Print

[Ubergeek]

Edited to add new information

The new v1.3 Xbox has been discovered not to have any MCPX or RC4 change (however we have ALSO discovered that the RC4 key on the v1.2 / v1.3 maybe different than the v1.1 as we cannot unpack the kernel - however the current bootloader ignores the RC4 so this is why its working)

I had many many problems flashing the Windbond Flash Rom "out of circuit" - it's possible it has some kind of boot block or sector protection (as these options ARE available to the W49F020 and also the ST29F002) - they can of course be programmed "in curcuit" using the 007 hack (on the v1.2 at least anyway)

My solution (after much soldering / desoldering of the "tsop" (I had no TSOP sockets left doh !) was finding a 512k Flash rom with the same pin out as the 256k flash (except RESET was replaced by A18) - this was an AMIC 29F040 (any 29F040 should work) - this booted X2 4976.02 (2 x 256k) perfectly on the v1.3

So yes v1.3 can be hacked - but wasn't an LPC mod working.

After discussions with a very helpful forum member - he revealed to me that he was clsoe to Team Xodus would I like to share any findings with them? Well of course, we're all in the same boat, and the competition and rivalry between OURSELVES is freindly (unlike between some forum members )

They had made some findings of their own and wanted me to confirm - so we went to work scoping out the LPC lines with a diode checker. the suspicions were confirmed correct - LFRAME seemed to be dead (thats Pin 3 on the LPC)

Xodus told me they had removed the MCPX chip on a board they had a while back to find that the LFRAME track was missing - but as there hadnt been any talk of a new model - put it down to a manufacturing defect. Now there is a new model - I have to do the same and remove the BGA MCPX IC on both a v1.2 and a v1.3 to give a confirmed examination of this track.

So what next ?

Well for now LPC is dead. The real question is can you use a mod ? Without testing yet I can say that i'm 99.9% sure that you can use a homebrew device once again - and of course more professional 12 wire mods can be designed to work with ease - so although its a pain in the ass and an unhappy time for LPC mod makers there IS a solution available - so yes LPC has been fun but it aint over yet guys

Thanks to Team Xodus for their assistance and thanks my new freind from that island.

here's some info on the v1.3

Manufacture Date: 21st March 2003
Serial Number: 4128965 31205
DVD Drive: Philips
Hard Drive: Seagate ST310014ACE
Kernel version: 5101.01
Dashboard version: 4920.01
MCPX X3: FB0308.1 0246D1 (Yes thats right its called X3 lol )
Flash Rom Device: Winbond 49F020T 256k

The easiest way to detect if you have a v1.3 (from looking at the packaging - you dont hve to look at the xbox) - is the serial number

Serial Number v1.2 : XXXXXXX 30205
Serial Number v1.3 : XXXXXXX 31205

Things to do:

1) research alternate LPC method
2) create new flashable PATCH mod

[gainpresence]

On the ball as always, Ubergeek.

[shadowflux]

I picked up a second Xbox today to pair with a Chameleon I just got in the mail... flashed the modchip easily with the latest X2 bios, but when I try booting a Evox CD that I know *should* work I just get a frozen half-displayed dashboard error screen (FRAGed of course) after it's done reading the CD.  Does this sound familar on your confirmed 1.3 box Ubergeek?

I originally thought this was a 1.2 Xbox as the manufacture date is early Jan/03, but I guess it's likely the "1.3" unfortunately.

Guess I'll have to put this one aside until a new Xecuter bios is released (hopefully soon!)

sfx

[shadowflux]

Just to clarify... my colourmod X2 bios boots and then frags with a dash error 16.

sfx

[james_row]

That fact that your Colormod X2 BIOS boots up means that the chip is okay and that the mod works. Thus, it's not a 1.3, you have another problem which you can find solution by searching this forum.

[BenJeremy]

Hmmmm... if I read into what you are saying, the new BIOS will be the "X3" BIOS? Interesting.

Good to see somebody is digging into it. Back when the 1.1 came out, there were probably a dozen people over at XBH working on cracking things - but now? Seems to be VERY QUIET over there. Odd.

Also interesting is that the multi-boot trick is not working, since a simple RC4 change should not effect it, right? It used a method to bypass the loader altogether, IIRC. I guess M$ **DID** learn from that release. Have you tried the other alternative 'back door' method, that hasn't been released to the general public?

This post has been edited by BenJeremy: Jun 5 2003, 10:21 AM

[Ubergeek]

QUOTE (BenJeremy @ Jun 5 2003, 12:12 PM)

Hmmmm... if I read into what you are saying, the new BIOS will be the "X3" BIOS? Interesting. Good to see somebody is digging into it. Back when the 1.1 came out, there were probably a dozen people over at XBH working on cracking things - but now? Seems to be VERY QUIET over there. Odd. Also interesting is that the multi-boot trick is not working, since a simple RC4 change should not effect it, right? It used a method to bypass the loader altogether, IIRC. I guess M$ **DID** learn from that release. Have you tried the other alternative 'back door' method, that hasn't been released to the general public?

M$ learnt from the released generic bootloader - they also found the other backdoor from this - both are now plugged

remember what we said a few months back ?

I have every faith we'll get the RC4 though - we've not been stopped before

FYI This version X3 bios wont have all the new features we've been discussing - but we'll get there eventually - X3 hardware is most important right now

[Cherry]

I dunno how technical you're willing to get with this, but since I don't have one of these myself, and I have no intention of buying another box (already got three!)...

I assume the talk of a new RC4 key is just "dumbing down" for the non-techy people, since the v1.1 MCPX used no RC4 key whatsoever. Unless they decided to put RC4 back in there? Would seem pretty pointless, knowing that there are plenty of people that will be able to dump the sucker...

How much do you know at this stage? Just interested, is all...

[rjm2k]

QUOTE (Ubergeek @ Jun 5 2003, 11:27 AM)

M$ learnt from the released generic bootloader - they also found the other backdoor from this - both are now plugged remember what we said a few months back ?

Any chance of you shedding some light on the so far secret backdoors, which have now been plugged then?  For those who are interested.

[Xeero]

There was a small spat between Team Xecutor and Team EvoX about this, I remember.  As rjm2k said, I'd also like to know more about the 'backdoor' if such discussion won't reveal any more than is evidently already known by MS.

[Cherry]

QUOTE (rjm2k @ Jun 5 2003, 02:45 PM)

QUOTE (Ubergeek @ Jun 5 2003, 11:27 AM) M$ learnt from the released generic bootloader - they also found the other backdoor from this - both are now plugged remember what we said a few months back ? Any chance of you shedding some light on the so far secret backdoors, which have now been plugged then?  For those who are interested.

Good point. If the backdoors are now known by M$ anyway, can you now tell us what they were?

QUOTE

There was a small spat between Team Xecutor and Team EvoX about this, I remember.

Indeed. I was interested, and had been playing with this myself, just to satisfy my own personal curiosity. But after seeing all the flaming about this subject, and finding that nobody who DID know was even willing to tell me if what I'd found was "the" backdoor they were talking about, or not - I reluctantly left it alone.

This post has been edited by Cherry: Jun 5 2003, 01:06 PM

[luma]

are there any external identifying factors for the 1.3 xbox?  serial numbers, manufacturing dates, etc?

another post here suggested that the new US packages with the S controller and no pack-in games were likely to be 1.3.  any truth to this?

[BenJeremy]

I'm sure it will all come out in due time... but I guess Team Xecuter's fears were born out by this latest release.

Can't blame M$ for making every effort to improve security.

Sadly, this will makethings a bit stickier for modchip makers,  since the generic bootloader can no longer use EITHER method (public and 'secret' methods) on the newer Xboxes. this will be a bit of a nightmare for vendors who will have to:

1) Educate customers on identifying their system

or

2) Return to a BIOS selection, ala the early X2 Lites to offer a Cromwell BIOS in dual boot (1.0/1.1) and 1.3 configuration.

Maybe M$ would have analyzed the weakness without the dual boot being out there, but i can't help but think this is causing a LOT of new Xbox users out there tremendous headaches as they 'quick' solder in their Chameleons and find they don't work at all.

In the end, I guess it's karma - Team Evo-X/Xodus has ended up burning themselves in this fiasco (real slick adding the quick solder feature that Team Xecuter abandoned).

I'm sure the new encryption will be broken, it's just a matter of time, but what a mess now.

[Ubergeek]

QUOTE (Cherry @ Jun 5 2003, 02:38 PM)

I assume the talk of a new RC4 key is just "dumbing down" for the non-techy people, since the v1.1 MCPX used no RC4 key whatsoever.

what the hell are you talking about ?

of course there was a new RC4 key - I have the entire v1.1 MCPX dump on my box right now - wanna see it ?

[blackout_19]

I think that was an assumption made by the fact that for the dual bios releases you didn't need the rc4 key in order to make colour changes with the likes of xbtool.