xboxscene.org forums

Pages: 1 2 [3]

Author Topic: Softmod Bios Chain Loading From Tsop - No Exploit.  (Read 276 times)

xboxmods2977

  • Recovered User
  • Hero Member
  • *
  • Posts: 733
Softmod Bios Chain Loading From Tsop - No Exploit.
« Reply #30 on: June 24, 2011, 10:28:00 AM »

QUOTE(Movax @ Jun 24 2011, 04:38 PM) View Post

I thought about redundant patching, but my understanding is that the code contained in the font exploit patches the four bytes I have patched (that is all I have patched thus far). Therefore nkpatcher should be getting the same kernel it would have gotten from retail+exploit.

Ok. Sounds good. So, lets explore our options. Possibilities? The only 2 are these:
1. Have you chosen the correct softmod bios for NKPatcher to load according to your kernel? (probably. SO,)
2. If so, let's go back a little further.

What you say above is true, so your setup may/must vary from a natural retail+exploit environment somehow.
Could there be any remnants of 4981 leftover in memory after PBL has loaded 4817? We know that BFMs do not overwrite all of the bios in ram.

That's all I have got.
Logged

Movax

  • Recovered User
  • Hero Member
  • *
  • Posts: 611
Softmod Bios Chain Loading From Tsop - No Exploit.
« Reply #31 on: June 24, 2011, 12:38:00 PM »

I did use the correct exploit, maybe try everything again step by step really carefully..only possible wild card is I am using Linux.. I'll try again from Windows in a bit. (All the windows tools were run in wine.)
Logged

Movax

  • Recovered User
  • Hero Member
  • *
  • Posts: 611
Softmod Bios Chain Loading From Tsop - No Exploit.
« Reply #32 on: June 24, 2011, 02:43:00 PM »

I re copied over some of the files, re encrypted the bios, etc from windows, no obvious change.

BUT, if I rename the ndts folder to dash and have it as my dashboard I can launch other apps and my IGR works perfect (and is really fast! I was using IND before this).

A clue?

.. Oh I see PBL is there.. still.. is this helpful?
Logged

Heimdall

  • Archived User
  • Hero Member
  • *
  • Posts: 3862
Softmod Bios Chain Loading From Tsop - No Exploit.
« Reply #33 on: June 24, 2011, 02:50:00 PM »

Yes and no. ndts uses PBL to load Frosty's hand hacked Evox M8 BIOS before it loads UnleashX. In other words, it sounds as though you're loading a different BIOS, which is why it's working. Is the LED red?
Logged

Movax

  • Recovered User
  • Hero Member
  • *
  • Posts: 611
Softmod Bios Chain Loading From Tsop - No Exploit.
« Reply #34 on: June 24, 2011, 02:56:00 PM »

Yep.. red LED, (..and my green is working properly.) My best idea with my limited experience is to try and dump the kernel from RAM and take a look.. compare to the kernel image I patched.
Logged

Heimdall

  • Archived User
  • Hero Member
  • *
  • Posts: 3862
Softmod Bios Chain Loading From Tsop - No Exploit.
« Reply #35 on: June 24, 2011, 02:59:00 PM »

Excellent cross-reference smile.gif smile.gif

Yes, that means your system is working because you're reloading a different BIOS.
Logged

Movax

  • Recovered User
  • Hero Member
  • *
  • Posts: 611
Softmod Bios Chain Loading From Tsop - No Exploit.
« Reply #36 on: June 24, 2011, 05:30:00 PM »

I dumped the kernel right after the BFM was loaded - I chained the dumper as xboxdash.xbe. I see the four bytes I patched, but, while overall very similar, there are tons of differences between this and the kernel image I started with, besides the obvious huge filesize difference. Why does the extacted kernel image have a filesize of over 600Kb while the dumped kernel is 262,144 bytes?

Any insight appreciated.. does this info help?

Logged

Heimdall

  • Archived User
  • Hero Member
  • *
  • Posts: 3862
Softmod Bios Chain Loading From Tsop - No Exploit.
« Reply #37 on: June 24, 2011, 05:36:00 PM »

The extracted kernel is uncompressed, the BIOS is compressed.
Logged

xman954

  • Archived User
  • Hero Member
  • *
  • Posts: 835
Softmod Bios Chain Loading From Tsop - No Exploit.
« Reply #38 on: June 24, 2011, 06:57:00 PM »

QUOTE
My theory to be confirmed by xman954/Movax:
1. BFM bios was patched to execute habibi signed XBE, ie the dash, or first XBE.
2. When nkpatcher loads, it no longer finds the byte sequence hence no more patching of public key.

#2
QUOTE

Excellent cross-reference smile.gif  smile.gif
Yes, that means your system is working because you're reloading a different BIOS.

that version of dash is habi signed

try signing one of your game xbe's

the loading of BFM stock bios may have different offset in mem that nkpatcher is unable to calculate for some reason or it's fixed
the 4 bytes patched are the same that ernie.xtf does

i think the direction to go is:
patch the 4 bytes
and flash it to a chip that has 2 or more banks
and see what happens
that will confirm some things

also dumping the kernal on a normal softmoded xbox
then again after PBL reloads it
Logged

Movax

  • Recovered User
  • Hero Member
  • *
  • Posts: 611
Softmod Bios Chain Loading From Tsop - No Exploit.
« Reply #39 on: July 16, 2011, 12:21:00 PM »

I can't seem to build a retail bios after patching .. xbtool crashes.

Any help welcome.
Logged

kingroach

  • Archived User
  • Hero Member
  • *
  • Posts: 1522
Softmod Bios Chain Loading From Tsop - No Exploit.
« Reply #40 on: July 18, 2011, 09:29:00 PM »

I haven't read all the posts but did you try Ind-Bios 5003. It allows you to load a bfm bios so you dont need to use pbl loader. Flash the 5003 bios to TSOP and place stock bfm bios in c:/xboxrom.bin.
Logged
Pages: 1 2 [3]