I was right - it seems they had almost no time to lock down that v79, they've already found a way to hack around the 'single bit'(!) protection they added:
(from
carranzafp at xboxhacker)
Yes, I see the problem, they add a check here (Upload code routine from Atapi Debug):
ROM0:90029FF9 PROC_UPLOAD_CODE: ! CODE XREF: proc_3B:loc_9002875Ep
ROM0:90029FF9 btst 0x10, (0x5BD) ! If bit 0x10 (bit 5) of 5BD is off then exit (no load code)
ROM0:90029FFE beq exit
ROM0:9002A000 mov 0x5D8, A2
ROM0:9002A003 mov A2, A0
And the hard part is that I can not see any direct location to do a BSET 0x10,0x5BD, so maybe there is a indirect way to turn this bit on, if somebody can trace a command that sets this bit the toolbox will work (issuing such command before dumping)
...
And you can already mod it if you have the hardware:
a) de-solder the tsop,
b) read it with external programmer
c) decrypt it
d) use SMART HACKER option on the toolbox to generate the 79 hacked binary.
e) encrypt the hacked binary (dont forget this step)
f) reflash with external programmer
g) re-solder the tsop
You can do steps c,d,e on the toolbox, dont worry about the key not showing fine on the toolbox, I already fixed it on the new version that will soon release
This post has been edited by bourke: Feb 24 2007, 03:32 PM