Premise: This tutorial was made to teach the new exploit user whats what and how it works. Thus curbing user incompetence and moronic posts.Security: The key to your stupid questions
Read up.The Xbox a whole slew of security features out to get you. Learn these, and you will be able to out smart the box
or it wont be able to out smart you at least.
Signatures: Why you cant run homebrew code without kernel modifications.Every xbe in any xbox game or dash files on the hard drive is signed with the MS Private Key. Every xbe has its own signature, (as long as they are different xbes) since the signature is essentially a checksum of the xbe. If you change a single bit in the xbe, the signature will be invalid. If you attempt to run unsigned code (any xbe without a valid signature) you will most likely get an error 21 screen.
Media Checks: Why you cant burn a game and just run it.A media check is a small flag in the xbe header that says what types of media the xbe can be run on. If you want to run it on other media types, you need to patch that part of the header, invalidating the signature.
Hard Drive Locking: Why you cant drop just any drive in that box.The xbox has a small chip called the EEPROM this chip holds 256 bytes which includes important non-box specific information. This includes the xbox live key, xbox region and, most importantly, the HDD unique master key (32 characters). Upon booting, this key goes through a mathematical equation which includes some drive-specific information; the result is the HDD key (40 characters). This key is used to unlock the hard drive, allowing the information to be accessed. If the drive cannot be unlocked you will get error 6(for wrong key) and 5 (for not locked).
In-Depth: Check you the Xbox-Linux site for more technical info!New Developments in 5713 Kernel Why kernels past 5713 are a bit different.In the 5713 kernel, a few new security features came out that threw a wrench in the softmodding works. Basicly, if a xbe has a title ID equal to 0xFFFE0000(the MS Dash title ID), and a date before Aug 5 2003, he kernal will not allow the xbe to load. This basicly means thatthe 4920 dash cannot be launched with kernels after 5713.
Exploits: The key to softmodding.How they work: The basics of exploits.Merriam-Webster defines Exploit as a notable or heroic act.
Well frankly that doesnt make any sense at all! So let me define it for you.
An exploit is a hole or vulnerability in a piece of software that can be taken advantage of. In the case of softmodding, this hole is used to patch the kernel in memory, usually the portion which contains the public key, replacing it with a public key for which we can easily create a private key to tack onto the an xbe, allowing it to be launched, circumventing all of the security features mentioned in the Security section.
What they are: A rundown of the exploits out there.Audio exploit: The audio exploit takes advantage a hole in the cd ripping area of the MS Dashboard.
The exploit consists of a st.db file that replaces the one currently used by the MS dash. The exploit requires the user to attempt to rip a cd in order launch the exploit. Newer swapless versions of the exploit do not require a cd to be inserted to the drive in order to execute the exploit.
Keys Used:
Audio or Habibi
Only for MS Dash version 4920!Font exploit: The font exploit manipulates vulnerability in the MS Dashboard on boot.
The exploit consists of 2 font files (bert.xtf and ernie.xtf) that replace the stock fonts (xbox.xtf and xbox book.xtf). There are many version of this exploit including: bigfonts, bert and ernie reloaded, and bert is cheating on ernie. The exploit activates on boot and requires no monitoring or user input to execute.
Note: In order to launch the MS Dash from any font exploit, you need to have a second hex edited copy that changes the font references to point to the original fonts reside.Warning: Running this antiquated exploit puts you at risk for a clock loop.Keys used:
Font
Only for MS Dash version 4920!Mechfonts: An offshoot of the font exploit.
These fonts load a edited version of the MS Dash into memory which will launch an xbe when the (renamed) Live tab his launched. These fonts were originally made for launching Linux only but they were hacked to work with any xbe. Some people say these fonts are rid of the clock loop, but this may not be the truth, since there is no solid proof to this.
Keys Used:
Audio or Habibi
Only for MS Dash version 4920!Savegame exploit: Uses a hole in various games.
The savegame exploit takes use of flaws in the savegame loading areas in 3 games (so far) Splinter Cell, Mech Assault, and 007: Agent Under Fire. The savegame exploits are a very important part of softmodding, since they can be loaded on through a memory card, allowing you to avoid hotswapping, which can be a bit dangerous.
Keys Used:
Habibi
UDE (Ultimate Dashboard Exploit): Exploit that launches on boot
with no risk of clock loop.This exploit uses a hole in the 4920 dashs update.xbe. Consists of a single font named bert_ate_ernie.xtf.
Keys Used:
Habibi
UDE2 (Ultimate Dashboard Exploit 2): Exploit that launches on boot
with no risk of clock loop.Uses a NFL Fever 2003 update.xbe to side step the added security in kernels past 5713!
Keys Used:
Habibi
Only for NTSC boxes! (for now)
EEE (Easter Egg Exploit): An Audio exploit spin off-ish exploit.
Compatible with kernels past 5713. Uses a hacked st.db like the audio exploit, but requires the user to type out <<Eggsßox>> with the MS Dashs on screen keyboard.
DDE (Double Dash Exploit): Replace the live tab.
Replace the live tab with a second dash. Previously allowed you to go on live.
Tip: Most, if not all, exploits have customizable boot paths, allowing you do change the xbe loaded after the exploit is executed. These can easily be found in the hex of the .xft or st.db files.End notes:This tutorial is unfinished; I plan on added sections for bios loaders/kernel patchers and smaller sections on dashesand bioses as well as a key terms and definitions area.
I hope this tutorial helps you figure all this softmodding nonsense. Good luck!
Questions? Comments? Compliments? Post!
Complaints? Shove it
you know where.
Credits: Since I wrote most of this from memory, using a few release posts for referance...Me
People who like to make corrections (you know who you are)