Print

[devz3ro]

First dashboard exploit that is Live 2.0 compatible

I found out how to use the dvd drive with the "Easter-egg" exploit

Using the ST.DB track below

QUOTE

Copy this ST.DB like always to your /E/TDATA/fffe0000/music/ directory

Once you obtain my Double-dash package from "the usual places", there is only a small change you need to make while following my readme after upgrading your dashboard to the latest available.

That is:

QUOTE

Leave your /C/xodash/xonlinedash.xbe alone, do not rename or replace it. Instead go into your Xbox's /C/xboxdashdata.185ead00/ directory and rename your settings_adoc.xip to settings_adoc.bak, and transfer over the xonlinedash.xbe from the xodash directory in my package on your computer to the /C/xboxdashdata.185ead00/ directory on your Xbox and rename that to settings_adoc.xip

ST.DB

CODE

UmFyIRoHAM+QcwAADQAAAAAAAABMd3QggCUAXQIAAADMAAACAffrSwCIojAdNQUAIAAAAFNULkRC CBlRVMy9HBH7Ja1UL+KVdLRGWui6qpCVCq2hFpJdFIHvX8mUqDWthHwoNLPCggh4R0Qhd6OhHQ6F JsRCCDfwKg2bHTVBdNUaxYNUbRoVW+T7tpLJLT3ra0RHc3TndHenDvMzmfwn38jwzne94dzvecw+ +DM0ZhgZm/LR9BUwdz+HmR2t6jmykNVzJdVb8e86S+D0L68d13Gr76vRTNc87XxS6TT9dwhwzA+s y+zK/xZ31c6m9SL7VJnl4T6oWeqLfmL71nC1Dc3UPVMnXbTxPUq1JOOd/CUuWXk4O6lZebD9OSpi 2dCtVrUGuxT4qZxJq1B3JVh50mctvDo3Oo3VyrMG2qOqSctZEXKkNrRdCV4Wppa/gyM7TEK+Pp0j b7K7jSkhGmwfZLn1jcVvDZyex5XUbgd9qw7PqibxjkWttyXa+7Y6zWPzGJZQmMtH0hRqKFY3cCJS 6jAu4m6YzNYrVEl/CM/sLFmmmnqZjFhRKPpoX90XNstm1Z4vmNI+SptO8k0KZ1jKsZTLOjPrV4zD zJjeitgtefveu8WHW+KgRjq60qlr+9delqMx0f/awKhzr9uEaX/AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATx5Vw/f7IT52An6reffwr1foxOH1edfo/wE /PWm2akz2V5aYW38F3i4l5254c2O9j+azzsCoc7QUJ4KdeInKsTV6mWwnphXHzlYf9hPZKj7QTz+ Rt4E9ayLeZLOYeRWN67oFMPwXG4ajyXou5Ku2oT9/wE+f0jEPXsAQAcA

I currently have this installed on the latest Xbox Live dashboard: "5960" and it works flawlessly.
NOTE: On a Halo SE Xbox with kernel 5101

Power up your Xbox & have the dvd drive open, then go to / perform the following:

1. MUSIC
2. Soundtrack (below AUDIO CD)
3. COPY
4. COPY
5. NEW SOUNDTRACK
6. Erase "Soundtrack 1" and type out: <<Eggsßox>>

NOTE: from PedrosPad (Originally his idea)
Make sure you include the (less than, less than) symbols before and the (greater than, greater than) after. Also note the 'beta' character that is used for the B can be found under 'Accents'

After PBL starts loading, you may close the tray.

Edit #1: It will load the exploit, and corruption should not occur with this track. A bad keypress should not matter (possibly creating more of the same tracks if done wrong).

Edit #2: Replaced current ST.DB with rmenhal's. This didnt cause an extra track to be written when performing the exploit incorrectly

-devz3ro

http://sh0x.tk/

[PedrosPad]

Glad you managed to make something from the idea.
Congrats.  

[PedrosPad]

QUOTE (devz3ro @ May 19 2004, 07:31 AM)

Also odd but interesting, the sountrack is named "<<Eggsßox>>" but it shows up on a few of the screens as "<<EGGSSSOX>>". Could this be M$ thinking ahead of time?

More likely to be a localization flaw.  The German 'ß' character is pronounced and treated as 'SS'.

[Australian Rat]

Maybe we should have waited until Live 3.0 was released  They probably would've overlooked this one then

Ah well nm, it would take all the fun out of finding new exploits.

Also, just a thought.  Would it be possible to load the Live 2.0 dash using this exploit?  It's just I'd rather have the 'Xbox Live' link on the dashboard go to the exploit but still be able to access the live dash with retail bios.

Then again, once the live dash was updated again, it would stuff up DD anyway... just a thought.

[PedrosPad]

QUOTE (Australian Rat @ May 19 2004, 08:29 AM)

Maybe we should have waited until Live 3.0 was released  They probably would've overlooked this one then Ah well nm, it would take all the fun out of finding new exploits.

True.  I'm stunned.  I was curious, but very pessmistic that this actually would fly on new XBOXs.

[rmenhal]

QUOTE (PedrosPad @ May 19 2004, 08:33 AM)

True.  I'm stunned.  I was curious, but very pessmistic that this actually would fly on new XBOXs.

While this discovery is very nice, I don't think it goes quite that far. Note that the easter egg executable is replaced with a pre 4920/live xboxdash.xbe. And we know that kernels 5713 or higher won't allow dash downgrades.

Actually - while I didn't bother to trace out the logic exactly - there's a new check in 5713's XBE loader. It checks the XBE certificate structure. If the title ID is 0xFFFE0000 (dash's ID), the kernel then checks the time and date field and anything prior to about Aug 5 2003 causes it to bail out. So dash 4920 and prior versions are out.

[PedrosPad]

QUOTE (rmenhal @ May 19 2004, 09:17 AM)

While this discovery is very nice, I don't think it goes quite that far. Note that the easter egg executable is replaced with a pre 4920/live xboxdash.xbe. And we know that kernels 5713 or higher won't allow dash downgrades.

QUOTE (devz3ro @ May 19 2004, 07:31 AM)

I currently have this installed on the latest Xbox Live dashboard: "5960" and it works flawlessly. NOTE: On a Halo SE Xbox with kernel 5101

Thought this was one of the non-downgradable XBOXes.  If not, you may be right - we'll have to wait for someone the the newest Kernel and Dashboard to try it.

QUOTE (rmenhal @ May 19 2004, 09:17 AM)

Actually - while I didn't bother to trace out the logic exactly - there's a new check in 5713's XBE loader. It checks the XBE certificate structure. If the title ID is 0xFFFE0000 (dash's ID), the kernel then checks the time and date field and anything prior to about Aug 5 2003 causes it to bail out. So dash 4920 and prior versions are out.

Let's hope the easter egg XBE doesn't  have a title ID of 0xFFFE0000 (dash's ID).  

[mkjones]

Finally! A way into the Live 2! dash

I can now work on a new package!

[PedrosPad]

From X-S news page: MS Dashboard Updated

QUOTE

Today (5/18/04) we are pushing a small update to the Xbox Dashboard. This update addresses a couple of backend issues (that I can't outline for security reasons.) There are no new features or enhancements that members will see as a result of this update. This is a a VERY small update...so small that many folks won't notice, but I know this group will. Thanks.

I wonder......

[digisatman]

QUOTE (devz3ro @ May 19 2004, 07:31 AM)

First dashboard exploit that is Live 2.0 compatible I found out how to use the dvd drive with the "Easter-egg" exploit Using the ST.DB track below Once you obtain my Double-dash package from "the usual places", there is only a small change you need to make while following my readme after upgrading your dashboard to the latest available. That is: <<Eggsßox>> CODE UmFyIRoHAM+QcwAADQAAAAAAAABMd3QggCUAXQIAAADMAAACAffrSwCIojAdNQUAIAAAAFNULkRC CBlRVMy9HBH7Ja1UL+KVdLRGWui6qpCVCq2hFpJdFIHvX8mUqDWthHwoNLPCggh4R0Qhd6OhHQ6F JsRCCDfwKg2bHTVBdNUaxYNUbRoVW+T7tpLJLT3ra0RHc3TndHenDvMzmfwn38jwzne94dzvecw+ +DM0ZhgZm/LR9BUwdz+HmR2t6jmykNVzJdVb8e86S+D0L68d13Gr76vRTNc87XxS6TT9dwhwzA+s y+zK/xZ31c6m9SL7VJnl4T6oWeqLfmL71nC1Dc3UPVMnXbTxPUq1JOOd/CUuWXk4O6lZebD9OSpi 2dCtVrUGuxT4qZxJq1B3JVh50mctvDo3Oo3VyrMG2qOqSctZEXKkNrRdCV4Wppa/gyM7TEK+Pp0j b7K7jSkhGmwfZLn1jcVvDZyex5XUbgd9qw7PqibxjkWttyXa+7Y6zWPzGJZQmMtH0hRqKFY3cCJS 6jAu4m6YzNYrVEl/CM/sLFmmmnqZjFhRKPpoX90XNstm1Z4vmNI+SptO8k0KZ1jKsZTLOjPrV4zD zJjeitgtefveu8WHW+KgRjq60qlr+9delqMx0f/awKhzr9uEaX/AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATx5Vw/f7IT52An6reffwr1foxOH1edfo/wE /PWm2akz2V5aYW38F3i4l5254c2O9j+azzsCoc7QUJ4KdeInKsTV6mWwnphXHzlYf9hPZKj7QTz+ Rt4E9ayLeZLOYeRWN67oFMPwXG4ajyXou5Ku2oT9/wE+f0jEPXsAQAcA I currently have this installed on the latest Xbox Live dashboard: "5960" and it works flawlessly. NOTE: On a Halo SE Xbox with kernel 5101 Power up your Xbox & have the dvd drive open, then go to / perform the following: 1. MUSIC 2. Soundtrack (below AUDIO CD) 3. COPY 4. COPY 5. NEW SOUNDTRACK 6. Erase "Soundtrack 1" and type out: <<Eggsßox>> NOTE: from PedrosPad (Originally his idea) Make sure you include the (less than, less than) symbols before and the (greater than, greater than) after. Also note the 'beta' character that is used for the B can be found under 'Accents' After PBL starts loading, you may close the tray. Edit #1: It will load the exploit, and corruption should not occur with this track. A bad keypress should not matter (possibly creating more of the same tracks if done wrong). Edit #2: Replaced current ST.DB with rmenhal's. This didnt cause an extra track to be written when performing the exploit incorrectly -devz3ro http://sh0x.tk/

so basically, its an audio exploit for people wanting to use live 2.0?

regards

[ldots]

It's actually still a font exploit. It's just the audio copy function that is used to launch the easter egg which in this case is a pre-live dash that loads rmenhals fonts.
The new ST.DB just makes it unnessecary to insert an audio CD to tricker the easter egg - and it displays the <<Eggsßox>> name in the "no-cd" soundtrack.

This post has been edited by ldots: May 19 2004, 10:46 AM

[digisatman]

QUOTE (ldots @ May 19 2004, 12:35 PM)

It's actually still a font exploit. It's just the audio copy function that is used to launch the easter egg which in this case is a pre-live dash that loads rmenhals fonts.

is it for peeps who wanna use live 2.0?

I dont wanna use live, so should i stick double-dash exploit?

Or, is there a ROJ problem with this exploit?

Regards

thanks idots

[PedrosPad]

QUOTE (digisatman @ May 19 2004, 12:38 PM)

I dont wanna use live, so should i stick double-dash exploit? Or, is there a ROJ problem with this exploit?

Both the easter egg and double-dash exploits suffer the ROJ issue.
Both the easter egg and double-dash exploits now have workarounds that allow the disks to be swapped (thx to devz3ro - see first post in this thread).

The audio, font, and double-dash exploits can't be used by people with the very latest Kernels that prevent dashboard downgrading.  Tests are underway to see if they can now use this new easter egg exploit.


This post has been edited by PedrosPad: May 19 2004, 11:25 AM

[digisatman]

QUOTE (PedrosPad @ May 19 2004, 01:09 PM)

Both the easter egg and double-dash exploits suffer the ROJ issue. Both the easter egg and double-dash exploits now have workarounds that allow the disks to be swapped (thx to devz3ro - see first post in this thread). The audio, font, and double-dash exploits can't be used by people with the very latest Kernels that prevent dashboard downgrading.  Tests are underway to see if they can now use this new easter egg exploit.

QUOTE

double-dash exploits now have workarounds that allow the disks to be swapped

explain please

[rmenhal]

QUOTE (PedrosPad @ May 19 2004, 09:25 AM)

Let's hope the easter egg XBE doesn't  have a title ID of 0xFFFE0000 (dash's ID).

It doesn't matter what the title ID of the easter egg XBE is. It's the title ID and time/date of the XBE getting loaded that counts. And that's certainly dash's ID. So I don't think this will work on kernel 5713 or higher any better than dd does. (btw, all executables that come with dash seem to have that same ID.)