Print

[[Prophet]]

QUOTE(Monte2 @ Jan 1 2007, 10:56 PM)

I fly all over the states and have never had nor seen any fingerprint identification done.

I've flown into the states about 8 times since september 11, and funnily enough, have been subjected to the fingerprint system every time.

I doubt domestic flights would be subjected to such a scheme.  However, international citizens most certainly do get their fingerprints put on record.

[ben1989]

 stop the fuking slating

[gdeciantis]

It's a complete fake. The screen went blank for an entire minute. In that time I could have started an XNA application with the graphics he showed. The PCB is just there to draw your attention.

[P8ntBal2Xtreme]

Ben would u mind going into detial I would like to hear what you say. Everyone has there facts and opinions so please tell us if were missing something here.

[thebaboon]

QUOTE(gdeciantis @ Jan 1 2007, 04:29 PM)

It's a complete fake. The screen went blank for an entire minute. In that time I could have started an XNA application with the graphics he showed. The PCB is just there to draw your attention.

Start an XNA app from within a game, without going to the dashboard?

[boza111]

I have noticed something promising about the projection on the wall.
Some of you guys have suggested and hinted that maybe there was some other video source or he might have used his laptop.
If you look at the top right corner at the beggining of the video you will notice that it has a little square box saying which video source is selected. (even though we cant read it it doesnt matter)
When it gets to the king kong screen the "box" times out.

|If he swapped the video sources the box would reappear when there was the tux mac logo.

Do you guys see what i mean

[wap32]

if the 360 has indeed been hacked, then it was real fast  

the video looks real and I don't think someone would go to a conference to show a fake hack, but we'll see soon I guess

[DivyX]

When 1st gen came out, people didn't believe it could be hacked.
Brings back memories. And it's been over year. Statistically this perhaps would be the time we start to see full compromise hacks? Statistically lol. Still doubtful.  

[OmegaSupreme]

controversy......
it seems promising enough but only time will tell.

[jaimebenlasnow]

QUOTE

No booting details known. [if you could connect to JTAG-pins and figure out how to use on-chip debugging features, you might be able to single step the boot code, bypass the boot loader altogether and get direct access to hardware and memory etc. You might also be able to create your own modified boot loader into RAM. As the boot ROM resides on-chip, the mods may need always some kind of hardware solution, for example a simple FPGA with an external Flash containing a modified boot monitor which will be downloaded using the JTAG interface during power-up by the FPGA. Once the boot sequence and protection is RE'd one may be able to find a software-only solution to circumvent the protections.]

[Also, it might be possible to arrange a remote access over Internet to this JTAG interface/debugger for selected skillful persons: Those persons might even use some kind of messenger conference call to use debugger together and see in real-time what's going on. Messenger with a secured remote desktop access might do the job.]

Changes between beta hardware and final:

Alpha hardware = macintosh

Beta = ? looks like retail, but no encryption

Second beta =! retail

Tried to dump RAM, could only dump virtual memory

RAM is at 8000_0000

Southbridge: pci config space, mapped to VM, accessible by user apps.

Memory at bottom looks random/encrypted, might be hypervisor 256 KB.

8040_0000 xbox kernel starts, MZ header

Read memory using debug interface: everything is in plaintext, you can read kernel + app (dashboard etc.), i.e. virtual memory is not encrypted

Kernel interesting to disassemble

Communication with hypervisor using syscalls

Hypervisor does interrupts/exceptions.

[ben1989]

QUOTE(aaar9800 @ Jan 2 2007, 09:50 PM)

i brightened the picture, where the tux mac logo is floating on the screen:

http://rube.741.com/xbox360-hack2.jpg

the logo has already loaded and he is fiddling with a usb cable and probably that adapter. did he just unplug it, or is about to plug it in? if the latter, what was the adapter thing for then?

the woman is looking at him funny though

No worki m8

[jaimebenlasnow]

QUOTE

No booting details known. [if you could connect to JTAG-pins and figure out how to use on-chip debugging features, you might be able to single step the boot code, bypass the boot loader altogether and get direct access to hardware and memory etc. You might also be able to create your own modified boot loader into RAM. As the boot ROM resides on-chip, the mods may need always some kind of hardware solution, for example a simple FPGA with an external Flash containing a modified boot monitor which will be downloaded using the JTAG interface during power-up by the FPGA. Once the boot sequence and protection is RE'd one may be able to find a software-only solution to circumvent the protections.]

This is why he use is Laptop:

QUOTE

[Also, it might be possible to arrange a remote access over Internet to this JTAG interface/debugger for selected skillful persons: Those persons might even use some kind of messenger conference call to use debugger together and see in real-time what's going on. Messenger with a secured remote desktop access might do the job.]

And there is very like very good information that lead me to this:

QUOTE

Disassembling old kernel - it accesses a serial port

SERIAL PORT!!: debug info written to on debug box, 115k

boot monitor: send special character '@' -> talk to boot monitor

plaintext interface

you can read/write memory, execute code

bootloader runs before hypervisor setup

boot monitor works on physical memory

write to pci config space possible, read memory, write memory

c000xxxx: THE interesting stuff is HERE!!!! can't be accessed - hangs

c8xxxxxx NAND - bootloader reads from there, copies to RAM

hack: use network to dump in boot monitor, just didn't work :- (something might not be configured yet

    * read
    * write
    * init ram

everything before uses no ram

in bootloader: 1010101010 patterns - bus/memory training?

[unklejoe]

whats the purpose of that wire?

[ben1989]

QUOTE(xboxfree @ Jan 2 2007, 10:37 PM)

Ben ?
http://i77.photobuck..._stringer/w.jpg

yes ??

[Fragreaver]

According to a thread in the xboxhacker board it's just a fix for a defective trace on the mainboard.