Print

[Heet]

Hmm.  Im gonna run this by someone and see if he will help.  Great work so far.  This would be the end of dashboards methinks.  Original hacked dash!!
I would rather have this than any other dash, app, or emu.

[Heet]

PS...this should be a sticky!?!?!?!?!?!?    

[Xustu]

I think I'm gonna go pee my pants.  Volt, awesome stuff man!

[IonBlade]

Wow!  That's soooo awesome - keep up the good work!

[Voltaic]

Ok, I will probably not continue this thread... I'll create a new one in the development forums.  At this point in time, it isn't just a "Can it be done" it's more of a "Ok, let's see what needs to be done" ... and for that I need developpers.

I'd like to thanks everyone that showed interest in this...  And no, this project will not die.  I will be away for a few days on vacation but when I come back, I intend on working quite a bit on it.  

-Volt.

[BenJeremy]

There... moved.

[qwerty123]

This is probably a stupid question but once the original default xboxdash is hacked with ftp servers etc.. Would it still be possible for it to boot off an unmodded Xbox? If so it would make the 007 hack allot cooler. I doubt it would work but just want to know for sure.

[XBOX War3z]

the 007 hack now can run any xbe file, so it should work with the xbox dash, only prob is that it needs some folders and files,...

[vulgusprofanum]

I'm no good with assembly, (decompiling, patching, etc.) but I know cc++ and would love to work with some of those xap files.  It would be great if someone could offer a patch, or explicit instruction on how to defeat the protection in xboxdash.xbe.
B.T.W. - nice job on pixit!

[Voltaic]

Tools needed:  CXBX and IDA.

- Load XBE in CXBX and export the EXE out of it.

- Load EXE in IDA.  Wait until the numbers in the bottom left corner stops.

- In the NAMES window, sort by NAME and locate aXipFileProtect.

- Find the string "XIP File Protection Error".  Go to the xref (where it's being used).

CODE

.text:000181AC aXipFileProtect:                      ; DATA XREF: sub_45D40o    .text:000181AC                 unicode 0, ,0

- You'll be in the function that is printing that string out, go to the xref of that function.

CODE

.text:00045D40 sub_45D40       proc near              ; CODE XREF: sub_45D64+C0p    .text:00045D40                                        ; sub_45E64+4Dp ...    .text:00045D40                 push    offset aXipFileProtect; "XIP File Protection Error"    .text:00045D45                 call    sub_38ABF    .text:00045D4A                 pop     ecx    .text:00045D4B                 int     3              ; Trap to Debugger    .text:00045D4C                 retn    .text:00045D4C sub_45D40       endp

- Trace back to the xref to that function.

CODE

... .text:00045EA1                 repe cmpsd .text:00045EA3                 pop     edi .text:00045EA4                 jz      short loc_45EB6 .text:00045EA6 .text:00045EA6 loc_45EA6:                            ; CODE XREF: sub_45E64+1Dj .text:00045EA6                                        ; sub_45E64+28j .text:00045EA6                 push    offset aFileModifiedOr; "File modified or corrupt!n" .text:00045EAB                 call    sub_39F1D .text:00045EB0                 pop     ecx .text:00045EB1                 call    sub_45D40 .text:00045EB6 .text:00045EB6 loc_45EB6:                            ; CODE XREF: sub_45E64+40j .text:00045EB6                 pop     esi .text:00045EB7                 leave .text:00045EB8                 retn    8 .text:00045EB8 sub_45E64       endp .text:00045EB8 ...

- At line ".text:00045EA4                 jz      short loc_45EB6" it's checking if the signature was successfull. We need to change JZ to JMP.  But, keep in mind that this is in the EXE and not in the XBE.  The XBE is usually same address as EXE - 10000.

- Ok, so open the XBE in a HEX editor. Locate that address and replace 74 with EB.

That should give you a good idea on how to get the XBE to skip the validation.

Note: This might be VERY version dependent.  Your mileage might vary.

-Volt.  

[Phocchio]

What about translations? Do you have an idea if once the dashboard is hacked we'll be able to use language files, or to easily translate stuff?

[Voltaic]

I don't see why not.  Ok, we won't be able to add new language support but we'll be able to add references to newly added strings.

-Volt.  

[HoRnEyDvL]

haha any progress bro ?? sorry cant help got my majors comming up need 2 studdy any more screen shots of added menus new background colurs anything ?

[Videogamebuyer14]

Changing the menu colors is a fairly easy task, but it still requires the changed dash.
The string would be skyColor 0 0 0

0 0 0 are the variables you can change to load diffrent colors.

[SupeRdUPErBlakE]

Whats IDA? Is it free or I need to get it in 'the usual places"?