Print

[Samph]

Assuming I was able to go out and find a Xbox 360 with kernal 4532 or 4548 (or earlier) and run the orginal King Kong shader exploit, would it be possible to be able to run unsigned .xexs and homebrew etc on the console?

How would this be done?

If it is possible why has no body done it?

(I assume of course, that because no body has done it that it is not possible for some reason I cannot see, but it seemed silly not to ask since I couldn't find, or come up with any reason it wouldn't work.)

[torne]

QUOTE(Samph @ Jul 21 2009, 12:53 AM)

Assuming I was able to go out and find a Xbox 360 with kernal 4532 or 4548 (or earlier) and run the orginal King Kong shader exploit, would it be possible to be able to run unsigned .xexs and homebrew etc on the console?

It's possible in theory, but the work required to make this actually work has not been done.

QUOTE

How would this be done?

If it is possible why has no body done it?

The problem is that once the exploit happens, the console is in a fully booted state with the regular kernel and hypervisor loaded, but with the flow of execution on the processors diverted to be running our code in hypervisor mode. To boot up a patched version of the hypervisor, kernel and dash which do not check signatures, the console needs to be put back to a state that more closely resembles the state it's in at the time it powers on. Some people were working on a rebooter that would achieve this, but it was not finished and there is no ongoing public discussion of the project - it was not able to correctly reboot to even an unmodified version of the system last time it was discussed.

It's not a (comparatively) simple matter of just patching a bit of code in memory and carrying on, which is more or less what tools like nkpatcher do for the original xbox - the entire stack of hypervisor, kernel and dash needs to be happy that it's in the state it's supposed to be in.

[Samph]

From what I've been able to tell, all work/public disclosure of information stopped around the start of 2008? Is nobody working on anything at the moment?

I don't mean to sound whiney and asking for everyone else to do all the hardwork but it is well beyond my scope.

[torne]

Something like that, yes. Whether people are still working on it in private or not, who knows.

There is not a lot of interesting public research going on at the moment. There are people looking at potential ways to exploit newer xboxes which are not vulnerable to the timing attack for downgrading, but even if that succeeds it will only bring them to the same state as existing boxes which can run the KK exploit.

[Samph]

QUOTE

but the reason is probably because there aren't many Xenon boxes left to run the KK exploit on.

What do you mean by this? Excuse my question if its obvious/stupid.

[Samph]

QUOTE(nickcas @ Jul 24 2009, 07:04 PM)

The King Kong exploit only works on Xbox 360's manufactured from launch up to around mid 2006. Those consoles are the first generation of Xboxes which have a Xenon motherboard (hence the name Xenon). These consoles are also highly prone to RROD, and there aren't many left in the wild.

I have one of these I believe, as do a couple of friends of mine. Theres more out there than you think!