QUOTE(ConteZero76 @ Jul 28 2007, 08:41 AM)
![View Post](http://forums.xboxscene.org/public/style_images/master/snapback.png)
It's possible (no, it's likely) that the entire signature block is loaded to cache before the actual check.
Doesn't matter, the timing difference is from the comparisons being executed.
QUOTE
If you aren't able to detect a 2 clock cycles (at 3,2 GHz) it's really difficoult to "capture" differences.
It looks like the CPU probably isn't running at full speed at this stage in boot, plus there is a nice debug port that outputs values to tell you when certain stages have been passed in startup.
![smile.gif](style_emoticons/default/smile.gif)
QUOTE
Anyway if Microsoft was dumb enough (this kind of trick is quite old, most signatuer checks do confront ALL the value no matter what) they'll close the hole in a firmware upgrade.
They are dumb enough - the code has been reverse engineered and the comparison is byte-by-byte, and bails as soon as a byte is wrong. The only part that's up for debate is whether the timing difference is detectable, and with sufficiently expensive equipment it will be. The tricky bit is getting it detectable using *cheap* hardware, since this has to be done per-box.
Sure, they can fix it in a firmware upgrade, but it still widens the window of which kernels can be exploited. If they fix it in a future update then people can just not upgrade until they've had a chance to recover their key this way
![wink.gif](style_emoticons/default/wink.gif)
Also, since you'll require an Infectus or other programmer to take advantage of this, you can just back up your current NAND, remove r6t3, then downgrade later.