Post by: Xbox-Scene on February 27, 2007, 06:20:00 PM
BugTraq: Xbox360 Hypervisor Vulnerability - Unsigned Code on Kernel 4532 and 4548 Posted by XanTium | February 27 20:13 EST | News Category: Xbox360 |
| This was posted moments ago on Security Focus' BugTraq list and looks like a follow-up to the anonymous 23C3 Hacker Congress presentation held end december. Looks like some huge news (Unsigned Code Execution in Hypervisor Mode) even if it's already patched by Microsoft in the latest kernel release: Quote
News-Source: BugTraq mailinglist (thx to dibbz) |
Post by: mlapaglia on February 27, 2007, 05:40:00 PM
Post by: colt45joe on February 27, 2007, 05:41:00 PM
Post by: UB6_IB9 on February 27, 2007, 05:41:00 PM
Post by: Tomobobo on February 27, 2007, 05:42:00 PM
I pray to god I don't have the update, I'm about to check my 360 to see.
If I'm mistaken, what's this all supposed to mean for a layman?
Hahah, btw, how do I check to see what kernel I have?
This post has been edited by Tomobobo: Feb 28 2007, 01:47 AM
Post by: TripseV on February 27, 2007, 05:43:00 PM
Post by: Xombe on February 27, 2007, 05:49:00 PM
Post by: kizmet on February 27, 2007, 05:50:00 PM
Post by: Odb718 on February 27, 2007, 05:50:00 PM
Post by: xboxhackern00b on February 27, 2007, 05:51:00 PM
anyways i cant understand half of this but it seems like it's good
Post by: doobzilla on February 27, 2007, 05:51:00 PM
QUOTE(TripseV @ Feb 28 2007, 01:43 AM) 
How does he think he is helping the scene with this release of info. if he has worked with Microsoft to patch it?
He/she is helping the scene by helping M$. In other words, if he didn't tell M$, they would just find out on their own and possibly find other vulnerabilities in the process. Plus, he/she also showed the hack at the Hacker Congress. If one person can find this, others can too, just like with the firmware. All I can say is, good job and keep up the good work, we are all rootin' for our home team.
EDIT: One other thing of note, isn't the whole point of hacking just to see if it can be done. If nobody ever fixed the hacks, we wouldn't have anything new to mess with, and we would never learn new and exciting things. At least that's my shitty opinion, do with it what you will.
This post has been edited by doobzilla: Feb 28 2007, 01:54 AM
Post by: Skates on February 27, 2007, 05:52:00 PM
Post by: mksoftware on February 27, 2007, 05:52:00 PM
QUOTE(mlapaglia @ Feb 28 2007, 01:40 AM)
HOLY !!@(_)#%(*@#_)($!~~~~!!!!!!111
AGREED! HOLY !!@(_)#%(*@#_)($!~~~~!!!!!!111
Edit: OMFG, I'm screwed
This post has been edited by mksoftware: Feb 28 2007, 02:08 AM
Post by: kevhonda on February 27, 2007, 05:46:00 PM
Post by: 653dan on February 27, 2007, 05:54:00 PM
although if that aforementioned kernel can be reached its great news
This post has been edited by 653dan: Feb 28 2007, 01:56 AM
Post by: Tomobobo on February 27, 2007, 06:00:00 PM
Post by: thecheekymonkey on February 27, 2007, 05:57:00 PM
QUOTE(kevhonda @ Feb 28 2007, 02:53 AM) 
I could be wrong but it shouldn't matter that he contacted Microsoft about this. Didn't some smart guy figure out that he could downgrade his dash? This was posted less than 2 months ago right, anyway with all the talent surrounding this community I am very very excited about this. I cannot decipher the whole post but to me it seems like this could lead to BIG things
Thats right, was it not team mod freaks over at xboxhacker, not for the fainit hearted though................................
Post by: Home Less on February 27, 2007, 05:57:00 PM
QUOTE(kevhonda @ Feb 27 2007, 04:53 PM)
I could be wrong but it shouldn't matter that he contacted Microsoft about this. Didn't some smart guy figure out that he could downgrade his dash? This was posted less than 2 months ago right, anyway with all the talent surrounding this community I am very very excited about this. I cannot decipher the whole post but to me it seems like this could lead to BIG things
ya it doesn't seem like it would be too difficult to downgrade. i could be wrong tho.
Post by: weinerschnitzel on February 27, 2007, 06:06:00 PM
But.. what if your console has a problem with it where it fails to patch the kernel?
What am I missing here...
Post by: echto on February 27, 2007, 06:00:00 PM
QUOTE(TripseV @ Feb 27 2007, 04:43 PM)
How does he think he is helping the scene with this release of info. if he has worked with Microsoft to patch it?
He's not. He's begging M$ for a job.
Post by: sabbath_dude on February 27, 2007, 06:01:00 PM
.
Post by: TheSpecialist on February 27, 2007, 06:14:00 PM
Finally ...
Post by: anonim1979 on February 27, 2007, 06:09:00 PM
QUOTE
Timeline:
Oct 31, 2006 - release of 4532 kernel, which is the first version
containing the bug
Nov 16, 2006 - proof of concept completed; unsigned code running in
hypervisor context
Nov 30, 2006 - release of 4548 kernel, bug still not fixed
Dec 15, 2006 - first attempt to contact vendor to report bug
Dec 30, 2006 - public demonstration
Jan 03, 2007 - vendor contact established, full details disclosed
Jan 09, 2007 - vendor releases patch
Feb 28, 2007 - full public release
Oct 31, 2006 - release of 4532 kernel, which is the first version
containing the bug
Nov 16, 2006 - proof of concept completed; unsigned code running in
hypervisor context
Nov 30, 2006 - release of 4548 kernel, bug still not fixed
Dec 15, 2006 - first attempt to contact vendor to report bug
Dec 30, 2006 - public demonstration
Jan 03, 2007 - vendor contact established, full details disclosed
Jan 09, 2007 - vendor releases patch
Feb 28, 2007 - full public release
He is looking for a job in Microsoft.
He showed his skill , and send info to MS , waited for them to fix it , the show other people how SKILLED he is.
WAITED *2 MONTHS* for new unhackable kernel spreadout
BIG Ego
And smart - MS will give him money , scene will not...BTW
In X360 are FEW THOUSAND fuses!
Blow one and you CAN'T DOWNGRADE!
And MS still has "FEW THOUSAND - 1".
They can relase fixed kernel FEW THOUSAND times.
Now thisa hack is USELESS.
You would have to find X360 without upgraded kernel. And of course someone has to make something for those older versions.
Post by: leorimolo on February 27, 2007, 06:19:00 PM
This guy is lame, look I cracked your uncrackable system give me a job. Still Idc if he discovered hombrew he still left us in a fucking lame position.
LEo, srry for the language but this guy sucks
Post by: ybaig123 on February 27, 2007, 06:22:00 PM
Post by: TheSpecialist on February 27, 2007, 06:24:00 PM
QUOTE(leorimolo @ Feb 28 2007, 02:19 AM) 
guess ill heat gun my old mother board...
This guy is lame, look I cracked your uncrackable system give me a job. Still Idc if he discovered hombrew he still left us in a fucking lame position.
LEo, srry for the language but this guy sucks
This guy is the reason that 'soon' you'll be able to run homebrew. I think that's far from 'lame'
Post by: zero129 on February 27, 2007, 06:18:00 PM
Just take a look at the PSP, Sony tried to stop the exploits lots of times with higher firmwares but people still keep finding new ways to hack the firmware.
I'm sure it will be the same way with this, once the older kernel gets hacked some smart guys will come out with some kinda way to hack newer ones.
Anyway finally this is some great news
.
Post by: ybaig123 on February 27, 2007, 06:27:00 PM
..and so much for a link...google took me there..my bad i guess
Post by: Volsfan91 on February 27, 2007, 06:33:00 PM
Hopefully, it will be as good as it was with the Xbox- we could install a nice BIOS that goes silent online.
Post by: leorimolo on February 27, 2007, 06:34:00 PM
Post by: NotMe1963 on February 27, 2007, 07:05:00 PM
Post by: leorimolo on February 27, 2007, 07:08:00 PM
Post by: 0794 on February 27, 2007, 07:11:00 PM
true homebrew is still in the future...
Post by: 653dan on February 27, 2007, 06:43:00 PM
QUOTE(NotMe1963 @ Feb 28 2007, 01:36 AM)
Actually if you have been following the discussions about downgrading the kernel and 4552. With the 4552 update an efuse was blown and downgrade was disabled. Attempts to downgrade after that update result in an unbootable console. Re-flashing with 4552 returns the console to life. If you have removed the resistor which was on the supply line for the 5v needed for blowing efuses it would still be possible to downgrade, but consoles that have not had such a mod are currently unable to complete a downgrade from 4552.
thanks for confirming that couldn't find where i'd read that, the efuses aren't fuses in the conventional sense are they? (individual mobo components) but rather onboard/part of the cpu or other vital 360 chip
at least theres now a proven exploit method giving us something to look for else where in the system
Post by: ILLusions0fGrander on February 27, 2007, 07:19:00 PM
D:2.0.4532.0
hope something comes of this! doubt it will be very soon, but its a little more hopeful
Post by: jameswalter on February 27, 2007, 06:48:00 PM
QUOTE(leorimolo @ Feb 27 2007, 05:39 PM)
who cares, anyway a modchip will be needed, so when you install it it will be required to just overide the efuse, also how hard can it be?
Oh....just override the E-fuse....no problem...except that it is inside the CPU...and I do mean inside.
Post by: leorimolo on February 27, 2007, 07:28:00 PM
QUOTE(jameswalter @ Feb 27 2007, 07:55 PM)
Oh....just override the E-fuse....no problem...except that it is inside the CPU...and I do mean inside.
Thanxs, I knew couldn't have been so easy. Maybe with this door open it can lead to more.
Post by: santa09 on February 27, 2007, 07:37:00 PM
Post by: fahrenheit on February 27, 2007, 07:48:00 PM
This post has been edited by fahrenheit: Feb 28 2007, 03:52 AM
Post by: codywolf on February 27, 2007, 07:54:00 PM
Post by: quarky42 on February 27, 2007, 07:28:00 PM
QUOTE(794 @ Feb 27 2007, 06:42 PM)
vary smart hacker...and it appears that he covered his tracks legally by notifying MS...
true homebrew is still in the future...
I agree. Sure I would *love* to see a modchip come out immediately because of this, but if you were smart enough to come up with a hack like this, then you might also be smart enough to realize that if MicroShaft found you after you blew something like this wide open WITHOUT telling them, they might just sue your right into the ground. If you told MicroShaft what was up and they ignored you, and then you blew them out of the water with a successful hack they wouldn't have a legal leg to stand on. You gave them due notice just like the people that discover vulnerabilities in software before evil/bastards find them and get them fixed before they can be exploited... If the company fails to respond then they publish code.
The other problem with this is that even if you could win in court, MicroShaft has enough money to tie you, your family, your friends, your pets, and your possessions up in legal proceedings until you are old and gray without worrying about any loss to M$. I give the guy props for covering his ass and releasing all the technical mojo for another skilled hacker to reproduce his results.
Sure downgrade might not be possible at this time with the blown fuse in the processor, but a new bug could hit, or other hackers may discover a way to completely replace the bios ala current xbox modchip style and make it give the same responses to queries ala current drive firmware attacks. This could be huge in leading towards new hacks. He just explained how the whole security system handshakes and how it was exploited. I think that is very worthwhile. If he was out there to screw the mod community, then he wouldn't have showed anything and bugtraq wouldn't have gotten all those juicy details.
I believe good things will be coming from this. Even if this exact method doesn't create the end-all-be-all solution, I think it opens many new doors and provides some great insight for minds greater than mine. I look forward to seeing "what's next".
Post by: juan_2006 on February 27, 2007, 07:44:00 PM
Amazing!!
Post by: infamous_Q on February 27, 2007, 08:34:00 PM
have two modes. one's homebrew mode, and one's retail mode.
retail mode:
everything functions as it should, any chips or exploits (minus the FW hack for those who use backups) are off
homebrew mode:
-live connection is severed (this prevents cheaters on live, and hopefully detection by MS...although if there's no live connection i dont see why they'd want to to ban you ne ways) best way to do this would write something that will block communication with live IP's.
-exploits/chips are on, homebrew is allowed to run.
-access to the internet/network is still allowed (or running if enabled)
- this could be initialized by launching software or something, or a hardware switch (this could enable switching between the two modes very easily). but who knows....
if you ask me the best way to do it would be if someone kept a version of the bugged bios, and we completely copied it to another chip in order to allow homebrew to run when that one's on. no live contact means no risk of banning or updating.
just an idea tho....work it like an xbox 1 chip maybe, so it auto boots to the hacked bios. you could use another chip in order to easily control communication between the chip storing the bugged version and the current one.
that is of course....if we can copy the bios w/o breaking the signature.
Post by: ThaCrip on February 27, 2007, 08:06:00 PM
... i aint to worried as i dont have a xbox360 yet as im waiting for price to drop and basically to sum it up the only game i "really" want for the xbox360 right now is forza motorsport 2 if the x360 does ever get fully hacked it will be nice though although i doubt it will happen anytime soon although this is a step in the right direction
... until then the original xbox will still have a good use
Post by: gnutellafan on February 27, 2007, 08:42:00 PM
Post by: Millenia1x on February 27, 2007, 08:15:00 PM
well, this is xbox ALL OVER
Post by: CamdogXIII on February 27, 2007, 08:23:00 PM
Post by: yourM0M on February 27, 2007, 08:26:00 PM
QUOTE(TheSpecialist @ Feb 28 2007, 02:14 AM)
VERY interesting post, hehe (IMG:style_emoticons/default/smile.gif) Finally ... (IMG:style_emoticons/default/smile.gif)
QUOTE(TheSpecialist @ Feb 28 2007, 02:24 AM)
This guy is the reason that 'soon' you'll be able to run homebrew. I think that's far from 'lame' (IMG:style_emoticons/default/smile.gif)
the most interesting replys in this whole thread to me
but deff something to look forward to
Post by: Havok on February 27, 2007, 08:19:00 PM
QUOTE(gnutellafan @ Feb 28 2007, 03:13 AM)
what a great time to have a year old new in the box, untouched 360 ;-)
Just remember before you play a game or connect it to anything you must removed resistor R6T3...!
Otherwise you wont be able to downgrade.. and your launch system does not have the bugs that are exploitable.. you must upgrade first.
Post by: eyric101 on February 27, 2007, 08:30:00 PM
Post by: cezario on February 27, 2007, 08:52:00 PM
I mean, i read the article and felt stupid, cos i didn't understand a word, and then, i come here to see some light, and no one is getting anything!
(IMG:style_emoticons/default/smile.gif)
And i read one guy "hoping to God" to have what it takes to fill the article!
I just wish someone could explain the article ...!
... and greetings to my fellow brazilian friends out there...!!!
This post has been edited by cezario: Feb 28 2007, 04:54 AM
Post by: Gumba on February 27, 2007, 08:54:00 PM
Akin to the first steps towards the dvd firmware hacking.
Only 'game' I want to play on an Xbox 360 is XBMC.
Post by: doctormug on February 27, 2007, 09:04:00 PM
QUOTE(Gumba @ Feb 28 2007, 04:54 AM)
This is good news.
Akin to the first steps towards the dvd firmware hacking.
Only 'game' I want to play on an Xbox 360 is XBMC.
i stand 100% next to you on that one. and to tell you the truth, i think on the xbox 1 it works almost perfectly, and even if there were some way to have xbmc run on the 360, i would still probably stay with the xbox 1 until i actually start watching hidef movies or some other crap that is really really resource demanding and needs the 360s power.
right now i'm fine with my setup- xbox 1.0, tsop w/x2bios, autoboot xbmc, and a few games and emulators...
HOWEVER, i do think this is a great step and will open the doors to new options, maybe something that will interest me and provoke me to buy a 360- i love fiddling with things.
as always, big props to anyone who discovers stuff, or anything new for that matter.
keep it coming
Post by: epsilon72 on February 27, 2007, 09:08:00 PM
One thing to note though - if MS has no plans for banning hacked dvd drive firmware, you can be sure that they'll ban you instantly (once they detect it) if you use this workaround, if you're shortsighted enough to go on XBL with it in place.
Post by: PCBUILDERCHRIS on February 27, 2007, 09:09:00 PM
Post by: phistyle on February 27, 2007, 09:19:00 PM
Post by: luther349 on February 27, 2007, 09:25:00 PM
Post by: gamehunter101 on February 27, 2007, 09:18:00 PM
Post by: kevhonda on February 27, 2007, 09:22:00 PM
QUOTE(CamdogXIII @ Feb 28 2007, 04:23 AM)
this is great news, and i hope more easily exploitable bugs are found. However if the 360 scene is to become anything like the xbox 1 scene was, the XeDK needs to be leaked, or a substitute one created, to produce workable homebrew on the 360 in anytime frame.
Well maybe just maybe we could use the developer kit to code homebrew for the 360, not even sure if this would be possible if anything comes from this exploit but it would be nice. Who knows maybe even bypass the $100 fee lol.
Post by: blank16 on February 27, 2007, 09:26:00 PM
Post by: brandogg on February 27, 2007, 09:36:00 PM
Post by: infamous_Q on February 27, 2007, 09:37:00 PM
although...XNA code manipulation may be a way to write homebrew code in case no one get's their hand on an XDK.
Post by: kevhonda on February 27, 2007, 09:35:00 PM
QUOTE(infamous_Q @ Feb 28 2007, 05:37 AM)
i dunno wut $100 fee ur talking about...cuz this isn't XNA at all.
although...XNA code manipulation may be a way to write homebrew code in case no one get's their hand on an XDK.
...Yeah that's what I was trying to say..kinda thought I did say it. Anyway if Games created in XNA work to me this would seem like an option if no XDK is leaked.
Post by: GBW88 on February 27, 2007, 09:49:00 PM
I'm not as versed in the 360's architecture as it's predecessor, but a burned efuse, to my understanding, is in the CPU. Thats the legendary multi-core processor. You can't really just practically toss a new CPU onto a chip and call it a day, any easier than you can repair all the components surrounding it. You might as well just produce a new 360 mobo and call it a modboard, and just cut out the need for chips/soldering at all.
Is this an interesting hole? Yea, it sure as hell is. Is it practical at this point? Hell no. It needs to be refined by those MUCH better versed in assembly and the hyporvisor concept before it sees any fruition. Hopefully those same people won't go running to M$ shouting "mommy mommy, look what Timmy did!!" just to get a cookie for it. Legally, yea, smart move. But you sold your soul to the devil man. Bring back bunnie, I say.
But I'm babbling here. M$ really did make a good security program this time, something we're finally realizing. There isn't such a thing as a hack-proof piece of hardware, the laws of entropy forbid it, but it can be hard as hell to break. If it were only as easy as the PSP, then it'd be spectacular, but the problem here is M$ built in the proverbial "kill-switch" that can be re-used. They fry a fuse, and everything gets locked down. Period.
Feel free to bash me if any of my facts are wrong, like I said, my 360 knowledge isn't too huge.
Post by: Highcutt- on February 27, 2007, 09:53:00 PM
Also, I highly doubt the guy got money from microsoft or a job, or else you wouldn't see this released. I bet he gave them the info, they had talks or emails with him about it, figured out the problem and decided he was useless because they had patched it. Also probably assumed he had told others so it would go public anyway.
Post by: dokworm on February 27, 2007, 09:55:00 PM
This is a whole world away from the original xbox as far as hacking is concerned.
Post by: tonemgub on February 27, 2007, 09:57:00 PM
This discovery is useless to 99.9% of the people reading this but it gives people in the know the ability to get on the 360 and sniff around. I can't stress enough how huge this is. This is basically a backdoor into testing different hacks. This doesn't mean that xbmc360 is a week away but there is light at the end of the tunnel now.
Post by: GBW88 on February 27, 2007, 09:54:00 PM
QUOTE(tonemgub @ Feb 27 2007, 11:57 PM)
I see a lot of people don't "get" what this means.
This discovery is useless to 99.9% of the people reading this but it gives people in the know the ability to get on the 360 and sniff around. I can't stress enough how huge this is. This is basically a backdoor into testing different hacks. This doesn't mean that xbmc360 is a week away but there is light at the end of the tunnel now.
Exactly. Those who won't sell out due to being scared or just wanted a nice letter of thanks from Gates can make use of this. Now that its in the wild, this can at least give the real coders and reverse-engineers some ides of where to start.
Post by: NumarkTTX1 on February 27, 2007, 10:02:00 PM
HIP HIP HOORAY! HIP HIP HOORAY!
i would love to see hombrew on 360... but i much rather play my backups online. as soon as this bad boy is cracked the ban hammer is comin down HARD!
Post by: Highcutt- on February 27, 2007, 11:11:00 PM
QUOTE(NotMe1963 @ Feb 28 2007, 02:36 AM)
Actually if you have been following the discussions about downgrading the kernel and 4552. With the 4552 update an efuse was blown and downgrade was disabled. Attempts to downgrade after that update result in an unbootable console. Re-flashing with 4552 returns the console to life. If you have removed the resistor which was on the supply line for the 5v needed for blowing efuses it would still be possible to downgrade, but consoles that have not had such a mod are currently unable to complete a downgrade from 4552.
r6t3 removal prior to the upgrade prevents blown efuse, allowing to downgrade, but doing so after does not bring back the blown efuse. just to clear that up.
Post by: azninvasion on February 27, 2007, 11:19:00 PM
1. Found a syscall that only checked 32 bits, and modified instruction in order to mask upper 32 bits, disabling code checking.
2. Loaded a indexed register to point to a stack of memory of unsigned code to run.
3. Performed a context switch in order to load data from this area.
4. Pwned
Given the concept of how this works, it should be relatively easy to discover future vulnerabilities involving syscalls. Good work anonymous hacker! Now I have something to look forward to in operating systems aside from dry lectures.
Post by: xtreme_360fw on February 27, 2007, 11:30:00 PM
=Xtreme=
Post by: rehab on February 27, 2007, 11:43:00 PM
Even if this does not lead to anything, it could not be a bad thing that people who know what they're doing have an open door to check for other possible hacks!
Post by: andi_06 on February 28, 2007, 12:04:00 AM
Post by: Morlok8k on February 28, 2007, 12:16:00 AM
mark my words....
i said that there was going to be a halo 3 beta released to the public - about a month after the first announcement video - and lo and behold - a halo 3 beta.
i'm excited.
Post by: [Evil]Dude on February 28, 2007, 12:34:00 AM
Post by: Lamer123 on February 28, 2007, 12:38:00 AM
The downgraded chip will not happen and if it does it would get shut down.
That is unless it goes the whole xbox route and sells blank chips that need to be flashed on your computer with illegal bioses.
Post by: drunken_marlboroman on February 28, 2007, 12:59:00 AM
Post by: kalle_19 on February 28, 2007, 01:12:00 AM
Has anyone tried this? Pictures would be awesome!
Post by: ITMASTER on February 28, 2007, 01:11:00 AM
Post by: englishnamja on February 28, 2007, 01:15:00 AM
i bet he wished he didnt bother..
bring on downgrading......
Post by: Pandoriaantje on February 28, 2007, 01:29:00 AM
QUOTE(ILLusions0fGrander @ Feb 28 2007, 02:50 AM)
odd.. i dont use my FW hacked 360 much.. newest game ive played on it was... carbon?
D:2.0.4532.0
hope something comes of this! doubt it will be very soon, but its a little more hopeful
I've just played carbon (PAL/EURO), like 2 days ago and it asked me to upgrade.
My kernel is now: K:2.0.2868.0
So don't think carbon is the culprit.
Guess i'll have to find the right update.
Post by: running_wild on February 28, 2007, 01:32:00 AM
QUOTE(Lamer123 @ Feb 28 2007, 08:38 AM)
I see alot of talk about a downgraded Firmware chip and it seems that people forget that you cant sell a chip with copyrighted info on it.
The downgraded chip will not happen and if it does it would get shut down.
That is unless it goes the whole xbox route and sells blank chips that need to be flashed on your computer with illegal bioses.
I think people are missing the point here. People have already gained access to the kernel and downgraded it physically on the motherboard itself, but the CPU has fuses within it (Impossible to get at, don't even suggest it) - One of which apparently blows with the update. It does not matter how you provide a previous kernel at this stage, the security on the Xbox will NOT run it.
Perhaps there is potential for an exploit here, but as it stands, replacing the kernel is only a portion of the problem (One already mostly solved), Getting a CPU to run a downgraded kernel with a blown Efuse is now the difficulty.
I think that a far more likely outcome is another similer exploit is discovered, and the removal of the afforementioned resistor is used to block any more e-fuse abuse on MS's behalf.
Post by: jron on February 28, 2007, 01:38:00 AM
Post by: englishnamja on February 28, 2007, 01:51:00 AM
QUOTE FROM SITE....
eFuse, so called because it employs millions of electrical fuses that are built into the chip's circuitry. Together, the microfuses act as a kind of autonomous traffic control network, responding to the changing demands placed on the microprocessor to switch individual circuits on and off as required.
Under-utilised circuits can be throttled back to conserve power - a technique already used in modern processors, albeit on a larger functional unit-level scale - which in-demand circuits can be adjusted upward to enhance performance, IBM said.
The traffic management analogy is also IBM's. It likens the technology to opening and closing a highway's lanes according to the level of traffic. Of course, you can't open up lanes that aren't there in the first place, so the analogy implies the addition of resources on board each die the remain unused except in times of peak demand.
Certainly Power 5 is known to support simultaneous multi-threading (SMT), the same technique that Intel uses but calls HyperThreading. Essentially, functional units unneeded by one thread are given a second thread to process, with the upshot that the OS 'sees' the CPU as two, rather than one. You don't get a doubling of performance, but there is a gain.
By the sounds of things, IBM has rolled its SMT implementation into the broader eFuse technology, which also appears to provide a number of features originally came out of Big Blue's eLiza project, which sought to develop fault detection and management systems for software and hardware.
Indeed, "eFuse is part of a built-in self-repair system that constantly monitors a chip's functionality. If an imperfection is detected, this technology 'instinctively' initiates corrective actions by tripping inexpensive electrical fuses that are designed into the chip. The fuses help the chip control individual circuit speed to manage power consumption and repair unexpected, and potentially costly flaws", says IBM.
Overclockers, beware
"If the technology detects that the chip is malfunctioning because individual circuits are running too fast or too slow, it can 'throttle down' these circuits or speed them up by controlling the appropriate local voltage," the company continues. So, overclockers, beware.
eFuse appears to operate at several levels. There's an element of pre-ship tuning, in which IBM allows eFuse to adapt processors for the customer's anticipated application load. On site, the technology continues to adapt according to ongoing workloads.
So how does is work? Essentially, the system uses the phenomenon of 'electromigration', in which moving electrons - current - transfer momentum to the surrounding crystal lattice. That causes the lattice to vibrate and can ultimately induce changes in the microstructure that in turn cause a circuit to fail - the chip equivalent of a light-bulb filament fusing. The greater the vibrations, the hotter the circuit and the hotter the circuit gets, the more it vibrates and the more likely electrons are to hit the lattice, imparting more momentum.
This is a real problem with integrated circuits, and chip designers have spent many hours and dollars figuring out how to limit the problem and thus be able to ship chips that don't fail after a few weeks' operation.
IBM claims that it is the first to actually use this unwanted phenomenon to control all those fuses it's added to the chip, presumably by using the thermal changes to trip fuses and thus kick in so-far unused circuits. Again, that implies a high level of redundancy.
IBM admits the technique isn't entirely new, but it has figured out how to trip the fuses without damaging other parts of the processor, which was the key failing of previous attempts to use microfuses.
In addition to Power 5, IBM will add eFuse to all other 90nm chips it produces, including future PowerPC G5s, the company's literature suggests. It will also offer the technique to foundry customers.
-----------------------------------------------------------------------------------------------------------------------------
prehaps M$ asked IBM to build it arround the fact that.. if the Kernel or Bios is flashed withing signing it would blow a fuse....
who knows but damn smart idea.....
Post by: geoffmac on February 28, 2007, 01:57:00 AM
Post by: grogger13 on February 28, 2007, 02:18:00 AM
Please would someone who actually knows something about this offer some insight. I know i dont know anything about it so I'm not gonna try.
This post has been edited by grogger13: Feb 28 2007, 10:18 AM
Post by: HoRnEyDvL on February 28, 2007, 02:20:00 AM
Wont be updating it until i get homebrew running psyched (IMG:style_emoticons/default/smile.gif)
Those who updated well tough luck u cant unblow an efuse or create a bypass or anything what u can do tho is wait & be patient. Let us hack this first & get things running once that is done the we can start focusing on higher kernels like the PSP scene first it was 1.0 then 1.5 then 1.7 Ect One kernel will help us understand what changes have been added to the next & we can start finding work a rounds.
This post has been edited by HoRnEyDvL: Feb 28 2007, 11:00 AM
Post by: openxdkman on February 28, 2007, 02:43:00 AM
Current model lifespan is a bit small for doing interesting things on long term... Whatever...
For those interested in homebrew and not in online stuff or evern retail games (others, ignore it) :
1st batch of homebrew compatible xbox360's : ones with kernel 4532 or 4548
People with kernel<4532 : Don't connect, don't play new retail games. Keep your kernel version.
Wait for modchips sellers advice (mod to prevent efuse blow, specific upgrader, etc...)
People with kernel 4532 : Don't connect, don't play new retail games. Keep your kernel version.
People with kernel 4548 : Don't connect, don't play new retail games. Keep your kernel version.
People with kernel>4548 : Gather people in class action suit in order to know if you can obtain back the blown efuse. It's very interesting to know if it's legal to blow an efuse inside someone's harware remotely without warning customer. If efuse threat is always active every future breach will end the same way for online gamers : too late.
Everyone: we need to know which retail games are forcing updates that blow efuses. (start a new thread)
Good point: a few people will now be able to explore all software parts, maybe to produce xbox360 emulators for future platforms.
This post has been edited by openxdkman: Feb 28 2007, 10:46 AM
Post by: The Zep Man on February 28, 2007, 02:39:00 AM
I think 2007 will be the year in which we can see the first homebrew applications running on a retail Xbox 360.
Post by: Zeze21 on February 28, 2007, 03:05:00 AM
seriously you all look to me like a buch of chicken who all just have laid eggs
Most of you don't know anything about the hardware or the software of the x360 but are still talking about it like they were hacking gods
Most of you don't even bother to read anything just post comments like "this is great" etc. Please open a new topic saying "comments on the x360 hack" and talk there and if someone has a great idea in there i am sure it will spread but please could you all just leave the guys who really have a clue about all this alone to think and get ideas of their own. I am sure they all apreacheate it
Post by: The Zep Man on February 28, 2007, 03:31:00 AM
QUOTE(Zeze21 @ Feb 28 2007, 11:05 AM)
Please can we minimize the chatting and go on thinking
seriously you all look to me like a buch of chicken who all just have laid eggs
Most of you don't know anything about the hardware or the software of the x360 but are still talking about it like they were hacking gods
Most of you don't even bother to read anything just post comments like "this is great" etc. Please open a new topic saying "comments on the x360 hack" and talk there and if someone has a great idea in there i am sure it will spread but please could you all just leave the guys who really have a clue about all this alone to think and get ideas of their own. I am sure they all apreacheate it
This topic is bound to the news article and therefore the place to discuss give your opinion about it. The people who really do know what the news article is talking about will discuss it at some other place where it is more quiet.
Post by: Zeze21 on February 28, 2007, 03:53:00 AM
Post by: big nasty 187 on February 28, 2007, 03:59:00 AM
QUOTE(Zeze21 @ Feb 28 2007, 02:05 AM)
Please can we minimize the chatting and go on thinking
seriously you all look to me like a buch of chicken who all just have laid eggs
Most of you don't know anything about the hardware or the software of the x360 but are still talking about it like they were hacking gods
Most of you don't even bother to read anything just post comments like "this is great" etc. Please open a new topic saying "comments on the x360 hack" and talk there and if someone has a great idea in there i am sure it will spread but please could you all just leave the guys who really have a clue about all this alone to think and get ideas of their own. I am sure they all apreacheate it
i thought nazism died in the 1940's (IMG:style_emoticons/default/rolleyes.gif)
Post by: Zeze21 on February 28, 2007, 04:02:00 AM
Post by: kalle_19 on February 28, 2007, 04:19:00 AM
Post by: Mike Bowler on February 28, 2007, 04:22:00 AM
Just because someones ideas might not be of any use or of limited use doesn't mean that that particular persons idea isn't heading in the right direction or couldn't otherwise come up with a totally different idea not even based on there 1st idea that in turn turns out to be better than there 1st idea. Likewise the persons particular idea could inspire someone else to come up with another idea which could turn out to be good.
Or quite plain and simply an idea could be totally useless, but at least there trying to help and aren't going on and on (like me, but i'm defending people against people like you). (IMG:style_emoticons/default/smile.gif)
edit: sorry kalle_19 could you say that in english as well as german? (at least i think its german lol)
This post has been edited by Mike Bowler: Feb 28 2007, 12:26 PM
Post by: Adamq on February 28, 2007, 04:28:00 AM
QUOTE(kalle_19 @ Feb 28 2007, 12:19 PM)
Wenn es einige Leute gibt, die beleidigt werden muß, ist es die Amerikaner.
Translation
If there are some people, which must be insulted, it is the Americans
Post by: TheSpecialist on February 28, 2007, 04:30:00 AM
QUOTE(grogger13 @ Feb 28 2007, 10:18 AM)
If one more person offers there infinite wisdom about things they know nothing about I'm not really gonna do anything, but it is really pissing me off. I came to the forum to find some explanation of what this hack can actually do and all I see are dumbasses saying, "now all we need to do is unblow the efuse" like there the first person to think of something like that.
Please would someone who actually knows something about this offer some insight. I know i dont know anything about it so I'm not gonna try.
Some people in this thread already made the right conclusion. This hack is interesting because it opens a whole new world of new hacking possibilities.
One of the key features in the xbox 360 security is the 'hypervisor'. Microsoft moved all 'security sensitive' processes to the hypervisor this time. The hypervisor is in encrypted in RAM. Also, in the flash, where it is (most probably) stored, it is encrypted. In short, it's VERY VERY difficult to get to the decrypted hypervisor code.
With this hack, it finally becomes feasible to get that decrypted hypervisor code, containing all the security stuff, so that is the true merit of this hack, IMHO
So, now people will start to try to replicate this hack, which isn't as easy as it seems by the way. The main problem is: how to get the exploit code into the memory ? As you could also see in the video, they use the king kong demo. About a year ago, some people were using this this for shader experiments. Some people found a way to crash the x360. My idea is that they use a shader exploit to crash the x360 and then move the exploit code to the stack. Or maybe they use a shader exploit to just directly write to system RAM. But details on this are not public, so still, quite some research has to be done, even to just be able to replicate this hack ...
This post has been edited by TheSpecialist: Feb 28 2007, 12:49 PM
Post by: GBW88 on February 28, 2007, 04:36:00 AM
QUOTE(kalle_19 @ Feb 28 2007, 06:19 AM)
Wenn es einige Leute gibt, die beleidigt werden muß, ist es die Amerikaner.
Good job smart guy. Here, heres a funny one- we made the console your playing on. Show some respect.
Post by: RolfLobker on February 28, 2007, 04:42:00 AM
QUOTE(TheSpecialist @ Feb 28 2007, 12:30 PM)
........
In addition I think that there are still lot's of obstacles which are still in the way of an 'easy hack' (i.e. modchip / softmod)
It's not possible to just downgrade any kernel and there is, as stated by TheSpecialist, also the problem of: how to get code into memory.
As a proof of concept this is fine. But most 360's have the Kiosk Disc blacklisted and have newer kernels.
Personally I don't think we can expect modchips like for the original xbox.
Maybe something more like the old PS2 chips will work (lots of soldering points and wires for on-the-fly code-patching)
Or maybe microsoft will goof up somewhere, like they did with the kiosk disc, and release an exploitable live game or something.
This hack provides a lot of insight and indeed opens doors.
It gives the right people access to other means of hacking the 360 just like modchips for the original xbox paved the way to softmods. (softmods on the original xbox would not have been possible without modchips first which also provided lots of insight and opportunities)
But maybe I'm just talking from my ass here...
Post by: pelago on February 28, 2007, 04:54:00 AM
This post has been edited by pelago: Feb 28 2007, 12:54 PM
Post by: razorrifh on February 28, 2007, 04:58:00 AM
Post by: fghjj on February 28, 2007, 04:59:00 AM
He knows that there are still plenty of v.4532 and v.4548 boxes around, so anyone smart can acquire one and start searching for exploitable bugs in other game titles.
Post by: flashfreak on February 28, 2007, 04:57:00 AM
QUOTE(brandogg @ Feb 28 2007, 03:36 PM)
I wonder if Team Xecuter's interview the other day was hinting at any of this.
Thinking of it now, im suprised no1 else picked this up. It was very conincidental that they started talking about this now.
QUOTE(GBW88 @ Feb 28 2007, 03:49 PM)
Bring back bunnie, I say.
They fry a fuse, and everything gets locked down. Period.
Just to let you and many people know, bunny did well, he managed to find some very useful things, but he is not God. Not saying hes useless, hes done amazing things for the scene, but so have many other people.
Though I liked ur way of pointing out the security system. They can simply stop it all. We're gonna see heaps of bricked consoles during testing of this hole.
Though I dont think i have a need for much homebrew at the moment. I dont need XBMC on my 360, cos its in my room on my 40" LCD, right with my computer on the same screen, its easier to use the PC.
Though i am interested in some homebrew games
Jumpnbump on 360. I cant wait Pwning rabbits using wireless controllers! Hopefully someone upgrades that game to HD, heh heh. Anyone who has played it will know exactly what im talking about. Go Jiffy!
Post by: xboxex on February 28, 2007, 05:26:00 AM
No, it is not the KK demo, it is the retail one. The "wingnut logo" introductory video is very different. So the KK is not blacklisted.
I have carefully compared them
This post has been edited by xboxex: Feb 28 2007, 01:27 PM
Post by: TheSpecialist on February 28, 2007, 05:28:00 AM
QUOTE(xboxex @ Feb 28 2007, 01:26 PM)
> As you could also see in the video, they use the king kong demo.
No, it is not the KK demo, it is the retail one. The "wingnut logo" introductory video is very different. So the KK is not blacklisted.
I have carefully compared them
The shader experiments were originally done on King Kong, using the kiosk disk, since that one allowed to mod data, like shaders. But since that one got blacklisted, they most probably just continued with the 'real' game, using the FW hack to burn modified shaders to disk.
Anyway, thanks for pointing it out
Post by: t10 on February 28, 2007, 05:35:00 AM
Anyhoo props to the original hacker, he is a smart fellah. Too bad for us though he likes money over prison.
Post by: kalle_19 on February 28, 2007, 05:47:00 AM
QUOTE(TheSpecialist @ Feb 28 2007, 12:30 PM)
With this hack, it finally becomes feasible to get that decrypted hypervisor code, containing all the security stuff, so that is the true merit of this hack, IMHO
You know, you don't need to decrypt the hypervisor code since this exploit runs code outside it...
Post by: TheSpecialist on February 28, 2007, 05:46:00 AM
QUOTE(kalle_19 @ Feb 28 2007, 01:47 PM)
You know, you don't need to decrypt the hypervisor code since this exploit runs code outside it...
Maybe then in other words so you get what I was saying: currently THIS hack will only work on some specific kernel versions and since you can't downgrade to that version, this current hack won't be interesting to most people. HOWEVER, this hack will allow us to dump decrypted hypervisor code and THAT opens up a whole new world of insights, maybe it will even open up a way to defeat the efuse check, for example, who knows.
It's a lot easier to find an exploit if you understand what a process looks like than to shoot bullets in the dark (which was all we could do uptill now). So THAT is why having hypervisor code is such a big thing.
Post by: MadEx on February 28, 2007, 05:55:00 AM
Post by: leorimolo on February 28, 2007, 05:54:00 AM
QUOTE(TheSpecialist @ Feb 28 2007, 06:53 AM)
Maybe then in other words so you get what I was saying: currently THIS hack will only work on some specific kernel versions and since you can't downgrade to that version, this current hack won't be interesting to most people. HOWEVER, this hack will allow us to dump decrypted hypervisor code and THAT opens up a whole new world of insights, maybe it will even open up a way to defeat the efuse check, for example, who knows.
It's a lot easier to find an exploit if you understand what a process looks like than to shoot bullets in the dark (which was all we could do uptill now). So THAT is why having hypervisor code is such a big thing.
Psp updates were haxozred and decrypted which led to new exploits.
Post by: jonlewi5 on February 28, 2007, 07:00:00 AM
i suppose if anything does come outta this then its gunna be a cat and mouse game just like the psp and sony lol
heading over to xbox hacker to see whats being said there now
i really didnt expect this, asi was only coming here for a quick browse lol
Post by: mojoman on February 28, 2007, 07:14:00 AM
Post by: cherryduck on February 28, 2007, 07:19:00 AM
The primary application of this technology is to provide in-chip performance tuning. If certain sub-systems fail, or are taking too long to respond, or are consuming too much power, the chip can instantly change its behavior by 'blowing' an eFUSE. This process does not physically destroy the eFUSE, so it is reversable and repeatable.
Everyone keeps saying you can't 'unblow' an efuse, yet right here it seems to say exactly the opposite...Anyway that's just what I found so if I'm wrong I'm wrong but thats maybe something to think about. I don't claim to be a fount of wisdom or anything I'm just interested in the possibilities.
Post by: PillHarris on February 28, 2007, 07:28:00 AM
QUOTE(jonlewi5 @ Feb 28 2007, 02:00 PM)
well that proves one point this is M% we are dealing with, they arent the best at security lol and this proves it lol
i suppose if anything does come outta this then its gunna be a cat and mouse game just like the psp and sony lol
heading over to xbox hacker to see whats being said there now
i really didnt expect this, asi was only coming here for a quick browse lol
I think 360 has proved ms are very good at security. It's over a year and we've got nothing, Even if this guy did not go to Microsoft, Microsoft would of blown that eFuse as soon as they heard about it. So you are in the situation where you buy an expensive console and you can never play a new retail game or play online just to use some homebrew, Because MS will always be able to blow these eFuses, nobody has any idea how the security works or how to stop it. Nothing is being said at XBH either. Hackers aren't the only one analysing this vulnerability, Microsoft will be looking all over their code to make sure there are no more holes.
Post by: Mike Bowler on February 28, 2007, 07:41:00 AM
edit:
Oh and i'd also like to say that patching holes can sometimes create new ones, and plus no-one will ever find all the holes but you can more or less guarantee that the hackers (people trying to get homebrew and modchips on the move) will win.
There are some incredibly smart people out there and i personally respect the people that make the homebrew and modchip scene what it is and what it will be (IMG:style_emoticons/default/smile.gif)
edit2: i don't know why but in between paragraphs i'm getting quite large spaces in my posts
This post has been edited by Mike Bowler: Feb 28 2007, 03:50 PM
Post by: Chamrock on February 28, 2007, 07:42:00 AM
How can MS legally release updates that physically blow efuses without approval of the owner? That would be considered as intruding and should be punished to maximum extent, even if we have to bomb MS offices.
Post by: firefighter1023 on February 28, 2007, 07:47:00 AM
QUOTE(mojoman @ Feb 28 2007, 02:14 PM)
You guys are in Denial. How does this help us at all. Somone found a hole and quickly told microshit. If at all anything, what we should be doing is, insult this traitor, I mean people are painfully looking for ways to crack this thing, and what does he do when he finds this. He goes straight to the microshits. The guy is a big fool.
A fool that knows quite a bit more than you do about the technical details of the xbox360. Until you personally can contribute to the 'scene', instead of riding the coat-tails of those who do the actual work/discovery, you have no room to complain.
Post by: PillHarris on February 28, 2007, 07:45:00 AM
QUOTE(Mike Bowler @ Feb 28 2007, 02:41 PM)
And how is it that they would have blown the particular eFuse they blow in the update if potentionally the method used to exploit the 360 could have been kept secret?
If it's secret then Microsoft don't care about, because nobody will be using it. They don't care about super secret exploits used by a few people, as soon as you put one out in the public that we all know about, Microsoft have this little thing called eFuse to answer that.
Post by: Mike Bowler on February 28, 2007, 08:00:00 AM
You know unless they stopped caring about homebrew and more about money or getting a job with M$ which i'm not sure if they'd get either but who knows eh?
Post by: UB6_IB9 on February 28, 2007, 08:09:00 AM
QUOTE(PillHarris @ Feb 28 2007, 03:52 PM)
If it's secret then Microsoft don't care about, because nobody will be using it. They don't care about super secret exploits used by a few people, as soon as you put one out in the public that we all know about, Microsoft have this little thing called eFuse to answer that.
Yeh but by the time they would have figured out where vulnerability is and how the hack works there would have been alot more 360's modded and 360's that are able to be modded. It seems atm there are will be very few that can be hacked unless there becomes a way to downgrade the kernel. The anonymous hacker probly got screwed in the ass by M$ which is why he decided to tell the scene about it, after all they have no use for him once he tells them where the vulnerabilty is. This hack is better then nothing tho.
Post by: Hack_Bird on February 28, 2007, 08:05:00 AM
A lott of talk here about "nothing"and a few Smart guys ...
Anyway, im staying 4552 and try some hacking myself ... maybe remove that resistor?
<< This guy MUST release How2 soon .... 
if he wants to
Post by: Chan163 on February 28, 2007, 08:39:00 AM
Now about that resistor: Will the 360 run normally when this resistor is removed permanently? Will a new kernel be able to check if that efuse is blown?
I have a 4532 sitting right next to me and I'm thinking of removing the resistor before going online again. Does anyone have a picture where to find that thing (I don't want to search the whole board for it)?
Post by: Knasen on February 28, 2007, 08:52:00 AM
Post by: handles25 on February 28, 2007, 09:02:00 AM
QUOTE(Chan163 @ Feb 28 2007, 04:39 PM)
I don't think we will get that much from this kind of exploit anymore (at least the ones already on 4552), because M$ now knows what to look for. The next exploit has to be something else. I hope the 'final solution' will be more like a 'crack' instead of an exploit running only on certain systems...
Now about that resistor: Will the 360 run normally when this resistor is removed permanently? Will a new kernel be able to check if that efuse is blown?
I have a 4532 sitting right next to me and I'm thinking of removing the resistor before going online again. Does anyone have a picture where to find that thing (I don't want to search the whole board for it)?
Hear, hear. What about this resistor? If the information posted earlier was correct, and something goes wrong with the CPU, and we have removed the ability to blow the efuses, does this in turn break the "self healing" nature?
Do we risk more by removing it?
This is an interesting development.
This post has been edited by handles25: Feb 28 2007, 05:15 PM
Post by: Havok on February 28, 2007, 09:23:00 AM
QUOTE(Hack_Bird @ Feb 28 2007, 03:12 PM)
A lott of talk here about "nothing"and a few Smart guys ...
Anyway, im staying 4552 and try some hacking myself ... maybe remove that resistor?
<< This guy MUST release How2 soon .... if he wants toIf you are at 4552 then removing the resistor does nothing. (Except prevent future efuses from being blown)..
BTW Guys: We knew about the blown efuse and resistor as soon as the kernel downgrade hacks were known. So you could have easily removed the resistor before you upgrade the kernel if you cared... guess hindsight is 20/20.
Post by: asdfzxcv on February 28, 2007, 09:39:00 AM
Am I correct to assume that if I my box has 4532 and if I can keep it that way (not connecting to live and not playing new retail games) then I'd be able to run future homebrews even without a modchip? Kinda like the way dreamcast were? If that's true, that's a great news! There are ppl out there with 4532 and 4548 360 boxes.
Post by: basherbacon on February 28, 2007, 09:50:00 AM
Post by: EvanVanVan on February 28, 2007, 09:44:00 AM
Post by: bucko on February 28, 2007, 10:00:00 AM
Post by: webMASTER P on February 28, 2007, 10:21:00 AM
TVersity is doing an OK job for now but i want my XBMC on 360.
Also, with the power of the 360, PS2 emulation might be possible, and that would be sweet.
Post by: SteveNZ on February 28, 2007, 10:22:00 AM
How is this possibly useful? And why the hell would they tell MS about it? They're lucky MS didn't sue them, guess they managed to stay anonymous the whole time.
Sounds pointless.
Post by: calderra on February 28, 2007, 10:29:00 AM
It's like using a can opener to open a "Can-Opener-In-A-Can".
This post has been edited by calderra: Feb 28 2007, 06:30 PM
Post by: Shepdog on February 28, 2007, 10:31:00 AM
QUOTE(SteveNZ @ Feb 28 2007, 06:22 PM)
So, let me get this right. There _was_ a bug in the dashboard which allowed an exploit. Some time ago MS fixed this bug and anyone with an internet-connected 360 should have this bug fixed via a dash update. Now, AFTER the bug has been fixed (several weeks after), the information has been released, when it's of no use to ANYONE?
How is this possibly useful? And why the hell would they tell MS about it? They're lucky MS didn't sue them, guess they managed to stay anonymous the whole time.
Sounds pointless.
Some people who still have the old kernel can use this exploit to find other vulnerabillities which are still present in current kernel versions.
Post by: spook727 on February 28, 2007, 10:41:00 AM
QUOTE(calderra @ Feb 28 2007, 06:29 PM)
Not only that, but this explot apprently uses XNA studio- a client that allows you to developer software from scratch and run it on 360, so that one could perhaps run software on the 360 after the crack.
It's like using a can opener to open a "Can-Opener-In-A-Can".
Correct me if I'm wrong, but where does it mention XNA? The code was more likely written in assembly.
Post by: infamous_Q on February 28, 2007, 10:52:00 AM
QUOTE(webMASTER P @ Feb 28 2007, 12:21 PM)
there's only one homebrew app that i want to run, and that's XBMC
TVersity is doing an OK job for now but i want my XBMC on 360.
Also, with the power of the 360, PS2 emulation might be possible, and that would be sweet.
i agree, all i really want is XBMC. The possibilities for this program are huge now since we can connect external devices to the 360 (tv tuners, hard drives connected directly to the 360 etc.). plus HD content can now be played.
but a ps2 emu would definitely be gangster
Post by: Reaper527 on February 28, 2007, 11:03:00 AM
QUOTE(Lamer123 @ Feb 28 2007, 02:38 AM)
I see alot of talk about a downgraded Firmware chip and it seems that people forget that you cant sell a chip with copyrighted info on it.
The downgraded chip will not happen and if it does it would get shut down.
That is unless it goes the whole xbox route and sells blank chips that need to be flashed on your computer with illegal bioses.
yeah, its no differant then the first xbox in that regard. don't forget, all the psx, early ps2, early xbox chips came preflashed, and probably contained copyrighted code. and worst case scenario, the sell blank and you get the data from "the usual places".
i'm not saying that it will be that simple in the end, i'm not an EE god like those who find this stuff, but i wouldn't worry about copyrights effecting this in anyways.
Post by: Chan163 on February 28, 2007, 11:17:00 AM
Post by: Highcutt- on February 28, 2007, 11:22:00 AM
Post by: 4doordrop on February 28, 2007, 11:23:00 AM
QUOTE(Chan163 @ Feb 28 2007, 12:17 PM)
Now tell us about the f#cking R6T3, for christs sake. Can it be so hard to show where it is and tell if it simply can be removed permanently?
I'll second that. I just took apart my box looking for it but no luck. It must be under the heatsink or sumthin. Can anyone confirm this?
Post by: Havok on February 28, 2007, 11:26:00 AM
QUOTE(Chan163 @ Feb 28 2007, 06:17 PM)
Now tell us about the f#cking R6T3, for christs sake. Can it be so hard to show where it is and tell if it simply can be removed permanently?
If you look at your board the resistors are numbered IN ORDER.. its not that hard to figure out.
And the resistor is the 5V supply to the efuses. So far it can be removed without consequences.
Happy?
Post by: rmeyers on February 28, 2007, 11:30:00 AM
http://www.xboxic.com/news/2485
Post by: Chan163 on February 28, 2007, 11:36:00 AM
QUOTE(Highcutt- @ Feb 28 2007, 07:22 PM)
Holy fuck people are retarded.
You mean I'm retarded because I want to save my X360 from being f#cked by M$? Ok, then. But I'll tell you what I think is retarded: Most of this thread! Because it's just a continous repetiton of "This exploit is useful" - "No, it's not" - "Yes, it is" and so on and so on. I think everything that needed to be said about the 'usefulness' of this esploit is already said, mainly by The Specialist, obviously one of the experts on X360 security.
Enough people, including me have asked about that resistor, including me. The answers to the question have yet to be done. There are people here who know the resistors whereabout and probably have information if the X360 will run flawless without it. Aren't they willing to share that little bit of knowledge to preserve some pre 4552 360s?
QUOTE(Havok @ Feb 28 2007, 07:26 PM)
If you look at your board the resistors are numbered IN ORDER.. its not that hard to figure out.
And the resistor is the 5V supply to the efuses. So far it can be removed without consequences.
Happy?
It's a start. But as 4doordrop said, I can't find the resistor too. I used a looking glass and still nothing. A picture with some marks or at least a description where it is would be really helpful, instead of having us tearing our boards apart.
Also a harder question would be, if the efuses can be 'read' by the CPU, so a future kernel could detect if the efuses are blown the way they should be.
This post has been edited by Chan163: Feb 28 2007, 07:45 PM
Post by: 4doordrop on February 28, 2007, 12:26:00 PM
Post by: Megamil on February 28, 2007, 12:42:00 PM
QUOTE(kalle_19 @ Feb 28 2007, 06:19 AM)
Wenn es einige Leute gibt, die beleidigt werden muß, ist es die Amerikaner.
Wer soll sagen, dass er Amerikanisch ist?
Post by: JUANVAN on February 28, 2007, 12:49:00 PM
QUOTE(4doordrop @ Feb 28 2007, 08:33 PM)
Well I was able to find that damn R6T3. It's on the back of the mobo. If I had a digital camera that could clearly show the location in a pic, I'd post it. But seeing how I don't, I'll give the coordiates. Line up the "T" on the left side of the mobo with the "6" at the top of the mobo. Where they meet in the middle is where R6T3 is at. And now that I've found it, I have no idea what i'm going to do with it. (IMG:style_emoticons/default/blink.gif)
YOU FIGURE IT OUT.. Or don't bother..
Props to the hacker, though I want to see this out in the wild.
The more news was released, and really other then the tech aspect, I don't see a workable fix for the rest of us out here, or some demo of how it works. At least TS had the ballz to do that in plain sight.
Post by: mksoftware on February 28, 2007, 01:02:00 PM
QUOTE(Megamil @ Feb 28 2007, 08:42 PM)
Wer soll sagen, dass er Amerikanisch ist?
This is an English forum, crap like this doesn't belong here allright? I myself am Dutch, would that say I'm just going to post Dutch in here? No fucking way....
Post by: Chamrock on February 28, 2007, 01:09:00 PM
Post by: SonicvanaJr on February 28, 2007, 01:25:00 PM
Post by: Chamrock on February 28, 2007, 01:38:00 PM
Post by: shotgunsteve on February 28, 2007, 01:58:00 PM
Post by: BigSteel on February 28, 2007, 02:00:00 PM
QUOTE(shotgunsteve @ Feb 28 2007, 09:58 PM)
you are a dumbass
I'll second that
Post by: Anonnos on February 28, 2007, 02:08:00 PM
Post by: El3M3nT on February 28, 2007, 02:13:00 PM
Post by: Anonnos on February 28, 2007, 02:14:00 PM
Post by: SpikeMage on February 28, 2007, 02:09:00 PM
Post by: TownJew on February 28, 2007, 02:27:00 PM
Post by: Chamrock on February 28, 2007, 02:29:00 PM
Post by: infamous_Q on February 28, 2007, 02:31:00 PM
QUOTE(Chamrock @ Feb 28 2007, 04:29 PM)
Nobody would be stupid enough and help MS to patch this for a small sum I can tell ya. It is (almost) all about the money. Nobody could feel honored to help MS for peanuts or to get a simple job. Or perhaps this is just a weird hacker that is unable to value money correctly. But I bet he is more likely a couple of million dollars richer.
dude read the beginning of this thread. the guy probably did it to LEGALLY protect himself. maybe he got a bit of cash, but he was smart to cover his ass. so stop talking like this is JUST about money. if ur whining cuz this may end up being useless cuz of the fix, then deal with it and wait. someone will figure something out, either based on this bug or a new one.
Post by: Chan163 on February 28, 2007, 02:33:00 PM
This post has been edited by Chan163: Feb 28 2007, 10:45 PM
Post by: Mike Bowler on February 28, 2007, 02:43:00 PM
Hows that for a thought lol?
And please please if your going to post in a different language at least leave an english translation along with it, all this foreign jibba-rish is doing my nut in.
Post by: BigSteel on February 28, 2007, 02:38:00 PM
QUOTE(Chamrock @ Feb 28 2007, 10:29 PM)
Nobody would be stupid enough and help MS to patch this for a small sum I can tell ya. It is (almost) all about the money. Nobody could feel honored to help MS for peanuts or to get a simple job. Or perhaps this is just a weird hacker that is unable to value money correctly. But I bet he is more likely a couple of million dollars richer.
Why do you insist on contiually proving that you are a moron? I am willing to bet he/she got next to nothing, let alone a couple of million dollars. And let me understand this correctly...if you discovered a hack that took you a short time to discover and M$ offered you $1M, you would tell them to f themselves?
Post by: Chan163 on February 28, 2007, 02:48:00 PM
About the anonymous hacker: IF he/she got money he/she also surely would have to sign a non-disclosure agreement, because M$ KNOWS that there are enough X360s around with the vulnerable kernels installed. So the fact he/she made the thing public proves he/she got nothing!
This post has been edited by Chan163: Feb 28 2007, 10:54 PM
Post by: Chamrock on February 28, 2007, 02:43:00 PM
QUOTE(BigSteel @ Feb 28 2007, 10:45 PM)
Why do you insist on contiually proving that you are a moron? I am willing to bet he/she got next to nothing, let alone a couple of million dollars. And let me understand this correctly...if you discovered a hack that took you a short time to discover and M$ offered you $1M, you would tell them to f themselves?
Well, I would rather establish a modchip business and earn more than 1 million dollars, but if MS would offer quite a bit more than that I could reconsider. If I could told the 360 owners about the removal of the resistor MS could be out of power to control our 360s while the modchip business contiued to grow.
Post by: Mike Bowler on February 28, 2007, 02:46:00 PM
Post by: tser360 on February 28, 2007, 02:57:00 PM
Post by: d-range on February 28, 2007, 02:54:00 PM
QUOTE(Chan163 @ Feb 28 2007, 07:36 PM)
QUOTE(Highcutt- @ Feb 28 2007, 07:22 PM)
Holy fuck people are retarded.
You mean I'm retarded because I want to save my X360 from being f#cked by M$? Ok, then. But I'll tell you what I think is retarded: Most of this thread! Because it's just a continous repetiton of "This exploit is useful" - "No, it's not" - "Yes, it is" and so on and so on. I think everything that needed to be said about the 'usefulness' of this esploit is already said, mainly by The Specialist, obviously one of the experts on X360 security.
Enough people, including me have asked about that resistor, including me. The answers to the question have yet to be done. There are people here who know the resistors whereabout and probably have information if the X360 will run flawless without it. Aren't they willing to share that little bit of knowledge to preserve some pre 4552 360s?
It's a start. But as 4doordrop said, I can't find the resistor too. I used a looking glass and still nothing. A picture with some marks or at least a description where it is would be really helpful, instead of having us tearing our boards apart.
Maybe he meant people are retarded because of all the stupid comments by people who don't understand how and why this hack might be useful? And/or are talking pseudo tech-talk about efuses, modchips and removing resistors etc?
I'm not saying I know much more than what I'm able to get from the summary, but all I know this is very exciting. It's most likely not the hack that will bring homebrew to the 360 but it shows there are ways around the security. A first dent in the armor, and in the hands of the right people a perfect tool to get inside the hardware and learn about other possible exploits. It doesn't matter much that it's already fixed and the guy reported it to MS, at least the details to reproduce it are out in the wild now, without legal problems to discuss them.
If it is really possible with this hack to have full control over the CPU/RAM/HD/etc it will not take long until someone manages to get a custom linux kernel running on it (it it isn't already). From there someone might learn stuff about the hypervisor and find a way to disable it in other ways; or hit a hardware bug/debug call/shader exploit; or find out something about the efuses, a way to blow one of them that overides all other efuses, whatever. Time will tell...
Anyway if I were you I wouldn't rush out to find that resistor and remove it. You can count the days until a mandatory update will lock up the console if it cannot blow the efuses and brick your console. Also, if you're not skilled enought to find all the info and details about the hack/resistor/whatever without asking for them here, the best thing for you would probably be to wait and see what happens. A 360 without homebrew is still better than a $399 paperweight.
Edit: what's up with all the german crap in this thread btw? Isn't this topic moderated??
Post by: No_Name on February 28, 2007, 03:02:00 PM
Crying because the hole has already been plugged is pointless, and talking about you would do is even worse. Tell you what stop crying and you find the hole and produce this mythical mod chip.
Talk of people getting paid millions is stupid too. If you knew anything about big business you do pay out millions to random people even a company with as much cash as MS does could not sustain profitabality for long that way.
This post has been edited by No_Name: Feb 28 2007, 11:05 PM
Post by: syntaxerror329 on February 28, 2007, 03:05:00 PM
QUOTE(tser360 @ Feb 28 2007, 10:57 PM)
I saw some people on this threading saying "If only the xbox 360 sdk was leaked". I would like to say to them : Look better. It's out there, for a long, long time already, Really.
Hmmm its your first post. Sorry i don't think your right.
Does anyone else here think the 360 SDK is floating around the net somewhere or is this guy BS ?
Post by: 4doordrop on February 28, 2007, 03:16:00 PM
QUOTE(d-range @ Feb 28 2007, 04:01 PM)
Also, if you're not skilled enought to find all the info and details about the hack/resistor/whatever without asking for them here, the best thing for you would probably be to wait and see what happens.
Hmm...I thought this was a Hacking Disscusion Forum, not a bitch everyone out for not being able to find all the info and details about hacking forum. (IMG:style_emoticons/default/dry.gif)
This post has been edited by 4doordrop: Feb 28 2007, 11:19 PM
Post by: d-range on February 28, 2007, 03:18:00 PM
QUOTE(4doordrop @ Feb 28 2007, 11:16 PM)
Hmm...I thought this was a Hacking Disscusion Forum, not a bitch everyone out for not being able to find all the info and details about hacking forum.
It's not really constructive for the 'Hacking Discussion' to keep asking the same thing over and over, especially not when it is easy enough to find the resistor yourself or just keep your box off the net until someone else finds it and posts details about it
Post by: i800phyco on February 28, 2007, 03:19:00 PM
QUOTE(Chamrock @ Feb 28 2007, 09:38 PM)
I suppose this guy got plenty $$$$$$$$$$$ from M$ for telling them this, so much so he become about 50 million USD richer for this discovery. If he did I kind of understand him if he did. I believe most people would accept a generous offer from MS in order to help them to let the console remain unhacked. This is just a speculation, but I would be surprised if he has not become a USD multi-millionaire of this finding. If MS just offered me like 1 million USD I would tell them to go fuck themselves.
Yea but first you would have to do somthing worthwhile.
Post by: caster420 on February 28, 2007, 03:33:00 PM
QUOTE(4doordrop @ Feb 28 2007, 05:16 PM)
Hmm...I thought this was a Hacking Disscusion Forum, not a bitch everyone out for not being able to find all the info and details about hacking forum. (IMG:style_emoticons/default/dry.gif)
The resistor is on the bottom of the mobo, near the center of the cpu heatsink retainer (the big 'X') when you have the front of the motherboard facing you.
Caster.
This post has been edited by caster420: Feb 28 2007, 11:35 PM
Post by: JimmyGoon on February 28, 2007, 03:35:00 PM
2. The X360SDK has not been leaked to the best of my knowledge but I'm assuming that if there was an exploit like this live the the same thing would happen as last time.
3. To people that are confused: This doesn't mean anything to you right now. What until people like "The Specialist" have a chance to work with it. Some Xbox360's haven't gotten this update and blown the efuse so MAYBE the hackers over at xboxhacker.net will have a chance to dump the kernel/hypervisor to find us some (more) usable tasty exploits.
4. What happens if you pull off the resistor? I understand that the efuses then can't blow, but does the new kernel work fine until you use the programmer to downgrade or what?
(my) recommendation: Stop updating until we hear more. (Or better yet, just don't touch anything inside your xbox unless you are willing to have paid $400 for a doorstop)
This post has been edited by JimmyGoon: Feb 28 2007, 11:40 PM
Post by: infamous_Q on February 28, 2007, 04:02:00 PM
QUOTE(Chamrock @ Feb 28 2007, 04:50 PM)
Well, I would rather establish a modchip business and earn more than 1 million dollars, but if MS would offer quite a bit more than that I could reconsider. If I could told the 360 owners about the removal of the resistor MS could be out of power to control our 360s while the modchip business contiued to grow.
how many 360's have sold? ~10 million right. even at $100 (of PURE PROFIT per chip) you'd have to sell to 100k people. that's assuming no competition, and you're ridiculously price chip is actually bought into by some people. you'd be dumb not to take your million and establish a legit business.
To JimmyGoon on your first question: "1. What is the legality of M$ doing this? Without warning or pushing "I accept" somewhere?"
it's probably in the EULA somewhere, or in the Live user agreement. so you've already hit the "accept" button a long time ago. plus it's a moot point since no one (who doesn't get bricked) bitches when they upgrade to add features (like video streaming).
Post by: 4doordrop on February 28, 2007, 04:04:00 PM
QUOTE(JimmyGoon @ Feb 28 2007, 04:35 PM)
4. What happens if you pull off the resistor? I understand that the efuses then can't blow, but does the new kernel work fine until you use the programmer to downgrade or what?
From what I understand:
If you take out the resistor and update to v4552 and then dump the flash to corrupt the patch it will throw E71 errors. If reverted back to 2.0.1888 it will boot.
Post by: jcdenton2003 on February 28, 2007, 04:25:00 PM
Post by: JimmyGoon on February 28, 2007, 04:45:00 PM
Post by: Heet on February 28, 2007, 05:25:00 PM
QUOTE(jcdenton2003 @ Feb 28 2007, 06:25 PM)
I think this could be the big thing everyones been waiting for!
It is the door everyone was waiting for. Gonna be a rollercoaster of a year!
Post by: doobzilla on February 28, 2007, 05:37:00 PM
EDIT: perhaps the proper kernel update could also be found on a game disc? I also now know what kernel I am running on my "bomb shelter 360" and it is lower than 4532 dagnabbit!
This post has been edited by doobzilla: Mar 1 2007, 01:51 AM
Post by: mr2000jp on February 28, 2007, 05:42:00 PM
Post by: rippinitto on February 28, 2007, 06:02:00 PM
For god sake people if you discover a hack, exploit the damn thing. dont show it off on a projector hidden by a hoodie and mask!
Post by: No_Name on February 28, 2007, 06:21:00 PM
Telling the vendor it was there allows the hold to be plugged so the game can start again.
Learn to understand that not everyone is out there hacking systems to exploit them, they are doing it to see if they can and once they figure out that yes its possible they are happy and move on.
Anyway like others have said, this might lead to nothing but it could lead to somthing. Right now its unless to 99.9% of the people who have posted in this topic
Post by: xzenor on February 28, 2007, 06:21:00 PM
This post has been edited by xzenor: Mar 1 2007, 02:21 AM
Post by: pablo0024 on February 28, 2007, 06:27:00 PM
i have an xbox360 bought in february 2006, the console was NEVER connected online.
can i upgrade it to kernel 4532 ? is there any game with that update? or any cd with that update?
any1 knows?
Post by: ybaig123 on February 28, 2007, 06:49:00 PM
QUOTE(pablo0024 @ Mar 1 2007, 01:27 AM)
Question:
i have an xbox360 bought in february 2006, the console was NEVER connected online.
can i upgrade it to kernel 4532 ? is there any game with that update? or any cd with that update?
any1 knows?
That would be nba street vol3, since thats the only game i've gotten since gears
Post by: mbazos on February 28, 2007, 07:12:00 PM
Version Release Date Comment
2.0.1888.0 November 22, 2005 Original shipped version
2.0.2241.0 November 22, 2005 Update available at product launch
2.0.2255.0 January 30, 2006 -?
2.0.2258.0 March 2, 2006 -?
2.0.2858.0 June 05, 2006 -?
2.0.4532.0 October 31, 2006 Changelog. New identifier X with value 2BB7-8E09-0188-D795
2.0.4548.0 November 30, 2006 -?
2.0.4552.0 January 9, 2007 -?---->(fix the hole from 4532, 4548)
source: http://wiki.free60.org/XboxKernel
Also no one on here should be flaming this discovery. The potential that this offers is huge. Also if you have the newest kernel I wouldn't sweat it. Once the 360 is compromised knowing how everything works will be much easier....which will lend itself to other exploits. As far as I am concerned this is the biggest discovery since bunnie with the original xbox.
What I would like to see is a list of games that update to 4548 and 4552. The last game that I played in my xbox was Gears of War and I have K:2.0.2858
This post has been edited by mbazos: Mar 1 2007, 03:16 AM
Post by: zero129 on February 28, 2007, 07:15:00 PM
But does any of ye remember the first guy that hacked the original Xbox?.
He done it for some class report thing or something, this was before any other hack was out
For the Xbox.
But he busted the thing wide open.
And then guess what???.
He didn't release it, afaik he done the same thing this guy did and told his info to MS.
But guess what it opened the doors for other hackers, and the original Xbox got busted wide open.
So the way i see it it's pretty much the same deal here.
Yeah sure this hack is no good to 99% or so of us.
But its opening a door that MS is going to find very hard to close.
It's showing it can be done.
And other hackers will follow, and they will make it possible to run Unsigned code on any x363.
Post by: Xombe on February 28, 2007, 07:40:00 PM
QUOTE(d-range @ Mar 1 2007, 07:01 AM)
Edit: what's up with all the german crap in this thread btw? Isn't this topic moderated??
It is.
But it's not against the rules to post in a language other than English now and then, even though the admins have made it clear this is at the end of the day an English language board.
Post by: caster420 on February 28, 2007, 08:04:00 PM
Caster.
Post by: mbazos on February 28, 2007, 08:01:00 PM
QUOTE(zero129 @ Mar 1 2007, 03:15 AM)
Yeah sure this hack is no good to 99% or so of us.
I don't think so, if you have not played on xbox live chances are your xbox kernel is either one of the exploitable version or earlier prior to it. Assuming you have not played on xbox live and have played Gears of War you probably have K:2.0.2858. This hack is useful to a lot of people in the scene.
Post by: dinzy on February 28, 2007, 08:09:00 PM
QUOTE(mbazos @ Mar 1 2007, 04:08 AM)
I don't think so, if you have not played on xbox live chances are your xbox kernel is either one of the exploitable version or earlier prior to it. Assuming you have not played on xbox live and have played Gears of War you probably have K:2.0.2858. This hack is useful to a lot of people in the scene.
Not if they have played any game that went gold after 1/9.
Post by: zero129 on February 28, 2007, 08:43:00 PM
QUOTE(mbazos @ Mar 1 2007, 05:08 AM)
I don't think so, if you have not played on xbox live chances are your xbox kernel is either one of the exploitable version or earlier prior to it. Assuming you have not played on xbox live and have played Gears of War you probably have K:2.0.2858. This hack is useful to a lot of people in the scene.
Thats why i said 99% or "so" of us.
Remember Xbox live is not the only way to get them updates
.But ether way something good is going to come out of this.
Post by: vSaAmTp on February 28, 2007, 08:51:00 PM
QUOTE(zero129 @ Mar 1 2007, 03:15 AM)
Hey, now my memory is a little bad on this since it was so long ago.
But does any of ye remember the first guy that hacked the original Xbox?.
He done it for some class report thing or something, this was before any other hack was out
For the Xbox.
But he busted the thing wide open.
And then guess what???.
He didn't release it, afaik he done the same thing this guy did and told his info to MS.
But guess what it opened the doors for other hackers, and the original Xbox got busted wide open.
So the way i see it it's pretty much the same deal here.
Yeah sure this hack is no good to 99% or so of us.
But its opening a door that MS is going to find very hard to close.
It's showing it can be done.
And other hackers will follow, and they will make it possible to run Unsigned code on any x363.
think the same. the door is open. tell it. ms close the door. now u can see, what ms is doing. the hack was a long time, befor ms closed the door. 2 kernel updates to look it works. the last update. to look what can ms do.
when sombody want to know, how it works, check one update after update.
Post by: andi_06 on March 01, 2007, 12:03:00 AM
MS isnt loosing money from people running xbmc infact the popularity of the app probably helped xbox sales figures, I say fix the darn dvd firmware rubbish and let us run our own apps without xna.
Post by: Grim187 on March 01, 2007, 01:17:00 AM
http://i12.photobuck...rim187/R6T3.jpg
just a theory but couldn't we use the non updated DK in a retail unit and the update in games to are advantage?
I.E. Take a Brand New Console and a game with the Right DK Update and get the Correct DK that Way
i admit its not the best solution but if it works then it works
Post by: openxdkman on March 01, 2007, 01:50:00 AM
With that "fall update" .xex what kernel version shall we obtain?
Post by: ashlar42 on March 01, 2007, 04:05:00 AM
QUOTE(openxdkman @ Feb 28 2007, 10:43 AM)
People with kernel>4548 : Gather people in class action suit in order to know if you can obtain back the blown efuse. It's very interesting to know if it's legal to blow an efuse inside someone's harware remotely without warning customer. If efuse threat is always active every future breach will end the same way for online gamers : too late.
I didn't actually think about it this way, but I think you're on to something with this.
I strongly doubt that Microsoft has the right to permanently alter the hardware inside a console I bought and paid, without letting me know. Even more so considering that I did not do anything even remotely illegal with it. I just used it to play games and go online for a service I was and still am paying for.
This makes my machine modifiable by them exactly how?!?
Post by: Chamrock on March 01, 2007, 04:16:00 AM
Post by: caster420 on March 01, 2007, 04:40:00 AM
QUOTE(openxdkman @ Mar 1 2007, 03:50 AM)
Grim187, Caster420, thanks a lots for your links. They are great!
With that "fall update" .xex what kernel version shall we obtain?
With that "fall update" .xex what kernel version shall we obtain?
Your kernel will be updated to 2.0.4532.0. I checked this last night using that source and a virgin console (just to make sure they hadn't messed with the download).
Caster.
Post by: Ceres on March 01, 2007, 04:41:00 AM
QUOTE
The fall update can be downloaded from here. It is the original upgrade disc for the hd dvd-rom.
Caster.
Caster.
i just burn this on onto an ordinary CD? which kernel is it?
Post by: caster420 on March 01, 2007, 04:42:00 AM
QUOTE(Ceres @ Mar 1 2007, 06:41 AM)
i just burn this on onto an ordinary CD? which kernel is it?
Kernel is above. You can burn it to cd or dvd as a data disc. I used a cd last night, as it is only 12.4mb or something like that.
Caster.
Post by: Ceres on March 01, 2007, 04:51:00 AM
eventually we would need the software that the hacker used to inject the code and the according hardware (USB/Serial) to do it...
Post by: aziztcf on March 01, 2007, 04:52:00 AM
QUOTE(Chamrock @ Mar 1 2007, 12:23 PM)
No asshole should ever hack into my hardware without my permission!
Somehow I find this statement very ironic. Wait, what was this topic about?
Post by: ZakMcRofl on March 01, 2007, 06:54:00 AM
QUOTE(ashlar42 @ Mar 1 2007, 12:12 PM)
I didn't actually think about it this way, but I think you're on to something with this.
I strongly doubt that Microsoft has the right to permanently alter the hardware inside a console I bought and paid, without letting me know. Even more so considering that I did not do anything even remotely illegal with it. I just used it to play games and go online for a service I was and still am paying for.
This makes my machine modifiable by them exactly how?!?
At first I thought you were joking but I guess you're being serious?
First of all they ask you before every update. Second of all, an efuse that is blown is more like a bit that is (permanently) flipped. Do you want to confirm it every time the Xbox writes a bit to a solit state memory?
I didn't think so.
Post by: SuRgEx360 on March 01, 2007, 07:09:00 AM
Post by: PillHarris on March 01, 2007, 07:03:00 AM
QUOTE(Chan163 @ Feb 28 2007, 03:39 PM)
I don't think we will get that much from this kind of exploit anymore (at least the ones already on 4552), because M$ now knows what to look for. The next exploit has to be something else. I hope the 'final solution' will be more like a 'crack' instead of an exploit running only on certain systems...
Now about that resistor: Will the 360 run normally when this resistor is removed permanently? Will a new kernel be able to check if that efuse is blown?
I have a 4532 sitting right next to me and I'm thinking of removing the resistor before going online again. Does anyone have a picture where to find that thing (I don't want to search the whole board for it)?
Maybe but buffer overflows are not always easy to spot. That's why windows you see numerous attacks on the same MS application, IE or whatever, Often based around buffer overflow.
The coders are very good, they're not morons, it's just incredibly hard to prevent mistakes like buffer overflow. This is why Microsoft invented the .NET framework and languages like C#, So the programmer doesn't have to worry about memory allocations and so on... No matter how good a programmer you are, doing level C/ASM and even C++ you will make some mistakes in complex code.
So we might find another exploit like this. However, the problem is that Microsoft have this defence against that with eFuse. Whatever hack is developed, it has to fool the update that it doesn't need to blow the eFuse, or it has to find some way of preventing that counter-move from MS.
Post by: Havok on March 01, 2007, 07:36:00 AM
If that resistor is removed (thus saving the efuse) the newest 4552 kernel will not run on your box.
So you are locked out of live and most newer games because they will ask you to update.
Post by: caster420 on March 01, 2007, 08:05:00 AM
QUOTE(Havok @ Mar 1 2007, 09:36 AM)
Remember guys... as of right now you have a choice of homebrew OR newer games.
If that resistor is removed (thus saving the efuse) the newest 4552 kernel will not run on your box.
So you are locked out of live and most newer games because they will ask you to update.
If that resistor is removed (thus saving the efuse) the newest 4552 kernel will not run on your box.
So you are locked out of live and most newer games because they will ask you to update.
This is not true. The new kernel will run without the efuse being blown. Robinsod has stated that the problem comes when trying to downgrade the kernel from 4552 to an older version by corrupting the patchs applied. He speculates the the dash files contained in the NAND have been overwritten (not just a kernel patch) and will not work with lower kernels. Thus, you can disable the eFuse power source, use the newest kernel (as of right now) but you will not be able to downgrade the way that he had been. You will have to flash a pre-4552 image to your NAND to have it work with a lower kernel.
Caster.
Post by: jonlewi5 on March 01, 2007, 08:33:00 AM
if you are inside your house then u can see how many locks etc are there whereas if you are on the outside then all you see is the key hole
so once some very clever people ie the specialist etc have a play about inside the 360 we should see some more hacks coming HOPEFULLY
id give maybe a month before we see people like the specialist running some sort of home brew hopefully lol
Post by: dinzy on March 01, 2007, 08:46:00 AM
I would like to clarify this resistor thing. From what I have read in this thread it appears that one can remove this resistor and remove the power to the eFuse blowing element in the chip. The problem is that the next Kernel can probably require that eFuse be blown in order to run. ( or can it?) Can MS knowingly brick a modded 360? The sort of did it with swapped DVD drives on newer systems with the fall update. However making the kernel crash is a lot more severe than simply refusing to run with a swapped DVD drive. Are there safety features in the 360 that let you re-update the system should they try to do this?
Also on the resistor mod. Is a switch all that is needed? Ie can one switch the resistor back on after the update is performed and still have the eFuse and the ability to blow eFuses with future updates. It's not vitally important, i am just curious if the fuse is blown with the updater. Also what value is this resistor? Making a switch would probably be easier with a non surface mount resistor, or just a wire if it is small enough. Does anyone have any idea how the eFuse/kernel recognition works? Say for example that there are N eFuses, does each kernel require that eFuse N-kernel number thru N be unblown in order to run. Obviously it is more complicated than that, but is it possible that the design does not let kernels require certain eFuses be blown. Or in other words could it be that they did not think to prevent new kernels from running on "virgin" chips but just tried to prevent old, unsecure kernels from running after they patched a hole?
I am just curious for curiosity's sake. I think any viable hack to come form this will either come form people using it to hack other elements rather than people with unburned eFuses being the only ones able to use this. And by viable I mean profitable modchip or something along those lines and not a homebrew only console, which IMHO is worth the 300 bucks + extras
Post by: molesza on March 01, 2007, 09:21:00 AM
I've been trying to figure out what kernel version im running. How can I check it on my 360?
Post by: networkBoy on March 01, 2007, 09:22:00 AM
QUOTE(cherryduck @ Feb 28 2007, 03:19 PM)
Ok, I know I'm probably going to get flamed like crazy for this but have a look at this snippet about the efuse I found on Wikipedia:
The primary application of this technology is to provide in-chip performance tuning. If certain sub-systems fail, or are taking too long to respond, or are consuming too much power, the chip can instantly change its behavior by 'blowing' an eFUSE. This process does not physically destroy the eFUSE, so it is reversable and repeatable.
Everyone keeps saying you can't 'unblow' an efuse, yet right here it seems to say exactly the opposite...Anyway that's just what I found so if I'm wrong I'm wrong but thats maybe something to think about. I don't claim to be a fount of wisdom or anything I'm just interested in the possibilities.
To "unblow" an e-fuse requires a charge pump and voltage path. These are OTP. There is no erase path to unblow them. Sorry.
-nB
Post by: BillMan on March 01, 2007, 09:25:00 AM
Just wanted to say the Anonymous dude that reported this to Microsoft did it for his own research, as you see he dated the events. All it is, is woundering how fast and seriously Microsoft would take this. It says 6 days. Which gives them time to do other things and see how fast they can work around Microsoft.Then once it is updated, this can show other unsigned Code. or some kind of a loopwhole.
You all look at things the wrong way by thinking it is bad. Microsoft would of found this once it is posted somewhere. So, why not see how long it would take them to fix the Kernal? And see if they did a descent fix and what you can do to work around it.
Hope you all finally understand and stop diss'n the dude.
He must be doing a hella lot of work to find that code himself. Even if he has friends helping.
Post by: molesza on March 01, 2007, 10:00:00 AM
Post by: Obveron on March 01, 2007, 10:07:00 AM
QUOTE(dinzy @ Mar 1 2007, 04:46 PM)
The problem is that the next Kernel can probably require that eFuse be blown in order to run.
Indeed, if one breaks the 5v connection to the Efuses, preventing them from being burnt - future kernel updates may flag this.
A new kernel could enable a check to see if the appropriate efuse(s) is burnt, and if not.. well, ban or brick.
So pulling the resistor to prevent efuses from being burnt, could cause a problem in the future.
Post by: Fragreaver on March 01, 2007, 10:54:00 AM
system blade > console settings > system info.
You'll see the dashboard version on the right side.
This post has been edited by Fragreaver: Mar 1 2007, 06:55 PM
Post by: openxdkman on March 01, 2007, 11:29:00 AM
- version <4532 and resistor untouched :
don't connect, don't play with games released after mid-january
if you get upgraded to >4548 you lose first efuse
without it you can't downgrade to <=4548
download the "fall update", to burn on cd-r (from the link in previous post -Thanks Castor420!-)
don't use it yet
the day some homebrew appears this cd-r will upgrade you to 4532
- version 4532 or 4548 and resistor untouched :
don't connect, don't play with games released after mid-january
if you get upgraded to >4548 you lose first efuse
without it you can't downgrade to <=4548
- version >4548 and resistor untouched :
you lost first efuse
maybe sell for very cheap your xbox360 on ebay now and buy a new one very very quickly
- any version and resistor removed (see photograph in previous post -Thanks Grim187!-):
like above, but you are allowed to do mistakes (or to continue playing online and with new games)
if you need to downgrade later -operation won't be obvious for beginners and so, may cost money-,
it will work (a flash memory needs to be screwed up), you won't be stuck in a bad situation
as long as the first efuse is ok, kernels <=4548 will accept to run
(at least that's what I've understood so far...)
Because downgrade may not be so immediate and easy operation (only possible if resistor not there), I think many (myself included) won't bother removing the resistor but will dedicate xbox360 to homebrew now.
A new model with 65nm technology will appear by end of year, this one can replace the old one for gaming.
Post by: molesza on March 01, 2007, 11:36:00 AM
Post by: d-range on March 01, 2007, 11:40:00 AM
QUOTE(BillMan @ Mar 1 2007, 05:25 PM)
Then once it is updated, this can show other unsigned Code. or some kind of a loopwhole.
You all look at things the wrong way by thinking it is bad. Microsoft would of found this once it is posted somewhere. So, why not see how long it would take them to fix the Kernal? And see if they did a descent fix and what you can do to work around it.
Exactly. It might even be a good thing he reported it to MS. Like I said before: the details of this hack are now visible to anyone, and the conditions to reproduce it are known. Because everything is posted to BugTraq and publicly available, it is almost impossible for MS to sue people who use/share this hack, as there is no reverse-engineering or DMCA violations necessary to get inside (some) 360's. IANAL, but AFAIK the DMCA does allow you to do whatever you want to your hardware, as long as you don't actively try to figure out ways around the protection (which isn't needed as they are publicly available) or use security holes to circumvent copyright restrictions.
And indeed, anyone thinking MS wouldn't have figured out this hack within days after someone made them available through 'hacker channels' is just ignorant.
Post by: cohan on March 01, 2007, 11:54:00 AM
I have the following games connected to Live (played those who can be played online):
Dead or Alive 4
Tony Hawk (dunno what its called, but theres only one TH for Xbox360 aint it?)
Test Drive Unlimited
Elder Scrolls: Oblivion
I bought my Xbox 360 on the 27. December 2005.
Post by: Fragreaver on March 01, 2007, 01:05:00 PM
system blade > console settings > system info. On the right side, the kernel version / dash version is shown.
Post by: Hyprkookeez on March 01, 2007, 02:38:00 PM
Post by: d-range on March 01, 2007, 02:51:00 PM
QUOTE(Hyprkookeez @ Mar 1 2007, 10:38 PM)
Can someone please explain why it's not possible to trick the machine into thinking it's a newer firmware, with the old firmware exploit in it?
Because the kernel code is signed and encrypted so you cannot modify it. If there's code in the kernel (which is very likely) that checks the expected updates, kernel version and efuses you cannot disable or change it.
This post has been edited by d-range: Mar 1 2007, 10:52 PM
Post by: kevhonda on March 01, 2007, 07:37:00 PM
QUOTE(Chamrock @ Mar 1 2007, 12:23 PM)
This is exactly what I mentioned before about the legality of blowing the fuse! Group-sue MS for doing this! No asshole should ever hack into my hardware without my permission! I hope EU will sue MS and demand billion of dollars and give it to the 360 owners. MS need some serious threat so they could stop this shit! I think we have the fully right to blow their property if they blow ours!
I've got some property they can BLOW, I'll give you one hint...its not an eFuse
Post by: Iriez on March 01, 2007, 10:39:00 PM
QUOTE(Chamrock @ Mar 1 2007, 06:23 AM)
This is exactly what I mentioned before about the legality of blowing the fuse! Group-sue MS for doing this! No asshole should ever hack into my hardware without my permission! I hope EU will sue MS and demand billion of dollars and give it to the 360 owners. MS need some serious threat so they could stop this shit! I think we have the fully right to blow their property if they blow ours!
Uhm, obviously you dont understand the intellectual property rights here. You officially do not OWN your xbox360. According to the license agreement presented by microsoft, you are in a sense, simply leasing the xbox360, and they own FULL intellectual property of the xbox360, and can make ANY adjustments to it, at ANY time they want.
Hope that settles your rant.
Post by: openxdkman on March 01, 2007, 11:52:00 PM
True sale : You own it. You should have the right to control the global state of your property (like a car).
True leasing : You just use it. But if a failure happens you should get a free replacement (any time, without any time limit).
I think politics should do something and forbid economic models that are just "floating" between these two models. It's too easy to take profit from first one (you sell and 1 year later if failure happens, consumer has to purchase a new one or pay 70% of total price for a replacement) and claim at same time total property with second model.
Post by: Iriez on March 02, 2007, 01:45:00 PM
QUOTE(openxdkman @ Mar 2 2007, 01:52 AM)
Legally considered as a leasing... Interesting... I've always thought console business should be true leasing since they want to sell at price that is under real production cost...
True sale : You own it. You should have the right to control the global state of your property (like a car).
True leasing : You just use it. But if a failure happens you should get a free replacement (any time, without any time limit).
I think politics should do something and forbid economic models that are just "floating" between these two models. It's too easy to take profit from first one (you sell and 1 year later if failure happens, consumer has to purchase a new one or pay 70% of total price for a replacement) and claim at same time total property with second model.
Like i said, 'in a sense'. I did not state you a literally leasing it, but the concept is there.
Post by: Methadon on March 02, 2007, 08:46:00 PM
QUOTE(Millenia1x @ Feb 28 2007, 04:15 AM)
but will we be required to downgrade the system to use this
well, this is xbox ALL OVER
Of course:
Xbox = xbox
360 = a full circle (or "all over" again)
QUOTE(NumarkTTX1 @ Feb 28 2007, 06:02 AM)
3 cheers to ms!
HIP HIP HOORAY! HIP HIP HOORAY!
i would love to see hombrew on 360... but as soon as this bad boy is cracked the ban hammer is comin down HARD!
That's only two cheers
Anywayz, yes. Just like the original xbox, expect to be banned from XBL if your console is running UNSIGNED CODE. For some reason, the vast majority of people think XBL bans for the X1s was over "your system is modded; you must be a pirate" concept, when if you look from a company standpoint, it's more of a "your system is allowing you to run ANY code, and is unfair to the popular user because it enables you to cheat on the same game that little timmy plays normally" type of concept.
QUOTE(openxdkman @ Feb 28 2007, 10:43 AM)
Mmm, I'm a bit disappointed. I was hoping hacker could wait for release of 65nm model...
Current model lifespan is a bit small for doing interesting things on long term... Whatever...
Current model lifespan is a bit small? There's over 10.5 million units of the "current model" sold...
QUOTE(t10 @ Feb 28 2007, 01:35 PM)
LMAO, almost every post starts with "I'm no... hacker/cracker/chip designer etc" then adds some dumb suggestion. Talk about redundancy.
Anyhoo props to the original hacker, he is a smart fellah. Too bad for us though he likes money over prison.
I was thinking the same thing (I could see someone chiming in another post "I'm no pirate..."
(BTW, I am in no way condoning piracy, violation of TOS, or any other bullshit before any of you think I am. Read my sig.As far as the "money over prison" part, I really don't see how hacking the xbox in this manner could land you in jail. If you purchase the Xbox 360, is it not *yours*? I don't recall signing something at the time of purchase which states that I am leasing said property. I paid cash, and got my system. If I decide I want to crash this 360 (which I legally purchased and own until I relinquesh it by whatever means at whatever time) in order to run whatever I want; I should be allowed. The only thing I could see as being illegal about it is if the means to do it were illegal (ie, you must used a XDK or something that should be unavailable to you, thus making the process involve theft somewhere *note* Stealing is wrong, and not condoned by me or my subsidiaries which I incorrectly spelled
).QUOTE(mojoman @ Feb 28 2007, 03:14 PM)
You guys are in Denial. How does this help us at all. Somone found a hole and quickly told microshit. If at all anything, what we should be doing is, insult this traitor, I mean people are painfully looking for ways to crack this thing, and what does he do when he finds this. He goes straight to the microshits. The guy is a big fool.
I say you are the fool. Going to MS is in no way that bad a thing. He simply let them know one of their errors, which could actually cause problems (potentially) with a random game, which would lessen certain users' experiences. It's still exploitable with that version, and a blown efuse doesn't mean others can't enjoy it. Perhaps they can crash that version xbox 360 kernel and obtain all kinds of information that will enable them to hack any 360 by other means. Perhaps it will be possible to put one of the kernels on a chip and somehow circumvent the necessity of an efuse. Perhaps something completely different may happen. The keyword here is "perhaps", and as it stands, not telling MS about the flaws in the aforementioned kernels would not gaurantee they wouldn't have fixed it anyway, and also does not mean that the door was slammed in anyones face. It simply means that if you think that, you have a lot more to learn before you bring something to the modding community.
QUOTE(Chamrock @ Feb 28 2007, 03:42 PM)
How can MS legally release updates that physically blow efuses without approval of the owner? That would be considered as intruding and should be punished to maximum extent, even if we have to bomb MS offices.
Because TMK, it doesn't physically alter the system. an efuse is an electronic signal similar to a "flag" in the programming realm.
QUOTE(Mike Bowler @ Feb 28 2007, 10:43 PM)
You know i think some people have forgotten that if the original xbox was never hacked then it wouldn't have sold as good as it did so with that in mind i think M$ are playing a game of cat and mouse until the 360 loses appeal then they'll deliberately leave a hole in the last firmware which will allow the 360 to be hacked and homebrew put in place and then they'll come out with a new console which will probably sell like f*ck along with the 360 selling in the background because people want to use homebrew on it.
Actually I think the original xbox didn't sell as well as they projected because of the severe lack of japanese support compared to any other system. The sales picked up from the modding community because xbox was by far the most modable and customizable console, as it is more or less a pre-packaged PC in a MS-branded case.
QUOTE(Iriez @ Mar 2 2007, 06:46 AM)
Uhm, obviously you dont understand the intellectual property rights here. You officially do not OWN your xbox360. According to the license agreement presented by microsoft, you are in a sense, simply leasing the xbox360, and they own FULL intellectual property of the xbox360, and can make ANY adjustments to it, at ANY time they want.
Hope that settles your rant.
The license agreement that is never signed and notarized, thus no court could hold it more binding than a verbal agreement with no witnesses.
Post by: sp1200 on March 03, 2007, 04:02:00 AM
Post by: X360 Doktore on March 03, 2007, 04:23:00 AM
For those who dont know where the resistor is to be found , I made 2 pics where its position can be nicely seen.
http://rs64l3.rapids.../X360MB_2.2.jpg
http://rs65tl2.rapid.../X360MB_1.1.jpg
regards
Post by: Fragreaver on March 03, 2007, 06:47:00 AM
Desolder the hynix and reflash it with a external programmer.
And soldering it back to the console of course...
You shouldn't update, if you have the right kernel. :/
This post has been edited by Fragreaver: Mar 3 2007, 02:50 PM
Post by: X360 Doktore on March 03, 2007, 07:30:00 AM
Post by: Fragreaver on March 03, 2007, 07:43:00 AM
If you change only a byte in the update file, the signature is broken and it won't execute.
I guess you'll have to wait for an easier method to downgrade. But you're lucky - your efuse is not 'defective'.
So you'll be able to use any older kernel without a trouble.
This post has been edited by Fragreaver: Mar 3 2007, 03:43 PM
Post by: iquid-!ce on March 06, 2007, 05:41:00 AM
My 360 has been sat under the tv since the january after release day waiting for this day so no dash updates for me!
Maybe my xbox 1 will finally be able to retire from its job as media centre in my house.. poor thing has been hammerd every day for god knows how many years
Post by: biga55 on March 07, 2007, 11:22:00 AM
Post by: openxdkman on March 07, 2007, 11:36:00 AM
http://www.badongo.com/file/2357641
Post by: SuRgEx360 on March 07, 2007, 06:20:00 PM
Post by: openxdkman on March 08, 2007, 07:35:00 AM
and discretly, go check the kernel version in the last right panel.
of course, don't insert any retail game published after mid-january (would upgrade kernel) and don't connect to internet with it
also, don't be too much scared if you discover your drive can't be flashed yet (necessary if you plan to use the KingKong method). I'm pretty sure no drive will resist firmwares creators whereas kernel>4552 will certainly resist a lots.
Post by: SuRgEx360 on March 08, 2007, 08:41:00 AM
Post by: Wolves on March 08, 2007, 07:48:00 PM
QUOTE(zero129 @ Feb 27 2007, 06:25 PM)
Dont worry about kernel versions.
Just take a look at the PSP, Sony tried to stop the exploits lots of times with higher firmwares but people still keep finding new ways to hack the firmware.
I'm sure it will be the same way with this, once the older kernel gets hacked some smart guys will come out with some kinda way to hack newer ones.
Anyway finally this is some great news .
Just take a look at the PSP, Sony tried to stop the exploits lots of times with higher firmwares but people still keep finding new ways to hack the firmware.
I'm sure it will be the same way with this, once the older kernel gets hacked some smart guys will come out with some kinda way to hack newer ones.
Anyway finally this is some great news
. Problem being, Microsoft put a little more effort hardware wise into preventing access.
QUOTE(santa09 @ Feb 27 2007, 07:08 PM)
im not a hacker but from all that i kno. this is pretty much useless unless you have a way to downgrade kernel. Why can you just sniff the key like they did with the original xbox and then inject it into the flash with some code already there so the 360 thinks its signed but it really isnt. mabye?
You should keep up to date on the 360's security. That has been basically prevented.
QUOTE(quarky42 @ Feb 27 2007, 07:35 PM)
I agree. Sure I would *love* to see a modchip come out immediately because of this, but if you were smart enough to come up with a hack like this, then you might also be smart enough to realize that if MicroShaft found you after you blew something like this wide open WITHOUT telling them, they might just sue your right into the ground. If you told MicroShaft what was up and they ignored you, and then you blew them out of the water with a successful hack they wouldn't have a legal leg to stand on. You gave them due notice just like the people that discover vulnerabilities in software before evil/bastards find them and get them fixed before they can be exploited... If the company fails to respond then they publish code.
The other problem with this is that even if you could win in court, MicroShaft has enough money to tie you, your family, your friends, your pets, and your possessions up in legal proceedings until you are old and gray without worrying about any loss to M$. I give the guy props for covering his ass and releasing all the technical mojo for another skilled hacker to reproduce his results.
Sure downgrade might not be possible at this time with the blown fuse in the processor, but a new bug could hit, or other hackers may discover a way to completely replace the bios ala current xbox modchip style and make it give the same responses to queries ala current drive firmware attacks. This could be huge in leading towards new hacks. He just explained how the whole security system handshakes and how it was exploited. I think that is very worthwhile. If he was out there to screw the mod community, then he wouldn't have showed anything and bugtraq wouldn't have gotten all those juicy details.
I believe good things will be coming from this. Even if this exact method doesn't create the end-all-be-all solution, I think it opens many new doors and provides some great insight for minds greater than mine. I look forward to seeing "what's next".
QUOTE(eyric101 @ Feb 27 2007, 08:30 PM)
I think what this really means is that the true hackers can now get into the system and hack and learn. Think about it. If you are really interested in hacking the 360, you go buy a 360 thats fairly resent of buy one off ebay with that kernal. Then you get inside via the hack and you find other vulerabilities.
Not really, being 'inside' the 360 wouldn't neccessarily open any new opportunities aside from the one that let you in.And as much as I hate to say it, it IS possible to develop a hack proof system. This might have been our only way in...
Post by: biga55 on March 08, 2007, 08:35:00 PM
QUOTE(openxdkman @ Mar 7 2007, 01:43 PM)
HD_DVD_10-2006.zip xbox kernel 4532 md5:cd4db8e2c94266ab73513c361dd5b8f6
http://www.badongo.com/file/2357641
Thanks man!!!
Post by: TehBanStick on March 22, 2007, 10:22:00 PM
You say what they are doing is illegal, but hacking the kernel and exploiting the system is illegal as well. Stop being hypocrites.
Post by: XHN_SCRAPY on March 30, 2007, 11:28:00 AM
homebrew is legal to an extent...
yea the xbox1 and XBOX 360 is Microsofts even if you "own" it. they have patents on it etc etc etc.. the time period in which a patent lasts is average of 14 yrs; so i think, until then the things you buy from any major company or anything with rights and patents is theirs' from what i have been told and so basically lol i learned in the "worst way possible" lol. "but i didn't do it lol
"
Post by: crazyfknheretic on April 07, 2007, 05:54:00 PM
QUOTE(Chamrock @ Feb 28 2007, 09:09 PM)
How the f*ck could it be legal to fool you with updates that physically modify your console without permission from the owner? It should be considered as an illegal action as a virus attack. I would cut off the balls from any dude blowing efuses in my console.
ive read this like 15 times in this thread. and while i have no idea what the fuck you people are talking about xbox1 or 360 i do know that
YOU DO NOT OWN YOUR XBOX YOU PURCHASED A LISCNESING AGREEMENT FROM MICROSOFT THEY CAN DO WHATEVER THE FUCK THEY WANT WITH IT THEY CAN COME TO YOUR HOUSE AND TAKE IT FROM YOU IF THEY FEEL LIKE IT
READ THE BOX!!!
Post by: Hopeful on April 08, 2007, 09:57:00 AM
QUOTE(Shadow1300 @ Apr 8 2007, 01:34 AM)
I do not think that is true. That is most likely considered stealing. They have a license on the software inside of your 360, but when you buy that license you have complete control over it and you can modify it all you want. XBL is another story though.
And even if it's not *considered* stealing, it truly is. When you buy a 360, morally and rightfully the hardware and anything on it is yours. To alter however you want to. Any law attempting to control this territory is overstepping its rightful boundaries and frankly kind of venturing into dictatorship. To dictate our right to truly buy materials/devices vended at a market is to claim ownership over our very own private household craftsmanship.
Laws claiming that companies can rightfully sell us "a license to use" merchandise sold from commercial stores, without selling us that hardware itself, are frankly bullshit. They're enforceable in the sense that they exist because they can through force. Just because a law can exist through force however, doesn't mean it has a RIGHT to exist.
Text attached to a piece of hardware I buy at a store has NO right to tell me what I just bought and carried out of the store doesn't belong to me. (Or set boundaries on how I can alter it.) What materials you buy and alter in life is an inborn part of each individual, that NO law has the right to claim territory or control over.
However live is a service the xbox only *connects* to, and is actual physical servers on company propery. And because of that we don't have the inborn right to alter it . However no person or law has the right to tell us we can't buy store-vended hardware and alter or copy it however we want to. (As long as we don't sell it.) I realise such laws DO exist. I am saying they have no right to exist and claim control of such things, but do anyway, mainly in the mere name of protecting profit. I've personally always had a huge problem with that.
Post by: NewGuyNeedzHelp on June 12, 2007, 01:30:00 PM
Post by: mrbelvedere on June 13, 2007, 05:34:00 PM