Print

[Kthulu]

yeah, achievement always requires some effort.  a little luck never hurts tho.

i hope everyone that's been reading this thread has checked all their DVD movies for xbox content.  i would especially check movies that have a corresponding video game....like Chronicles of Riddick (is that on dvd yet?), spider-man, blade, etc...

[Angerwound]

Normally they will announce the xbox content on the dvd. I have googled all over looking and can't seem to find any others besides these two.

[Kthulu]

yeah, i've done the googling too, but i still checked my Spider-man and Blade dvds...double-checking never hurts, but i do have a feeling these are the only 2.

[rmenhal]

Here's my version of the audio exploit for Hulk. The Hulk xboxdash.xbe is compiled with a function return pointer address protection/check so the exploit can't be done exactly the same as before. Currently I use kernel version specific database file. So copy an ST.DB matching your kernel version to E:\TDATA\fffe0000\music\ST.DB and then launch the exploit via the usual button smashing. It boots habibi-signed E:\default.xbe.

CODE

begin-base64 644 hulkaudio.tar.bz2 QlpoOTFBWSZTWSwmtV8AGOf///3/yhn+7///f///7v////4qKsJWJBxgcuig AYy5yq2b4AxfAByjsNbZbGqgIUBQUKBNgoaACDTIyDJiNNMCaYIMmIwEZNGj EGIZDJoyYIZGJoYIZMjQNMQ0DIaZMA0QpM0nplHqY1Tyn6QCeo0ZPQIYEGJi aGAaAIxGRkGBNMjEDJkYQ0yBiaaAkhCJoZCMp6mptT0jINAaeo0PRNBoNNAN AAAAZAaek00AADQBoAACDTIyDJiNNMCaYIMmIwEZNGjEGIZDJoyYIZGJoYIZ MjQNMQ0DIaZMCDTIyDJiNNMCaYIMmIwEZNGjEGIZDJoyYIZGJoYIZMjQNMQ0 DIaZMAVJIIEACNMmpk0bUYmQKfkeqnqPU8myEwKZPFMyaZNNGp5R6amjNTaa jGpsmp6npNDRvVG1PQ0anXFw+bhHpfb9PtWUc6dFQ+MbOeHKiWsgJVBJIagy SI/wFQ/tFIQiemKFCol4rWFRDkiwshcNoWhIRLD4B+YcodgNYcofEMo6nT26 rqbzLdfh1Mm4xRMEYy0TlKR1MZGyKhsCtUUMKiM27zK6uGzlDIMl1hcFChQt LBa1Cw2RYWF1C0LCwVC0EIlh9gUP2DdH3xgNAduFChQOeKC4aQ9YWFrBoFw6 AsLhfQvG2Llw+iPcFz2xtTXPs73J9mcb2sc2Ev37q7bPjVU8aHWZKUnt+IYR zm11PnpITiUFs0oZO4/mTKCJvwBgepxQ4aCkZJqR0DPCZDHBgnIHoydn76+j iDa7IKBSjamvUOXURpVdRCqi5Ui6VVStVY430P6Lo6U8MHp6ulxMOnwo89MM Wt6Vg+xx05KavUkzGarBSWwnSDA8+TkUaLzWaWKZrzSv0sL40rIqhqO85SMU lE6oWXDKL9d6GknMjhnYv4Hy0qMl6VMk9SpykteM2/pfCCWzr2cPJl6uFPF0 InzhMogtiLy0lSnHBwqENQFMWkQOR4ZsHJNhMymUeZy6qpoGrwXbvrYmNTCu NyLY/fH4B4I8kcI7sdMHzD5x/cLh8Qoe8J/mPdD1hkCMwsPxjyxwST1x6olD yx/2OsPhHgchR3cTMXOV3fq/j4N7sO0/j4u8U5tcTF3vR5zY4uZEWGKGrUWP cgbLvIpkpRmXqDPt4jg4ZS3Tbe4iOfMb5afy01Yd1Dcvw2enW5r7Uu9je2bo yfhlhi4BluwWyUkKbS8QAQiHKL9JZHldMhSxyKyRWGiQdVym5B9VyzL1Tder pw3eS5cOHtzNG1fa5rqse9pDmMzX+3A9ADVA4wFtXA3231gZg83iH3GCbop1 rvxdORc6U+9xuHLLUnJ8Xo912ndPa7WbY8e+6Ha3c+vuOKOfwVaaMuxp3R5D NnryVFqilOwMmejszqmHbVxTHrEcl0eRbDIX8EpYAzsGjxwLS6NFXXWehejQ SIIjvijSsVyC2GkNNjkF6CBQCkpubN+uQDp/zy37h9K+dzUM8j+8d756JvxN nX2hOmy7nBbvmjJjLX4L71ZBNAoNnj9AVUklXImO7D/H3btbGRktk1u3Glj0 Y7dFr7oswzD8HuNBMImdErQ9QMA7JmOLevwIo1DGhPmrYfCtUqJ7DeoMddee q3YbbNx8IY22pV1So06FUdjayX1fWlUi15aCE0c7Oziyad5lWSZJhIh77MsR 7gEMzwYoPJv+0MmxMdiZ0TTzXcuGbDQ+t+ofVHzjHcZ9DSrxs84TaKE6Wap1 BW6UYXI1dSvOgqnRCYx6acGvywyyNGaty5llx41UzYKs7gqipHiWU1JgqDFO 7AB8uPSERXwlF2Kd0SZo0Ki1rbR5totgEbYJARU1TOz1O7xUXrM9dHswQxf3 JLAZcYy7wBxCqQSta7EO0xJ6gcHm02dhxnYfY3Ky6xrRnxAMhMDQIuxRgpiv Fk7PaejMzSmmi4UF+FMQryFw3koYSqibVlQXILC0LcCGBX9CqU9gIgMNciFH U7Zw/z28jp2wrve9h5BxUdgqrFbQq6y1kXJ4lTjQ9MGPH861w8QewP9h7yON u7vYaWxJPtrtnw2pdEyN/N0ZucDDg7PLa6Zt8qt5XI+uyyYu8Fhn5nDg0tLY 4ol/D1nLwmu5nhq4obX3R8Imrm2pJ7X8zYmDSUkYtTd4GmO66s84DjgcwAUV u41Qgh3fqY38fDmQx2JsanMdj8o3PRXO5fBp6ekfYpH0qkqvMKwwqsPBDeX9 WsJVKqq9+0ONl158g8ofWHqN2HTemOY3B+YV1x5gzjri8WGvOkyDW6qrvCR3 jVvnkQ3YwRtr/BGmNgb8TzR2mlpXxrc13HcjP2Y8seONweqjzRvBtPyj+Kbk 7Oq5umO5HvjDmC8eiLvp1CqVSjq1aLVa3cQ1Rv5YcUL/W4Kho8XzzI+jXgUn pVap29Tq+FkysmYOU607GZi31vhuVBgZF5C1LRZ3Vx4OpPaHLj50LbZdlfsa Imdmh7C6aId56aOq8iabRovPs6rWzTHR9SJ9SHhu+y5ZIy9brURt9Do1Jxvt bqOrU5rhd/3e9kNKG61oZaDpasTj3N7CJfE1V9yL27Wpdjg2MtatuXWjFbJM kRm2pqHLpV9EaVML5fVbbUZ2dVpIpGSGqs5EPqwxyyM7Zib+3g04bXj5NbDa 0xNCvAZONpj5HfQHtjBEkKM440SYer1dOydZGWVkrKMqnnPQHKhhNFGMqqal kqq39elJU7yyKFSyyxUaGlutGRjGSpVSqNjZ1bjPUVUvzyFT4obEjqnf8fmz BpzNN2g5M9zByHOa2m5fGuzSbDal3Gmp2zYc6FbOvPXcrmuPxrciF1QtDlvC u5+9omRNmEbWGvSYN6AbjaAkVvqtu4fwNbx9zXuXgajkRCOhfLoY3r1acw4M qiupTHzv0/q5317VSdTQydLnUz1UvsspVThWU4cJcjtocy7pXsjTvkqrtc9C dnKqoqzi02n0eHvmLSiVnUS0zqJ0L2bXTGF3muV8I+UfkH3h645oxDyx6g/I Lht7c4h2+r2FQtvROLbPoY3wcPdyu5eD3U5NR2NRqpWtnozDvwzJPHaTL0TH GGxVGxZwmzy5taWvqQ7IxmhZhSVwkM3TlqLJTRVrCNqWlUp6MQzMgqZhiZn4 eOlavlY1ct5S8oO4VJUFImlboW4WZg3VEK7E+XYbDLgiB9DIBwwhMQykSImU gJDuVBNGpUZwyWjHRy0ip3DTbalTS0KlZPZ8rgMgmxNZOC5S231xvWHD48wy JtSZp2d3K2cIkYtwd4NQjRtzCK7GJv3GxUvORKskYROpfi0GO8eAyzBmaJjJ W/yGe5MjSJr2LUxZcLKioscu+OTjfV1CpYkaty2qywsTd0jJqIyRbGXSqYxN JuGxFQisJ8QDrslXsE7ZJeGDMjTC5KWmgwiAYafkAjwgPBlWkyl0FVCYuVEq quUrbu1NOO0LKYYwpWeGzs5E1WiRbdwwrmX7TPrK7bD9Y90jf88aeHcqyxNh 2QWhberx6javnQNG1KLs0SMpP94na+qMZI221D0pd0mVhv7t6RZku3s5WnSp VUzMwMUd4dxmHHhoB2UQzjO29ZFNJBlr5DZZtBzxtbkz2ttrlqU1tOSca28K 72PjH0xrcXk8zxq9QeoPZH6B+cfoG4HCHziw64+QfsFw8UUP0jnC22P+hZ8Y /1k64rzBeNoUPbH7xag+6PkH/g8QYQnjD5Rvi4LDgDsh5oXw90coWwFD3h+s awxGmNIWExD5h/oLDqj9w/ELu06v7c4vDoDgFo64ob/7/291WQfuGJJJCcn+ FZJZ6I+AdqPzj5RcPwh5Q9AUFg0D+A/KO0Fw54+ce+NMfOP/xdyRThQkCwmt V8A= ====

[rmenhal]

QUOTE (PedrosPad @ Sep 27 2004, 11:51 AM)

Thanks for that explanation rmenhal.  That explains the lack of the Error 21 screen, and the lockups.  But the reboots?

I don't think I'm going to bother with that. It's possible to crash dash 5659.03 to a null pointer reference too. And Kthulu's reboots didn't seem very consistent.

[triggernum5]

I thought you'd have it out by midnight EST honestly..  8 minutes off:)  I love the way you crank these off the assembly line..

[Chicken Scratch Boy]

great work, rmenhal!

now for getting it onto the hdd  

[EthanHunt_IMF]

QUOTE (rmenhal @ Sep 28 2004, 12:19 AM)

Audio data for each track is in separate files (on the HD). The exploit uses the database file ST.DB which contains all info on how the tracks grouped/organized. Couldn't really be on read-only media since the database needs to be modified when adding new tracks.

I'm sure I'm misunderstanding what you are saying some how. But would it be possible to create an audio CD that creates an ST.DB just like yours on the HD?

So our "boot disk" would actually be 2 discs that consisted of
1. a hacked audio cd that will create an ST.DB that would launch a habibi signed D:\exploit.xbe and

2. a boot dvd with hulk dash (default.xbe) and a habibi signed D:\exploit.xbe

I'm sure this is not possible, but would just like to be told so by someone who knows more about what is possible/impossible with this exploit.

[triggernum5]

Just knowing the very basics of how the original audio exploit worked, it would not be possible to create the st.db from an audio cd since the header is what initiates the memory jump with a buffer underflow (probably flawed explanation to those who understand it better)..  The header is generated from the dash itself..

[Pillzburydoofus]

@EthanHunt,  Basically the answer to your question is no.  Any data that would be on the disc would be audio data, whether you manipulated this or not, it would still be dumped to a wma file.  All the st.db file does with this is put a songname with a filename and location.  The actual exploit must be manually entered into an st.db for it to work.  

I personally think it would be great if someone could do the whole sha1 hack idea talked about earlier in this thread, but that seems like it's a bit farfetched at the moment without actual working knowledge of sha1 encryption.  I've been following this thread since day one and I'm impressed with how quickly an audio exploit was created!  Just took the "big dogs of softmodding" to jump on board!  I'm still convinced that the font exploit is possible due to the results of testing in this thread, and I hope no one gives up on that angle.  Unfortunately, I don't have the hulk dash, and I can't change the booktype for my dvdr's because my dvd burner doesn't support +r  (I know, I'm oldskool, but I got it early in the dvdr scene and it's for a laptop.)

[Kthulu]

QUOTE (rmenhal @ Sep 28 2004, 12:11 AM)

I don't think I'm going to bother with that. It's possible to crash dash 5659.03 to a null pointer reference too. And Kthulu's reboots didn't seem very consistent.

i'd like to add my props to rmenhal!  great work!

i think most of the unexpected reboots i got when testing this stuff was due to disc reading problems.  because of this, i recommend the following when anyone is making a hulk boot disc.  fill the disc all the way up!  use a big dummy file.  i used a dvd movie ripped into a 3gb .iso  renamed into 0dummy (no extension).  make an xbox iso and burn that dvd.  if i were to make another disc, i'd use a 4g dummy file.

i've never looked at the hacked st.db files before.  would it be fairly straight forward to hex it into loading d:\abackup.xbe?  this would be what PedrosPad had in mind i think.  this would also be very useful in a future when MS forces hdd dash upgrades from every xbe they make (like the SW bonus disc).  let's hope that doesn't become the norm, but if they do, soft-modders can survive thanks to this.  unless they start 'repairing' st.db when they do a dashupdate...

EDIT: um, nevermind that d:\abackup.xbe non-sense.  it's best to go ahead and load a pbl or something...and it's best to do that from hdd...

[Pillzburydoofus]

Think about it, you've already got a universal boot disc, you just have to have the st.db on the hdd already.

Put the hulk as default.xbe and the hulk dash on the disk as normal, then put your entire game on the disc in the root directory as say d:\game.xbe and re-route the st.db to load game.xbe from D.  Then you insert the disc, trigger the exploit as normal and voila your habibi signed d:\game.xbe boots to that backup. This is the most MINIMAL installation on your hdd, as all it requires is the st.db file!  If only you could find a resource it loads from the disc, then no files would be required on the hdd.

EDIT:  You could also load pbl metoo/fbl from the disc and have that boot d:\game.xbe if you wanted to load a bios for any reason and still keep hdd installation minimal.

[eh.]

QUOTE (rmenhal @ Sep 27 2004, 10:08 PM = "Softmod - The Movie!")

Here's my version of the audio exploit for Hulk ...

Awesome rmenhal. (It's working via my HDD based test eh. )

[eh.]

QUOTE (Pillzburydoofus @ Sep 28 2004, 12:17 AM - part)

Put the hulk as default.xbe and the hulk dash on the disk as normal,

Hopefully the xboxdash.xbe can be the default.xbe for the disc (thus enabling an "any region" boot of the 5680 dash) eh.

[PedrosPad]

Awesome work, as always, rmenhal

QUOTE (Pillzburydoofus @ Sep 28 2004, 08:17 AM)

Put the hulk as default.xbe and the hulk dash on the disk as normal, then put your entire game on the disc in the root directory as say d:\game.xbe and re-route the st.db to load game.xbe from D.  Then you insert the disc, trigger the exploit as normal and voila your habibi signed d:\game.xbe boots to that backup. This is the most MINIMAL installation on your hdd, as all it requires is the st.db file!

I concur.  K.I.S.S. - Keep It Simply and Straightforward - leave BIOS loaders out of the loop, and habbi sign the game.xbe (less involved - less to go wrong!).