Print

[Angerwound]

Just checked the Reset-On-Eject, it is when it is halfway out, not on button push.
But other than that everything works great here...

D: 4920
K: 4034
DD: 4034

[Angerwound]

Okay, one way around this reset on eject for now:

As IDOTS said:
If you have a backup you would like to play, open your tray before hitting the Live Tab.
Should boot fine, then close your tray with game in. Boot game and enjoy.
Hopefully we can fix ResetOnEject soon.

[ldots]

QUOTE (ldots @ May 4 2004, 09:17 PM)

Though not perfect, this exploit can still be used for running backups though as the exploit can be executed with the tray left open before hitting the 'live-tab'.

Beat you Angerwound !  

QUOTE (zorxd)

Also as I suggested on the original double-dash thread, someone with a 5713 kernel should check if an older dash can be executed from the live-tab (just with original fonts initially). It's not entirely impossible the this new kernel only check for the right dash-version on bootup, but not on a subsequent lauch on xonlinedash.

OK - no point in pursuing that then.

[Angerwound]

LOL I didn't read very carefully I guess.

[mkjones]

Still I may have a mess at the weekend, see what this baby runs like I always like to try out new hacks..

Im sure this is the future! Just need a little luck to get it working 100%

[jon20usa]

[afon]

I've been in the clock-loop from the catfish fonts a few times (others have been, too). And, when I boot up my xbox, the catfish fonts dont always work. This double dash method has:
No chance of clock loop, ever
The ability to work all the time

And the only down side is reset on eject, which might be able to be fixed.

[afon]

6. Copy-paste the file probe.bin to offset 0x1000 and onwards. There should
  be lots of zeroes and room.

7. Search for string of bytes 8B 40 08 6B C0 1C. Let x be the offset of 8B.

8. Check if starting at offset x-12 there are bytes 04 50 FF 36. If not,
  continue searching at step 7.

9. Starting at offset x, write 68 00 10 01 00 C3
  (these replace the bytes in step 7.)

Whats the point of all this hex-editing? An XBE either gets loaded or not...

[afon]

All these fonts do for me is reset my xbox once I push the XBL tab.
Ive used the new ernie, tried fine tuning and EVERYTHING. Wtfs going on here? Maybe 3944 would help (Coughhintcough)

[afon]

Maybe someone can PM me fine tuned files for this setting, or maybe a setting close to this.

Just so you know, I can see the xboxdash#2 boot up (Green mesh etc) but it just resets or freezes. Ive tried the big ernie, and downloaded a fine tuned bert. :/

[Angerwound]

First of all, it will reset when it can't find a e:\default.xbe to load or it's not signed correctly.
Secondly, no one can send you fine tuned files. They are tuned based on your dash and kernel setup. Nothing more, nothing less. Anyhow, enough of this, let's get down to fixing the reset on eject. If anyone has any information on it besides what is in the forums please post. IE) how to remove the flag.. Or maybe let us know if it is impossible to add this at all. Once this is working w/o reset then it totally blowz the audio/font exploits out of the water.

[devz3ro]

Pinned as promised, hopefully this will be developed enough to replace all font hacks released to date. I would like to see this use 100% of its potential. Great idea, and great work.

Keep it up

-devz3ro

http://sh0x.tk/

[Angerwound]

QUOTE (devz3ro @ May 5 2004, 03:43 AM)

Pinned as promised, hopefully this will be developed enough to replace all font hacks released to date. I would like to see this use 100% of its potential. Great idea, and great work. Keep it up -devz3ro http://sh0x.tk/

Awesome, thanks a lot devz3ro. Hopefully it will get a bit more attention/help now...

[rmenhal]

I've got the reset-on-eject issue as well. Dash 4920 has the nonsecure-mode media type flag. Dash 3944 doesn't. If I sign Dash 3944 with the habibi key using xbedump (it'll automatically set the nonsecure-mode flag 0x80000000), do the keypatching audio and then Live tab, the reset-on-eject goes away. This is interesting however:

1) at step 13 of readme.txt when the led blinks red, reset-on-eject is not enabled.

2) I put a test into the memory allocation function (look at the comment in bert.asm to figure out the memory location) to test when the overwrite of the SEH pointer happens, and when it happens go into infinite loop. The reset-on-eject is now enabled.

Can anyone confirm this? If this is correct then there is a away to disable reset-on-eject and we're going to find it.

Update: I won't confirm it. Sorry about that one. Actually my comment in bert.asm is a bit incomplete. There's another pair of the same mov instructions nearby and execution can take that path aswell. So I thought that in 2) I was spinning in an infinite loop while in reality execution was in ernie trying to find the key (loop which I probably forgot to bypass that time). I don't think reset-on-eject was really enabled anymore. Observation 1) is not useful either. It's because media type has flag 0x80000000 set, by xbedump.

[krayzie]

Now this is awesome. So if there is a posibility to trigger the hack from any dashboard we won't ever have to downgrade again and we can scrip for instance evox to restore to original state so we can play live all we want and later use some scripted evox gamesave to get back to our friends bert and ernie and get the hack working again. or am I thinkin to far ahead.