypes. However nowadays the name is mostly used to refer to the day one console hardware version. | -| Graybull | Codename for the retail Xbox One PHAT day One mainboard revision | Hardware | refers to the same retail board as Durango | -| Silverton | Codename for a retail Xbox One PHAT mainboard revision | Hardware | N/A | -| Edmonton | Codename for the retail Xbox One S mainboard revision | Hardware | N/A | -| Kingston | Codename for the retail Xbox One S mainboard revision - presumably same as edmonton | Hardware | Leaked schematics presumably refer to the Xbox One S as Kingston Retail | -| Carmel | Codename for some mainboard revision - needs verification wether this is an Xbox One S flavour or is it Xbox One PHAT / Xbox One X! | Hardware | N/A | -| Cactus | Codename for the retail Xbox One X mainboard | Hardware | The PCBs sometimes include the Cactus text | -| Scorpio | Codename for the retail Xbox One X mainboard | Hardware | Used interchangeably with Cactus | -| Zurich | [Xbox One Digital Tv Tuner Adapter](https://www.amazon.de/Xbox-One-Digital-TV-Tuner/dp/B00E97HVJI) | Hardware | N/A | -| Brittlebush | [XDK Transfer Device](xdk_transfer.md) | Hardware | N/A | -| Zephyrus | Internal and API name of the Xbox Adaptive Controller | Hardware | Some prototype appeared online for sale in late 2023 | -| Merlin | Series X/S Controller | Hardware | Xbox Accessories App Image Names | -| Troy | Elite (Generation One) Controller | Hardware | Xbox Accessories App Image Names | -| Delphi | Elite (Generation Two) Controller | Hardware | Xbox Accessories App Image Names | -| Crete | Xbox One Controller Revision (BT + 3.5mm) | Hardware | Xbox Accessories App Image Names | -| Merlin | Series X/S Controller | Hardware | Xbox Accessories App Image Names | -| Norland | Xbox Stereo Headset (Generation One) | Hardware | Xbox Accessories App Image Names | -| Parkview | Xbox Stereo Headset (Generation Two) | Hardware | Xbox Accessories App Image Names | -| Orren | Unknown controller hardware | Hardware | Found [here](https://xbaccessories.blob.core.windows.net/accessories/M/XB_GA_ew92RW1KHEGfgr6ZoY3DyQ.json) | -| Xiphos | Codename for the GIP (Gamepad Input Provider) service in SystemOS | Software | N/A | diff --git a/docs/console-revisions.md b/docs/console-models/console-revisions.md similarity index 100% rename from docs/console-revisions.md rename to docs/console-models/console-revisions.md diff --git a/docs/devkit-types.md b/docs/console-models/devkit-types.md similarity index 79% rename from docs/devkit-types.md rename to docs/console-models/devkit-types.md index f345e8e..1644421 100644 --- a/docs/devkit-types.md +++ b/docs/console-models/devkit-types.md @@ -3,11 +3,11 @@ # Devkits -Most Xbox One devkits start out life as an off the shelf retail console (with the exception of special SP kits I will cover below). An Xbox One's devkit type and abilities or capabilities are defined by a file stored on the flash called "certkeys.bin." - certkeys.bin is referred to as the [Capability Certificate](certificates.md) by the Platform Security Processor ([PSP](security-processor.md)) and it will be referred to as such from here on out. +Most Xbox One devkits start out life as an off the shelf retail console (with the exception of special SP kits I will cover below). An Xbox One's devkit type and abilities or capabilities are defined by a file stored on the flash called "certkeys.bin." - certkeys.bin is referred to as the [Capability Certificate](../security/certificates.md) by the Platform Security Processor ([PSP](../security/security-processor.md)) and it will be referred to as such from here on out. It should be noted that capability certificates are locked to a particular console via the SOCID (Reported as Console ID in settings). The entire certificate is then signed to prevent tampering. -A capability certificate defines what capabilities an Xbox One console is allowed to enable (This is regulated via the [PSP](security-processor.md) and to a degree, HostOS.) The capabilities range from enabling Devmode and the respective developer services, ignoring requests to blowing e-fuses, HostOS telnet and Retail debugging, and much more. +A capability certificate defines what capabilities an Xbox One console is allowed to enable (This is regulated via the [PSP](../security/security-processor.md) and to a degree, HostOS.) The capabilities range from enabling Devmode and the respective developer services, ignoring requests to blowing e-fuses, HostOS telnet and Retail debugging, and much more. ## Devkit types classified by software There are different types of devkits @@ -24,34 +24,34 @@ There are different types of devkits ## Certificates -See [Certificates](certificates.md) +See [Certificates](../security/certificates.md) ## Godbox Certificate -A magical capability certificate ([$Diagnosis/debug.bin on a NTFS USB](usb-ntfs-overrides.md)) that will temporaily activate a retail console as a limited Godbox for 24 hours. Kernel/User-Mode debugging is only possible on SystemOS and GameOS, not HostOS, and the temporary kit requires authentication against Live. +A magical capability certificate ([$Diagnosis/debug.bin on a NTFS USB](../boot/usb-ntfs-overrides.md)) that will temporaily activate a retail console as a limited Godbox for 24 hours. Kernel/User-Mode debugging is only possible on SystemOS and GameOS, not HostOS, and the temporary kit requires authentication against Live. ## Devkit types classified by hardware Hardware wise, a bunch of different Xbox One and Xbox Series models exist. These are some of them, which mostly correspond to the ERA type mentioned in the previous section: **Xbox One PHAT game devkit:** -![](./devkits/xbox_one_phat_xdk.webp) +![](../_files/devkits/xbox_one_phat_xdk.webp) **Xbox One S game devkit:** -![](./devkits/xbox_one_s_xdk.jpg) +![](../_files/devkits/xbox_one_s_xdk.jpg) **Xbox One X testkit:** -![inextestkit](./devkits/xbox_one_x_testkit.jpg) +![inextestkit](../_files/devkits/xbox_one_x_testkit.jpg) **Xbox One X game devkit:** -![Xb1X-ERA](./devkits/xbox_one_x_xdk.jpg) +![Xb1X-ERA](../_files/devkits/xbox_one_x_xdk.jpg) **Xbox Series S/X game devkit (pre-release):** -![Series X XDK](./devkits/series_x_xdk.jpg) +![Series X XDK](../_files/devkits/series_x_xdk.jpg) **Xbox Series X game devkit (release version):** No pictures have surfaced yet, or no special game devkit with a retail Series X format exists. **Xbox Series S game devkit (release version):** -![](./devkits/series_s_release_xdk.png) +![](../_files/devkits/series_s_release_xdk.png) diff --git a/docs/retail-xone-skus.md b/docs/console-models/retail-xone-skus.md similarity index 83% rename from docs/retail-xone-skus.md rename to docs/console-models/retail-xone-skus.md index 56e1afd..6009053 100644 --- a/docs/retail-xone-skus.md +++ b/docs/console-models/retail-xone-skus.md @@ -45,9 +45,9 @@ Use the following guidelines: * **Owned by / Contributed by**: Bradman117 * **Pictures**: -![X887998-010 Front](hardware/X877750-003/front.jpg) -![X887998-010 Sticker](hardware/X877750-003/sticker.jpg) -![X887998-010 Back](hardware/X877750-003/back.jpg) +![X887998-010 Front](../_files/skus/X877750-003/front.jpg) +![X887998-010 Sticker](../_files/skus/X877750-003/sticker.jpg) +![X887998-010 Back](../_files/skus/X877750-003/back.jpg) ### Silverton Revisions @@ -69,8 +69,8 @@ Not available yet * **Owned by / Contributed by**: TorusHyperV * **Pictures**: -![X887998-010 Front](hardware/X887998-010/front.jpeg) -![X887998-010 Back](hardware/X887998-010/back.jpeg) +![X887998-010 Front](../_files/skus/X887998-010/front.jpeg) +![X887998-010 Back](../_files/skus/X887998-010/back.jpeg) --- @@ -80,8 +80,8 @@ Not available yet * **Owned by / Contributed by**: TorusHyperV * **Pictures**: -![X902472-006 Front](hardware/X902472-006/front.jpeg) -![X902472-006 Back](hardware/X902472-006/back.jpeg) +![X902472-006 Front](../_files/skus/X902472-006/front.jpeg) +![X902472-006 Back](../_files/skus/X902472-006/back.jpeg) ## Xbox One S @@ -99,6 +99,6 @@ _Your help is needed to complete this page! Fork this repo and make a Pull Reque * **Owned by / Contributed by**: Bradman117 * **Pictures**: -![M1037358-004 Front](hardware/M1037358-004/front.jpg) -![M1037358-004 Back](hardware/M1037358-004/back.jpg) -![M1037358-004 Back](hardware/M1037358-004/sticker.jpg) +![M1037358-004 Front](../_files/skus/M1037358-004/front.jpg) +![M1037358-004 Back](../_files/skus/M1037358-004/back.jpg) +![M1037358-004 Back](../_files/skus/M1037358-004/sticker.jpg) diff --git a/docs/compiling-for-xbox.md b/docs/development/compiling-for-xbox.md similarity index 100% rename from docs/compiling-for-xbox.md rename to docs/development/compiling-for-xbox.md diff --git a/docs/creating-a-win-user.md b/docs/development/creating-a-win-user.md similarity index 91% rename from docs/creating-a-win-user.md rename to docs/development/creating-a-win-user.md index b0c6b72..3b545b2 100644 --- a/docs/creating-a-win-user.md +++ b/docs/development/creating-a-win-user.md @@ -14,13 +14,13 @@ Locate net1 on your local Windows installation at `C:\Windows\System32\net1.exe. SSH into SystemOS using the DevToolsUser user. Navigate to `D:\DevelopmentFiles` if not already there and run the following command to create a new Windows User. Replacing "myexampleuser" with the username of your choice, and "supersecret" with the password of your choice respectively. -![net1 user exampleuser supersecret /add](winuserguide/wiki1.png) +![net1 user exampleuser supersecret /add](../_files/winuserguide/wiki1.png) ## Verifying SSH After your user has been created, go ahead and exit out of the DevToolsUser ssh session. Then in a command prompt, run following command, replacing "myexampleuser" and the IP address with your devkit's IP address respectively. -![ssh myexampleuser@192.168.1.236](winuserguide/wiki2.png) +![ssh myexampleuser@192.168.1.236](../_files/winuserguide/wiki2.png) Enter your password, and if everything went well, you should be dropped to a command prompt in your user folder. diff --git a/docs/dev-portal-api/api/app-packagemanager-networkapp.md b/docs/development/dev-portal-api/api/app-packagemanager-networkapp.md similarity index 100% rename from docs/dev-portal-api/api/app-packagemanager-networkapp.md rename to docs/development/dev-portal-api/api/app-packagemanager-networkapp.md diff --git a/docs/dev-portal-api/api/app-packagemanager-package.md b/docs/development/dev-portal-api/api/app-packagemanager-package.md similarity index 100% rename from docs/dev-portal-api/api/app-packagemanager-package.md rename to docs/development/dev-portal-api/api/app-packagemanager-package.md diff --git a/docs/dev-portal-api/api/app-packagemanager-packages.md b/docs/development/dev-portal-api/api/app-packagemanager-packages.md similarity index 100% rename from docs/dev-portal-api/api/app-packagemanager-packages.md rename to docs/development/dev-portal-api/api/app-packagemanager-packages.md diff --git a/docs/dev-portal-api/api/app-packagemanager-register.md b/docs/development/dev-portal-api/api/app-packagemanager-register.md similarity index 100% rename from docs/dev-portal-api/api/app-packagemanager-register.md rename to docs/development/dev-portal-api/api/app-packagemanager-register.md diff --git a/docs/dev-portal-api/api/app-packagemanager-state.md b/docs/development/dev-portal-api/api/app-packagemanager-state.md similarity index 100% rename from docs/dev-portal-api/api/app-packagemanager-state.md rename to docs/development/dev-portal-api/api/app-packagemanager-state.md diff --git a/docs/dev-portal-api/api/app-packagemanager-upload.md b/docs/development/dev-portal-api/api/app-packagemanager-upload.md similarity index 100% rename from docs/dev-portal-api/api/app-packagemanager-upload.md rename to docs/development/dev-portal-api/api/app-packagemanager-upload.md diff --git a/docs/dev-portal-api/api/appx-packagemanager-networkapp.md b/docs/development/dev-portal-api/api/appx-packagemanager-networkapp.md similarity index 100% rename from docs/dev-portal-api/api/appx-packagemanager-networkapp.md rename to docs/development/dev-portal-api/api/appx-packagemanager-networkapp.md diff --git a/docs/dev-portal-api/api/appx-packagemanager-package.md b/docs/development/dev-portal-api/api/appx-packagemanager-package.md similarity index 100% rename from docs/dev-portal-api/api/appx-packagemanager-package.md rename to docs/development/dev-portal-api/api/appx-packagemanager-package.md diff --git a/docs/dev-portal-api/api/appx-packagemanager-packages.md b/docs/development/dev-portal-api/api/appx-packagemanager-packages.md similarity index 100% rename from docs/dev-portal-api/api/appx-packagemanager-packages.md rename to docs/development/dev-portal-api/api/appx-packagemanager-packages.md diff --git a/docs/dev-portal-api/api/appx-packagemanager-state.md b/docs/development/dev-portal-api/api/appx-packagemanager-state.md similarity index 100% rename from docs/dev-portal-api/api/appx-packagemanager-state.md rename to docs/development/dev-portal-api/api/appx-packagemanager-state.md diff --git a/docs/dev-portal-api/api/os-machinename.md b/docs/development/dev-portal-api/api/os-machinename.md similarity index 100% rename from docs/dev-portal-api/api/os-machinename.md rename to docs/development/dev-portal-api/api/os-machinename.md diff --git a/docs/dev-portal-api/device-portal-pages.md b/docs/development/dev-portal-api/device-portal-pages.md similarity index 100% rename from docs/dev-portal-api/device-portal-pages.md rename to docs/development/dev-portal-api/device-portal-pages.md diff --git a/docs/dev-portal-api/ext/app-deployinfo.md b/docs/development/dev-portal-api/ext/app-deployinfo.md similarity index 100% rename from docs/dev-portal-api/ext/app-deployinfo.md rename to docs/development/dev-portal-api/ext/app-deployinfo.md diff --git a/docs/dev-portal-api/ext/app-move.md b/docs/development/dev-portal-api/ext/app-move.md similarity index 100% rename from docs/dev-portal-api/ext/app-move.md rename to docs/development/dev-portal-api/ext/app-move.md diff --git a/docs/dev-portal-api/ext/app-packagemanager-era-available.md b/docs/development/dev-portal-api/ext/app-packagemanager-era-available.md similarity index 100% rename from docs/dev-portal-api/ext/app-packagemanager-era-available.md rename to docs/development/dev-portal-api/ext/app-packagemanager-era-available.md diff --git a/docs/dev-portal-api/ext/app-packagemanager-era-check.md b/docs/development/dev-portal-api/ext/app-packagemanager-era-check.md similarity index 100% rename from docs/dev-portal-api/ext/app-packagemanager-era-check.md rename to docs/development/dev-portal-api/ext/app-packagemanager-era-check.md diff --git a/docs/dev-portal-api/ext/app-packagemanager-era-register.md b/docs/development/dev-portal-api/ext/app-packagemanager-era-register.md similarity index 100% rename from docs/dev-portal-api/ext/app-packagemanager-era-register.md rename to docs/development/dev-portal-api/ext/app-packagemanager-era-register.md diff --git a/docs/dev-portal-api/ext/app-packagemanager-era-registernetwork.md b/docs/development/dev-portal-api/ext/app-packagemanager-era-registernetwork.md similarity index 100% rename from docs/dev-portal-api/ext/app-packagemanager-era-registernetwork.md rename to docs/development/dev-portal-api/ext/app-packagemanager-era-registernetwork.md diff --git a/docs/dev-portal-api/ext/app-packagemanager-era-streaming.md b/docs/development/dev-portal-api/ext/app-packagemanager-era-streaming.md similarity index 100% rename from docs/dev-portal-api/ext/app-packagemanager-era-streaming.md rename to docs/development/dev-portal-api/ext/app-packagemanager-era-streaming.md diff --git a/docs/dev-portal-api/ext/app-packagemanager-era-upload.md b/docs/development/dev-portal-api/ext/app-packagemanager-era-upload.md similarity index 100% rename from docs/dev-portal-api/ext/app-packagemanager-era-upload.md rename to docs/development/dev-portal-api/ext/app-packagemanager-era-upload.md diff --git a/docs/dev-portal-api/ext/app-sshpins.md b/docs/development/dev-portal-api/ext/app-sshpins.md similarity index 100% rename from docs/dev-portal-api/ext/app-sshpins.md rename to docs/development/dev-portal-api/ext/app-sshpins.md diff --git a/docs/dev-portal-api/ext/app-unregistered.md b/docs/development/dev-portal-api/ext/app-unregistered.md similarity index 100% rename from docs/dev-portal-api/ext/app-unregistered.md rename to docs/development/dev-portal-api/ext/app-unregistered.md diff --git a/docs/dev-portal-api/ext/fiddler.md b/docs/development/dev-portal-api/ext/fiddler.md similarity index 100% rename from docs/dev-portal-api/ext/fiddler.md rename to docs/development/dev-portal-api/ext/fiddler.md diff --git a/docs/dev-portal-api/ext/frontpanel.md b/docs/development/dev-portal-api/ext/frontpanel.md similarity index 100% rename from docs/dev-portal-api/ext/frontpanel.md rename to docs/development/dev-portal-api/ext/frontpanel.md diff --git a/docs/dev-portal-api/ext/httpMonitor-sessions.md b/docs/development/dev-portal-api/ext/httpMonitor-sessions.md similarity index 100% rename from docs/dev-portal-api/ext/httpMonitor-sessions.md rename to docs/development/dev-portal-api/ext/httpMonitor-sessions.md diff --git a/docs/dev-portal-api/ext/networkcredentials.md b/docs/development/dev-portal-api/ext/networkcredentials.md similarity index 100% rename from docs/dev-portal-api/ext/networkcredentials.md rename to docs/development/dev-portal-api/ext/networkcredentials.md diff --git a/docs/dev-portal-api/ext/remoteinput-controllers.md b/docs/development/dev-portal-api/ext/remoteinput-controllers.md similarity index 100% rename from docs/dev-portal-api/ext/remoteinput-controllers.md rename to docs/development/dev-portal-api/ext/remoteinput-controllers.md diff --git a/docs/dev-portal-api/ext/remoteinput.md b/docs/development/dev-portal-api/ext/remoteinput.md similarity index 100% rename from docs/dev-portal-api/ext/remoteinput.md rename to docs/development/dev-portal-api/ext/remoteinput.md diff --git a/docs/dev-portal-api/ext/screenshot.md b/docs/development/dev-portal-api/ext/screenshot.md similarity index 100% rename from docs/dev-portal-api/ext/screenshot.md rename to docs/development/dev-portal-api/ext/screenshot.md diff --git a/docs/dev-portal-api/ext/settings.md b/docs/development/dev-portal-api/ext/settings.md similarity index 100% rename from docs/dev-portal-api/ext/settings.md rename to docs/development/dev-portal-api/ext/settings.md diff --git a/docs/dev-portal-api/ext/smb-developerfolder.md b/docs/development/dev-portal-api/ext/smb-developerfolder.md similarity index 100% rename from docs/dev-portal-api/ext/smb-developerfolder.md rename to docs/development/dev-portal-api/ext/smb-developerfolder.md diff --git a/docs/dev-portal-api/ext/unattendedsetup-apply.md b/docs/development/dev-portal-api/ext/unattendedsetup-apply.md similarity index 100% rename from docs/dev-portal-api/ext/unattendedsetup-apply.md rename to docs/development/dev-portal-api/ext/unattendedsetup-apply.md diff --git a/docs/dev-portal-api/ext/unattendedsetup-configure.md b/docs/development/dev-portal-api/ext/unattendedsetup-configure.md similarity index 100% rename from docs/dev-portal-api/ext/unattendedsetup-configure.md rename to docs/development/dev-portal-api/ext/unattendedsetup-configure.md diff --git a/docs/dev-portal-api/ext/unattendedsetup-default.md b/docs/development/dev-portal-api/ext/unattendedsetup-default.md similarity index 100% rename from docs/dev-portal-api/ext/unattendedsetup-default.md rename to docs/development/dev-portal-api/ext/unattendedsetup-default.md diff --git a/docs/dev-portal-api/ext/unattendedsetup-quickaction.md b/docs/development/dev-portal-api/ext/unattendedsetup-quickaction.md similarity index 100% rename from docs/dev-portal-api/ext/unattendedsetup-quickaction.md rename to docs/development/dev-portal-api/ext/unattendedsetup-quickaction.md diff --git a/docs/dev-portal-api/ext/unattendedsetup-test.md b/docs/development/dev-portal-api/ext/unattendedsetup-test.md similarity index 100% rename from docs/dev-portal-api/ext/unattendedsetup-test.md rename to docs/development/dev-portal-api/ext/unattendedsetup-test.md diff --git a/docs/dev-portal-api/ext/update-remote.md b/docs/development/dev-portal-api/ext/update-remote.md similarity index 100% rename from docs/dev-portal-api/ext/update-remote.md rename to docs/development/dev-portal-api/ext/update-remote.md diff --git a/docs/dev-portal-api/ext/user.md b/docs/development/dev-portal-api/ext/user.md similarity index 100% rename from docs/dev-portal-api/ext/user.md rename to docs/development/dev-portal-api/ext/user.md diff --git a/docs/dev-portal-api/ext/xbox-info.md b/docs/development/dev-portal-api/ext/xbox-info.md similarity index 100% rename from docs/dev-portal-api/ext/xbox-info.md rename to docs/development/dev-portal-api/ext/xbox-info.md diff --git a/docs/dev-portal-api/ext/xboxlive-sandbox.md b/docs/development/dev-portal-api/ext/xboxlive-sandbox.md similarity index 100% rename from docs/dev-portal-api/ext/xboxlive-sandbox.md rename to docs/development/dev-portal-api/ext/xboxlive-sandbox.md diff --git a/docs/dev-portal-api/images/device-portal-xbox-1.png b/docs/development/dev-portal-api/images/device-portal-xbox-1.png similarity index 100% rename from docs/dev-portal-api/images/device-portal-xbox-1.png rename to docs/development/dev-portal-api/images/device-portal-xbox-1.png diff --git a/docs/dev-portal-api/images/device-portal-xbox-12.png b/docs/development/dev-portal-api/images/device-portal-xbox-12.png similarity index 100% rename from docs/dev-portal-api/images/device-portal-xbox-12.png rename to docs/development/dev-portal-api/images/device-portal-xbox-12.png diff --git a/docs/dev-portal-api/images/device-portal-xbox-13.png b/docs/development/dev-portal-api/images/device-portal-xbox-13.png similarity index 100% rename from docs/dev-portal-api/images/device-portal-xbox-13.png rename to docs/development/dev-portal-api/images/device-portal-xbox-13.png diff --git a/docs/dev-portal-api/images/device-portal-xbox-14.png b/docs/development/dev-portal-api/images/device-portal-xbox-14.png similarity index 100% rename from docs/dev-portal-api/images/device-portal-xbox-14.png rename to docs/development/dev-portal-api/images/device-portal-xbox-14.png diff --git a/docs/dev-portal-api/images/device-portal-xbox-15.png b/docs/development/dev-portal-api/images/device-portal-xbox-15.png similarity index 100% rename from docs/dev-portal-api/images/device-portal-xbox-15.png rename to docs/development/dev-portal-api/images/device-portal-xbox-15.png diff --git a/docs/dev-portal-api/images/device-portal-xbox-16.png b/docs/development/dev-portal-api/images/device-portal-xbox-16.png similarity index 100% rename from docs/dev-portal-api/images/device-portal-xbox-16.png rename to docs/development/dev-portal-api/images/device-portal-xbox-16.png diff --git a/docs/dev-portal-api/images/device-portal-xbox-17.png b/docs/development/dev-portal-api/images/device-portal-xbox-17.png similarity index 100% rename from docs/dev-portal-api/images/device-portal-xbox-17.png rename to docs/development/dev-portal-api/images/device-portal-xbox-17.png diff --git a/docs/dev-portal-api/images/device-portal-xbox-18.png b/docs/development/dev-portal-api/images/device-portal-xbox-18.png similarity index 100% rename from docs/dev-portal-api/images/device-portal-xbox-18.png rename to docs/development/dev-portal-api/images/device-portal-xbox-18.png diff --git a/docs/dev-portal-api/images/device-portal-xbox-19.png b/docs/development/dev-portal-api/images/device-portal-xbox-19.png similarity index 100% rename from docs/dev-portal-api/images/device-portal-xbox-19.png rename to docs/development/dev-portal-api/images/device-portal-xbox-19.png diff --git a/docs/dev-portal-api/images/device-portal-xbox-20.png b/docs/development/dev-portal-api/images/device-portal-xbox-20.png similarity index 100% rename from docs/dev-portal-api/images/device-portal-xbox-20.png rename to docs/development/dev-portal-api/images/device-portal-xbox-20.png diff --git a/docs/dev-portal-api/images/device-portal-xbox-21.png b/docs/development/dev-portal-api/images/device-portal-xbox-21.png similarity index 100% rename from docs/dev-portal-api/images/device-portal-xbox-21.png rename to docs/development/dev-portal-api/images/device-portal-xbox-21.png diff --git a/docs/dev-portal-api/images/device-portal-xbox-22.png b/docs/development/dev-portal-api/images/device-portal-xbox-22.png similarity index 100% rename from docs/dev-portal-api/images/device-portal-xbox-22.png rename to docs/development/dev-portal-api/images/device-portal-xbox-22.png diff --git a/docs/dev-portal-api/images/device-portal-xbox-3.png b/docs/development/dev-portal-api/images/device-portal-xbox-3.png similarity index 100% rename from docs/dev-portal-api/images/device-portal-xbox-3.png rename to docs/development/dev-portal-api/images/device-portal-xbox-3.png diff --git a/docs/dev-portal-api/set-up-device-portal.md b/docs/development/dev-portal-api/set-up-device-portal.md similarity index 100% rename from docs/dev-portal-api/set-up-device-portal.md rename to docs/development/dev-portal-api/set-up-device-portal.md diff --git a/docs/device-portal.md b/docs/development/device-portal.md similarity index 100% rename from docs/device-portal.md rename to docs/development/device-portal.md diff --git a/docs/installing-compatible-software.md b/docs/development/installing-compatible-software.md similarity index 100% rename from docs/installing-compatible-software.md rename to docs/development/installing-compatible-software.md diff --git a/docs/pc_tools.md b/docs/development/pc_tools.md similarity index 100% rename from docs/pc_tools.md rename to docs/development/pc_tools.md diff --git a/docs/setup-dev-mode.md b/docs/development/setup-dev-mode.md similarity index 96% rename from docs/setup-dev-mode.md rename to docs/development/setup-dev-mode.md index cf393a6..c9047f1 100644 --- a/docs/setup-dev-mode.md +++ b/docs/development/setup-dev-mode.md @@ -29,7 +29,7 @@ Installer: | | | --------------------------------- | -| ![Visual studio setup](setup-dev-mode/vs_setup_dev_mode.png) | +| ![Visual studio setup](../_files/vs_setup_dev_mode.png) | ## Using SSH diff --git a/docs/winmd.md b/docs/development/winmd.md similarity index 100% rename from docs/winmd.md rename to docs/development/winmd.md diff --git a/docs/xtf-apis.md b/docs/development/xtf-apis.md similarity index 100% rename from docs/xtf-apis.md rename to docs/development/xtf-apis.md diff --git a/docs/xtf-apis/xtfadditional.md b/docs/development/xtf-apis/xtfadditional.md similarity index 100% rename from docs/xtf-apis/xtfadditional.md rename to docs/development/xtf-apis/xtfadditional.md diff --git a/docs/xtf-apis/xtfapplication.md b/docs/development/xtf-apis/xtfapplication.md similarity index 100% rename from docs/xtf-apis/xtfapplication.md rename to docs/development/xtf-apis/xtfapplication.md diff --git a/docs/xtf-apis/xtfconsolecontrol.md b/docs/development/xtf-apis/xtfconsolecontrol.md similarity index 100% rename from docs/xtf-apis/xtfconsolecontrol.md rename to docs/development/xtf-apis/xtfconsolecontrol.md diff --git a/docs/xtf-apis/xtfconsolemanager.md b/docs/development/xtf-apis/xtfconsolemanager.md similarity index 100% rename from docs/xtf-apis/xtfconsolemanager.md rename to docs/development/xtf-apis/xtfconsolemanager.md diff --git a/docs/xtf-apis/xtfdebugmonitor.md b/docs/development/xtf-apis/xtfdebugmonitor.md similarity index 100% rename from docs/xtf-apis/xtfdebugmonitor.md rename to docs/development/xtf-apis/xtfdebugmonitor.md diff --git a/docs/xtf-apis/xtffileio.md b/docs/development/xtf-apis/xtffileio.md similarity index 100% rename from docs/xtf-apis/xtffileio.md rename to docs/development/xtf-apis/xtffileio.md diff --git a/docs/xtf-apis/xtfinput.md b/docs/development/xtf-apis/xtfinput.md similarity index 100% rename from docs/xtf-apis/xtfinput.md rename to docs/development/xtf-apis/xtfinput.md diff --git a/docs/xtf-apis/xtfremoterun.md b/docs/development/xtf-apis/xtfremoterun.md similarity index 100% rename from docs/xtf-apis/xtfremoterun.md rename to docs/development/xtf-apis/xtfremoterun.md diff --git a/docs/xtf-apis/xtfuser.md b/docs/development/xtf-apis/xtfuser.md similarity index 100% rename from docs/xtf-apis/xtfuser.md rename to docs/development/xtf-apis/xtfuser.md diff --git a/docs/exploits.md b/docs/exploits.md deleted file mode 100644 index 88874da..0000000 --- a/docs/exploits.md +++ /dev/null @@ -1,22 +0,0 @@ -# Exploits - -## Software - -### Retail -- [HostOS - External VBI loading](exploits/external-vbi-loading.md) (19.09.2019) -- [SystemOS Symbolic Link Exploit](exploits/file-explorer-symbolic-links.md) - Access restricted/encrypted volumes using the Xbox File Explorer (02.06.2017) -- [SystemOS Microsoft Edge - chakra.dll Info Leak](exploits/ms-edge-exploit-cve-2016-7200.md) (30.03.2017) -- [SystemOS Microsoft Edge - File System Access](exploits/Edge-Browser-File-System-Exposure.md) (XX.XX.20XX) -- [SystemOS Remote Code Execution - Xbox Live Messaging / WinJS injection](exploits/ms-xdash-js-injection.md) (XX.XX.2019) -- [Browser access while offline](exploits/browser-access-while-offline.md) -- [ECC Curveball - TLS certificate spoofing (CVE-2020-0601)](exploits/ecc-curveball-cve-2020-0601.md) (December 2019) - -### Development mode -- [SystemOS Elevation of privileges via Artifice (automation tool) using vulnerability in OpenSSH service](exploits/artifice-devmode-elevation.md) (10.09.2023) -- [SystemOS Read/Write overlay for System.xvd](exploits/devmode-systemxvd-read-write.md) (31.07.2019) -- [SystemOS Elevation of privileges via UnattendedUtilities](exploits/devmode-unattended-utilities.md) (11.06.2019) -- [SystemOS Elevation of privileges via VSProfiling account](exploits/devmode-priv-escalation-vsprofiling.md) (09.09.2018) -- [SystemOS shell access / SSH / Sirep](setup-dev-mode.md#using-ssh) (09.09.2018) - -## Hardware -- None so far diff --git a/docs/exploits/devmode-systemxvd-read-write.md b/docs/exploits/devmode-systemxvd-read-write.md index 76ae396..4f9316f 100644 --- a/docs/exploits/devmode-systemxvd-read-write.md +++ b/docs/exploits/devmode-systemxvd-read-write.md @@ -1,20 +1,21 @@ # SystemOS Read/Write overlay for System.xvd ## Metadata -| | | -|-----------------------------|-----------------------------------------------------| -|Release date | 31.07.2019 | -|Author | Xbox One Research | -|Classification | Privileged write access | -|Patched | no | -|Patch date | N/A | -|First patched system version | N/A | -|Source | Discord | -|Download | [Download](../files/SYSTEMRW.zip) | +| | | +| ---------------------------- | ------------------------------------- | +| Release date | 31.07.2019 | +| Author | Xbox One Research | +| Classification | Privileged write access | +| Patched | Yes | +| Patch date | N/A | +| First patched system version | N/A | +| Source | Discord | +| Download | [Download](../_binaries/SYSTEMRW.zip) | ## Info -The "System Boot Partition" aka. *C:\* is mounted read-only. This hack allows temporary mounting of a self-created XVD as an overlay -under mountpoint *C:\*. It enables write access to this partition. +The "System Boot Partition" aka. `C:\` is mounted read-only. This hack allows temporary mounting of a self-created XVD as an overlay. + +Under mountpoint `C:\*` It enables write access to this partition. ## Prerequisites - Dev Mode diff --git a/docs/exploits/devmode-unattended-utilities.md b/docs/exploits/devmode-unattended-utilities.md index db9a240..07e9561 100644 --- a/docs/exploits/devmode-unattended-utilities.md +++ b/docs/exploits/devmode-unattended-utilities.md @@ -1,16 +1,16 @@ # SystemOS - Elevation of privileges via UnattendedUtilities ## Metadata -| | | -|-----------------------------|-----------------------------------------------------| -|Release date | 10.09.2019 | -|Author | Xbox One Research | -|Classification | Elevation of privileges | -|Patched | yes | -|Patch date | 19/11/2019 | -|First patched system version | 10.0.18363.8119 (19h1_release_xbox_dev_1911.18363.8119.191119-1135) | -|Source | https://github.com/xboxoneresearch/XboxUnattend | -|Download | [Download](../files/XboxUnattend-master-20190919.zip) | +| | | +| ---------------------------- | ------------------------------------------------------------------- | +| Release date | 10.09.2019 | +| Author | Xbox One Research | +| Classification | Elevation of privileges | +| Patched | yes | +| Patch date | 19/11/2019 | +| First patched system version | 10.0.18363.8119 (19h1_release_xbox_dev_1911.18363.8119.191119-1135) | +| Source | https://github.com/xboxoneresearch/XboxUnattend | +| Download | [Download](../_binaries/XboxUnattend-master-20190919.zip) | ## Info Normally you have limited user rights when connecting via SSH in development mode. diff --git a/docs/exploits/file-explorer-symbolic-links.md b/docs/exploits/file-explorer-symbolic-links.md index 255755b..193906e 100644 --- a/docs/exploits/file-explorer-symbolic-links.md +++ b/docs/exploits/file-explorer-symbolic-links.md @@ -1,16 +1,16 @@ # File Explorer - Symbolic links vulnerability ## Metadata -| | | -|-----------------------------|-----------------------------------------------------| -|Release date | 02.06.2017 | -|Author | xenomega | -|Classification | File Access | -|Patched | yes | -|Patch date | 05.05.2017 | -|First patched system version | 10.0.15063.2022 (RS2_RELEASE_XBOX_1704.170501-1052) | -|Source | https://github.com/Xenomega/xsymlink | -|Download | [Download](../files/xsymlink.zip) | +| | | +| ---------------------------- | --------------------------------------------------- | +| Release date | 02.06.2017 | +| Author | xenomega | +| Classification | File Access | +| Patched | yes | +| Patch date | 05.05.2017 | +| First patched system version | 10.0.15063.2022 (RS2_RELEASE_XBOX_1704.170501-1052) | +| Source | https://github.com/Xenomega/xsymlink | +| Download | [Download](../_binaries/xsymlink.zip) | ## Info Access restricted/encrypted volumes using the Xbox File Explorer. diff --git a/docs/exploits/ms-edge-exploit-cve-2016-7200.md b/docs/exploits/ms-edge-exploit-cve-2016-7200.md index 966073a..eeb5570 100644 --- a/docs/exploits/ms-edge-exploit-cve-2016-7200.md +++ b/docs/exploits/ms-edge-exploit-cve-2016-7200.md @@ -1,16 +1,16 @@ # Microsoft Edge - Chakra Exploit - CVE 2016-7200 ## Metadata -| | | -|-----------------------------|-----------------------------------------------------| -|Release date | 28.03.2017 | -|Author | unknownv2 | -|Classification | Remote Code execution / Type confusion | -|Patched | yes | -|Patch date | *unknown* | -|First patched system version | *unknown* | -|Source | https://github.com/SeeMirra/ms-xb1-edge-exp | -|Download | [Download](../files/ms-xb1-edge-exp-master.zip) | +| | | +| ---------------------------- | --------------------------------------------------- | +| Release date | 28.03.2017 | +| Author | unknownv2 | +| Classification | Remote Code execution / Type confusion | +| Patched | yes | +| Patch date | *unknown* | +| First patched system version | *unknown* | +| Source | https://github.com/SeeMirra/ms-xb1-edge-exp | +| Download | [Download](../_binaries/ms-xb1-edge-exp-master.zip) | ## Info For Xbox-SystemOS version: 10.0.14393.2152 (rs1_xbox_rel_1610 161208-1218) fre, 12/14/2016 diff --git a/docs/faq.md b/docs/faq.md index a7a9256..c8102bc 100644 --- a/docs/faq.md +++ b/docs/faq.md @@ -26,7 +26,7 @@ Named pipes / special kernel broker drivers are used to push data between the OS The Xbox One is known to currently use a driver common on all OS VMs known as "XVIO" which appear to use shared memory ring buffers to communicate between the host and guest virtual machines. ## Can we draw standard Win32 UI? ## -The possibility of "escaping" the UWP sandbox thats originally targeted at homebrew developers is tempting and of course delivers a bigger potential for developers to port applications more easily. However, as the rendering is done in a non-Win32-conform way, it is also a challenge to achieve displaying such Win32 GUI application. See [XboxUI](xbox-ui.md) for further info. +The possibility of "escaping" the UWP sandbox thats originally targeted at homebrew developers is tempting and of course delivers a bigger potential for developers to port applications more easily. However, as the rendering is done in a non-Win32-conform way, it is also a challenge to achieve displaying such Win32 GUI application. See [XboxUI](operating-system/xbox-ui.md) for further info. Traditional Win32 rendering is very unlikely to be possible on SystemOS. Like Windows IoT, the System VM makes use of the win32kmin.sys windowing driver rather than the full win32k.sys or win32kfull.sys employed by Client and Desktop, which doesn't support rendering more than one window at a time. Microsoft has tricks to supplement this (which can be seen in cases of the guide and dash being open, etc), however they are not known at this time. ## Where and how do we get the keys? ## @@ -44,7 +44,7 @@ Different keys are used for the following purposes: - Games / apps (CIK / Content integrity keys) ## Certificates ## -There are at least two major certificates utilized for generic usage: Console certificate and Boot capability certificate. Of course they are signed with an RSA key and therefore cannot be modified. For further info see [Certificates](certificates.md). +There are at least two major certificates utilized for generic usage: Console certificate and Boot capability certificate. Of course they are signed with an RSA key and therefore cannot be modified. For further info see [Certificates](security/certificates.md). ## Reset Glitch hack? ## A power glitch hack that made hacking the Xbox 360 feasible for the public was an unforseen technique that led to breaking the secure boot chain of trust [Info](https://recon.cx/2015/slides/recon2015-13-colin-o-flynn-Glitching-and-Side-Channel-Analysis-for-All.pdf) You could say that the designers of the console, that appeared in the end of 2005, were not aware of this possibility. Obviously technique and mitigations evolved since that time, so it is a lot harder to pull off such an attack on the modern Xbox One console. It is expected to have a lot of mitigations implemented (for example: timing checks, excessive data validity checks etc.) diff --git a/docs/file-formats/update-cfg.md b/docs/file-formats/update-cfg.md new file mode 100644 index 0000000..66666ab --- /dev/null +++ b/docs/file-formats/update-cfg.md @@ -0,0 +1,7 @@ +# Update.cfg + +The files `update.cfg` or `update2.cfg` in [Flash](../boot/xbox-boot-file-system.md) can indicate the currently installed OS build of the console. + +## File format + +TBD diff --git a/docs/xct.md b/docs/file-formats/xct.md similarity index 92% rename from docs/xct.md rename to docs/file-formats/xct.md index cf620ec..f5c9f53 100644 --- a/docs/xct.md +++ b/docs/file-formats/xct.md @@ -1,5 +1,5 @@ # XCT -Unknown usecase, related to [XVD files](xbox-virtual-drive.md). +Unknown usecase, related to [XVD files](../operating-system/xbox-virtual-drive.md). ## File format diff --git a/docs/xvi.md b/docs/file-formats/xvi.md similarity index 76% rename from docs/xvi.md rename to docs/file-formats/xvi.md index fa8261c..332a26b 100644 --- a/docs/xvi.md +++ b/docs/file-formats/xvi.md @@ -1,5 +1,5 @@ # Xvi files -Some sort of metadata file related to [XVD files](xbox-virtual-drive.md), stored next to downloaded xvd files on the hard drive. +Some sort of metadata file related to [XVD files](../operating-system/xbox-virtual-drive.md), stored next to downloaded xvd files on the hard drive. ## File format Total size: 0x1000 diff --git a/docs/savegames.md b/docs/games/savegames.md similarity index 84% rename from docs/savegames.md rename to docs/games/savegames.md index e76379b..af10c60 100644 --- a/docs/savegames.md +++ b/docs/games/savegames.md @@ -1,5 +1,14 @@ # Savegames +Savegames are located in a XVD container on partition `[XTE:]` aka. Temporary Storage partition. + +See [XCrdUtil](../operating-system/xcrdutil.md) for partition mapping. + +XVD Container filepaths: + +- `[XTE:]\ConnectedStorage` (Retail) +- `[XTE:]\ConnectedStorage-devkit` (XDK) + ## File format ### BLOB_TYPE @@ -58,4 +67,9 @@ Structure of *containers.index* file. | 0x04 | 0x04 | uint32 | Unknown | | 0x08 | 0x08 | WCHAR[] | Magic (Blob) | | 0x10 | 0x88 | byte[] | Data | -| 0x98 | 0x10 | byte[] | GUID | \ No newline at end of file +| 0x98 | 0x10 | byte[] | GUID | + +## Tools + +- [XblContainerReader](https://github.com/LukeFZ/XblContainerReader) - (.NET Core) Savegame parsing and un-/packing (compatible with Win10/11 and Xbox savegames) +- [xbcsmgr - Xbox ConnectedStorage manager](https://github.com/billyhulbert/xbcsmgr) - (.NET Core / WinUI) An application to easily interact with Xbox Live game save data. \ No newline at end of file diff --git a/docs/xbox-game-disc.md b/docs/games/xbox-game-disc.md similarity index 100% rename from docs/xbox-game-disc.md rename to docs/games/xbox-game-disc.md diff --git a/docs/xeo3.md b/docs/games/xeo3-x360-classic-xbox-emulator.md similarity index 74% rename from docs/xeo3.md rename to docs/games/xeo3-x360-classic-xbox-emulator.md index 5112b4b..6020fdc 100644 --- a/docs/xeo3.md +++ b/docs/games/xeo3-x360-classic-xbox-emulator.md @@ -1,4 +1,4 @@ -# XEO3 +# XEO3 - Xbox360 and Classic Xbox emulator XEO3 is the Xbox 360 and Original Xbox emulator executable for the Xbox One/Series's ERA partition. ## Executable Arguments @@ -20,11 +20,18 @@ XEO3 is the Xbox 360 and Original Xbox emulator executable for the Xbox One/Seri | `-kernel filename` | Specify host path to the guest kernel binary | -kernel D:\xboxkrnlce.exe| | `-hvdata filename` | Specify host path to the guest hypervisor data blob | -hvdata D:\xboxkrnlce.hvdata | -### Notes +## Notes * xboxkrnlce.exe and .hvdata can be found in the Flash folder of a Backwards Compat game's XVC. Version 17003 has leaked publicly. * The emulated Xbox 360 does not display a serial number. * If a BC Game is deployed in Dev Mode, the XDK's Xbox Console Manager (The GDK dropped this functionality) can be used to capture kernel debug logging from the emulated kernel, when launching the game from the Console Manager. -### Discovery -XEO3, known as emu.exe, was first located by TitleOS who dumped it from a plaintext XVDP of eratools captured from a Xbox Live update before releasing it via Twitter. \ No newline at end of file +## Discovery +XEO3, known as emu.exe, was first located by TitleOS who dumped it from a plaintext XVDP of eratools captured from a Xbox Live update before releasing it via Twitter. + +## XEO3 Shaders +Little is currently known about the XEO3 shader format, for example how the original shaders from Xbox 360 games are converted into the DirectX 11 Durango format. While it is known that that Backwards Compat games' XVCs contain DirectX 11 Durango format shaders in the DLL file format, creation or rendering of these shaders is not currently possible. + +These shaders appear critical to running any graphical xex, as evidenced by attempting to run [XeXMenu on the emulator](https://web.archive.org/web/20210414133418/https://twitter.com/XB1_HexDecimal/status/1382326180490010630). + +Example: `xeo3_3bfc9c1a_932fc286_956f016e_98ef8821_6b9d46d0.dll` (From CastleCrashers) diff --git a/docs/cpu.md b/docs/hardware/cpu.md similarity index 87% rename from docs/cpu.md rename to docs/hardware/cpu.md index f4649a2..c36fd70 100644 --- a/docs/cpu.md +++ b/docs/hardware/cpu.md @@ -7,7 +7,7 @@ An __AMD Jaguar__ APU is used on all Xbox One consoles. It features an embedded - AMD "Jaguar" 8-Core APU (CPU clock: 2.3 GHz, GPU block: 1.17 GHz) X950118-002 DG5700GDA87IE (Xbox One X) ## Diagrams -![Durango Southbridge SoC schema](files/durango_southbridge_soc.gif) +![Durango Southbridge SoC schema](../_files/durango_southbridge_soc.gif) ## References - [Southbridge / SoC diagram](https://www.computer.org) by IEEE Computer Society \ No newline at end of file diff --git a/docs/emmc-flash.md b/docs/hardware/emmc-flash.md similarity index 76% rename from docs/emmc-flash.md rename to docs/hardware/emmc-flash.md index d9e263f..1763af9 100644 --- a/docs/emmc-flash.md +++ b/docs/hardware/emmc-flash.md @@ -2,7 +2,7 @@ The flash chip is accessed via an eMMC controller. ## Filesystem -See [XBFS](xbox-boot-file-system.md). +See [XBFS](../boot/xbox-boot-file-system.md). ## Flash chips - SK Hynix H26M42003GMR 8GB eMMC NAND Flash (Xbox One) @@ -15,13 +15,13 @@ Each console revision has different circuitry to drive the eMMC, so a different ### Durango (original launch-date motherboards) Motherboard overview: -![Mainboard top view](emmc-flash/0_durango_read_nand_mb1.png) +![Mainboard top view](../_files/emmc-flash/0_durango_read_nand_mb1.png) -![Mainboard bottom view](emmc-flash/1_durango_read_nand_mb2.png) +![Mainboard bottom view](../_files/emmc-flash/1_durango_read_nand_mb2.png) SD Card Connections: -![SD Card pinout](emmc-flash/2_durango_read_nand_sdcard_pinout.png) +![SD Card pinout](../_files/emmc-flash/2_durango_read_nand_sdcard_pinout.png) **Important:** @@ -41,26 +41,26 @@ For the other connections use 28 AWG. Enable SMC_RESET (**VERY IMPORTANT TO DO THIS FIRST!!**) Place a **200-300 Ohm** resistor between **J4E1.1** and **TP4E1** -![Enabling SMC_RESET](emmc-flash/3_durango_read_nand_smcreset.png) +![Enabling SMC_RESET](../_files/emmc-flash/3_durango_read_nand_smcreset.png) Disconnect the SMC clock from the [Southbridge](southbridge.md) by removing **R4D2**. Save the resistor as it is needed for the Xbox One to function. If you do lose it then a solder bridge should work as the value is 0 Ohms. -![Disconnecting SMC clock](emmc-flash/4_durango_read_nand_r4d2.png) +![Disconnecting SMC clock](../_files/emmc-flash/4_durango_read_nand_r4d2.png) NAND logic runs on the 1.8v rail and readers try to use 3.3v which is most of them don't work with the Xbox One NAND. Bridge a **700-800 Ohm** resistor between **Pin 1 of U3C3** and **Ground**. This should make an output 3v3 on the rail without damaging anything because the SMC is held in reset, so it won't try to power anything on. -![Getting voltage to 3,3V](emmc-flash/5_durango_read_nand_3v3.png) +![Getting voltage to 3,3V](../_files/emmc-flash/5_durango_read_nand_3v3.png) Directly underneath the NAND on the underside of the mobo are access points that will let you easily solder the **CMD**,**DAT0** and **CLK** lines. Everything works better when you hook everything up to the SD reader with everything turned off, then turn the Xbox One on and then plug in the SD reader to the PC. -![GND solder points](emmc-flash/6_durango_read_nand_gnd.png) +![GND solder points](../_files/emmc-flash/6_durango_read_nand_gnd.png) -![eMMC communication points](emmc-flash/7_durango_read_nand_connection.png) +![eMMC communication points](../_files/emmc-flash/7_durango_read_nand_connection.png) Source: [Team Xecuter / xpgamesaves](https://www.xpgamesaves.com/threads/how-to-read-write-xbox-one-nand-filesystem.95025/) diff --git a/docs/ethernet.md b/docs/hardware/ethernet.md similarity index 100% rename from docs/ethernet.md rename to docs/hardware/ethernet.md diff --git a/docs/optical-disc-drive/odd-firmware-update-log.md b/docs/hardware/odd-firmware-update-log.md similarity index 100% rename from docs/optical-disc-drive/odd-firmware-update-log.md rename to docs/hardware/odd-firmware-update-log.md diff --git a/docs/optical-disc-drive.md b/docs/hardware/optical-disc-drive.md similarity index 58% rename from docs/optical-disc-drive.md rename to docs/hardware/optical-disc-drive.md index 8fc0948..9c552bb 100644 --- a/docs/optical-disc-drive.md +++ b/docs/hardware/optical-disc-drive.md @@ -4,7 +4,7 @@ # Xbox Optical disc drive ## Game discs -Xbox One game discs are called [XGD4](xbox-game-disc.md) (Xbox Game Disc Version 4). +Xbox One game discs are called [XGD4](../games/xbox-game-disc.md) (Xbox Game Disc Version 4). ## Drive models @@ -44,18 +44,18 @@ created on HDD. **Location:** SystemSupport\\oddfwupd\\X.log (Where **X** is an increasing integer number indicating the update attempt count.) -For a compilation of different update logs in different situations, see the [ODD Firmware Update Log Page](optical-disc-drive/odd-firmware-update-log.md). +For a compilation of different update logs in different situations, see the [ODD Firmware Update Log Page](odd-firmware-update-log.md). ## Philips / Lite-On PLDS DG-6M1S -![PLDS DG6M1S label](optical-disc-drive/plds_dg6m1s_label.JPG) -![PLDS DG6M1S pcb mounted](optical-disc-drive/plds_dg6m1s_pcb_mounted.JPG) -![PLDS DG6M1S pcb front](optical-disc-drive/plds_dg6m1s_pcb_front.JPG) -![PLDS DG6M1S pcb back](optical-disc-drive/plds_dg6m1s_pcb_back.JPG) +![PLDS DG6M1S label](../_files/optical-disc-drive/plds_dg6m1s_label.JPG) +![PLDS DG6M1S pcb mounted](../_files/optical-disc-drive/plds_dg6m1s_pcb_mounted.JPG) +![PLDS DG6M1S pcb front](../_files/optical-disc-drive/plds_dg6m1s_pcb_front.JPG) +![PLDS DG6M1S pcb back](../_files/optical-disc-drive/plds_dg6m1s_pcb_back.JPG) ## Philips / Lite-On PLDS DG-6M2S -![PLDS DG6M2S label](optical-disc-drive/plds_dg6m2s_label.JPG) -![PLDS DG6M2S pcb mounted](optical-disc-drive/plds_dg6m2s_pcb_mounted.JPG) -![PLDS DG6M2S pcb front](optical-disc-drive/plds_dg6m2s_pcb_front.JPG) -![PLDS DG6M2S pcb back](optical-disc-drive/plds_dg6m2s_pcb_back.JPG) +![PLDS DG6M2S label](../_files/optical-disc-drive/plds_dg6m2s_label.JPG) +![PLDS DG6M2S pcb mounted](../_files/optical-disc-drive/plds_dg6m2s_pcb_mounted.JPG) +![PLDS DG6M2S pcb front](../_files/optical-disc-drive/plds_dg6m2s_pcb_front.JPG) +![PLDS DG6M2S pcb back](../_files/optical-disc-drive/plds_dg6m2s_pcb_back.JPG) diff --git a/docs/rf-unit.md b/docs/hardware/rf-unit.md similarity index 95% rename from docs/rf-unit.md rename to docs/hardware/rf-unit.md index a08ee62..54fdf84 100644 --- a/docs/rf-unit.md +++ b/docs/hardware/rf-unit.md @@ -75,11 +75,11 @@ Responsible for playing the power-on/off and eject sounds. Model: ISD9160F -Datasheet: [ISD9160FI](./rf-unit/1811151450_Nuvoton-Tech-ISD9160FI_C79806.pdf) +Datasheet: [ISD9160FI](../_files/rf-unit/1811151450_Nuvoton-Tech-ISD9160FI_C79806.pdf) Pinout (from the official datasheet linked above) -![ISD9160F Pinout](./rf-unit/isd9160f_pinout.png) +![ISD9160F Pinout](../_files/rf-unit/isd9160f_pinout.png) This IC has multiple possible pin-configurations, the following are verified signals. @@ -394,13 +394,13 @@ Codename: Cactus ## Pictures Xbox One (PHAT) -![RF Unit PHAT front](rf-unit/rf_unit_phat_front.jpg) -![RF Unit PHAT back](rf-unit/rf_unit_phat_back.jpg) +![RF Unit PHAT front](../_files/rf-unit/rf_unit_phat_front.jpg) +![RF Unit PHAT back](../_files/rf-unit/rf_unit_phat_back.jpg) Xbox One S -![RF Unit SLIM front](rf-unit/rf_unit_slim_front.jpg) -![RF Unit SLIM back](rf-unit/rf_unit_slim_back.jpg) +![RF Unit SLIM front](../_files/rf-unit/rf_unit_slim_front.jpg) +![RF Unit SLIM back](../_files/rf-unit/rf_unit_slim_back.jpg) Xbox One X (SCORPIO) diff --git a/docs/southbridge.md b/docs/hardware/southbridge.md similarity index 81% rename from docs/southbridge.md rename to docs/hardware/southbridge.md index 52d45dd..1770b8b 100644 --- a/docs/southbridge.md +++ b/docs/hardware/southbridge.md @@ -6,7 +6,7 @@ The custom southbridge is only slightly changed between the console revision, ju - X861949-007 T6WD5XBG-0003 (Xbox One X) ## Diagrams -![Durango Southbridge SoC schema](files/durango_southbridge_soc.gif) +![Durango Southbridge SoC schema](../_files/durango_southbridge_soc.gif) ## References - [Southbridge / SoC diagram](https://www.computer.org) by IEEE Computer Society \ No newline at end of file diff --git a/docs/wifi.md b/docs/hardware/wifi.md similarity index 57% rename from docs/wifi.md rename to docs/hardware/wifi.md index fe2a2ad..19f2310 100644 --- a/docs/wifi.md +++ b/docs/hardware/wifi.md @@ -16,15 +16,15 @@ Unknown ## Pictures Xbox One (PHAT) -![Wifi module PCB PHAT front](wifi/wifi_module_pcb_phat_front.jpg) -![Wifi module PCB PHAT back](wifi/wifi_module_pcb_phat_back.jpg) -![Wifi module PCB PHAT decapped](wifi/wifi_module_pcb_phat_decapped.jpg) -![Wifi module cable PHAT front](wifi/wifi_module_cable_phat_front.jpg) -![Wifi module cable PHAT front](wifi/wifi_module_cable_phat_back.jpg) +![Wifi module PCB PHAT front](../_files/wifi/wifi_module_pcb_phat_front.jpg) +![Wifi module PCB PHAT back](../_files/wifi/wifi_module_pcb_phat_back.jpg) +![Wifi module PCB PHAT decapped](../_files/wifi/wifi_module_pcb_phat_decapped.jpg) +![Wifi module cable PHAT front](../_files/wifi/wifi_module_cable_phat_front.jpg) +![Wifi module cable PHAT front](../_files/wifi/wifi_module_cable_phat_back.jpg) Xbox One S -![Wifi module PCB SLIM front](wifi/wifi_module_pcb_slim_front.jpg) -![Wifi module PCB SLIM back](wifi/wifi_module_pcb_slim_back.jpg) +![Wifi module PCB SLIM front](../_files/wifi/wifi_module_pcb_slim_front.jpg) +![Wifi module PCB SLIM back](../_files/wifi/wifi_module_pcb_slim_back.jpg) Xbox One X (SCORPIO) diff --git a/docs/xdk_transfer.md b/docs/hardware/xdk_transfer.md similarity index 73% rename from docs/xdk_transfer.md rename to docs/hardware/xdk_transfer.md index b29315c..7cb3429 100644 --- a/docs/xdk_transfer.md +++ b/docs/hardware/xdk_transfer.md @@ -1,21 +1,21 @@ # XDK Transfer Device -The XDK Transfer Device is a special hardware accesory available oficially only to registered Xbox developers. Its main purpose is to allow for very fast trasnfers of data, mainly aimed at dumping GPU information to a PC for debugging purposes, and maybe also transfering game builds during the development phase. It is presumably no longer needed for the next generation of consoles (Series X/S) since these natively support fast data transfer rates thanks to their SSD technology +The XDK Transfer Device is a special hardware accesory available officially only to registered Xbox developers. Its main purpose is to allow for very fast transfers of data, mainly aimed at dumping GPU information to a PC for debugging purposes, and maybe also transfering game builds during the development phase. It is presumably no longer needed for the next generation of consoles (Series X/S) since these natively support fast data transfer rates thanks to their SSD technology . These devices are typically sold for cheap on eBay and similar marketplaces since they don't have any real use for normal gamers. ## Hardware The XDK Transfer Device box contains four TORX head screws located in the back of the device, under the sticker: -![XDK Transfer](xdk_transfer/XDKTransfer.jpg) +![XDK Transfer](../_files/xdk_transfer/XDKTransfer.jpg) Internally, the device contains two heatsinks for heat disipation when doing data transfers. The PCB has a rectangular shape. -![XDK Transfer teardown](xdk_transfer/xdk_transfer_teardown.png) +![XDK Transfer teardown](../_files/xdk_transfer/xdk_transfer_teardown.png) The XDK Transfer device contains two `ATMLH532` i2c EEPROMs and two main `CYUSB3014-BZXI` ICs, which are essentially dedicated ARM926 EJ-S cores capable of 5 GBit/s USB speeds. The following is a block diagram depicting the design and main features of these cores. -![XDK Transfer block diagram](xdk_transfer/xdk_transfer_block_diagram.png) +![XDK Transfer block diagram](../_files/xdk_transfer/xdk_transfer_block_diagram.png) Full board scans (thanks to @cactus for the help): @@ -23,15 +23,9 @@ NOTE: Click on the image to load high-resolution image! Back: -[![XDK Transfer - backside](xdk_transfer/thumb_transfer_back.jpg)](xdk_transfer/transfer_back.jpg) +[![XDK Transfer - backside](../_files/xdk_transfer/transfer_back.jpg)[XDK Transfer - frontside](../_files/xdk_transfer/transfer_back.jpg) - -Front: - -[![XDK Transfer - frontside](xdk_transfer/thumb_transfer_front.jpg)](xdk_transfer/transfer_back.jpg) - - -## Kernel Software +## Software The SystemOS driver that communicates with the XDK Transfer Device is called `xbtplinkc.sys` and can be found in C:\Windows\System32. Its full name is the `Xbox Transport Protocol Link Client` driver. The "Client" part of the name is Hyper-V terminology, hence we can presume there exists a counterpart XbtpLinkP (provider) driver in the HostOS, which dispatches requests. diff --git a/docs/misc/codenames.md b/docs/misc/codenames.md new file mode 100644 index 0000000..9936dbe --- /dev/null +++ b/docs/misc/codenames.md @@ -0,0 +1,37 @@ +# Codenames + +This page contains a list of known internal codenames for hardware, software, accesories, or other components of the Xbox one. + +| Codename | Product / App Name | Category | Description or Comments | +| --------------- | -------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Arden/Sparkman | Codename(s)? for the Xbox Series S/X secure AMD enclave | Hardware | N/A | +| Keystone | A [cancelled](https://kotaku.com/xbox-game-pass-keystone-microsoft-halo-infinite-1849790199) Xbox Streaming platform / hardware device | Hardware | N/A | +| Cordova | Codename for one of the Xbox One ODD hardware revisions | Hardware | N/A | +| Lancaster | Codename for one of the Xbox One ODD hardware revisions | Hardware | N/A | +| Monterey | Codename for one of the Xbox One ODD hardware revisions | Hardware | N/A | +| Argos | Codename for the [Zebra prototype controller](https://x.com/TorusHyperV/status/1690416005564993536?s=20) hardware | Hardware | N/A | +| Geneva | Presumably, codename for some uncertain controller prototype hardware | Hardware | N/A | +| Nui / nuisensor | Kinect | Hardware | Internal name for Kinect, still used in official APIs and drivers | +| Petra | Presumably, a codename of an earlier Kinect prototype hardware version | Hardware | N/A | +| Nazca | Presumably, a codename of an earlier Kinect prototype hardware version | Hardware | N/A | +| Ameri | Presumably, a codename of an earlier Kinect prototype hardware version | Hardware | N/A | +| Durango | Codename for the retail Xbox One PHAT day One mainboard revision | Hardware | NOTE: Durango was also used during 2012-2013 to refer to Xbox One alpha prorotypes. However nowadays the name is mostly used to refer to the day one console hardware version. | +| Graybull | Codename for the retail Xbox One PHAT day One mainboard revision | Hardware | refers to the same retail board as Durango | +| Silverton | Codename for a retail Xbox One PHAT mainboard revision | Hardware | N/A | +| Edmonton | Codename for the retail Xbox One S mainboard revision | Hardware | N/A | +| Kingston | Codename for the retail Xbox One S mainboard revision - presumably same as edmonton | Hardware | Leaked schematics presumably refer to the Xbox One S as Kingston Retail | +| Carmel | Codename for some mainboard revision - needs verification wether this is an Xbox One S flavour or is it Xbox One PHAT / Xbox One X! | Hardware | N/A | +| Cactus | Codename for the retail Xbox One X mainboard | Hardware | The PCBs sometimes include the Cactus text | +| Scorpio | Codename for the retail Xbox One X mainboard | Hardware | Used interchangeably with Cactus | +| Zurich | [Xbox One Digital Tv Tuner Adapter](https://www.amazon.de/Xbox-One-Digital-TV-Tuner/dp/B00E97HVJI) | Hardware | N/A | +| Brittlebush | [XDK Transfer Device](../hardware/xdk_transfer.md) | Hardware | N/A | +| Zephyrus | Internal and API name of the Xbox Adaptive Controller | Hardware | Some prototype appeared online for sale in late 2023 | +| Merlin | Series X/S Controller | Hardware | Xbox Accessories App Image Names | +| Troy | Elite (Generation One) Controller | Hardware | Xbox Accessories App Image Names | +| Delphi | Elite (Generation Two) Controller | Hardware | Xbox Accessories App Image Names | +| Crete | Xbox One Controller Revision (BT + 3.5mm) | Hardware | Xbox Accessories App Image Names | +| Merlin | Series X/S Controller | Hardware | Xbox Accessories App Image Names | +| Norland | Xbox Stereo Headset (Generation One) | Hardware | Xbox Accessories App Image Names | +| Parkview | Xbox Stereo Headset (Generation Two) | Hardware | Xbox Accessories App Image Names | +| Orren | Unknown controller hardware | Hardware | Found [here](https://xbaccessories.blob.core.windows.net/accessories/M/XB_GA_ew92RW1KHEGfgr6ZoY3DyQ.json) | +| Xiphos | Codename for the GIP (Gamepad Input Provider) service in SystemOS | Software | N/A | diff --git a/docs/default-app.md b/docs/operating-system/default-app.md similarity index 51% rename from docs/default-app.md rename to docs/operating-system/default-app.md index b6105d8..4d93f3b 100644 --- a/docs/default-app.md +++ b/docs/operating-system/default-app.md @@ -10,6 +10,6 @@ Execute this: `SRAcmd.exe -LaunchApp DefaultApp_cw5n1h2txyewy!App` ## Screenshots -![Default App - older version](./default-app/defaultapp1.png) -![Default App - recent version](./default-app/defaultapp2.png) -![Default App - recent version, online](./default-app/defaultapp3.jpg) +![Default App - older version](../_files/default-app/defaultapp1.png) +![Default App - recent version](../_files/default-app/defaultapp2.png) +![Default App - recent version, online](../_files/default-app/defaultapp3.jpg) diff --git a/docs/firmware.md b/docs/operating-system/firmware.md similarity index 100% rename from docs/firmware.md rename to docs/operating-system/firmware.md diff --git a/docs/harddrive.md b/docs/operating-system/harddrive-partitioning.md similarity index 100% rename from docs/harddrive.md rename to docs/operating-system/harddrive-partitioning.md diff --git a/docs/kiosk.md b/docs/operating-system/kiosk.md similarity index 98% rename from docs/kiosk.md rename to docs/operating-system/kiosk.md index d00725d..93e89d6 100644 --- a/docs/kiosk.md +++ b/docs/operating-system/kiosk.md @@ -6,7 +6,7 @@ The Xbox One family of consoles features an obscure mode of operation called `Ki As part of the marketing effort for the console, special units were shipped to videogame stores, airports, big malls and other locations, which showed promotional videos of games, or that allowed to play latest releases and demos of upcoming games. These stations are known as "Kiosk Consoles" or simply "Kiosks", which are fairly common in the gaming world. -![Kiosk Console](kiosk-mode/kiosk_console.jpg) +![Kiosk Console](../_files/kiosk_console.jpg) ## How to enter Kiosk Mode diff --git a/docs/protocol-URIs.md b/docs/operating-system/protocol-URIs.md similarity index 100% rename from docs/protocol-URIs.md rename to docs/operating-system/protocol-URIs.md diff --git a/docs/telemetry.md b/docs/operating-system/telemetry.md similarity index 100% rename from docs/telemetry.md rename to docs/operating-system/telemetry.md diff --git a/docs/unauthorized-device-lockout.md b/docs/operating-system/unauthorized-device-lockout.md similarity index 86% rename from docs/unauthorized-device-lockout.md rename to docs/operating-system/unauthorized-device-lockout.md index f5bc50a..d301307 100644 --- a/docs/unauthorized-device-lockout.md +++ b/docs/operating-system/unauthorized-device-lockout.md @@ -1,11 +1,10 @@ -#### PRELIMINARY RESEARCH - # Unauthorized Xbox Device Lockout & Enforcement -### \hklm\osdata\software\microsoft\durango\Enforcement +**PRELIMINARY RESEARCH** +## `hklm\osdata\software\microsoft\durango\Enforcement` Early research suggests that the lockout of unauthorized Xbox devices is controlled by the above reg key. On a Retail Series X console, the value is set to "UnauthorizedDeviceFlag : 1" in the PublicInsider10 (Skip Ahead) ring. In theory, deleting the key would disable the lockout system, however this has yet to be tested. -#### Notes +### Notes * The [LiveSettings](https://settings-win.data.microsoft.com/settings/v3.0/xbox/XboxOneShellFeatures) flighting system provisions the key, it is believed to be based on the value: `AccessoryEnforcement A91B1992-AE37-4936-A220-5384CC830F88` \ No newline at end of file diff --git a/docs/xbox-operating-system.md b/docs/operating-system/xbox-operating-system.md similarity index 65% rename from docs/xbox-operating-system.md rename to docs/operating-system/xbox-operating-system.md index 0ed5ed1..8e74af9 100644 --- a/docs/xbox-operating-system.md +++ b/docs/operating-system/xbox-operating-system.md @@ -15,16 +15,16 @@ that implement Microsoft's Xbox Virtual Machine stack. ### Host Volumes/Drives -| Partition Name | Mount Point as seen by HostOS | Notes | -| -------------- | ----------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Internal Flash | F:\\ | The flash does not contain a normal file system, it is using the [Xbox boot filesystem](xbox-boot-file-system.md) and is exposed as a normal NTFS partition via a special driver. | -| host.xvd | C:\\ | Host's Windows Installation. | -| User Content | E:\\ | Direct access to the HDD User Content partition. XVCs are stored here. | -| System Update | R:\\ | Direct access to the HDD System Update partition. Boot slots and SystemOS XVDs. | -| System Update 2 | J:\\ | Direct access to the secondary HDD System Update partition. Can also contain boot slots and SystemOS XVDs. However it seems to be empty on most HDDs | -| System Support | G:\\ (or sometimes Q:\\) | Direct access to the HDD System Support partition. Containing SystemOS's settings, temp, etc. | -| Host Tools | D:\\ | Special XVD called HostTools.xvd in the HDD with extra utils to be used in the Host Operating System. If the XVD exists in the bootslot in the HDD, it will be mounted to this volume letter | -| Temp Content | V:\\ | Direct access to the HDD Temp Content partition. Containing temporary XVD's, paging data, etc. | +| Partition Name | Mount Point as seen by HostOS | Notes | +| --------------- | ----------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Internal Flash | F:\\ | The flash does not contain a normal file system, it is using the [Xbox boot filesystem](../boot/xbox-boot-file-system.md) and is exposed as a normal NTFS partition via a special driver. | +| host.xvd | C:\\ | Host's Windows Installation. | +| User Content | E:\\ | Direct access to the HDD User Content partition. XVCs are stored here. | +| System Update | R:\\ | Direct access to the HDD System Update partition. Boot slots and SystemOS XVDs. | +| System Update 2 | J:\\ | Direct access to the secondary HDD System Update partition. Can also contain boot slots and SystemOS XVDs. However it seems to be empty on most HDDs | +| System Support | G:\\ (or sometimes Q:\\) | Direct access to the HDD System Support partition. Containing SystemOS's settings, temp, etc. | +| Host Tools | D:\\ | Special XVD called HostTools.xvd in the HDD with extra utils to be used in the Host Operating System. If the XVD exists in the bootslot in the HDD, it will be mounted to this volume letter | +| Temp Content | V:\\ | Direct access to the HDD Temp Content partition. Containing temporary XVD's, paging data, etc. | ## System diff --git a/docs/xbox-ui.md b/docs/operating-system/xbox-ui.md similarity index 90% rename from docs/xbox-ui.md rename to docs/operating-system/xbox-ui.md index fd54697..f18a8e4 100644 --- a/docs/xbox-ui.md +++ b/docs/operating-system/xbox-ui.md @@ -10,7 +10,7 @@ C:\\Windows\\XboxUI. ## Components -![XboxUI Schema](xbox-ui/xboxui_schema.png) +![XboxUI Schema](../_files/xboxui_schema.png) ## Win32 process rendering diff --git a/docs/xbox-virtual-drive.md b/docs/operating-system/xbox-virtual-drive.md similarity index 98% rename from docs/xbox-virtual-drive.md rename to docs/operating-system/xbox-virtual-drive.md index 04b5cfc..c1de2da 100644 --- a/docs/xbox-virtual-drive.md +++ b/docs/operating-system/xbox-virtual-drive.md @@ -41,7 +41,7 @@ Non-XVC files use an ODK which appears to be static for all XVDs (but differs be - ODK: Offline Distribution Key, used to decrypt the header's encrypted CIK, and likely any CIK stored outside the package ## Visual representation of the XVD format -Get the [PDF Here](./XVD_visual_format-2.pdf) +Get the [PDF Here](../_files/XVD_visual_format-2.pdf) ## Tools [xvdtool by emoose](https://github.com/emoose/xvdtool) diff --git a/docs/xcrdutil.md b/docs/operating-system/xcrdutil.md similarity index 66% rename from docs/xcrdutil.md rename to docs/operating-system/xcrdutil.md index 3fe5f30..be951d6 100644 --- a/docs/xcrdutil.md +++ b/docs/operating-system/xcrdutil.md @@ -9,7 +9,7 @@ The tool is located at `C:\Windows\System32\xcrdutil.exe` XCRDutil allows specifying remote paths, in HostOS, via two notations: - XCRD paths (see below, e.g. `[XUC:]\package.xvd` for **User Content** partition in HostOS). These paths are an abstraction to the HostOS filesystem, allowing to refer to .xvd's without knowing their exact location, and possibly also allowing for security / permission checks. -- Global paths (e.g. `\??\F:\` for **F:** / [XBFS](xbox-boot-file-system.md) drive in HostOS). These refer to a physical volume (like a disk partition, the flash, etc) in HostOS. +- Global paths (e.g. `\??\F:\` for **F:** / [XBFS](../boot/xbox-boot-file-system.md) drive in HostOS). These refer to a physical volume (like a disk partition, the flash, etc) in HostOS. Not all the options/arguments for XCRDUtil expect the same format for the paths. Some options are able to work with paths pointing to the SystemOS's filesystem, while others may only work with remote paths to HostOS, in either one of the two types just specified previously: @@ -135,12 +135,12 @@ xcrdutil -delete_blob [XUC:]\targetPackage.xvd ``` ## Error Codes -|Error Number | Meaning | Description | How to obtain it -|-------------|----------|-------------|----------------- -|0x80070002 | File/path not found | This error appears whenever an invalid path to a file is used (either XCRD, native \\??\\ path, or SystemOS path). | ```xcrdutil -m [XUC:]\idontexist.xvd``` -|0x80070570 | Possible permission error |This error appears when an operation is denied due to insufficient permissions. Examples include trying to mount host.xvd. | ```xcrdutil -m \??\F:\host.xvd``` or ```xcrdutil -QueryInfo \??\F:\host.xvd 3``` -|0x8007048F | Path not found |This error appears when trying to create/access a file in a XCRD path that does not exist. | ```xcrdutil -c [XE0:]\someinvalidpath``` -|0x80070032 | Unknown | Possibly meaning the passed XVD does not have region information | ```xcrdutil -Specifiers [XUC:]\someXvdYouveMounted``` -|0x80070005 | Unknown | Unknown | ```xcrdutil -read_blob \??\F:\host.xvd D:\DevelopmentFiles\host.xvd.dmp``` (as elevated admin account) - -NOTE: It is possible that error codes have changed over time with newer xcrdutil versions, and the table might not be completely accurate. +| Error Number | Meaning | Description | How to obtain it | +| ------------ | ------------------------- | -------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------ | +| 0x80070002 | File/path not found | This error appears whenever an invalid path to a file is used (either XCRD, native \\??\\ path, or SystemOS path). | ```xcrdutil -m [XUC:]\idontexist.xvd``` | +| 0x80070570 | Possible permission error | This error appears when an operation is denied due to insufficient permissions. Examples include trying to mount host.xvd. | ```xcrdutil -m \??\F:\host.xvd``` or ```xcrdutil -QueryInfo \??\F:\host.xvd 3``` | +| 0x8007048F | Path not found | This error appears when trying to create/access a file in a XCRD path that does not exist. | ```xcrdutil -c [XE0:]\someinvalidpath``` | +| 0x80070032 | Unknown | Possibly meaning the passed XVD does not have region information | ```xcrdutil -Specifiers [XUC:]\someXvdYouveMounted``` | +| 0x80070005 | Unknown | Unknown | ```xcrdutil -read_blob \??\F:\host.xvd D:\DevelopmentFiles\host.xvd.dmp``` (as elevated admin account) | + +**NOTE**: It is possible that error codes have changed over time with newer xcrdutil versions, and the table might not be completely accurate. diff --git a/docs/certificates.md b/docs/security/certificates.md similarity index 96% rename from docs/certificates.md rename to docs/security/certificates.md index d79b630..b03c4ca 100644 --- a/docs/certificates.md +++ b/docs/security/certificates.md @@ -3,12 +3,12 @@ # Certificates For verification of the console and as well as a method of securely -determining the capabalities to enable. +determining the capabilities to enable. ## Console Certificate Per-console certificate to verify and define the device. Stored in -**sp_s.cfg** (offset: 0x5400) inside [XBFS](xbox-boot-file-system.md). +**sp_s.cfg** (offset: 0x5400) inside [XBFS](../boot/xbox-boot-file-system.md). Total Size: 0x400 bytes @@ -38,8 +38,8 @@ Total Size: 0x400 bytes ## Boot Capability Certificate Used to determine what type of developer features the console can use. -Stored in **certkeys.bin** inside [XBFS](xbox-boot-file-system.md). -Also check out [Devkit types](devkit-types.md). +Stored in **certkeys.bin** inside [XBFS](../boot/xbox-boot-file-system.md). +Also check out [Devkit types](../console-models/devkit-types.md). ### Format Total Size: 0x180 bytes diff --git a/docs/security/exploits.md b/docs/security/exploits.md new file mode 100644 index 0000000..78f8ac5 --- /dev/null +++ b/docs/security/exploits.md @@ -0,0 +1,22 @@ +# Exploits + +## Software + +### Retail +- [HostOS - External VBI loading](../exploits/external-vbi-loading.md) (19.09.2019) +- [SystemOS Symbolic Link Exploit](../exploits/file-explorer-symbolic-links.md) - Access restricted/encrypted volumes using the Xbox File Explorer (02.06.2017) +- [SystemOS Microsoft Edge - chakra.dll Info Leak](../exploits/ms-edge-exploit-cve-2016-7200.md) (30.03.2017) +- [SystemOS Microsoft Edge - File System Access](../exploits/Edge-Browser-File-System-Exposure.md) (XX.XX.20XX) +- [SystemOS Remote Code Execution - Xbox Live Messaging / WinJS injection](../exploits/ms-xdash-js-injection.md) (XX.XX.2019) +- [Browser access while offline](../exploits/browser-access-while-offline.md) +- [ECC Curveball - TLS certificate spoofing (CVE-2020-0601)](../exploits/ecc-curveball-cve-2020-0601.md) (December 2019) + +### Development mode +- [SystemOS Elevation of privileges via Artifice (automation tool) using vulnerability in OpenSSH service](../exploits/artifice-devmode-elevation.md) (10.09.2023) +- [SystemOS Read/Write overlay for System.xvd](../exploits/devmode-systemxvd-read-write.md) (31.07.2019) +- [SystemOS Elevation of privileges via UnattendedUtilities](../exploits/devmode-unattended-utilities.md) (11.06.2019) +- [SystemOS Elevation of privileges via VSProfiling account](../exploits/devmode-priv-escalation-vsprofiling.md) (09.09.2018) +- [SystemOS shell access / SSH / Sirep](../development/setup-dev-mode.md#using-ssh) (09.09.2018) + +## Hardware +- None so far diff --git a/docs/security/general-security-design.md b/docs/security/general-security-design.md new file mode 100644 index 0000000..949201e --- /dev/null +++ b/docs/security/general-security-design.md @@ -0,0 +1,6 @@ +# General security design + +Watch the presentation by Microsoft as an intro: **Guarding Against Physical Attacks: The Xbox One Story** + +- Platform Security Summit 2019: https://www.youtube.com/watch?v=U7VwtOrwceo +- BlueHat Seattle 2019: https://www.youtube.com/watch?v=quLa6kzzra0 \ No newline at end of file diff --git a/docs/security-processor.md b/docs/security/security-processor.md similarity index 100% rename from docs/security-processor.md rename to docs/security/security-processor.md diff --git a/docs/update-cfg.md b/docs/update-cfg.md deleted file mode 100644 index 4c8fe02..0000000 --- a/docs/update-cfg.md +++ /dev/null @@ -1,7 +0,0 @@ -# Update.cfg - -The files `update.cfg` or `update2.cfg` in [Flash](xbox-boot-file-system.md) can indicate the currently installed OS build of the console. - -## File format - -TBD diff --git a/docs/xbox-live/xsts-token.md b/docs/xbox-live/xsts-token.md index a9feef8..88aac03 100644 --- a/docs/xbox-live/xsts-token.md +++ b/docs/xbox-live/xsts-token.md @@ -25,7 +25,7 @@ Xbox Live services use the same pre-configured relying party that is opaque to a ## Token structure The token is broken into sections including a Header and the Payload. There are other sections in the token depending on the encryption method for your token. Each part of the token is separated by a ‘.’ in the encoded token string. -![XSTS Token Structure](xsts-token-structure.png) +![XSTS Token Structure](../_files/xsts-token-structure.png) `Note: For Symmetric X-tokens, the format is similar but there is no Content Encryption Key or XBL Signature. The Payload is encrypted and decrypted directly with the symmetric shared secret key.` diff --git a/docs/xeo3/shaders.md b/docs/xeo3/shaders.md deleted file mode 100644 index c86e0b3..0000000 --- a/docs/xeo3/shaders.md +++ /dev/null @@ -1,6 +0,0 @@ -## XEO3 Shaders -Little is currently known about the XEO3 shader format, for example how the original shaders from Xbox 360 games are converted into the DirectX 11 Durango format. While it is known that that Backwards Compat games' XVCs contain DirectX 11 Durango format shaders in the DLL file format, creation or rendering of these shaders is not currently possible. - -These shaders appear critical to running any graphical xex, as evidenced by attempting to run [XeXMenu on the emulator](https://web.archive.org/web/20210414133418/https://twitter.com/XB1_HexDecimal/status/1382326180490010630). - -Example: xeo3_3bfc9c1a_932fc286_956f016e_98ef8821_6b9d46d0.dll (From CastleCrashers) diff --git a/mkdocs.yml b/mkdocs.yml index 2b68a38..9820252 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -3,7 +3,7 @@ repo_url: https://github.com/xboxoneresearch/wiki theme: name: material - custom_dir: docs/overrides + custom_dir: overrides icon: repo: fontawesome/brands/github features: diff --git a/docs/overrides/main.html b/overrides/main.html similarity index 100% rename from docs/overrides/main.html rename to overrides/main.html