Post by: sega27 on January 29, 2004, 10:27:00 AM
Post by: Grospolina on January 29, 2004, 11:55:00 AM
For now, I'd go with the hacked MechInstaller fonts (which are not mentioned above, because it hasn't ben updated). However, I've been using them and I still get the clock loop.
The ones I'm using are the hacked MI ones posted by catfish. Are there any other versions? Those were the only ones I've seen, but I have a feeling there might be others.
One interesting thing I found was that when I was looping with catfish's fonts (I couldn't get out after several tries), I plugged in my old hard drive, which still had the "official" MechInstaller fonts, and it got out almost right away (2-3 reboots). That's why I think there may be other versions.
I'd say the next best are Reloaded.
Right now, I'm trying a blended version of Reloaded and BigFonts that I've hacked up. I'll try unplugging my Xbox every night for a week and see how they fare.
Post by: sega27 on January 29, 2004, 07:45:00 PM
Post by: PedrosPad on January 30, 2004, 05:16:00 AM
Xbox Hardware Hacking (14MB) (105 slides)
Xbox Software Hacking (6MB) (92 slides)
Post by: Nailed on January 31, 2004, 05:25:00 AM
Post by: feilox on January 31, 2004, 05:42:00 PM
Post by: motox333 on January 31, 2004, 06:32:00 PM
Post by: BluhDeBluh on February 01, 2004, 07:33:00 AM
Very educational. Keep trying and I wish that you have success
Post by: Chicken Scratch Boy on February 01, 2004, 08:34:00 AM
| QUOTE (feilox @ Jan 31 2004, 07:42 PM) |
| ok, i'm a n00b, but wat's all this font exploit supposed to do?...i know it's a buffer overun code, but what does it do? does is fool the xbox into thinking that it has a cd? bios?....i need some info |
it does a buffer overrun thatover writes the memory block that stores the ms public key with one of our own, so wel can sign freely
Post by: Mad_Gouki on February 01, 2004, 09:51:00 AM
| QUOTE (Grospolina @ Jan 30 2004, 05:06 PM) |
| sega27: You can try any or all of these: 1. Plug in a network cable. Have the other end connected to your PC or a router. 2. Put in an audio CD. 3. Put in a scratched CD. 4. Play with the eject button. Open it or close it when the MS logo appears under the big X. 5. Turn it off and on a few times. 6. Just wait. It may take minutes or hours. After you get out, be sure to set your clock (EvoX can automatically do it from a time server if you're connected to the net). |
also i heard from someone taht if you turn it on by holding the eject button an dkeep holding it it will boot to evox like every time... well when i had a clock loop yesterday from bringing my xbox to my moms, i did that and it worked great...
btw, thats awesome that you are learning about the fonts
i knew vageuly how they worked but you have clarified a lot of stuff
Post by: oblox on February 11, 2004, 07:39:00 AM
Notes I had a mixture of live 2.0 and the exploit dash and was using the audio hack at the time...
Post by: oblox on February 28, 2004, 09:00:00 AM
Post by: oblox on February 29, 2004, 08:47:00 AM
| QUOTE |
| For all thise who would like to know I tested the 5530 kernal on debug PBL It goes through all the keys from the boot.cfg Goes Calculating 2bl entry point Calling 2bl And hangs |
From this thread
http://forums.xbox-s...ic=175051&st=45
So yeah looks like some sort of call is going wrong
Post by: Chicken Scratch Boy on February 29, 2004, 08:51:00 AM
Post by: oblox on February 29, 2004, 11:40:00 AM
| QUOTE (Chicken Scratch Boy @ Feb 29 2004, 06:51 PM) |
| we are SUCH dummies! it probly stores the bios in a differnt set of memory blocks.. wait then what about modifying the mpublic key.... |
what about if it's only initaly storing the bios in another set of blocks and its messing up then it goes to call it so it can inject it/replace the original one in memory?
Post by: Neilor on March 19, 2004, 06:53:00 AM
Post by: Neilor on March 20, 2004, 12:14:00 AM
I've only used Evox for flashing so I don't know if this is a side effect of flashing the bios or if it's specific to Evox.
Post by: digisatman on March 20, 2004, 01:36:00 AM
gropsplina owns!
COME ON DUDEZ!!!
Post by: grimdeath on March 20, 2004, 04:38:00 AM
Post by: Neilor on March 21, 2004, 12:05:00 AM
Post by: ldots on March 21, 2004, 01:01:00 AM
Edit : Of course I dont mean to disencourage any further development on the fonts Grospolina. It's just that the 'Clock loop is fixed' posts are numerous on this forum leading some leading some people to go ahead using them without taking precautions, like backing up hd key, eeprom etc.
Post by: krayzie on March 21, 2004, 01:17:00 AM
These fonts even prevent any upgrades of the dashboard from within a game so in my opinion these fonts are the best ones at the moment'.
Post by: ldots on March 21, 2004, 01:37:00 AM
Post by: Chicken Scratch Boy on March 21, 2004, 10:27:00 AM
Post by: Chicken Scratch Boy on March 21, 2004, 11:08:00 AM
Post by: Neilor on March 21, 2004, 12:13:00 PM
But what I can say about these Feenix fonts is that they do appear to be pretty solid on my own configuration, prior to flashing the bios on my XB I had been running Bigfonts for a number of months and managed to get stuck in clock loops on three different occassions, it took alot of messing with network loop-back cables, scratched disks, waiting hours etc.... but I never got out of loops as quickly and as repeatably as i do with these fonts.
Maybe we should pole the newer generation M.I. based exploits and see if there's a pattern (V1.1's might work better than newer XB's???)
It would be most beneficial for a pole if the clock loop can be deliberately induced rather than getting opinions or beliefs that the fonts a person uses don't loop
Post by: Chicken Scratch Boy on March 21, 2004, 02:24:00 PM
ah starcraft....
anyway, good luck on the fonting, cxan i beta?
Post by: Xboxhakur_band on March 21, 2004, 06:26:00 PM
| QUOTE (vintage_guitar @ Mar 21 2004, 11:36 PM) | ||
Wow, that's the most butchered version of the word "Pheonix" I've seen in a LONG time. |
I'll take credit for that...
That was done before I understood the fonts, the new version uses the correct spelling of "Phoenix" (Feenix / Debian, both 6 characters)
P.S. Grospolina, I have habibi versions of B&E reloaded and Bigfonts, u r welcome to use them and/or ask again about how to decompress them. (they run from the mechinstaller)
Post by: Xboxhakur_band on March 21, 2004, 11:05:00 PM
| QUOTE (Grospolina @ Mar 22 2004, 06:19 AM) |
| Thanks for the offer, but I can already make habibi-keyed fonts if I wanted to. I'd rather convert the MI fonts to use the font key instead. |
Ummm, yeah I know u can make your own versions of those fonts. That was more of an offer to teach u how to package them so that they (or your own), can be used in the Mechinstaller.
Post by: ldots on March 22, 2004, 12:21:00 PM
Earlier on this thread you mentioned that you wanted to include code from the Mech fonts in your "Frankenstein" fonts. How about using the "special" exception net of the Mech fonts? Wouldn't you assing most of the "clock-recovering" success of these fonts to this net? The payload of the different fonts more or less have the same goal (though achieved with different means), the important thing being whether we reach the payload or not.
Having fonts with the succes-rate of the Mech fonts, that set the the clock if needed and otherwise boot an application would be sweet!
Post by: Chicken Scratch Boy on March 22, 2004, 04:00:00 PM
Post by: Dolfhin on March 23, 2004, 04:45:00 AM
But I just wanted to say thanks for all the work you have done so far. I'm not a really active user of xbox-scene but I like to read some text and keep up to date. The only weak points of the Font hack are the speed (they boot up slow
) and the clockloop (the red flashing LED seems to be fixed in PBL 1.41 unofficial) and I hope that you're able to fix this two litle problems that are left.Thanks and keep up the good work i'm sure the're a lot of people waiting until the clock loop is fixed before the're going to use the fonts hack.
Btw : I hope to have some sort of backup soon so I can test this new fonts they look really really good
Post by: triggernum5 on March 23, 2004, 08:50:00 AM
Post by: krayzie on March 23, 2004, 11:42:00 AM
These first mechinstaller fonts are very close to the linux fonts and I still find these the coolest ones around. Never experiensed loops whatsoever on multiple xbox versions.
Other fonts from catfish's installer can be found at the maxconsole forums. There are several versions around.
Post by: theBloodShed on March 23, 2004, 04:26:00 PM
So why is it impossible to get an executable to load just because the dashboard is trying to load the clock instead of the main dashboard screen? In both cases, it loads the font files. It was my understanding that the fonts caused a buffer overflow to crash the dash. Why is this not happening when it tries to load the clock? It is my guess that it either has to do with the fact that the dashboard refuses to attempt to execute code when the time is not set or it has to do the address jumps become offset when this happens and hence, it doesn't land on the exploit code like it should. I'm sure there's a mathematical solution to the later situation. Any input?
Post by: ldots on March 24, 2004, 12:28:00 AM
Post by: ldots on March 24, 2004, 06:30:00 AM
Post by: krayzie on March 24, 2004, 06:45:00 AM
that's possible though.
Post by: ldots on March 24, 2004, 06:49:00 AM
When msdash is being loaded we have replaced the key in memory, so it doesn't matter that we hexed msdash.
Post by: krayzie on March 24, 2004, 06:52:00 AM
Post by: Wooger on March 24, 2004, 07:31:00 AM
If in the event the exploit finishes first and the clock does not need to be loaded it mearly loads the ms-dash with what appears to be the link for the xbox live dash pointed to a new locations and since the ms-hash is also modified when you select the dash menu option it loads the program. This set program doesnt need to be say a dashboard it can be an app like dvdx as long as the app is signed with the correct hash key (habibi in this case)
If I am understanding him correctly he is saying to manipulate the ms-dash loaded into memory however far you want to take it
Wooger
Post by: krayzie on March 24, 2004, 07:50:00 AM
Post by: ldots on March 24, 2004, 08:03:00 AM
. I guess it would only work if launching a new app (msdash.xbe) will kill the thread that will eventually check whether the clock is set or not.
Post by: Wooger on March 24, 2004, 08:04:00 AM
Do keep in mind though the font exploit is an old exploit and newer exploits really need to be found to work on the newer xbox dash versions otherwise its back to mod chips.
Wooger
P.S. Does anyone get the feeling that the public is testing the M$ software and helping MS fix there problems?
Post by: ldots on March 24, 2004, 08:06:00 AM
| QUOTE |
| Now since the new msdash needs to be booted from the harddisk wouldn't it take way to much time when the clock is dead and the xbox is desperately seeking for its dash? |
Maybe Grospolina can answer this. When the orginal Mech fonts reload the dash in memory where does it get this dash from. The memory is so sevely messed up from the exploit that it would have to be reread from the harddisk wouldn't it. In that case it's the same situation.
Post by: Wooger on March 24, 2004, 08:06:00 AM
| QUOTE (ldots @ Mar 24 2004, 06:03 PM) |
| The current Mech fonts do a lot of patching in memory. What I would hope would be possible was to cut out all this pathing (except the patching of the key), thereby making the exploit more slim in the hope that the exploit would run faster. So this is different from the original Mech fonts in that no in memory patching is needed. Let me describe again. The original Xbox.xtf and Xbox Book.xtf are renamed to Xbox.bak and Xbox Book.bak. Bert.xtf and Ernie.xtf are present. xboxdash loads bert and ernie. Patches key and launhes msdash.xbe, hexed to look for the *.bak fonts, and to show Phoenix or whatever in the live tab. PBL could then be renamed to xonlinedash.xbe. Unfortunately I don't think it will work . I guess it would only work if launching a new app (msdash.xbe) will kill the thread that will eventually check whether the clock is set or not. |
Honestly whats the point if the dash in memory is going to look for the original renamed fonts why then would you be concerned if the clock check finishes first. If it does big whoop cause the dash will then load the original fonts and bring up the clock fix screen...
Which is what the mech fonts do...
Wooger
Post by: ldots on March 24, 2004, 08:12:00 AM
Post by: Wooger on March 24, 2004, 08:14:00 AM
| QUOTE (ldots @ Mar 24 2004, 06:12 PM) |
| Wooger you misunderstand me. I would not be doing the xtf -> bak patching in memory in this scenario - that's the original Mech exploit! If the xtf -> bak patching is done succesfully there is no point in loading a hexed msdash right! |
Whats the point of changing the original dash to look for its fonts with different names then?
Wooger
Post by: Wooger on March 24, 2004, 08:18:00 AM
| QUOTE (ldots @ Mar 24 2004, 06:12 PM) |
| Wooger you misunderstand me. I would not be doing the xtf -> bak patching in memory in this scenario - that's the original Mech exploit! If the xtf -> bak patching is done succesfully there is no point in loading a hexed msdash right! |
I understand that your saying all you want to do is patch the private key and then from there anything with that key can be run so in the event of a clock loop situation it wouldnt matter the msdash would still function...
Correct?
Wooger
Post by: ldots on March 24, 2004, 08:24:00 AM
Would a reloaded msdash end in the same place in memory? If not the "clock thread" wouldn't get to the correct clock setting code of msdash...
Post by: GeToChKn on March 24, 2004, 11:25:00 AM
Post by: ldots on April 08, 2004, 03:00:00 AM
Any news on the hybrid fonts? Any discoveries on if and why the clock-setting code can be kernel dependant?
Post by: anu|b|iss on April 08, 2004, 04:20:00 AM
never had a clock loop once. It comes up with the date/time and freezes after a few seconds, then I reboot and it's set to Jan 1 2001 and I'm good to go.
Post by: Chicken Scratch Boy on April 08, 2004, 05:25:00 AM
1. these fonts werent around in 7/25
2. read the thread
3. we dont care
4. your sig is too long
Post by: Neilor on April 08, 2004, 06:50:00 AM
Post by: anu|b|iss on April 08, 2004, 06:56:00 AM
2. I had read most of it but skipped to the end to see the current convo (my bad)
3. Nobody said you had to.
4. Fixed that just for you.
5. Neilor, so what?
Post by: Dolfhin on April 08, 2004, 07:36:00 AM
Post by: coltxL2717 on April 15, 2004, 07:52:00 PM
A few more questions:
1. How hard is it to splice 2 fonts together?
2. Why do the Mechfonts refuse to work on Kernel 5530?
Post by: Grospolina on April 16, 2004, 05:58:00 AM
Also, I'm preoccupied with emulators right now.
Post by: Zak0 on August 26, 2003, 09:16:00 AM
| QUOTE |
| At the beginning of the exception code, it first modifies the instruction before it to cause an infinite loop. That way, if another exception is generated, the Xbox will hang instead of trying to run the exploit again. After step 6 (above), it checks a flag in the data area. If the flag is set, it hangs the Xbox. If not (default), it proceeds. I'm not sure what use this has. |
All I know is it's pretty annoying to have to reboot the box multiple times...
Thanks!
-Zak
Post by: Grospolina on August 26, 2003, 09:27:00 AM
Post by: underthebridge on August 26, 2003, 10:55:00 AM
Post by: NeoLojik on August 27, 2003, 06:51:00 AM
Thanks
Post by: bull on August 27, 2003, 06:55:00 AM
Post by: Grospolina on August 27, 2003, 10:36:00 AM
Edit: Bah, I can't get it to install.
Post by: Grospolina on September 09, 2003, 09:34:00 AM
Post by: Hajaz on September 09, 2003, 02:02:00 PM
I had my fonts in the C root, and had the exact same problem as the one u described.;; updating with live so that my fonts were in a fonts folder solved that problem for me.
Dont forget to return your box to its virgin state before updating the dash tho
Post by: AGamer on September 09, 2003, 09:54:00 PM
| QUOTE |
| They claim that the clock looping issue is fixed |
If the clock looping issue is really fixed by those font files from MechInstaller. Can we use them to boot Phoenix loader? The only thing we need right now is a highly reliable clock looping fix, isn't it?
Post by: speedbump47 on September 10, 2003, 06:39:00 PM
| QUOTE |
| If the clock looping issue is really fixed by those font files from MechInstaller. Can we use them to boot Phoenix loader? The only thing we need right now is a highly reliable clock looping fix, isn't it? |
true, but apparently they've made the code really hard to debug (for the purposes of keeping non-Linux users from using it). People are trying to break it down now, but it's proving difficult.