Topic: How Far Can We Overflow? (Read 132 times)

afon · « **on:** March 06, 2004, 01:18:00 PM »

For the poor souls stuck with 5530
When the fonts overflow: would it be possible to insert code into the RAM that would enable dev feautures, or possibly even a new BIOS? Because from reading Pedros Findings in trying to overflow an application in the sandbox, it doesnt seem possible to do anything like this post-dash without Dev feautures in the bios. And, lets face it: PBL (without this idea implemented) is impossible on 5530 kernals.
So lets recap my idea for the fonts:

Boot->
Bios looks for dash ->
Overflow fonts ->
Fonts overflow far into ram, changing Bios or adding dev feature->
Warm boot to hexed dash ->
(optional)Take advantage of dev features with a PBL like app->

And another tech question:
Why does it seem that with mech fonts, clock loops never occur to be fatal for the xbox? Wouldnt we just be able to use bigfonts with a hexed dash?

And another Idea for 5530 users:
Maybe we could make a VB proggie to patch all xbes in a folder with a new key. Possibly even one for xbox? That would extremely convienent! Hell, maybe even a proggie that makes a patched xbe in memory!

EDIT: Yeah, i was just thinking and i came up with an idea for a new dash (possibly even an add-on). Someone should code an XBE that checks the key to see if it has been modified, and if it has; Sign the XBE with that exact key (Not the exact XBE, make a .bak. And if its an unknown key, well then it just wont work)
I am begging someone to code something like that for 5530 users, all these people posting "MEMEMEMEME, BLACK SCuREEN UF DEAHTTT(wtf?)" is really bogging down the relevency of having this section of the forum

".

AND YET ANOTHER THOUGHT!:
If we had the above program written, i would say fuck PBL. Because who's had problems launching games/apps with a hacked bios (not to mention using PBL!).

-Af0nz Spesial Ed 4 Thinkurez of piratesz

afon · « **Reply #1 on:** March 07, 2004, 05:37:00 AM »

bump?

RiceCake · « **Reply #2 on:** March 07, 2004, 05:55:00 AM »

It would be possible but who wants to do the dirty work?

Lol.

PedrosPad · « **Reply #3 on:** March 08, 2004, 01:58:00 AM »

Hi ya afon,

(Cool. More chat on my specialist subject

)

Font History:
The original font exploit leverages a weakness in the way that the 4817 and 4290 Dashboards loads the XTF fonts (the flaw was fixed by M$ in all Dashboards after 4290). This exploit originated out of the very clever xbox-Linux guys, and was intended to simply launch xbox-Linux (see Font Exploit). Therefore the exploit payload simply patches the BIOS to expect the alternative signature used by the Linux XBE (the 'habibi' key).

Since the 'habibi' key was only known to the xbox-Linux guys, the alternative Bert & Ernie font exploit was released that used a non-secret 'font' key. But this too merely patches the BIOS to expect the alternate XBE signature (see Bert is Cheating on Ernie)

This 'bootstrap' approach is very clever as it simply does the minimum required in order to pass control to an external XBE. Very flexible!

While you can still downgrade the Dash to 4290 the font exploit does work, on any XBOX/BIOS. This means that you can sign the EvoX, etc, and any game XBEs with the font key and it'll all work fine. Yup even on K:5530.

Complex!Loader (the forgotten application): (See Complex !Loader)
The first 'application' to build on the exploit bootstrap was Complex's !Loader . The Complex!Loader was signed correctly, and loaded by the bootstrap exploit. It applied 'further' patches to the BIOS, disabling the signature check, and media check, etc. Meaning that people no longer had to resign all their XBEs, etc. The first version only worked on XBOX V1.0 BIOSes, a second version had a public SDK and worked on a wider variety of BIOSes. This really cool application had it's thunder stolen when PBL was released.

Enter PBL (Phoenix's BIOS Loader): (See Phoenix Bios Loader)
PBL allows a complete hacked BIOS to be loaded from the hard disk and replace the BIOS in memory. No more buggering about with patches, etc. - Replace the whole thing with a BIOS that has the signature/media checks disabled, etc. plus other neat features (IGR, etc). It now appears that PBL uses a BIOS debug function that allow a BFM (boot-from-media) BIOS to replace the original BIOS in memory. It now appears that function has been retired in the new 5530 BIOS.

Moving on:
Going back to the pre-PBL days of having to resign all XBE's really isn't that much hassle is it? From the forums, it appears it is.

Although Ernie.xtf is authored to simply be a bootstrap (as light-weight as possible), it's true that it can really be as a large as it needs to be. So, potentially, it could patch the BIOS to disable the signature check altogether. However that could mean a font for each BIOS, etc.

I think the answer is a return to Complex's !Loader. I don't believe it relied on any specific debug functions. It simply patched the BIOS in memory in the same manner as the font exploits do (so if they work, it should!). Simply, a new patch file for the new 5530 BIOS will need to be authored.

My 2cents.

PedrosPad · « **Reply #4 on:** March 08, 2004, 03:41:00 AM »

PedrosPad · « **Reply #5 on:** March 11, 2004, 06:16:00 AM »

Wooger · « **Reply #6 on:** March 14, 2004, 05:55:00 PM »

Man you know how long its been since I've heard about the Complex !Loader?
What ever happened to them anyway? Team Complex that is?

I don't remember a SDK for them though?

Wooger

PedrosPad · « **Reply #7 on:** March 15, 2004, 07:51:00 AM »

Artifex has pointed out what I'm proposing is exactly what his Bert is Cheating on Ernie (BiCoE) font exploit did, but it only supported BIOS 4034.

So I guess I doing a BiCoE_5530.

Author Topic: How Far Can We Overflow? (Read 132 times)