Post by: afon on March 06, 2004, 01:18:00 PM
When the fonts overflow: would it be possible to insert code into the RAM that would enable dev feautures, or possibly even a new BIOS? Because from reading Pedros Findings in trying to overflow an application in the sandbox, it doesnt seem possible to do anything like this post-dash without Dev feautures in the bios. And, lets face it: PBL (without this idea implemented) is impossible on 5530 kernals.
So lets recap my idea for the fonts:
Boot->
Bios looks for dash ->
Overflow fonts ->
Fonts overflow far into ram, changing Bios or adding dev feature->
Warm boot to hexed dash ->
(optional)Take advantage of dev features with a PBL like app->
And another tech question:
Why does it seem that with mech fonts, clock loops never occur to be fatal for the xbox? Wouldnt we just be able to use bigfonts with a hexed dash?
And another Idea for 5530 users:
Maybe we could make a VB proggie to patch all xbes in a folder with a new key. Possibly even one for xbox? That would extremely convienent! Hell, maybe even a proggie that makes a patched xbe in memory!
EDIT: Yeah, i was just thinking and i came up with an idea for a new dash (possibly even an add-on). Someone should code an XBE that checks the key to see if it has been modified, and if it has; Sign the XBE with that exact key (Not the exact XBE, make a .bak. And if its an unknown key, well then it just wont work)
I am begging someone to code something like that for 5530 users, all these people posting "MEMEMEMEME, BLACK SCuREEN UF DEAHTTT(wtf?)" is really bogging down the relevency of having this section of the forum
".AND YET ANOTHER THOUGHT!:
If we had the above program written, i would say fuck PBL. Because who's had problems launching games/apps with a hacked bios (not to mention using PBL!).
-Af0nz Spesial Ed 4 Thinkurez of piratesz
Post by: afon on March 07, 2004, 05:37:00 AM
bump?
Post by: RiceCake on March 07, 2004, 05:55:00 AM
Lol.
Post by: PedrosPad on March 08, 2004, 01:58:00 AM
(Cool. More chat on my specialist subject
)Font History:
The original font exploit leverages a weakness in the way that the 4817 and 4290 Dashboards loads the XTF fonts (the flaw was fixed by M$ in all Dashboards after 4290). This exploit originated out of the very clever xbox-Linux guys, and was intended to simply launch xbox-Linux (see Font Exploit). Therefore the exploit payload simply patches the BIOS to expect the alternative signature used by the Linux XBE (the 'habibi' key).
Since the 'habibi' key was only known to the xbox-Linux guys, the alternative Bert & Ernie font exploit was released that used a non-secret 'font' key. But this too merely patches the BIOS to expect the alternate XBE signature (see Bert is Cheating on Ernie)
This 'bootstrap' approach is very clever as it simply does the minimum required in order to pass control to an external XBE. Very flexible!
While you can still downgrade the Dash to 4290 the font exploit does work, on any XBOX/BIOS. This means that you can sign the EvoX, etc, and any game XBEs with the font key and it'll all work fine. Yup even on K:5530.
Complex!Loader (the forgotten application): (See Complex !Loader)
The first 'application' to build on the exploit bootstrap was Complex's !Loader . The Complex!Loader was signed correctly, and loaded by the bootstrap exploit. It applied 'further' patches to the BIOS, disabling the signature check, and media check, etc. Meaning that people no longer had to resign all their XBEs, etc. The first version only worked on XBOX V1.0 BIOSes, a second version had a public SDK and worked on a wider variety of BIOSes. This really cool application had it's thunder stolen when PBL was released.
Enter PBL (Phoenix's BIOS Loader): (See Phoenix Bios Loader)
PBL allows a complete hacked BIOS to be loaded from the hard disk and replace the BIOS in memory. No more buggering about with patches, etc. - Replace the whole thing with a BIOS that has the signature/media checks disabled, etc. plus other neat features (IGR, etc). It now appears that PBL uses a BIOS debug function that allow a BFM (boot-from-media) BIOS to replace the original BIOS in memory. It now appears that function has been retired in the new 5530 BIOS.
Moving on:
Going back to the pre-PBL days of having to resign all XBE's really isn't that much hassle is it? From the forums, it appears it is.
Although Ernie.xtf is authored to simply be a bootstrap (as light-weight as possible), it's true that it can really be as a large as it needs to be. So, potentially, it could patch the BIOS to disable the signature check altogether. However that could mean a font for each BIOS, etc.
I think the answer is a return to Complex's !Loader. I don't believe it relied on any specific debug functions. It simply patched the BIOS in memory in the same manner as the font exploits do (so if they work, it should!). Simply, a new patch file for the new 5530 BIOS will need to be authored.
My 2cents.
Post by: PedrosPad on March 08, 2004, 03:41:00 AM
| QUOTE (Nailed @ Mar 8 2004, 01:13 PM) |
| Removing the signature check sounds like a neat solution. Is the chance of developing a dynamic patch smart enough to work for any BIOS slim? |
The Complex!Loader's public SDK wasn't dynamic, but supported a number of BIOSes. The first half of the code you had to supply identified the BIOS (via byte fingerprints, etc.), and, if matched, the second part was a collection of POKE commands to patch the BIOS. Rather neat.
At the time it was a bit like making PPF patches - Compare an original/retail BIOS with it's hacked equivalent, and 'feature out' the byte differences.
So if there's a 5530 with the signature/media checks disabled.....
Post by: PedrosPad on March 11, 2004, 06:16:00 AM
| QUOTE (PedrosPad @ Mar 8 2004, 01:41 PM) |
| So if there's a 5530 with the signature/media checks disabled..... |
Given the lack of response, I'm attempting to put one of these together myself. (I estimate it'll take me about a week - given what little time I find I have to play)
Tried flashing me V1.1 XBOX with the retail 5530, and, not unexpectedly, it didn't work (rebooted twice, then locked up with a blank screen flashing red at me).
So I'll need a guinea pig with a 5530 XBOX, and a flashable, switchable, modchip to test. PM me if interested.
Post by: Wooger on March 14, 2004, 05:55:00 PM
What ever happened to them anyway? Team Complex that is?
I don't remember a SDK for them though?
Wooger
Post by: PedrosPad on March 15, 2004, 07:51:00 AM
So I guess I doing a BiCoE_5530.
| QUOTE (Wooger @ Mar 15 2004, 03:55 AM) |
| I don't remember a SDK for them though? Wooger |
They called it a 'plug-in architecture'. Some C++ files were included in their release 
PS. It sounds like Yoshihiro is making better progress - Let's hope he's got it right with his EEPROM fing.
PS. It sounds like Yoshihiro is making better progress - Let's hope he's got it right with his EEPROM fing.