Topic: Wanted... "rmenhal-like" Skills For Development Of (Read 385 times)

Cio · « **Reply #60 on:** October 10, 2005, 05:59:00 AM »

GJ

Xbox: What happen?
HD: Somebody set up us the exploit.
Kernel: We get signal.
Xbox: What!
Kernel: Main screen turn on.
Xbox: It's you!!
xman954: How are you gentlemen!!
rmenhal: All your box are belong to us.
xman954: You are on the way to homebrew.
Xbox: What you say!!
rmenhal: You have no chance to check sig's make your time.
rmenhal & xman954: Ha Ha Ha Ha ....

P.S. nice to see you again eh

(please excuse the rant, you all got me in a good mood on monday, not something that happens alot).

dus · « **Reply #61 on:** October 10, 2005, 10:52:00 AM »

QUOTE(rmenhal @ Oct 10 2005, 06:27 PM)

That just stands for 'overwritten address', it's not any technical acronym. Those addresses
locate the pointer to a structure used by the XDK debugger (I think - I don't have the XDK.)

Ahh, of course! Now that makes sense. I wondered what all those fs:[20h]+250h and calls all over
the code were doing.

QUOTE(rmenhal @ Oct 10 2005, 06:27 PM)

Perhaps there is a writable function pointer in a fixed location somewhere in the
XBE (instead of the kernel), with a call close enough to the overwrite position, but I didn't
look for one. The exploit could be made kernel version independent with that.

Yes, that would be more elegant, but hardly necessary and may not even be possible.

Thanks for clearing that up! (It has been nagging at me for a while now.)

kingroach · « **Reply #62 on:** October 11, 2005, 08:22:00 AM »

xman954 · « **Reply #63 on:** October 11, 2005, 09:23:00 AM »

CODE

%elifdef MS_4627_01
OWA equ 80035C04h+250h; MS 4627.01

from the hulk st.db

Horscht · « **Reply #64 on:** October 11, 2005, 11:45:00 AM »

ok, a few ?s about this ST.DB exploit.

1. I have problems getting the right 4920 uberdash. Slayers 2.5 comes with a 4920, but that's not the uberdash one. So, NP linked to a thread that has PPF files (I got them already) to convert the non uberdash from slayers 2.5 to the uberdash one. Do these patches create me a real working uberdash that I can actualy use?

2. The ST.DB that rmenhal posted, what habibi signed xbe does it load?

thanks in advance

Horscht

xman954 · « **Reply #65 on:** October 11, 2005, 12:03:00 PM »

thanks to rmenhal it works fine, 3944.4034 so far..
http://forums.xbox-s...dpost&p=2973832
just put the offset in D5960_offset, 1B000h
and change the + to - in the next line, there is the 'generic'

both boot E:\default.xbe

slayers2.5 MSdash is all that you need + PPF patch
to get everything working

dus · « **Reply #66 on:** October 11, 2005, 03:21:00 PM »

QUOTE(dus @ Oct 11 2005, 10:19 PM)

...I guess the kernel _specific_ ST.DB posted by rmenhal should work on a normal 4920 dash.

Checked it and it works fine. (On a 5101 box using PBL to load Evox M8 bios, don't ask...)

Horscht · « **Reply #67 on:** October 12, 2005, 11:11:00 AM »

unfortunatelly, this can't be used without problems on krazie's Ndure installer. krazie's ndure doesn't come with smaller fillers, but a rather big shadowC.img. So krazie's ndure setup lacks the free space for this setup. Just thought I'd mention it.

Krayzie: maybe you should consider a slightly smaller shadowC.img on the next version of your installer and add a few smaller filler files. Just a suggestion, tho

krayzie · « **Reply #68 on:** October 12, 2005, 11:28:00 AM »

I'm sure that when you are smart enough to figure this stuff out your also capable of playing with the shadow C a little like removing it and add a smaller one...

If this makes it to the next installer I ofcourse take care of all necesarry adjustments.

Horscht · « **Reply #69 on:** October 12, 2005, 11:40:00 AM »

yeah, I just tried it (I didn't have any problems making myself a smaller shadowc.img, I was just mentioning it for the next version of your installer

), and it works fine. I had problems at first, because I forgot to habibi sign the UnleashX default.xbe

. I almost got pissed until I realized that. It works very good on my 5838 kernel. Thanks rmenhal and xman for your work.

What I'll do next, is to use the xbe shortcutmaker (there is one by the avalaunch team, I thnik), to create a shortcut xbe to the gamesave. I will put the shortcut (habibi signed this time

) into the root of E named default.xbe, and the gamesave should load.

all in all: thanks for all your work rmenhal and xman.

Textbook · « **Reply #70 on:** October 13, 2005, 09:37:00 PM »

I haven't read this thread since the day it was made, and I don't have anything to offer, so I just read through it tonight for an update. I just wanted to say wow! It really says something when you can (re)introduce an idea and it can be made into a success in just a few days. It shows a lot about the knowledge, intelligence, and determination of the people of Xbox-Scene. (especially xman954 and rmenhal)

As I don't know much about this as you guys do, I think I have the following correct. The UDDAE exploit works like SCEEE does for UXE. Except this works with NDURE (which is even better). Basically, this can completely turn the sofmod on and off. I'm going to try and get this correct, but please correct me if I'm wrong and if I do get it wrong, sorry about trashing the thread and creating more confusion.

1. The normal, retail MS Dash (5960) would load.
2. Trigger the EEE by doing the <<Eggsbox>> thing.
3. This would launch the uberdash (4920)
4. You would load a retail CD and then go to copy, copy, a, a, a. ?? ( I have no idea)
5. This would launch a habibi xbe ??

How does Ndure work with this? Man, I must sound stupid, as I don't know much about the development side of anything.

Also, would this work like the SCEEE , where it would be turned on and off via a EEE Switcher? Or would it boot up to the normal 5960 everytime?

Congratulations on the great accomplishment you guys.

krayzie · « **Reply #71 on:** October 13, 2005, 10:24:00 PM »

QUOTE(Textbook @ Oct 14 2005, 05:48 AM)

I haven't read this thread since the day it was made, and I don't have anything to offer, so I just read through it tonight for an update. I just wanted to say wow! It really says something when you can (re)introduce an idea and it can be made into a success in just a few days. It shows a lot about the knowledge, intelligence, and determination of the people of Xbox-Scene. (especially xman954 and rmenhal)

Horscht · « **Reply #72 on:** October 13, 2005, 10:57:00 PM »

QUOTE(krayzie @ Oct 14 2005, 06:35 AM)

Also you don't need an audio cd to launch the audio exploit. (at least I asume this is the no cd version. I haven't tried it myself yet.)

xman954 · « **Reply #73 on:** October 13, 2005, 11:52:00 PM »

it is the no CD version
and there is a blank sound track to copy (in the st.db itself)
no need for any thing else
also too the switcher xbe could rename
a real st.db to use in the modded state ( so you could have in game music)
then when switched off put back the hacked one

rgtaa · « **Reply #74 on:** October 14, 2005, 05:27:00 PM »

did anyone make a package for this yet?
... and if so can you please just give the correct name for it ... so I can go easter egg hunting in the usual places.
One of my xbox's still has uxe on it because I like the sceee exploit... it would be nice to have this type exploit on my ndure xbox's.
Thanks guys for figureing it all out!

Author Topic: Wanted... "rmenhal-like" Skills For Development Of (Read 385 times)