Post by: PedrosPad on May 22, 2004, 02:20:00 PM
(Devised by Pedro - Achieved by Rmenhal)
Q: What is the Ultimate Dashboard Exploit (UDE)?
A: Not to use a Dashboard.
The result? The Ultimate Dashboard Exploit allows the booting of a habibi signed XBE, with no risk of a clock loop.
- Pros:
- Directing booting to Linux/PBL/Evox, etc.
- No risk of clock loop.
- Can still use custom sound tracks in games (the M$ Dashboard can still be accessed from Evox).
There are a few different versions out there. Ensure you use the right expoit font for the right update.xbe!
Q: Why "Ultimate" Dashboard Exploit?
A: At the time, I doubted that a Dashboard exploit for Kernel 5713+ was possible. Hence my belief that this will be the Ultimate Dashboard Exploit - during the XBOX v1's lifetime. I use the word "Ultimate" to mean "Being last in a series, process, or progression", and in no way to claim any superiority. [definition]. As it turns out we were able to build on these ideas and produce a UDE2 for K:5713+ owners
.Only attempt this if you're confident that you can recover from your actions.
Warning: This version of the exploit does not work on Kernels that prevent the execution of pre-live Dashboards, such as K:5713 or higher! Owners of K:5713+ XBOXs should look at the UDE2
To install the Ultimate Dashboard Exploit:
- 1st BACKUP YOUR XBOX DRIVE C via FTP access granted by a game-save exploit.
- Rename your C:\xboxdash.xbe to C:\MODxboxdash.xbe. See below.
- Copy Dashboard 4920s C:\xodash\update.xbe to C:\ and rename it C:\xboxdash.xbe.
- Copy the correct UDE font for your system (linked below) to C:\ (do not rename the fonts, just keep the font named "bert_ate_ernie-generic.xtf" or "bert_ate_ernie-xxxx-01.xtf" - renaming the font can stop it working) - Ensure that there are no other XTF fonts are present in C:\
- Rename C:\fonts\ folder to C:\f0nts\ (note the zero replacing the letter o)
An optional extra, necessary to be able to launch the M$ Dashboard:
- Hex edit C:\MODxboxdash.xbe (the original C:\xboxdash.xbe you renamed above), and Hex edit the 2 occurrences of "fonts\" to "f0nts\" (note the zero in place of the 'o'). "fonts" in Unicode is 66 00 6F 00 6E 00 74 00 73 00
See how it compares to the other Dashboard exploits at the Dashboard Exploit Summary thread.
The history of the development of this exploit can be read in the, increasingly inaccurately titled, "Working Easter-egg Exploit" thread.
If you're not confident in your technical abilities, or find anything here confusing please wait for one of the _Packages to be released/updated at the 'usual places'.
For early adopters, here are the links to the files.
Revision History:
V1.0 - 2004-05-22 - rmenhal - First release.
V1.1 - 2004-05-25 - rmenhal - Enlarged to work with more kernels.
V1.2 - 2004-05-26 - Grospolina - Reformatted.
V1.3 - 2004-06-11 - rmenhal - Auto ClockSet routines added.
V1.4 - 2004-06-11 - Angerwound - TrayState Decision Making added.
V4 - 2004-06-14 - rmenhal - Kernel-specific fonts for versions: 3944.01, 4034.01, 4627.01, 4817, 5101.01 and 5530.01. [release note]
V5 - 2004-06-20 - rmenhal - Latest and greatest fonts. Includes fonts for both the 1914880-byte and 1974272-byte update.xbe.
V6 - 2004-06-21 - rmenhal - Improved support for the 1914880-byte update.xbe. [release note]
V7 - 2004-07-09 - rmenhal - Supports XBOX Chinese language setting.
Extras:
V1 - 2004-06-15 - rmenhal - External tray-state branching utilities.
V2 - 2004-06-16 - rmenhal - External tray-state branching utilities - updated code. [release note]
nkpatcher - Benefits of PBL for kernel 5530 users - now in own thread!
To extract the files from the posts:
1. Cut and paste the code into a text editor (Notepad, etc)
2. Take note of the filename on the first line of the fragment
3. Save the text file as [filename].b64
4. Open the [filename].b64 file using ICEOWS, or Winzip (v8+)
5. Save the extract the UNKNOWN.001 file listed to a disk folder
6. Rename UNKNOWN.001 to the [filename]
7. If the filename extension is .bz2, or .rar, WinRAR will open it and let you extract the files within. If the filename extension in .zip, WinZip will open it and let you extract the files within.
Also, see ldots Memcard UDE installer/uninstaller package, and his Ude Package For Xboxhdm, Easy install if you dont have a memcard.
Post by: coolmodder11 on May 22, 2004, 03:07:00 PM
This post has been edited by coolmodder11: May 22 2004, 10:07 PM
Post by: digisatman on May 22, 2004, 03:08:00 PM
Also, any chance that sum1 can host teh font file?
I will be happy to do it, if sum1 can upload it to me, ill host it happily ona fast server.
let me know guys.
THANKS PEDROS (and rmehal of course)
Post by: digisatman on May 22, 2004, 03:09:00 PM
| QUOTE (coolmodder11 @ May 22 2004, 11:31 PM) |
| So we will need to sign every xbe with habibi to run games, emus, apps? |
that is why PBL was invented m8!
Post by: PedrosPad on May 22, 2004, 02:46:00 PM
See Dashboard Exploit Summary
Post by: Australian Rat on May 22, 2004, 02:56:00 PM
Might just wait a bit for more devolopment on it though so I don't accidentally get a $300 paperweight
Also, I wouldn't call this the "ultimate Dashboard exploit" because I see there to be 2 types of exploits (no not font an audio), automatically launched and user launched. I personally prefer the user launched exploits like DD, booting to an unmodded state first. Maybe "Ultimate Font Exploit"
And wouldn't ernie eat bert? Ernie was the bigger one wasn't he?
Post by: Angerwound on May 22, 2004, 03:13:00 PM
| QUOTE (Australian Rat @ May 22 2004, 11:56 PM) |
| Oooh, looks like fun. Might just wait a bit for more devolopment on it though so I don't accidentally get a $300 paperweight Also, I wouldn't call this the "ultimate Dashboard exploit" because I see there to be 2 types of exploits (no not font an audio), automatically launched and user launched. I personally prefer the user launched exploits like DD, booting to an unmodded state first. Maybe "Ultimate Font Exploit" And wouldn't ernie eat bert? Ernie was the bigger one wasn't he? |
Nope, bert definately ate ernie. All the payload was crammed into bert.
Post by: PedrosPad on May 22, 2004, 03:14:00 PM
| QUOTE (Australian Rat @ May 22 2004, 11:56 PM) |
| Might just wait a bit for more devolopment on it though so I don't accidentally get a $300 paperweight |
Wise man
.If those braver soles, who are confident that they can recover from their actions (via Game save, switchable mod chip (that has the option to boot an XBE other than C:\xboxdash.xbe - e.g. evoxdash.xbe), HDD hot swap), do try this - please post your results here - including your XBOX Kernel version.
Post by: Angerwound on May 22, 2004, 03:55:00 PM
BertAteErnie -> PBL 1.4.1(x2.4983) -> AvaLaunch .....
Forgot to mention I left my box unplugged for a bout 2 hours and then turned her on and no clock loop if any of you are unsure.....
This post has been edited by Angerwound: May 22 2004, 11:04 PM
Post by: PedrosPad on May 22, 2004, 03:25:00 PM
| QUOTE (Angerwound @ May 23 2004, 12:19 AM) |
| I already posted in the other thread as others did, but |
ditto, but let's make this the official thread
- In my case, K:4817, D:4920 - and a known to be unset clock - Absolutely no problems. Boot->PBL->Evox->MODxboxdash.xbe - all fine. And no sign of any Reset-On-Eject issue.
Post by: evil clone on May 22, 2004, 03:32:00 PM
D:4920
& zero problems
EC
Post by: evil clone on May 22, 2004, 03:40:00 PM
Post by: jon20usa on May 22, 2004, 03:57:00 PM
K:4034
D:4920
This works flawlessly. Beautiful job.
I think it would be a good idea to try to get a package hosted in "the usual places" that has the new (update) font file. It would also be nice if the package could include the 4920 dash but I don't think "the usual places" allow M$ code so that's probably not going to happen. 
Post by: PedrosPad on May 22, 2004, 03:59:00 PM
| QUOTE (Australian Rat @ May 22 2004, 11:56 PM) |
| Also, I wouldn't call this the "ultimate Dashboard exploit" because I see there to be 2 types of exploits (no not font an audio), automatically launched and user launched. I personally prefer the user launched exploits like DD, booting to an unmodded state first. Maybe "Ultimate Font Exploit" |
I don't want to take this thread to far off topic, but...
I named the exploit the "Ultimate Dashboard Exploit" because I think I've already devised a solution to:
- Cons:
- No Dashboard access to the XBOX!Live console.
And if it works out, there'll no longer be any reason to manually toggle the exploits. (My idea is restricted to accessing the XBOX!Live console in a safe state - XBOX!Live games will still need to be played from original media!)
I get broadband in 10 days - So I'll know a lot more then.
Post by: devz3ro on May 22, 2004, 04:02:00 PM
-devz3ro
http://sh0x.tk/
Post by: underthebridge on May 22, 2004, 04:10:00 PM
This should definitely go on the news page
Post by: afon on May 22, 2004, 04:25:00 PM
Can you explain how this works? Does dash update just load your chosen XBE, then is the xbe exploited?
Post by: PedrosPad on May 22, 2004, 04:41:00 PM
| QUOTE (afon @ May 23 2004, 01:25 AM) |
| pedro; Can you explain how this works? Does dash update just load your chosen XBE, then is the xbe exploited? |
| QUOTE (PedrosPad @ May 22 2004, 11:20 PM) |
| The history of the development of this exploit can be read in the, increasingly inaccurately titled, "Working Easter-egg Exploit" thread. |
Post by: krayzie on May 22, 2004, 09:26:00 PM
| QUOTE |
| If there is a c:\fonts directory but not .xtf files in it, will update.xbe fail? The reason why im asking is because id like to run a modified tHc lite dash that looks for .fnt files in the c:\fonts directory. |
I don't think the the update.xbe will fail cuz it can't even find those fonts since the folder is renamed to f0nts. Only the linking to the m$dash (or thcdash) will be a problem if you don't hex edit them in order to find the fonts in the c:/f0nts folder.
Anyway does anyone knows what will happen when the dash gets upgraded (by mistake)?
Great exploit by the way
*EDIT* To my last statement if my theory is correct since the dashupdate checks for the fonts in the fonts folder (and maybe in the root) the dash wouldn't even be upgraded since there wouldn't be a fonts folder and fonts in c: and an error screen would pop up before the upgrading would take place. If this is true it would really be the ULTIMATE exploit with no risk of clock loops and no risk of upgraded dashes.-
Title: The ultimate Dashboard Exploit Aka Ude
Post by: violent_bong on May 22, 2004, 10:28:00 PM
-
I don't know what i could possibly be doing wrong, but i cannot get pbl to load, my xbox just stays at the xbox loading screen on boot up. Any suggestions?
K: 3944
D: 4920
-
Title: The ultimate Dashboard Exploit Aka Ude
Post by: PedrosPad on May 22, 2004, 10:42:00 PM
-
Anyway does anyone knows what will happen when the dash gets upgraded (by mistake)?
Great exploit by the way
*EDIT* To my last statement if my theory is correct since the dashupdate checks for the fonts in the fonts folder (and maybe in the root) the dash wouldn't even be upgraded since there wouldn't be a fonts folder and fonts in c: and an error screen would pop up before the upgrading would take place. If this is true it would really be the ULTIMATE exploit with no risk of clock loops and no risk of upgraded dashes.
Post by: violent_bong on May 22, 2004, 10:28:00 PM
K: 3944
D: 4920
Post by: PedrosPad on May 22, 2004, 10:42:00 PM
| QUOTE (violent_bong @ May 23 2004, 07:28 AM) |
| I don't know what i could possibly be doing wrong, but i cannot get pbl to load, my xbox just stays at the xbox loading screen on boot up. Any suggestions? |
The update.xbe only loads one font file - that's why Bert had to eat Ernie.
I'd guess too many other font XTF files are present, causing the update.xbe to load the wrong one. Make sure the C:\fonts folder is renamed, thereby denying access, and the C:\ directory only contains the one bert_ate_ernie.xtf font file.
Post by: SilverSurfR on May 22, 2004, 10:45:00 PM
When i try to run config magic, i don't get on the on screen info display.. but it worked before when using the DD exploit. Is it possible that configmagic uses the font files? I can still access the settings tab by pressing start to back-up info, lock/unlock hdd etc...
Can someone verify if this is exploit related or did i fubar something on my system.
Post by: PedrosPad on May 22, 2004, 10:50:00 PM
| QUOTE (Jbob @ May 23 2004, 07:03 AM) |
| Incredible find (seems amzing nobody thought about the update xbe that way b4 though) but just fu!@#ng incredible Im so happy u found this props to both of u as far as Ultimate though -- i dont see it as it doesnt work with 5713 (that would be Ultimate) I was more pleased with the Update exploit title - seemed far more fitting BUT who really cares (ITS DAMNED FANTASand i guess theres always the Ultimate dashboard Exploit the 2nd (call it .JR if that happens, like fahter and son) j/k lmao |
Fair comment.
Personally, I don't think there'll ever be a Dashboard exploit for Kernel 5713 (that's not to say that there won't be other exploits). Hence my belief that this will be the Ultimate Dashboard Exploit - during the XBOX v1's lifetime.
Post by: PedrosPad on May 22, 2004, 10:59:00 PM
| QUOTE (Jbob @ May 23 2004, 07:53 AM) |
| (did ur testers modify exploited setups) renamed fonts folder to f0nts folder, erased fonts in c, put in the bert ate ernie font i extracted, and put a signed PBL 1.35i with a bios set to load unleashX from e (but it doesnt even get to PBL so the bios dont really matter) |
Are you sure the E:\default.xbe was a habibi signed version of PBL (and not audio signed or font signed - from your previous exploit)? (Although I'd have thought you'd get the Error 21 screen if it was mis-signed - I'll verify this).
Post by: Angerwound on May 22, 2004, 11:00:00 PM
Post by: PedrosPad on May 22, 2004, 11:11:00 PM
| QUOTE (SilverSurfR @ May 23 2004, 07:45 AM) |
| Is it possible that configmagic uses the font files? I can still access the settings tab by pressing start to back-up info, lock/unlock hdd etc... Can someone verify if this is exploit related or did i fubar something on my system. |
Conceivable. If so, it may be possible to edit the ConfigMagic xbe to use the new C:\f0nts folder. (I vaguely recall that the ConfigMagic xbe was compressed so a direct Hex Edit may not be possible but worth a look but wasnt the source code subsequently released?).
If, given its age, ConfigMagic is reaching for 4817 fonts on C:\, and reaching for them by name, it may be possible to restore the Dashboard 4817 fonts into C:\, and rename bert_ate_ernie.xtf to ensure that its the first XTF font returned when update.xbe tries to load in its one wildcard *.xtf font (this'll take some playing around).
Post by: ldots on May 22, 2004, 11:46:00 PM
| QUOTE (SilverSurfR @ May 23 2004, 07:45 AM) |
| When i try to run config magic, i don't get on the on screen info display.. but it worked before when using the DD exploit. Is it possible that configmagic uses the font files? I can still access the settings tab by pressing start to back-up info, lock/unlock hdd etc... Can someone verify if this is exploit related or did i fubar something on my system. |
My setup :
K : 5101
D : 4920
No fonts in C:\
C:\fonts\Bert-ate-Ernie
C:\f0nts\Xbox.xtf
C:\f0nts\XBox Book.xtf
ConfigMagic runs fine! Try reinstalling ConfigMagic.
Post by: DeadYellowMonkey on May 22, 2004, 11:55:00 PM
Only just tried it but got it booting to MXM no problem.
Will now try leaving it unplugged for a while to check for clock loop.
d: 4920
k: 5101
Post by: violent_bong on May 23, 2004, 12:22:00 AM
Post by: X_n00b on May 23, 2004, 12:36:00 AM
| QUOTE (Jbob @ May 23 2004, 09:31 AM) |
| wonder what could cause the loss of a set clock to allow booting when it wouldnt before (hmmm) |
You sure it's not the fact that you switched the machine on with the game already in the drive...?
Post by: Jbob on May 23, 2004, 12:43:00 AM
Its jsut kinda weird cause every other time ive let my clock die it would do the loop (a few times at least anyway) and couldnt boot retail till it came out of the loop, but now with the loss of the clock it still seems to be able to boot since the dash isnt trying to load or set the time. but it is true that i cant imagine how letting the clock die would allow retail booting when it wouldnt when it was set. (thats why im doubting myself when i say it wouldnt boot the games at first) But i truley am almost certain i tried and it wouldnt boot (thats what caused me to freak out)
Anyway Keep up the good work with this thing (and ppl please dont be diswaded from this exploit cause of my mistakes) the thing does work good and proper.
and is easily recovered even if u do what i did.
Post by: digisatman on May 23, 2004, 01:46:00 AM
...devzer0....
heheehhehehe
thanks
Post by: SilverSurfR on May 23, 2004, 01:50:00 AM
| QUOTE (ldots @ May 23 2004, 03:46 AM) |
| My setup : K : 5101 D : 4920 No fonts in C:\ C:\fonts\Bert-ate-Ernie C:\f0nts\Xbox.xtf C:\f0nts\XBox Book.xtf ConfigMagic runs fine! Try reinstalling ConfigMagic. |
Since you have the same setup I have (K&D) I figured i fubbed up somewhere... redid the exploit since i had it running a little different... i renamed the fonts in /fonts to xft and patched the dash.xbe to used those... config magic didn't work and i had reinstalled before... but i reinstalled anyway from a different copy of it and it worked fine...
Just put the screws back in my box... had the case off for a week putting different HD in and hotswapping like crazy to get the softmods working(no memcard or other modded box avail)
Thanks again to those that made this possible... this exploit is exactly what i needed/wanted
Post by: Australian Rat on May 23, 2004, 02:38:00 AM
Anyway, it's a pretty exploitable xbox, K:4034 D:4920. Just need to find my old update.xbe file. I get a feeling it was replaced with a new one when Rainbow Six decided it would update my dash for me (and screw my exploits up
)Note to self, always delete update.xbe and dashupdate.xbe from game discs from now on before playing.
Post by: {later} on May 23, 2004, 03:24:00 AM
Anyone can help? I have a 100% good signed default.xbe file in e:\ but it seems like I have the wrong update.xbe file :S
Post by: PedrosPad on May 23, 2004, 03:49:00 AM
| QUOTE ({later} @ May 23 2004, 12:24 PM) |
| damn, can't get this to work. I started with my standard dash, then I put in splinter cell (normal version) and I goto download levels. It updated my dashboard to 4920. Then I copy the update.xbe file from c:\xodash to c:\ and delete the xboxdash.xbe file that is there. Then I rename the update.xbe file to xboxdash.xbe. Then I turn my xbox off and on to see what happens. And yes, it loads the update.xbe file. It says: 'update done...' or something like that. Then I copy bert_ate_ernie.xtf to C:\ and my xbox hangs at the xbox logo with the white MS letters. Then I put the bert_ate_ernie.xtf also in c:\fonts and still it hangs Anyone can help? I have a 100% good signed default.xbe file in e:\ but it seems like I have the wrong update.xbe file :S |
Sounds to me, you've too many XTF font files available to the booted update.xbe.
bert_ate_ernie.xtf should be the only XTF file in C:\,
and the C:\fonts folder should be renamed away from C:\fonts (ideally to C:\f0nts - zero in place of the 'o').
Post by: krayzie on May 23, 2004, 03:51:00 AM
*edit* too late
Post by: {later} on May 23, 2004, 03:59:00 AM
Every other exploit worked perfect for me...
Post by: krayzie on May 23, 2004, 03:59:00 AM
| QUOTE |
| ive been setting all the files up to install when i get out of bed i know im lazy but when it come to hex edit the MODxbox.xbe or what ever its called i cant seem to find the 2 fonts sections to chance this make me worry about loading it to my xbox as it might not boot up yes its the right dash and i only load 1 xtf file which is a hell of a lot smaller then the old font files? |
the hexed msdash is only used as a secondary dash so it has nothing to do with your xbox booting or not cuz it uses the renamed update.xbe to boot.
-
Title: The ultimate Dashboard Exploit Aka Ude
Post by: krayzie on May 23, 2004, 04:17:00 AM
-
what kernel do you guys have?
-
Title: The ultimate Dashboard Exploit Aka Ude
Post by: digisatman on May 23, 2004, 04:24:00 AM
-
Post by: krayzie on May 23, 2004, 04:17:00 AM
Post by: digisatman on May 23, 2004, 04:24:00 AM
| QUOTE |
| This is all you need to boot a habibi signed E:\default.xbe! (Your Linux loader, PBL, Evox, etc.). |
ok, say i have pbl in e:,
how can i load up my dash?
how cna i point pbl to my dash???
Post by: digisatman on May 23, 2004, 04:25:00 AM
Kind regards
Post by: krayzie on May 23, 2004, 04:26:00 AM
| QUOTE |
| ok, say i have pbl in e:, how can i load up my dash? how cna i point pbl to my dash??? |
Is this the first time u use pbl or something. The bios that pbl is booting points to the dash you want.
Post by: {later} on May 23, 2004, 04:27:00 AM
Post by: {later} on May 23, 2004, 04:56:00 AM
Post by: rmenhal on May 23, 2004, 05:40:00 AM
| QUOTE ({later} @ May 23 2004, 12:59 PM) |
| And still this does not work Every other exploit worked perfect for me... |
It just freezes in the xbox-logo screen? What happens if you eject the tray at that point? If your box reboots, then the kernel has crashed - possibly because the exploit didn't work.
Can you try the bert_ate_ernie.xtf below? Led will blink red if execution ever gets to the exploit. I also increased the landingzone a bit. Trouble here is that it cannot be made very large. First of all, in general, it's good to keep memory corruption as minimal as possible. Second, there's going to be a page-fault if bert overflows into a non-mapped page.
Here's the md5sum and crc-32 of my update.xbe so you can check you have the correct file. Remove the first 8192 bytes of the file - in unix-type systems you can do this with "dd if=update.xbe of=noheader bs=8192 skip=1".
md5sum: 571de69aaf0a32a59f843b50cc922521
crc-32: b8fa9c6e
| CODE |
begin-base64 644 uftest.tar.bz2 QlpoOTFBWSZTWcdPLS0AIRf///3//d1YY/+vP+v+Zv99n0r6KkAARhhRo2hC QYigTUydsAGZozWiIjRRptR6gNNAaAaGjT9U0A0aGgAGgBkGg9RoaaeRB6jI 9TQxk0g1U/SJP1TYkMTQ0aNDRo0AMAjTQDQGBGQAAAaaaaAZAAASSRoinqeK Y1GT0QMmTE2hNG1AaNAxDBAwIwJoYmRpiaZMg0DJp9p8MMyLy4NbJ3udZVZA gX+eKxaFkanuoaWm9CXyZLlskU7Ak6cOVSy18TFIJ/EonFCjxnHKhjSMcljl bbrhJY1IDBYRwQsC2yOjcoDcLnx555mKDKJHLiRbpzUFJiKCulMqAAAAA3+D I7kUklGHIktDrQQFixtPNSClazJ2kRHw7OPUDjvU9z+KSgxLsA6RNMRgmiYK mgEGK2C8RaXHd04h9qxGwYZ+XzTh+Zwxry5FvVTo4xPG1vZwiQ9mJhADDnyj aZyFbZQIgII4TC/idFdNxkjQVlsA8+X1gmFIpkinmpDTK4QIUhgjAjKSIT2E jRqvniqpNumIgcaEcdPdg0S8pT2iajPRSfwzQ7IMmUiY2G2nMe9UxBImBx6D 5W0FAoQWNA0TVv4KRrKg3SMFp6hdT9gzE4IJALEqkMIjK3h/flt9yZmRv0Ne dvS5hQL7sx5/oo7xWK6bIF2q3DviXGZAdwdCHRLiL575RiyP6ZO9JnZ1vYEo j6f6mSObVQ388q2EkkkkhCqZrqcuxdPGUsfB6dpy3TtagRwPjAEAn7LRwxZn xfNqB9D/F3JFOFCQx08tLQ== ==== |
Post by: Nailed on May 23, 2004, 06:28:00 AM
Post by: wivenhoe123 on May 23, 2004, 06:33:00 AM
cheers
mark
Post by: diablohtr on May 23, 2004, 06:34:00 AM
d:5659
Thanks
Post by: arel on May 23, 2004, 06:50:00 AM
sometimes things don´t work....trouble in paradies...
in this case....here is my bad and sad "story".
---------------
configuration:
Xbox: Kernel 4817 (stated after 007 hack, in evo-x settings display)
Dash: 4920 (exactly copied from slayers 2.5 .../all/C directory)...by the way there are more than one "versions" which called 4920 dashboard...mine has a directory named "xboxdashdate.1012a700"
-----------------
after I´ve copied the files to C from Slayer I´ve tried to start the "refreshed" raw Xbox....what I´ve got was error 21
therefore I don´t expected to get the exploit running as described...
so I´ve connected my pc and the box again by using 007 hack (evox)
and I´ve copied the "update.xbe" on C:\ and renamed it to xboxdash.xbe. afterthat ive copied the bert_ate_ernie.xtf to c:\. Last but not least I´ve renamed the fonts directory to F0nts (yes it´s a zero).
After booting the box shows the green "blubber" and after that the box was frozen (during the X screen, where you can read "MS")
I thought it could be, that I´ve signed the default.xbe (located on e:\) wrong ?
therefore I´ve copied the evo-x version which i usually use with the 007 hack to e:\default.xbe (this have to be a habibi signed XBE, because it runs perfect after starting it through 007 savegame...)
the result was the same....screen frozen....
Maybe we have to admit, that "earlier" Kernels (e.g. 4817 ?) will not run the 4920 Dash ???
any hints ??
So it could be that this (former) unbeatable exploit know is a solution for Xboxes which have a kernel "younger" than 4817 and older than 57xx ?
Sad, but a possible "restriction".
greets
Arel
Post by: CooperS on May 23, 2004, 06:53:00 AM
K:5101 D:4920
BTW. I never could get PBL 1.41 to work with ANY exploit on my box, if you're having trouble maybe use 1.4 like I do.
Post by: X_n00b on May 23, 2004, 07:52:00 AM
| QUOTE (rmenhal @ May 23 2004, 02:40 PM) |
| Here's the md5sum and crc-32 of my update.xbe so you can check you have the correct file. Remove the first 8192 bytes of the file - in unix-type systems you can do this with "dd if=update.xbe of=noheader bs=8192 skip=1". md5sum: 571de69aaf0a32a59f843b50cc922521 crc-32: b8fa9c6e |
Hmmm, I get a different MD5Sum (haven't tried CRC32) - Looks like I have the wrong update.xbe...
EDIT: Also CRC'd now, and it's also different. Tried both the stripped and unstripped version (just incase) and I definately get a different result.
Post by: {later} on May 23, 2004, 07:55:00 AM
xbox boots up, I see xbox screen and MS letters, then it just stays there with a green led.
when I press eject my xbox resets, and then it all starts over.
so i really think that my kernel crashes :S
also, I'm using windows xp, and I dunno how to remove the first 8192 bytes from a file
so i cannot check my crc, could you upload your update.xbe file to that ftp server? would be of great help.
Post by: PedrosPad on May 23, 2004, 08:04:00 AM
| QUOTE (PedrosPad @ May 23 2004, 12:59 AM) |
| I don't want to take this thread to far off topic, but... I named the exploit the "Ultimate Dashboard Exploit" because I think I've already devised a solution to:
And if it works out, there'll no longer be any reason to manually toggle the exploits. (My idea is restricted to accessing the XBOX!Live console in a safe state - XBOX!Live games will still need to be played from original media!) I get broadband in 10 days - So I'll know a lot more then. |
Regarding restoring Dashboard access to the XBOX!Live console
Im a great believer in K.I.S.S. (Keep-It-Simple-and-Straightforward), and try to avoid getting prematurely complicated. Ive many ideas for restoring Dashboard access to the XBOX!Live console when using the Ultimate Dashboard Exploit (so dont get disappointed by the simplicity of this first suggestion).
Lets leave PBL out of the picture initially.
Its a given that we need to be in an unexploited, safe, system state before launching the xonlinedash.xbe. What this actually means is at-the-point xonlinedash.xbe is launched, the BIOS must be unmodified (because its known that XBOX!Live checksums it). The unmodified BIOS can only launch M$ signed XBEs Now thats convenient as xonlinedash.xbe happens to already be M$ signed. Its also known that xonlinedash.xbe doesnt use the C:\fonts\ folder so no issue there.
Thus, how about:
Boot->update.xbe->bert_ate_ernie.xtf->Evox->restore.xbe->xodash\xonlinedash.xbe
Key:
Blue = M$ signature in effect.
Red = Habibi signature in effect.
Update.xbe is M$ signed.Bert_ate_ernie patches the BIOS signature to the habibi signature (i.e. pokes a few bytes), and launches Evox.
An Evox menu launches restore.xbe.
restore.xbe itself is habibi signed, but simply patches back the original M$ key (pokes a few bytes) in the BIOS, then launches xonlinedash.xbe.
I think this has a chance because xonlinedash.xbe is already M$ signed, and already has the XBE_MEDIA_HDD media type (unlike XBOX!Live games that have the DVD_MEDIA_TYPE, which cant be changed without breaking the signature, or the BIOS modified to work around due to the BIOS checksum).
Anyone see any issues with this? It all sounds too easy.
PS. PBL could also be launched as an app from this boot-Evox menu, removing the need to for every XBE to be re-signed.
This post has been edited by PedrosPad: May 23 2004, 06:56 PM
Post by: PedrosPad on May 23, 2004, 08:09:00 AM
| QUOTE (arel @ May 23 2004, 03:43 PM) |
| sorry guys, sometimes things don´t work....trouble in paradies... in this case....here is my bad and sad "story". --------------- configuration: Xbox: Kernel 4817 (stated after 007 hack, in evo-x settings display) Dash: 4920 (exactly copied from slayers 2.5 .../all/C directory)...by the way there are more than one "versions" which called 4920 dashboard...mine has a directory named "xboxdashdate.1012a700" ----------------- Maybe we have to admit, that "earlier" Kernels (e.g. 4817 ?) will not run the 4920 Dash ??? So it could be that this (former) unbeatable exploit know is a solution for Xboxes which have a kernel "younger" than 4817 and older than 57xx ? |
My only XBOX has K:4817. Nuff said.
This post has been edited by PedrosPad: May 23 2004, 03:14 PM
Post by: {later} on May 23, 2004, 08:19:00 AM
Post by: devz3ro on May 23, 2004, 08:26:00 AM
1. The way it has to be installed
2. Not all Xboxs are the same (different regions)
3. Its nature, since xboxdash (the real one) isn't being booted first
Another note, please do not post any ftps / links that could contain M$ copyright code, they will be removed (such as full dashboards etc.)
-devz3ro
http://sh0x.tk/
Post by: afon on May 23, 2004, 09:51:00 AM
Xbox: Kernel 4817
Dash: 4920
Ive got bert_ate_ernie.xtf of my C drive, along with: Update.xbe (xboxdash.xbe), xodash, xboxdata, skins (for unleashx), evoxdash.xbe (unleashx), MODxboxdash.xbe (Retail 4920).
On my E drive i have a habibi signed default.xbe (PBL 1.4.1 by Guex)
I obtained the update.xbe by: Downgrading dashs, unplugging ethernet, and entering xbox live option in unreal.
Symptoms;
| QUOTE |
| It just freezes in the xbox-logo screen? What happens if you eject the tray at that point? If your box reboots, then the kernel has crashed - possibly because the exploit didn't work. |
This post has been edited by afon: May 23 2004, 04:53 PM
Post by: rmenhal on May 23, 2004, 09:55:00 AM
There's probably nothing else wrong with these other versions of update.xbe except that they just require a specially "tuned" version of bert_ate_ernie. Here's the md5sum of my update.xbe - again, but now without removing the first 8192 bytes:
8ab653c39f555758fb65d9014928c4cd
The file size is 1974272 bytes.
Post by: PedrosPad on May 23, 2004, 10:04:00 AM
| QUOTE (rmenhal @ May 23 2004, 06:48 PM) |
| The file size is 1974272 bytes. |
Snap here! - I know I used PAL Splinter Cell to update my pre-live 4817 to Live 1.0 Dashboard 4290.
Post by: ldots on May 23, 2004, 10:10:00 AM
I have succesfully used the one from Slayers v. 2.5 Final which has the same checksum as Rmenhal posted : 8ab653c39f555758fb65d9014928c4cd
I then tried the one that Splinter Cell updates me to (still dash 4920) and it doesn't work. This has the same checksum as the update.xbe from Slayers v. 2.1 : 73402a42463766842e56e82b839d5669
On a different subject. I just tried cleaning my C: drive and then only uploaded update.xbe (renamed to xboxdash.xbe) and C:\fonts\bert_ate_ernie.xtf. Nothing else! The exploit ran beautifully. So making an installer for this should be really easy. I guess even if one by accident had the dash upgraded on live and save game restore option would just have to replace the fonts folder with C:\fonts\bert_ate_ernie.xtf and xboxdash.xbe with a save update.xbe.
Post by: PedrosPad on May 23, 2004, 10:08:00 AM
| QUOTE (ldots @ May 23 2004, 07:03 PM) |
| I have succesfully used the one from Slayers v. 2.5 Final which has the same checksum as Rmenhal posted : 8ab653c39f555758fb65d9014928c4cd |
Beat me to it - I was just comparing Slayer disk versions myself. Bloddy helpful post Idots.
| QUOTE (ldots @ May 23 2004, 07:03 PM) |
| I then tried the one that Splinter Cell updates me to (still dash 4920) and it doesn't work. |
What region was your Splinter Cell? I'm sure my my update.xbe, that works, came from the PAL Splinter Cell.
Post by: ldots on May 23, 2004, 10:13:00 AM
I'm gonna try to force another downgrade to be sure...
I'm 99% sure though that the update.xbe that I just tried came from a live 1.0 upgrade from MA or SC (PAL versions). I'll report back.
Post by: Flame2k on May 23, 2004, 10:21:00 AM
any suggestions?
Post by: Angerwound on May 23, 2004, 10:26:00 AM
Post by: Flame2k on May 23, 2004, 10:32:00 AM
Post by: ldots on May 23, 2004, 10:38:00 AM
| QUOTE (PedrosPad @ May 23 2004, 07:08 PM) |
| What region was your Splinter Cell? I'm sure my my update.xbe, that works, came from the PAL Splinter Cell. |
OK - just to re-cap and report back! At the moment we only have one update.xbe that has been confirmed to work with the current bert_ate_ernie. This update.xbe can be found on Slayer v.2.5 and apparently on some live 1.0 enable game. Not all though!
I just confirmed that the update.xbe I get from upgrading/downgrading using my PAL MechAssault is the same as the one on Slayers v. 2.1, and doesn't work.
| CODE |
Filesize : 1914880 bytes checksum : 73402a42463766842e56e82b839d5669 |
I tried using the new Bert_ate_ernie posted by Rmenhal above with this update.xbe and the blinkled code is not reached.
The flaw is undoubtedly present in this version also, but bert needs some tuning to work. Downloading Slayers just for this exploit seems a waste of time. A package would be nice at this point
Post by: violent_bong on May 23, 2004, 10:55:00 AM
Good work everyone.
Post by: {later} on May 23, 2004, 10:57:00 AM
will post in about 10 minutes if it works or not
Post by: digisatman on May 23, 2004, 11:01:00 AM
when using this exploit, say i go to play a game like halo for example, then i press the eject button coz i wanna play another game, will it restart my xbox?
thanks
Post by: devz3ro on May 23, 2004, 11:13:00 AM
BTW I did not get a chance to try this out myself, I will do so later on tonight.
-devz3ro
http://sh0x.tk/
Post by: violent_bong on May 23, 2004, 11:14:00 AM
Good job rmenhal and Pedro!
Post by: afon on May 23, 2004, 11:15:00 AM
| QUOTE |
| Downloading Slayers just for this exploit seems a waste of time. A package would be nice at this point |
Agreed. (As I'm download slayers right now)
Post by: devz3ro on May 23, 2004, 11:18:00 AM
| QUOTE (afon @ May 23 2004, 08:15 PM) |
| Agreed. (As I'm download slayers right now) |
Oh Jesus, just wait about 4 hours, it will be there.
-devz3ro
http://sh0x.tk/
Post by: {later} on May 23, 2004, 11:34:00 AM
This what I have copied to C:\ and E:\
C:\
----
bert_ate_ernie.xtf
xboxdash.xbe (the renamed update.xbe from slayers 2.5)
(get this file from 'SlaYer's EvoX Auto-Installer v2.5FINAL\SYSTEM\ALL\c\xodash')
evox.ini
evoxdash.xbe
E:\
----
boot.cfg
default.xbe (PBL 1.3)
introflag.lock (automatically generated by PBL)
phoenix.raw (phoenix image)
xboxrom.bin (the bios)
and this setup works perfect!
thnx alot to everyone out there who made this possible, this exploit loads VERY fast!
Here are the filesizes of the update.xbe files:
wrong one: 1.82MB (1.914.880 bytes)
GOOD one: 1.88MB (1.974.272 bytes)
hope this helps
Post by: ersatz on May 23, 2004, 11:48:00 AM
K:4817
D:5960
I've never bothered with softmod before but I wanna try. How do I downgrade my dash or can I even do it?
If someone could give me a step through guide or pm me one for this softmod I would greatly appreciate it.
Post by: jon20usa on May 23, 2004, 11:54:00 AM
Post by: Blank on May 23, 2004, 11:54:00 AM
| QUOTE (ersatz @ May 23 2004, 02:48 PM) |
| Here's my specs: K:4817 D:5960 I've never bothered with softmod before but I wanna try. How do I downgrade my dash or can I even do it? If someone could give me a step through guide or pm me one for this softmod I would greatly appreciate it. |
To downgrade your dash:
Get a hold of an EvoX gamesave exploit. Then, download Slayer's EvoX and extract the iso. Load up the gamesave exploit and FTP into your Xbox. Backup your C: partition to your PC and your eeprom/hdd information. Then, delete the C: partition on your Xbox and replace it with the one on Slayer's (System/All/C). Double check that ALL the files are there and that they are on root C: before resetting.
Post by: Angerwound on May 23, 2004, 12:10:00 PM
Post by: evil clone on May 23, 2004, 12:18:00 PM
| QUOTE (evil clone @ May 22 2004, 08:32 PM) |
| K:5101 D:4920 & zero problems EC |
ok just for the hell of it i ubpluged my box at 5:20 yesterday and i just now pluged it back in and it booted fine... 24hours
(it still shooks me to see no clook loop )peace
ec
Post by: jon20usa on May 23, 2004, 12:21:00 PM
Post by: {later} on May 23, 2004, 12:33:00 PM
I really like it alot...http://members.lycos..... {later}).avi
Post by: PedrosPad on May 23, 2004, 12:35:00 PM
| QUOTE (PedrosPad @ May 23 2004, 04:57 PM) |
| Regarding restoring Dashboard access to the XBOX!Live console
How about: Boot->update.xbe->bert_ate_ernie.xtf->Evox->restore.xbe->xodash\xonlinedash.xbe Key: Blue = M$ signature in effect. Red = Habibi signature in effect. restore.xbe itself is habibi signed, but simply patches back the original M$ key (pokes a few bytes) in the BIOS, then launches xonlinedash.xbe. Anyone see any issues with this? It all sounds too easy. |
I will be an XBOX!Live noob in about 10 days - so that's my level of experience here.
Thinking more about this candidate solution, Im now wondering what would happen when the launched xonlinedash tries to check the installed Dashboard version, in order to determine if an upgrade is necessary? Does it check the xonlinedash.xbe? or the boot dashboard? which in our case would be a renamed legacy update.xbe.
Im keen to find out
rmenhal, are you able to build me a restore.xbe, as I describe above? (I assume you know the original values of the M$ signature bytes you patch). I think itd only be a handful of source lines and those pasted from what youve already got. (See http://www.xbdev.net...e_020/index.php for how to roll-your-own XBE from NASM
.)An eventual deluxe version of this wrapper would be one thatd take the path of the eventual XBE to launch from its command line arguments I believe Evox allows you to specify these on its menu items.
Post by: TraZer on May 23, 2004, 12:43:00 PM
/TraZer
Post by: digisatman on May 23, 2004, 12:48:00 PM
| QUOTE (TraZer @ May 23 2004, 09:43 PM) |
| But where do I get those new bert and ernie files??.... I have been looking through the forum 2 times and I cant seem to find it. I hace tried to copy the code from the first post and pasted it into ultra edit and tried to open it with winrar but it doesänt work.... I gues you have to do it some aother way.... any help please? /TraZer |
ive hooked ya up
any1 who need the package, pm me!
Post by: jon20usa on May 23, 2004, 12:51:00 PM
Post by: afon on May 23, 2004, 01:21:00 PM
).Pedros Pad And Rmenhal.... I love you guys
Post by: TraZer on May 23, 2004, 02:09:00 PM
I put all the necessary files in C: and E:
but when I boot up my xbox it starts checking for updates and thats it.... when I press ok it just comes a sound and it starts seardhing for updates again.
I did put following files in c:
bert_ate_ernie.xtf
evox.ini
evoxdash.xbe
xboxdash.xbe
I put these files in E:
boot.cfg
default.xbe
phoenix.raw
xboxrom.bin
I renamed fonts to f0nts
any help? =)
Post by: ldots on May 23, 2004, 02:54:00 PM
| QUOTE (PedrosPad @ May 23 2004, 09:35 PM) |
| Thinking more about this candidate solution, Im now wondering what would happen when the launched xonlinedash tries to check the installed Dashboard version, in order to determine if an upgrade is necessary? Does it check the xonlinedash.xbe? or the boot dashboard? which in our case would be a renamed legacy update.xbe. |
These are some of the concerns. If this causes an update each time, it's far from ideal. Another thing is what happens when you exit xonlinedash.xbe? Would Bert_ate_Ernie fire again when reloading our xboxdash.xbe (update.xbe)? This is a new memory layout, so maybe not? Would we get a reboot? Some things to check
If I was eager to go on Live I think I would just make a font/audio switch in Evox like we were used to with the old fonts (do you remember when the clock loop was an issue
).| CODE |
[Action 10] WARNING "Turning off Ultimate Font exploit" WARNING "and turning on audio exploit" rename "c:\xboxdash.xbe" "c:\xboxdash.xbe.upd" rename "c:\xboxdash.xbe.bak" "c:\xboxdash.xbe" rename "c:\bert_ate_ernie.xtf" "bert_ate_ernie.bak" rename "c:\f0nts" "c:\fonts" copy "e:\TDATA\fffe0000\music\ST.DB" "e:\TDATA\fffe0000\music\ST.bak" copy "e:\TDATA\fffe0000\music\ST.hk" "e:\TDATA\fffe0000\music\ST.DB" [Action 101 WARNING "Turning off the audio exploit" WARNING "and turning on the Ultimate Font exploit" rename "c:\xboxdash.xbe" "c:\xboxdash.xbe.bak" rename "c:\xboxdash.xbe.upd" "c:\xboxdash.xbe" rename "c:\bert_ate_ernie.bak" "bert_ate_ernie.xtf" rename "c:\fonts" "c:\f0nts" copy "e:\TDATA\fffe0000\music\ST.bak" "e:\TDATA\fffe0000\music\ST.DB" |
Havent tested this! Just to sketch the idea.
Actually, I think this is even robust against dashupdates. This needs more testing, but I just tried upgrading my dash to version 5659. Then only copy the 4920 update.xbe to xboxdash.xbe rename fonts folder and put bert_ate_ernie.xtf in the root. The exploit worked, because update.xbe doesn't require any settings files or anything. Only Bert_ate_ernie is loaded.
So a memcard package with this exploit would be simpel. I will make one when time allows it. Have a nice setup figured out with C-drive restore options and automatic msdash patching. Only need some spare time
Post by: ldots on May 23, 2004, 02:58:00 PM
| QUOTE (TraZer @ May 23 2004, 11:09 PM) |
| but when I boot up my xbox it starts checking for updates and thats it.... when I press ok it just comes a sound and it starts seardhing for updates again. |
Sounds to me like you still have the retail *xtf fonts in the root of C:
You need to rename the extension of :
C:\Xbox.xtf
and
C:\XBox Book.xtf
to a something else (*.bak)
Also be sure you habibi signed E:\default.xbe (you didn't mention that).
Post by: Angerwound on May 23, 2004, 05:59:00 PM
Post by: devz3ro on May 23, 2004, 06:17:00 PM
Only reason the easter-egg is still there is for live 2.0 access. I'll leave it up to you though since you spent some time on it.-devz3ro
http://sh0x.tk/
Post by: Angerwound on May 23, 2004, 06:22:00 PM
BTW, I'm tinkering with trying to launch xonlinedash.xbe.. I hexedited the xboxdash.xbe to look for an occurrence of fonts\ as pedro said there was and can't seem to find it. Anyone else find the occurrance?
For now I am just changing the fonts and xboxdash.xbe's back to original's and then reboot to play live... Gamesave to switch hack back on ( I suppose you could use the EasterEgg exploit as well )... Simple enough...
Post by: Angerwound on May 23, 2004, 07:09:00 PM
Post by: rmenhal on May 23, 2004, 08:40:00 PM
| QUOTE (ldots @ May 23 2004, 11:54 PM) |
| If I was eager to go on Live I think I would just make a font/audio switch in Evox like we were used to with the old fonts (do you remember when the clock loop was an issue ). |
You forgot that audio exploits don't work with post-4920 dashes?
However, you could do something similar with the easter-egg. But that wouldn't work across updates, because settings_adoc.xip will be overwritten.Post by: Jbob on May 23, 2004, 08:57:00 PM
Found the hex strings in Thc lite after posting (2 occurances) edited them and now works flawless with THc WooHoo
Post by: rmenhal on May 23, 2004, 09:30:00 PM
| QUOTE (Angerwound @ May 24 2004, 03:22 AM) |
| BTW, I'm tinkering with trying to launch xonlinedash.xbe.. I hexedited the xboxdash.xbe to look for an occurrence of fonts\ as pedro said there was and can't seem to find it. Anyone else find the occurrance? |
"fonts" is in 16-bit unicode. In this case, there's just a 0x00 after each (8-bit) letter. There are two occurrences in xboxdash.xbe.
Post by: ldots on May 23, 2004, 10:33:00 PM
| QUOTE (rmenhal @ May 24 2004, 05:40 AM) |
| You forgot that audio exploits don't work with post-4920 dashes? However, you could do something similar with the easter-egg. But that wouldn't work across updates, because settings_adoc.xip will be overwritten. |
True - so this is not completely ideal
But this is the same issue as live/audio users had before. Let live upgrade the live dash, then use a game save hack up restore the 4920 dash.
About Pedro's idea. The Mech fonts keep a small stub program in memory after the in-memory-pathched msdash has been reached, to be able to patch the key back to its original state if a non habibi-signed xbe is being loaded. Does anyone know how long this stub program survives? Maybe a similar trick could be used for launching xonlinedash.
Post by: wivenhoe123 on May 23, 2004, 10:54:00 PM
i have got all the relevant files on my xbox (thanks digisatman!) and when the mod chip is in i can get it to run through the update.xbe (xboxdash.xbe) > bert ate ernie > phoenix > evox dash.
though as soon as i remove my mod chip and try and boot i receive an error 13! any suggestions?
UPDATE! ok it seems if i use the xboxdash.xbe from digisatman's package then i receive error 21, though if i sign the xboxdash.xbe it changes to a error 13.
when using my mod chip it still functions fine, with no errors.
anyone got any suggestions of something i could try or what the problem could be?
Mark
Post by: digisatman on May 23, 2004, 11:12:00 PM
I pm'ed him, so i think i might try and get him to put my package on the usual places,
cheers
Post by: digisatman on May 23, 2004, 11:21:00 PM
when using this exploit, say i go to play a game like halo for example, then i press the eject button coz i wanna play another game, will it restart my xbox?
thanks
Post by: TraZer on May 23, 2004, 11:41:00 PM
| QUOTE (ldots @ May 23 2004, 11:58 PM) |
| Sounds to me like you still have the retail *xtf fonts in the root of C: You need to rename the extension of : C:\Xbox.xtf and C:\XBox Book.xtf to a something else (*.bak) Also be sure you habibi signed E:\default.xbe (you didn't mention that). |
Thanks for your answer!... I might have missed the thing with signing the default.xbe in E:\
where canb I read about signing the xbe?
thanks again? =)
Post by: PedrosPad on May 24, 2004, 12:16:00 AM
| QUOTE (ldots @ May 23 2004, 11:54 PM) |
| Think your idea would work Pedro These are some of the concerns. If this causes an update each time, it's far from ideal. Another thing is what happens when you exit xonlinedash.xbe? Would Bert_ate_Ernie fire again when reloading our xboxdash.xbe (update.xbe)? This is a new memory layout, so maybe not? Would we get a reboot? Some things to check If I was eager to go on Live I think I would just make a font/audio switch in Evox like we were used to with the old fonts (do you remember when the clock loop was an issue ). |
Thanks for the feedback. I was am hoping to get some discussion going on in this topic & thread.
I was always confident that the bright sparks in the forum would be able to combine the exploits to solve any issues (as they always have
). I authored my Dashboard Exploit Summary post to aid and encourage this I'm assuming that, by the time you've performed all the XBOX!Live updates to the latest Dashboard/XBOX!Live console, the final xodash\update.xbe would be far newer than the 4290 update.xbe - and the font overflow bug fixed - meaning that if the latest xodash\update.xbe was launched by the xonlinedash.xbe, and was denied all fonts except C:\bert_ate_ernie.xtf, the exploit wouldn't fire - I do wonder what would happen.
A best-case-scenario is that the additional check simply steps over loading an overflowing font, and carries on looking and loading the remaining fonts what match the *.xtf wildcard. Since rmenhal has found that the 4290 update.xbe only loads one font, it may possible to the put the two retail fonts and bert_ate_enie in C:\ and force the order of the *.XTF file enumeration. Either by file renaming (relying on a sort order), or re-writing the raw directory sector.
Post by: PedrosPad on May 24, 2004, 12:16:00 AM
| QUOTE ({later} @ May 23 2004, 09:33 PM) |
| here's a nice little movie I made of the update-exploit, check out the boot time I really like it alot... http://members.lycos..... {later}).avi |
Look Mum, I'm on Telly.
Post by: PedrosPad on May 24, 2004, 12:24:00 AM
| QUOTE (zorxd @ May 24 2004, 03:50 AM) |
| is this exploit supposed to work on a TSOP flashed xbox with PBL that load kernel 5101????? I want to do this to test it before using it on other xboxes |
If your TSOP flashed, why would you need a software exploit?
And why use PBL to load a retail kernel? (It's known that this isn't sufficient to use Live) I feel I missed something here.
Post by: PedrosPad on May 24, 2004, 12:46:00 AM
| QUOTE (rmenhal @ May 24 2004, 05:33 AM) |
| It might be possible to beef up bert so that it would check if e.g. either of the fire buttons is pressed during boot and if so then skip key patching and run an alternative executable instead of E:\default.xbe. |
Ok, the big reveal.....
I've always believed that restoring the standard system state is the trick to Live access - and not patching the retail XBEs, thereby breaking their signatures and all the problems this brings.
I determined that Live 1.0 and greater programs appear to check C:\fonts ahead of falling back to C:\. Thus file and folder renaming is one of the techniques I had in mind.
Part 1: Restoring the standard system state.
With the Ultimate Dashboard Exploit, with bert_ate_ernie deployed in the root on C:\ (as I recommended), restoring the standard system state requires:
To hide the Ultimate Dashboard Exploit (UDE):
- Renaming the update.xbe based C:\xboxdash.xbe to C:\xboxdash.xbeUDE
- Renaming C:\bert_ate_ernie.xtf to C:\bert_ate_ernie.xtfUDE
- Renaming C:\f0nts back to C:\fonts
- Renaming a backed up retail dashboard (any ) from C:\xboxdash.xbeORG, to C:\xboxdash.xbe
Getting the bert_ate_ernie.xtf font to do this renaming via a held button press is not an idea I'd considered, but a cool one. It simply needs to reboot after all the renaming.
. (I was considering using an easter egg exploit to 'toggle' the renaming).Part 2: Reinstalling the Ultimate Dashboard Exploit.
All retail dashboards released so far can perform the easter egg exploit. In this scenario the settings_adoc.xip needs to be the pre-live 4817 Dashboard, that'll be exploited via double-dash fonts, installed to the root C:\. You see, Live 1.0, and greater, XBEs look for their fonts in C:\fonts first, but pre-live XBEs only look at the root C:\. These fonts will be reverse the renaming, and simply reboot.
Note:- Left out, for clarify, is the fact that the easter egg fonts will also actually need to be included in the rename toggling.
Let's all start timing rmenhal
PS. Because you'll be using latest retail Dashboard when in the safe system state, you shouldn't get any repeated forced updates from XBOX!Live.
PPS. The pre-live Dashboard's C:\settings_adoc.xip isn't overwitten by Dashboard updates (they update the one in C:\dashdata...\settings_adoc.xip).
Post by: rodpad on May 24, 2004, 02:00:00 AM
Post by: ldots on May 24, 2004, 02:17:00 AM
| QUOTE (PedrosPad @ May 24 2004, 09:46 AM) |
| PS. Because you'll be using latest retail Dashboard when in the safe system state, you shouldn't get any repeated forced updates from XBOX!Live. PPS. The pre-live Dashboard's C:\settings_adoc.xip isn't overwitten by Dashboard updates (they update the one in C:\dashdata...\settings_adoc.xip). |
Maybe I dont get your idea, but when you return from Live (being in the restored state), you return to the latest retail Dashboard right? Then you want to use the easter egg exploit to return to the UDE. This requires having the C:\xboxdashdata...\settings_adoc.xip replaced by the pre-live dashboard to work. But if/when the retail dashboard will be updated on Live this settings_adoc.xip will be replaced - thereby disabling the easter egg exploit
Post by: PedrosPad on May 24, 2004, 02:46:00 AM
| QUOTE (ldots @ May 24 2004, 11:17 AM) |
| Maybe I dont get your idea, but when you return from Live (being in the restored state), you return to the latest retail Dashboard right? Then you want to use the easter egg exploit to return to the UDE. This requires having the C:\xboxdashdata...\settings_adoc.xip replaced by the pre-live dashboard to work. But if/when the retail dashboard will be updated on Live this settings_adoc.xip will be replaced - thereby disabling the easter egg exploit |
Good catch ldots - but I'd be very surprised if an entire Dashboard upgrade would be triggered by an incorrect C:\xboxdashdata...\settings_adoc.xip (given that this is only an easter egg, and not really involved in the operation of the XBOX or XBOX!Live.) If this is replaced, occasionally, by an XBOX!Live update, it can be downgraded again via a game save (hell of a lot easier downgrading this one file, than the whole dashboard). So I don't think this affects my proposed solution. It'd be helpful if someone could pop in legacy C:\xboxdashdata...\settings_adoc.xip, and hop onto XBOX!Live, to see if this forced an update, but I guess no one would want to risk getting banned. I'm game to try in once me broadband gets installed next week (I need XBOX for me bedroom anyway
).
Post by: TraZer on May 24, 2004, 03:29:00 AM
/TraZer
Post by: PedrosPad on May 24, 2004, 03:35:00 AM
| QUOTE (TraZer @ May 24 2004, 12:29 PM) |
| I nedd some serious help here.... I may have missed something I dont know but everytime I boot my xbox I get the 21 error problem.... I want to be able to boot PBL directly. I have usually been running PBL from the bert ernie reloaded font hack and it have worked pretty good unless that damned clock loop. Ok soo here is what I have done I copied bert_ate_ernie.xtf to c:\ renamed the font directory to f0nts with a zero (shall I remove the fonts inside the directory?) I got a xboxdash (update.xml correct size) from a guy who sentme some files and I also copied it to C:\ then copied xboxdash.xbe, evoxdash.xbe and evox ini to c:\ Now I copied the last files I needed in E:\ default.xbe, boot.cfg, phoenix.raw and xboxrom.bin if anyone could help me on this I would be sooooooooooooooo gratefull *haha* /TraZer |
You don't state that you've removed (or renamed them to .XTFBAK) the other XTF fonts on C:\. bert_ate_ernie should be the only file with an XTF entension left on C:\
Although, the symptom looks like the E:\default.xbe isn't habibi signed.
Try and locate a _Package that's been prepared - It'll have all the files you need, correctly signed, etc.
Post by: TraZer on May 24, 2004, 04:00:00 AM
thanks again
TraZer
Post by: rmenhal on May 24, 2004, 04:01:00 AM
| QUOTE (wivenhoe123 @ May 24 2004, 07:54 AM) |
| though as soon as i remove my mod chip and try and boot i receive an error 13! any suggestions? |
Since it seems to be working with the chip, it must be that your executables aren't properly signed.
| QUOTE |
| UPDATE! ok it seems if i use the xboxdash.xbe from digisatman's package then i receive error 21, though if i sign the xboxdash.xbe it changes to a error 13. |
You mustn't sign or modify that xboxdash.xbe in any manner. Error 21 looks better here. Is your E:\default.xbe from digisatman's package too? It should then be properly signed already (right?) and need no signing or modifications. If your E:\default.xbe is from somewhere else, then you need to sign it with xbedump using the -habibi option.
Post by: Angerwound on May 24, 2004, 04:18:00 AM
| QUOTE (rmenhal @ May 24 2004, 06:30 AM) |
| "fonts" is in 16-bit unicode. In this case, there's just a 0x00 after each (8-bit) letter. There are two occurrences in xboxdash.xbe. |
Thanks rmenhal!
Post by: Angerwound on May 24, 2004, 04:43:00 AM
BTW, I have K: 4034 and D: 5960 running the UDE. I can boot to the hexed m$dash.xbe but no luck with xonlinedash.xbe yet. Kicks me back to the avalaunch dash. I hexed it as well. Hrm...
I also discovered that when all three fonts are placed in the fonts DIR.
/c/fonts/
xbox.xtf
xbox book.xtf
bert_ate_ernie.xtf
The MS Dash will boot. It either loads the other two first or skips bert_ate_ernie.xtf
The update.xbe(4920 UDE version) performs the same way, if all three are within the same folder the xbox.xtf and xbox book.xtf are loaded first and the update application starts.
Post by: TraZer on May 24, 2004, 04:57:00 AM
maybe it could be of some help for us who cant get this to work?
or else I just have to go back to the original font hack whisch I reeeaaaallt hate haha.
anyway here comes the images:
Partition C:\
Partition E:\
thanks for all your help and putting up with all my questions
/TraZer
Post by: PedrosPad on May 24, 2004, 05:15:00 AM
| QUOTE (rmenhal @ May 24 2004, 01:23 PM) |
| But.. isn't this already done? 1. Install easter-egg 2. Install UDE 3. Install Idots' EvoX menu entries (but remove the ST.DB renaming lines) I've never used a game save exploit, so I have to ask. Is easter-egg really easier/faster than doing it through a game save? When a new version of dash becomes available, you'll need to either do a game save exploit or open your box and attach Xbox's HD to a PC. Well, if you don't mind the latter option and don't have 007/MA/SC, then I guess easter-egg makes sense. I didn't want anything renamed, but patched on-the-fly. Just reboot with fire button pressed and go Live. That's it. But if we mustn't patch anything in memory, then the button-press-on-reboot simplicity doesn't make much sense. But does having a modified C:\dashdata...\settings_adoc.xip cause any repeatedly forced updates? devz3ro? |
Excellent - Some feed back.
YES! it's all being done already - so it's a tried and tested solution
. Largely what I'm recommending is the purpose the various exploits are put to. The original Easter egg exploit was used to go from a safe state to an exploited one.
With the Ultimate Dashboard Exploit you can boot directly into the exploited state.
I think it's fair to say that the exploited state would be used more, so the Easter egg's finger dancing makes it inconvenient for frequent use.
At this point, it's worth reminding the readers you can still play XBOX!Live games, from original media, in the exploited state - you just can't use the game's link to the XBOX!Live console.
Once in the exploited state, you could use an Evox script to perform the renaming (as you point out), but because some people prefer alternative custom Dashboards that may not contain scripting, this is not an option for all. However all custom Dashboards allow the execution of an XBE, so putting the all the necessary renaming into an XBE would suit everybody. (Making the bert_ate_ernie font execute this 'C:\RenameSafe.xbe' on a held-button press skips even the need to enter the custom Dashboard).
What's new in what I propose is to use the Easter Egg exploit (which currently works on all Dashboards) to re-enable the Ultimate Dashboard Exploit, from the safe state. No need to scramble around finding your exploited game DVD, etc. It's all on the HDD.
All the bits actually exist on the scene for anyone to configure their XBOX this way, but I feel that it would be made simpler by a new DD bert & ernie font, for use by the Easter egg, that'd execute a 'C:\RenameUDE.xbe', and, ideally, a new bert_ate_ernie font, that'd launch 'C:\RenameSafe.xbe' on a held-button.
Post by: PedrosPad on May 24, 2004, 05:28:00 AM
| QUOTE (PedrosPad @ May 24 2004, 11:46 AM) |
| I'd be very surprised if an entire Dashboard upgrade would be triggered by an incorrect C:\xboxdashdata...\settings_adoc.xip (given that this is only an easter egg, and not really involved in the operation of the XBOX or XBOX!Live.)It'd be helpful if someone could pop in legacy C:\xboxdashdata...\settings_adoc.xip, and hop onto XBOX!Live, to see if this forced an update, but I guess no one would want to risk getting banned. I'm game to try in once me broadband gets installed next week (I need XBOX for me bedroom anyway ). |
| QUOTE (Angerwound @ May 24 2004, 01:43 PM) |
| Well, I guess you edited out the question on your post rmenhal but no a modified settings_adoc.xip will not cause an update just tested it. |
A brave man, and an ace result!
| QUOTE (PedrosPad @ May 24 2004, 09:16 AM) |
| I'm assuming that, by the time you've performed all the XBOX!Live updates to the latest Dashboard/XBOX!Live console, the final xodash\update.xbe would be far newer than the 4290 update.xbe - and the font overflow bug fixed. A best-case-scenario is that the additional check simply steps over loading an overflowing font, and carries on looking and loading the remaining fonts what match the *.xtf wildcard. |
| QUOTE (Angerwound @ May 24 2004, 01:43 PM) |
| BTW, I have K: 4034 and D: 5960 I also discovered that when all three fonts are placed in the fonts DIR. /c/fonts/ xbox.xtf xbox book.xtf bert_ate_ernie.xtf The MS Dash will boot. It either loads the other two first or skips bert_ate_ernie.xtf |
More ace results
Post by: {later} on May 24, 2004, 06:17:00 AM
| QUOTE (TraZer @ May 24 2004, 01:57 PM) |
| I have posted two images of how my C:\ and E:\ drive looks like maybe it could be of some help for us who cant get this to work? or else I just have to go back to the original font hack whisch I reeeaaaallt hate haha. anyway here comes the images: Partition C:\ Partition E:\ thanks for all your help and putting up with all my questions /TraZer |
ok,
what kernel and what dashboard are you using? cuz your screens look ok...
you only seem to miss the settings_adoc.xip at your C drive.
Here are my pics of C:\ and E:\ (exploit is working perfect here)
http://members.lycos...ler/C-Drive.jpg
http://members.lycos...ler/E-Drive.jpg
Also, to all the non-believers, the clock loop is 100% fixed! I've unplugged my xbox for about 12 hours and then plugged it in WITHOUT a network cable in it. It booted the first try!
Post by: digisatman on May 24, 2004, 06:20:00 AM
| QUOTE |
| Also, to all the non-believers, the clock loop is 100% fixed! I've unplugged my xbox for about 12 hours and then plugged it in WITHOUT a network cable in it. It booted the first try! |
who said there were non-beleivers?
lol
Post by: TraZer on May 24, 2004, 06:30:00 AM
| QUOTE ({later} @ May 24 2004, 03:17 PM) |
| ok, what kernel and what dashboard are you using? cuz your screens look ok... you only seem to miss the settings_adoc.xip at your C drive. Here are my pics of C:\ and E:\ (exploit is working perfect here) http://members.lycos...ler/C-Drive.jpg http://members.lycos...ler/E-Drive.jpg Also, to all the non-believers, the clock loop is 100% fixed! I've unplugged my xbox for about 12 hours and then plugged it in WITHOUT a network cable in it. It booted the first try! |
Thanks for the pictures.... I'll look through everything once again and see if I have missed something.
this settings_adoc.xip what is it?... and where can I find it?... or it something that will be created automatically when I successfully run it all.
thanks for the pictures by the way!!!
/TraZer
Post by: PedrosPad on May 24, 2004, 06:33:00 AM
| QUOTE (TraZer @ May 24 2004, 03:30 PM) |
| Thanks for the pictures.... I'll look through everything once again and see if I have missed something. this settings_adoc.xip what is it?... and where can I find it?... or it something that will be created automatically when I successfully run it all. thanks for the pictures by the way!!! /TraZer |
C:\settings_adoc.xip is the original easter egg for the pre-live 4817 Dashboard. It is not required for the basic exploit to run.
Post by: digisatman on May 24, 2004, 06:34:00 AM
| QUOTE (TraZer @ May 24 2004, 03:30 PM) |
| Thanks for the pictures.... I'll look through everything once again and see if I have missed something. this settings_adoc.xip what is it?... and where can I find it?... or it something that will be created automatically when I successfully run it all. thanks for the pictures by the way!!! /TraZer |
u need that file,
u can find it in 4920 dash....u musta deltedd it...
Post by: meerdorf on May 24, 2004, 06:38:00 AM
Post by: TraZer on May 24, 2004, 06:40:00 AM
K: 4983.03
D: 4101
Soo it wouldnt be a problem to get this to work.... I mean I have been running PBL withiut problems what soever.... thanks again for all the help!
/TraZer
Post by: krayzie on May 24, 2004, 06:40:00 AM
Post by: PedrosPad on May 24, 2004, 06:43:00 AM
Post by: TraZer on May 24, 2004, 06:44:00 AM
| QUOTE (meerdorf @ May 24 2004, 03:38 PM) |
| I havent got that file either, and mine wont work!!!! Its not anywhere, I even reinstalled using slayers?! So thats all we are missing? Where can we grab it from? |
I have the same problem.... I always do backup of everything beforce i delete it soo if I now had it..... it aint there anymore hehe
I have never seen this file but if anyone know where to get it or have it themselves.... please post it or PM
thanks
TraZer
Post by: digisatman on May 24, 2004, 07:05:00 AM
| QUOTE (TraZer @ May 24 2004, 03:40 PM) |
| sorry I forgot to tell about my kernel version K: 4983.03 D: 4101 Soo it wouldnt be a problem to get this to work.... I mean I have been running PBL withiut problems what soever.... thanks again for all the help! /TraZer |
u need 4920 dash m8,
correct me if im wrong....
Post by: TraZer on May 24, 2004, 07:08:00 AM
| QUOTE (digisatman @ May 24 2004, 04:05 PM) |
| u need 4920 dash m8, correct me if im wrong.... |
Good god.... all this for nothing!!!....aaaaaah!!!.... ok back to basics then!... thanks for telling me by the way *laughs and bangs head against wall*
cheers!!
wkr
TraZer
Post by: PedrosPad on May 24, 2004, 07:31:00 AM
| QUOTE (digisatman @ May 24 2004, 04:05 PM) |
| u need 4920 dash m8, correct me if im wrong.... |
I do have the Dashboard 4290 installed but I think the only part of Dashboard 4290 being used by the UDE is it's c:\xodash\update.xbe (relocated and renamed to C:\xboxdash.xbe).
I'll rename my 4290 C:\xdashdata... and xodash folders as soon as I get home to verify this.
Post by: Angerwound on May 24, 2004, 07:36:00 AM
Post by: ldots on May 24, 2004, 07:37:00 AM
| QUOTE (ldots @ May 23 2004, 07:03 PM) |
| On a different subject. I just tried cleaning my C: drive and then only uploaded update.xbe (renamed to xboxdash.xbe) and C:\fonts\bert_ate_ernie.xtf. Nothing else! The exploit ran beautifully. So making an installer for this should be really easy. I guess even if one by accident had the dash upgraded on live and save game restore option would just have to replace the fonts folder with C:\fonts\bert_ate_ernie.xtf and xboxdash.xbe with a save update.xbe. |
As you see I tried doing the exploit with nothing but update.xbe (renamed) and the hacked font. I also later confirmed that after a dashupdate I just had to copy over the 4920 update.xbe (renamed), and make sure that the bert-ate-ernie would be loaded to get the exploit running again.
So installing this really shoudn't be that difficult once you have the rigth update.xbe. Check the following and it should fire :
- Make sure your update.xbe is renamed to xboxdash.xbe
- This xbe load fonts in C:\fonts first then tries C: so to make sure bert-ate-ernie is loaded either have nothing but bert-ate-erinie with the xtf extension in C:\fonts or rename the fonts folder entirely and only have bert-ate-ernie with xtf extension in C:
- make sure E:\default.xbe is habibi signed
Post by: digisatman on May 24, 2004, 07:42:00 AM
| QUOTE (gstifflerd @ May 24 2004, 04:38 PM) |
| Okay, I need a little bit of help here. I don't know what I'm doing wrong, but it's most likely a dumb mistake. I have gotten the exploit to work just fine, but I'm having trouble setting up Evox. It doesn't seem to want to run the c:\evoxdash.xbe. From what I've read, I think that the default.xbe decides what to boot, right? Am I supposed to use a special one to tell it to boot c:\evoxdash.xbe? Because the one I'm using now just creates an evox.ini in the e:\ directory. I believe this is also preventing it from loading a custom BIOS, which is in-turn preventing me from playing any games from the Evox dash. I know this all prolly seems pretty funny, but I'm new and you gotta start somewhere. Thanks for your help. |
YGPM
it should help ya!
Post by: SilverSurfR on May 24, 2004, 07:44:00 AM
Post by: Angerwound on May 24, 2004, 07:53:00 AM
=======================================================
Files in Blue.
Notes in Gray.
Latest Live Dash: 5960
C:\
XBOXDASH.xbe <-- Renamed 'Update.xbe' used in UDE from Slayers 2.5 or D: 4920.
MSXBOXDASH.xbe <-- Original 5960 'xboxdash.xbe'.
mainmenu5.xip <-- From pre-live dash 4034/4817.
default.xip <-- From pre-live dash 4034/4817.
bert.xtf <-- Double-Dash Fonts.
ernie.xtf <-- Double-Dash Fonts.
AUDIO\
(USUAL FILES)
FONTS\
Bert_Ate_Ernie.xtf <-- UDE font file.
XBOX.ftx <-- Original 5960 Fonts.
XBOX BOOK.ftx <-- Original 5960 Fonts.
XODASH\
(USUAL FILES)
*DASHDATA\ <-- 5960's Dash Data Folder
(USUAL FILES)
settings_adoc.bak <-- Backup of original settings_adoc.xip.
settings_adoc.xip <-- Renamed 'xboxdash.xbe' from D: 4034/4817.
E:\
default.xbe <-- Habibi Signed, default.xbe from PBL of your choice.
(Pheonix Loader Files)
TDATA\
(Usual Files)
\ffe000\music\
st.db <-- Devz3ro's edited st.db from Easter-Egg Exploit.
st.hk <-- Renamed original st.db for backup purposes.
UDATA\
(Usual Files)
Bioses\
xboxrom.bin <-- BFM Bios of your choice
Don't forget to include your dash of choice and all it's required files. Place them wherever your bios points to.
==================================================
Now with the current setup you will turn your box on and the UDE exploit should run launching your PBL and then finally your dash of choice.
When it comes time to play a LiVE game, either through a filemanager/script/FTP rename your c:\fonts\ ('xbox.ftx', 'xbox book.ftx' ---> 'xbox.xtf', 'xbox book.xtf' ). You will also need to rename through the same filemanager/script/FTP your 'xboxdash.xbe' to 'UDExboxdash.xbe' and finally your 'msxboxdash.xbe' to 'xboxdash.xbe'. (You might be wondering how in the hell is the original dash going to boot with the 'bert_ate_ernie' having the XTF extension. Well, the original dash doesn't care about 'bert_ate_ernie' it is overlooked. Therefore, we never need to change it's extension only the other two when we are swapping between modes.)
After reboot you should see your original dash and Live Access.
When you are done with LiVE and what to turn your hack back on. Trigger the easter-egg exploit by going to music -> Eggsßox -> select all -> copy -> type in 'Eggsßox' and finally hit done. Your PBL should boot finally launching your dash of choice once again. Rename your fonts back to the 'FTX' extension and your XBE's to their corresponding names. Reboot and your box is once again running the UDE Exploit.
In the future, I hope to see, as pedro does an XBE that can be launched instead of PBL/DASH when the Easter-Egg exploit is triggered that would rename these files back to Exploit setup and another XBE when launched from the Exploited Dash that would rename the files to LiVE setup. But currently you will have to do this manually. If someone wants, I don't see a problem with setting up a temporary package that has LiVE support as this setup.
A final warning, M$ likes to make updates that will cause us to have Error 21's on boot as with the latest update. So this may work at the moment but that has no guarantee in the future. Use at own risk.
To the exploit gods of the forum, let me know if you see anything I missed in the diagram.
Post by: TraZer on May 24, 2004, 07:55:00 AM
thanks anyway for all your support on this!
/TraZer
Post by: saucymonkeyboy on May 24, 2004, 08:12:00 AM
K: 4817
d: 4920
I am using the package that is available. so everything is signed properly.
I rename fonts to f0nts
put everythin where it is supposed to be
no font files in the c drive
bert_ate_ernie in the c drive
and all I get is the error 21
SHIZA
Please Help
thanks
monkeyboy
Post by: Angerwound on May 24, 2004, 08:16:00 AM
| QUOTE (saucymonkeyboy @ May 24 2004, 05:12 PM) |
| I am having the same problem as TraZer. K: 4817 d: 4920 I am using the package that is available. so everything is signed properly. I rename fonts to f0nts put everythin where it is supposed to be no font files in the c drive bert_ate_ernie in the c drive and all I get is the error 21 SHIZA Please Help thanks monkeyboy |
place bert_ate_ernie within a folder named 'fonts' in C not the root that is your problem.
Post by: saucymonkeyboy on May 24, 2004, 08:25:00 AM
saucymonkeyboy
Post by: SilverSurfR on May 24, 2004, 08:37:00 AM
| QUOTE (Angerwound @ May 24 2004, 12:16 PM) |
| place bert_ate_ernie within a folder named 'fonts' in C not the root that is your problem. |
but isn't update.xbe(now xboxdash.xbe) look for the fonts in /fonts first then goes to c/, if his /fonts is not there bert eatting out ernie should be loaded from c/ no?
Post by: SilverSurfR on May 24, 2004, 08:41:00 AM
Sorry For the double post... i'm guessing i can't delete it myself?
Post by: WBAGAM on May 24, 2004, 09:12:00 AM
Also Do I need to sign the PBL .xbe to get this to work????
And one more to top it off, If I use the PBL from Mordens Audio exploit wont it boot to E/MXM/Default .xbe??? How do I make it point to somthing else in order for this to work??? Like E/default.xbe???
Post by: Angerwound on May 24, 2004, 09:17:00 AM
| QUOTE (WBAGAM @ May 24 2004, 06:12 PM) |
| Alright Im gonna try this exploit when I get home but My question is If I dont want to sign every .xbe I have to load up PBL first right???? Also Do I need to sign the PBL .xbe to get this to work???? And one more to top it off, If I use the PBL from Mordens Audio exploit wont it boot to E/MXM/Default .xbe??? How do I make it point to somthing else in order for this to work??? Like E/default.xbe??? |
For your first question, yes you must launch PBL if you don't want to sign each XBE.
Second question, PBL needs to be signed with the HABIBI Key to be able to be launched.
Final question, you may use the PBL from morden's but download a BFM bios of your choice that launches a different XBE or just edit your xboxrom.bin that came with Morden's to point to a different file. Use XBTool to do this. Good Luck.
Post by: zorxd on May 24, 2004, 09:35:00 AM
| QUOTE (tullm @ May 24 2004, 04:43 PM) |
| Hi! First of all, thanks to all the people here who have created this exploit. And thanks to digisatman an jon20usa for helping me and for providing the package. The Problem is that even with this package I´m not able to get this beauty to run. renamed the fonts to f0nts, renamed all xtf files to _*.xt_. Uploaded all files from the package to c and e. still hanging on the xbox logo with the white letters under it. Kernel crashed, because of rebooting on eject. Kernel 5101 Dash 4920 Til now i´ve used mkjones bobw package which is great, but this here is more ultimate. ;-) Tried to put the right update.xbe also in xodash and put the bert_ate... to c/fonts as the only xtf there. But nothing helps. Any help here? Thanks regards tullm |
same problem for me
I checked the size and did a md5 checksum for the update.xbe and it didn't work on 3 different xboxes
all 3 kernels <5530
I took the update.xbe from slayer 2.5, put it as c:\xboxdash.xbe
I placed bert_ate_ernie.xtf on C:\, renamed the others xtf on c:\, and renamed c:\fonts to c:\f0onts\
I have pbl on e:\ and it worked for the double dash exploit so it is habibi signed
Post by: jason987 on May 24, 2004, 09:37:00 AM
I want a script for evox or somethin so i can acces slive dash and back again.
thinkin use easter egg but still need a script to rename all the stuff...
thankx
Post by: Angerwound on May 24, 2004, 09:41:00 AM
| QUOTE (jason987 @ May 24 2004, 06:37 PM) |
| Can someone give me some help with live dash... I want a script for evox or somethin so i can acces slive dash and back again. thinkin use easter egg but still need a script to rename all the stuff... thankx |
What exactly are you wanting help with? the action-script? or the overall setup.
If the latter, check my post on it on the page before this one.
For those looking for a script why not edit morden's script to install the audio exploit to do the renaming necessary. But an .xbe that could do this would be great that way the easter-egg could just point to this xbe.
Post by: anjilslaire on May 24, 2004, 09:48:00 AM
| QUOTE (Angerwound @ May 24 2004, 10:17 AM) |
| For your first question, yes you must launch PBL if you don't want to sign each XBE. Second question, PBL needs to be signed with the HABIBI Key to be able to be launched. Final question, you may use the PBL from morden's but download a BFM bios of your choice that launches a different XBE or just edit your xboxrom.bin that came with Morden's to point to a different file. Use XBTool to do this. Good Luck. |
Couldn't you puit all the pbl stuff in E:\, AND have mxm residing in E:\MXM, so you wouldn't need to edit Morden's pbl files?
As long as we put PBL in E:\, the dash can be anywhere the bios points to, correct?
So, E:\MXM\default.xbe is fine for the dash, if I put Morden's PBL files in the root of E:.
(I know I'm a little redundant, lol)
Post by: Dolfhin on May 24, 2004, 10:28:00 AM
Thanks for all the wonderfull work you guys did
Post by: Angerwound on May 24, 2004, 10:36:00 AM
| QUOTE (anjilslaire @ May 24 2004, 06:48 PM) |
| Couldn't you puit all the pbl stuff in E:\, AND have mxm residing in E:\MXM, so you wouldn't need to edit Morden's pbl files? As long as we put PBL in E:\, the dash can be anywhere the bios points to, correct? So, E:\MXM\default.xbe is fine for the dash, if I put Morden's PBL files in the root of E:. (I know I'm a little redundant, lol) |
Yes that would work just fine.
RMENHAL, can you write up two simple XBE's. One that renames files to LiVE mode and one that renames to Hack Mode? After successfuly running the XBE tell it to reboot. I am messing with OpenXDK and attempting something of this sort but I don't have the programming skills you obviously have.
Post by: TraZer on May 24, 2004, 11:54:00 AM
| QUOTE (saucymonkeyboy @ May 24 2004, 05:25 PM) |
| Angerwound, Thanks for the advice. I made a folder named fonts and stuck bert_ate_ernie in there, but to no avail. I guess I am stuck with the audio hack saucymonkeyboy |
I tried the same thing and I still got the same problem.... there must be some way to fix this
TraZer
Post by: WBAGAM on May 24, 2004, 11:59:00 AM
Will This exploit suffer from a corrupted file of anytype kinda like the audio exploit did when u hit the damn buttons wrong?????
Post by: TraZer on May 24, 2004, 12:02:00 PM
| QUOTE (rmenhal @ May 24 2004, 06:35 PM) |
| Could someone with a known working copy of digisatman's package post md5sums of all the files there? This way all these Error 21 -people could verify that the cause is not transmission error. Meanwhile, try running some other executable in place of E:\default.xbe. Take, for example, settings_adoc.xip from your dashboard. Sign with habibi: say "xbedump settings_adoc.xip -habibi" and copy the file out.xbe to E:\default.xbe. Still error 21? Try using bert_ate_ernie.xtf from the package uftest.tar.bz2 in http://forums.xbox-s...ic=217686&st=60 . Led blinks red now? |
I tried signing settings_adoc.xip with xbedump (-habibi ofcourse) and placed it as default.xbe in E: but I stil got the same problem (21)
something I just dont understand is how I unpack uftest.tar.bz2 at those CODE thingys?
I tried copy the text, pasted it in ultraedit, saved it and tried to umpack it with winrar but I must be doing something seriously wrong here.
Some hints please? haha
thanks for the tip by the way
/TraZer
Post by: Angerwound on May 24, 2004, 12:09:00 PM
Post by: TraZer on May 24, 2004, 12:11:00 PM
I have'nt slept for two days.... thats why I keep missing things *laugh*
TraZer
Post by: Angerwound on May 24, 2004, 12:14:00 PM
| QUOTE (TraZer @ May 24 2004, 09:02 PM) |
| I tried signing settings_adoc.xip with xbedump (-habibi ofcourse) and placed it as default.xbe in E: but I stil got the same problem (21) something I just dont understand is how I unpack uftest.tar.bz2 at those CODE thingys? I tried copy the text, pasted it in ultraedit, saved it and tried to umpack it with winrar but I must be doing something seriously wrong here. Some hints please? haha thanks for the tip by the way /TraZer |
Insure you have the correct update.xbe by checking the MD5sums posted earlier in the thread.
Insure that 'bert_ate_ernie.xtf' is located in 'c:\fonts'.
Again, try and boot. If same problem Error 21. Put the original fonts within the c:\fonts folder and see if your update.xbe will boot as it normally should, if you see it boot shut it off and check your fonts because the problem would have to then be with the fonts.
I see you fixed the problem n/m....
Post by: TraZer on May 24, 2004, 12:18:00 PM
/TraZer
Post by: Angerwound on May 24, 2004, 12:23:00 PM
| QUOTE (Jbob @ May 24 2004, 09:14 PM) |
| so the kernal is stopping the update.xbe from running even with new dash then so this exploit does work on 5960 dashes though meaning the patched buffer overflows arent relevant with this exploit (am I missing something, u did say u were running the exploit on 5960 didnt u? ok the new kernals wont allow the update.xbe but does the new dash allow the font to cause a buffer overflow with older kernals |
Any dashboard version will work for this exploit as long as the kernel is below 5713.. so yes my setup of K: 4034 and D: 5960 will work however someone with K: 5713 and D: 5960 would not.
Post by: fghjj on May 24, 2004, 12:32:00 PM
Post by: TraZer on May 24, 2004, 12:40:00 PM
is there anyone out here who has any idea on how to fix this? =)
thanks again by the way!
/TraZer
Post by: WBAGAM on May 24, 2004, 12:49:00 PM
Post by: Angerwound on May 24, 2004, 01:03:00 PM
| QUOTE (TraZer @ May 24 2004, 09:40 PM) |
| I have too got it to work now.... the only problem is that the graphivs flicker like crazy soo you cant almost see the text (it has to do with the focus chip) is there anyone out here who has any idea on how to fix this? =) thanks again by the way! /TraZer |
Look for PBL 1.4.1 it supports the focus chip and the screen shouldn't flicker.
Post by: WBAGAM on May 24, 2004, 01:05:00 PM
And thats it
Post by: john1545 on May 24, 2004, 01:08:00 PM
I did it several times and I"M POSITIVE I did it correct. Any help?
Post by: TraZer on May 24, 2004, 01:09:00 PM
Thanks everyone for your help
especially digisatman, Pedrospal and Angerwound
And ofcourse rmenhal for leading me on to the right track.... thank you soo much!
TraZer
Post by: Angerwound on May 24, 2004, 01:18:00 PM
Post by: TraZer on May 24, 2004, 01:22:00 PM
TraZer
Post by: PedrosPad on May 24, 2004, 01:39:00 PM
| QUOTE (Angerwound @ May 24 2004, 10:18 PM) |
| To clear up some obvious questions. Okay, to everyone, this WILL work for every dashboard version as of now, as long as your kernel is 5713 it is possible to get this to work. |
as long as your kernel isn't 5713 - actually
Post by: Angerwound on May 24, 2004, 01:40:00 PM
| QUOTE (PedrosPad @ May 24 2004, 10:39 PM) |
| as long as your kernel isn't 5713 - actually |
HAHA gotta love typos...
Post by: BluhDeBluh on May 24, 2004, 01:47:00 PM
Good work guys
Post by: tullm on May 24, 2004, 01:48:00 PM
still a problem here!
can´t pass the xbox logo with white letters under it!
Tried everything now.
doublechecked the md5sum of the xboxdash.xbe (renamed update.xbe) resigned the default.xbe from digisats package with habibi renamed fonts to f0nts and copied the bert_ate_ernie file to c and even to c/fonts/.
tried different bert....xtf files and made one by myself from the first post.
No luck here!
kernel 5101.
any help on this?
thanks
TUllm
Post by: tullm on May 24, 2004, 02:13:00 PM
UPDATE here:
tried the testfile for bert....xtf and now I see the phoenix logo and the led blinks for a second.
but after that a black screen and kernel crashed.
regards
tullm
Post by: BluhDeBluh on May 24, 2004, 02:29:00 PM
Post by: PedrosPad on May 24, 2004, 03:04:00 PM
| QUOTE (PedrosPad @ May 24 2004, 09:16 AM) |
| I'm assuming that, by the time you've performed all the XBOX!Live updates to the latest Dashboard/XBOX!Live console, the font overflow bug would be fixed. A best-case-scenario is that the additional check simply steps over loading an overflowing font, and carries on looking and loading the remaining fonts what match the *.xtf wildcard. Since rmenhal has found that the 4290 update.xbe only loads one font, it may possible to the put the two retail fonts and bert_ate_enie in C:\ and force the order of the *.XTF file enumeration. Either by file renaming (relying on a sort order), or re-writing the raw directory sector. |
Some progress on this,
I updated to Dashboard 5659 - hoping that it would just skip invalid fonts.
I've found that it is possible to force order of the *.XTF font file enumeration. They're presented to update.xbe in raw directory sector order.
You simply delete the C:\fonts folder, recreate it, and add your fonts in the order you want them. bert_ate_ernie.xtf first, followed by the retail fonts. I managed to get the UDE to load PBL fine, with all three fonts present. I used the LED/test version of bert_ate_ernie (33k), and still had to modify it slightly, so it jumped 256 bytes further into its catch net. But it worked
.Oddly enough, when I then booted directly into the 5659 Dashboard, with the three fonts present - it crashed.
(I suspect this is to do with the mix of XTF0 and XTF1 format fonts)Still and very interesting result I think. rmenhal, any chance you can take a peek at what's going on under the hood?
Post by: Kthulu on May 24, 2004, 03:32:00 PM
i already have something with MS XDK, but this is my first creation so i need to go back and do a little error checking and fix the paths to whatever they need to be. i just dl'd and built the openxdk files, but i have a feeling i'm gonna have to go thru alot of trail and error to get my project setup right and compiling with them.
of course, this is so simple it wouldn't surprise me if someone has already made these renaming xbe's and i just missed it in the thread. if that is the case, please excuse me.
Post by: WBAGAM on May 24, 2004, 03:45:00 PM
Post by: Angerwound on May 24, 2004, 04:21:00 PM
| QUOTE (Kthulu @ May 25 2004, 12:32 AM) |
| would you like those font-renaming xbe's compiled with OpenXDK or with MS XDK? i already have something with MS XDK, but this is my first creation so i need to go back and do a little error checking and fix the paths to whatever they need to be. i just dl'd and built the openxdk files, but i have a feeling i'm gonna have to go thru alot of trail and error to get my project setup right and compiling with them. of course, this is so simple it wouldn't surprise me if someone has already made these renaming xbe's and i just missed it in the thread. if that is the case, please excuse me. |
nope, no one has.... PM me.
Post by: mckenn88 on May 24, 2004, 04:38:00 PM
Post by: pennywisdom on May 24, 2004, 05:09:00 PM
). Perhaps I had done something wrong, but it still did not work. I then signed the default.xbe (PBL) that you sent me with habibi, and after that everything worked perfectly. I think that maybe with all the things that I had tried, I had messed the file up, but it works great now!!! With debug enabled in PBL, EvoX loads incredibly fast!I also successfuly hexedited the bert_ate_ernie.xtf file to boot PBL from partition 2 (C:) so that I could have all of my bios/dashboard files on the same drive, keeping my E drive clean. Perhaps it was just me, but I could swear that PBL/Evox booted even just a tiny bit faster.
Just for everyone's information, i was using a 1.3 xbox with K:5101 and D:4920.
Cheers to all who are part of this great scene, and special thanks to PedrosPad, Rmenhal, Angerwound, and last but not least, Digisatman!!
Post by: chimpanzee on May 24, 2004, 06:36:00 PM
Post by: WBAGAM on May 24, 2004, 06:58:00 PM
Preffably one I dont need to use XBTOOL for to repoint it to the root of E
Post by: Kthulu on May 24, 2004, 07:39:00 PM
| QUOTE (WBAGAM @ May 24 2004, 09:58 PM) |
| Whitch bios should I have PBL point to when I turn on my box Preffably one I dont need to use XBTOOL for to repoint it to the root of E |
i'm afraid you're SOL there. i think most bios only look on C:\ for dashes/xbe's. you could always use X-Selector if you hate bios-editing (i do), but then you're going to add a few more seconds to boot-time.
EDIT: ...but i recommend any of the last 3 xecuter bios. they'll prevent you from accidentally stepping on Live and getting banned.
Post by: krayzie on May 24, 2004, 07:39:00 PM
Post by: Angerwound on May 24, 2004, 08:39:00 PM
What they basically do:
Well a hacked state would consist of: (All based on my diagram posted earlier.)
*Don't forget that all the other files within the diagram need to be on your Drive as well the files being mentioned are just the ones that are getting renamed.*
c:\fonts\xbox.ftx <--- Original Font Renamed
c:\fonts\xbox book.ftx <--- Original Font Renamed
c:\fonts\bert_ate_ernie.xtf <--- Font Hack Files
c:\xboxdash.xbe <--- Renamed 'Update.xbe' that is launching our bert_ate_ernie
c:\msxboxdash.xbe <--- original 5960 'xboxdash.xbe'
LiVE State would consist of:
c:\fonts\xbox.xtf <--- Original Font
c:\fonts\xbox book.xtf <--- Original Font
c:\fonts\bert_ate_ernie.xtf <--- Hack Font (Notice the file never gets renamed)
c:\xboxdash.xbe <--- original 5960 xboxdash.xbe
c:\hackxboxdash.xbe <--- Renamed 'Update.xbe' that launches out bert_ate_ernie
Okay, the 'RestoreLive.xbe' will change the layout to LiVE State.
The 'RestoreHack.xbe' will change the layout to Hack State.
ATM, these should only be run when all files are present otherwise crashing may occur.
RestoreHack can be launched via the EasterEgg exploit.
RestoreLive via your chosen dash.
Post by: meerdorf on May 24, 2004, 10:35:00 PM
Post by: PedrosPad on May 24, 2004, 11:33:00 PM
| QUOTE (PedrosPad @ May 25 2004, 12:04 AM) |
| I've found that it is possible to force order of the *.XTF font file enumeration. They're presented to update.xbe in raw directory sector order. You simply delete the C:\fonts folder, recreate it, and add your fonts in the order you want them. bert_ate_ernie.xtf first, followed by the retail fonts. I managed to get the UDE to load PBL fine, with all three fonts present. Oddly enough, when I then booted directly into the 5659 Dashboard, with the three fonts present - it crashed. (I suspect this is to do with the mix of XTF0 and XTF1 format fonts) |
If anyone wishes to verify my findings:
However, with I then
Still, I feel this is one step closer.
- Install Dashboard 5659 (and confirm it boots Ok)
- Rename C:\xboxdash.xbe to C:\xboxdash5659.xbe
- Copy and rename the 4290 C:\xodash\update.xbe to C:\xboxdash.xbe
- Rename C:\fonts to C:\fontsOrg
- Create a new C:\fonts folder
- Put the attached, modified, bert_ate_ernie.xtf font in the C:\fonts folder first
- Copy the remaining fonts from C:\fontsOrg to C:\fonts
- Reboot.
However, with I then
- Renamed C:\xboxdash.xbe to C:\xboxdashUDE.xbe
and - Renamed C:\xboxdash5659.xbe to C:\xboxdash.xbe
Still, I feel this is one step closer.
| QUOTE (rmenhal @ May 25 2004, 01:40 AM) |
| Dash 5659 probably reads the font files in the same order as every other dash XBE does. So it too reads the invalid font file bert_ate_ernie.xtf and crashes. If you change the order so that dash 5659 works, then update.xbe won't read bert_ate_ernie.xtf and then the exploit won't work. If there was a difference in the reading order between 4920 and 5659, then it would be very useful. |
I agree that it's likely that all the Dashboards read the XTF files in the same order (raw directory order) , but I thought all Dashboards after 4290 had the font overflow bug fixed - so they shouldn't crash. I hope they simple step over invalid fonts, and keep looking.
Another interesting observation is that if you hex edit the header of the original bert_ate_ernie.xtf from "XTF0" to "XTF1" UDE no longer works - by complete contrast - I needed to change the header on the attached modified bert_ate_ernie.xtf to "XTF1" in order to make it work. - My theory is the font loader elects to load the latest version of a font, when two fonts for the same typeface are available.
bert_ate_ernie512_24.uue
Another interesting observation is that if you hex edit the header of the original bert_ate_ernie.xtf from "XTF0" to "XTF1" UDE no longer works - by complete contrast - I needed to change the header on the attached modified bert_ate_ernie.xtf to "XTF1" in order to make it work. - My theory is the font loader elects to load the latest version of a font, when two fonts for the same typeface are available.
bert_ate_ernie512_24.uue
| CODE |
_=_ _=_ Part 001 of 001 of file bert_ate_ernie512_24.zip _=_ begin 666 bert_ate_ernie512_24.zip M4$L#!!0````(`+(ZN3!XB/G`J0,``(8!"``8````8F5R=%]A=&5?97)N:64U M,3)?,C0N>'1F[ MQ M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M````````````````````````````````````````````````````_&<>_I4O M(4U_/-UW>.CV\-6AON,#8X.#P[=&=O:='1@K#A>'1V_F0V=J,8-#UP9*-XH[ MQJ\,A99\NMB5UE1:C]-ZEM;5S-*[\#J$S+WDZ/[J_J;DV/CB>:8]N=M9[3A8 MG=B;+)N<*:[:]C;)WD^'ALSWZ?@UF=AW_5'ZL1`*S85<;:Z02:=EBU/2?V+R M8W%UN>O\A>Y\:7GY3GLF9$*QHS+?4]_]J.]*W]+-JXTGITH_?K;E9L^5/]=J M"[6VS;/EW1^2N>V7T^E74CJ0;)K\6&J]'MI#J/5V5]Y4F@J9I=N%6N^1WY5/ M^9F7(1O"_/2#EEJE)UN]TUPM-;:].)6;GWK:]:1:VMKV_-2>^:E"0ZUW;USX M`U!+`0(4`!0````(`+(ZN3!XB/G`J0,``(8!"``8````````````(`"V@0`` M``!B97)T7V%T95]E ` end |
Edit: now has the right attachment.
Post by: Australian Rat on May 25, 2004, 12:07:00 AM
| QUOTE |
| I agree that it's likely that all the Dashboards read the XTF files in the same order (raw directory order) , but I thought all Dashboards after 4290 had the font overflow bug fixed - so they shouldn't crash. I hope they simply step over invalid fonts, and keep looking. |
lol, betting soon if this is true new dashboards start 'co-incidently' crashing if fonts are found which aren't meant to be there
Post by: rmenhal on May 25, 2004, 12:49:00 AM
| QUOTE (PedrosPad @ May 25 2004, 08:33 AM) |
| I agree that it's likely that all the Dashboards read the XTF files in the same order (raw directory order) , but I thought all Dashboards after 4290 had the font overflow bug fixed - so they shouldn't crash. I hope they simply step over invalid fonts, and keep looking. |
Did it really crash or just give an error screen?
Post by: tullm on May 25, 2004, 01:11:00 AM
thanks again for the good work and support here!
With your new testfont I´m able to get this baby running!
It bootet all fine, but the led is blinking red.
Done booting 3 times now and it works.
everytime the same bin file content:
>“•# < without the <> in the notepad and
"93 95 23 00" in winhex.
Hope that helps.
So what´s the Problem here with the "normal" bert_ate_ernie.xtf file? Any Clue?
Is it possible to get the second testfont from you without the blinking LED, or another working font?
Many thanks!
regards
TUllm
This post has been edited by tullm: May 25 2004, 08:12 AM
Post by: PedrosPad on May 25, 2004, 01:21:00 AM
| QUOTE (rmenhal @ May 25 2004, 09:13 AM) |
| Did it really crash or just give an error screen? |
Reboot cycle - if I recall correctly (which surprised the hell out'a me, thought I'd got it cracked).
Post by: rodpad on May 25, 2004, 01:22:00 AM
thanks to digisatman for making the package, and of course pedros pad for making this possible :)
4817
4920
Post by: PedrosPad on May 25, 2004, 12:53:00 AM
| QUOTE (rodpad @ May 25 2004, 09:46 AM) |
| and of course pedros pad for making this possible |
*cough* - actually I just talk too much - it was rmenhal who did the magic.
But thx.
Post by: rodpad on May 25, 2004, 01:57:00 AM
one problem though... i've always only had the 4920 dashboard... do i now need a newer hexed dashboard to after i've got this working (so i can launch the msdash from evox to change video settings when i wish)
i tried to hex edit the 4920 dash, but there's no sign on "fonts" in the xbe to replace :/
Post by: PedrosPad on May 25, 2004, 02:02:00 AM
| QUOTE (rodpad @ May 25 2004, 10:21 AM) |
| one problem though... i've always only had the 4920 dashboard... do i now need a newer hexed dashboard to after i've got this working (so i can launch the msdash from evox to change video settings when i wish) i tried to hex edit the 4920 dash, but there's no sign on "fonts" in the xbe to replace :/ |
"fonts" in the XBE is in UniCode - so search in hex for "6600 6F00 6E00 7400 7300".
Post by: rodpad on May 25, 2004, 02:02:00 AM
EDIT : goo! got that working too.
this is a piece of piss! cheers guys! :)
This post has been edited by rodpad: May 25 2004, 10:26 AM
Post by: tullm on May 25, 2004, 03:34:00 AM
OK, got it working with the second testfont, but with that blinking red led and the adix.bin file.
Now I hexedited 2 different xboxdash.xbe ( MODxboxdash.xbe ) to point to the new f0nts folder, but all I got when I load it is error 21.
I Have the Original fonts in there ( with xtf extension ) and bert.bak ernie.bak and the originals with fnt extension.
Why does it not working here?
yna clue on this?
thanks
tullm
Post by: rmenhal on May 25, 2004, 04:06:00 AM
| QUOTE (tullm @ May 25 2004, 09:35 AM) |
| So what´s the Problem here with the "normal" bert_ate_ernie.xtf file? Any Clue? Is it possible to get the second testfont from you without the blinking LED, or another working font? Many thanks! regards TUllm |
The landing zone (or catch net) in the "normal" bert-ate-ernie gets loaded in the wrong on your xbox. The problem is that the landing zone cannot be made very large. It should have been large enough in uftest.tar.bz2, but it looks like it (or the rest of bert) gets corrupted more on your box than many others (and that's likely the reason PBL booted so flaky.)
| QUOTE |
| Is it possible to get the second testfont from you without the blinking LED, or another working font? |
Here. This should work for kali too and everyone who has the first one working. "Updating" is not necessary and not recommended, though.
| CODE |
begin-base64 644 updatefonts2.tar.bz2 QlpoOTFBWSZTWXMA21sAJvz////////////////////////////8JigwI2li YaigbWz94CNfIAAAAYAAAAAAAAAAAG7wMAbfQSK4NihuNspoi2O24gDoFBx1 JQm2kUqLbSozazlSDo0BwByQ0AAA0AGhkAaAAMTJoBk9R6gNAaA0BoDQGmht QYmjTQab3/qqqaNNBoxADQaBoB1EMgMgBoxMgA0BiZGEyaNAAAaAAGmhhABk aNGQNAAf/+1VUoAAGmgGQNBkDSRJimnpGjU9Bppmp6Pe1Kn4JqqeVP0/Kpqe 1NT/9VNSGR6RoPUaGhkAGmgMgNAAAGgAAAH+qgABoPUaBEkSknlMm9U0eo9R 6n/qqb//eiEqKmelJso9TTwFGam1DeqHqBoAAAAAAAAAAA9QADIAAABoFKFI aAAAfqj//9UkxVQAaA0DfqoAAAAAAAAAAAAAAAAAAAAAAAkSQICCaTEaPT1G QeKjA/KEnmpPU1P1TZNTYKGm1NGnoQwTJtQ0aDQ0NBiGgxNAAaDQA0AyD1Gn 8pSmv+873wuH07dZxdlvVOhH/qAJNHovb6GLh6nYcjm9t0e9974njeR9Hzfu fg/H6P5fS/Z+/0/6f19Xp8Tqf1frwIF+5garA4PC4XErs0tO/wNTi6nX6uXw dbOyEjJZ6Ty8pn5XQaHRSMho9JpdNLS+nlYWo1MPVQoWT1es1sPXa+Yh7DY7 LZ7TazMxttvuNzut3NTO83u+3/A4M3NcLh8Ti8bjzk3yOTyuXzObOznOnuf0 J7oz87En+lE6fU6sSgoaLrUfX7FFSdml7Xb7ndpabvU8Dv1FP4PDU+Kq8fkq fL5qvz+israuu9PqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQQQQQQQAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq qqqqqqqqqqqqqqrCwsGD28PhsGDDehhYNqwYPnw/I4H0vB6XjhIXhk0LX9Cj 39SR59Hd3iYEgEkHj/4hIXJ9D6Hyvie+43tfYes9L3nX8x5Th6e/I58+ezPn z58+fPn2pDMNBAAisRECd4yIjXPiI1rj2/8eZmZmZmZmZmZmZmZmZmTmZ7au zP27u7u7u7u7u7u7u7u7u7u7uuv5Ntttttttttttttttt/D/c/4dl3d3d3d3 d3d3d3d3d3d3d3YAAAAAAAAAAdz8CGkkkkkkkl7wkkkkkkkuvaSSSSSSSSSS SSSSSXtq75JJJJJJJJJJJJJLokueojx9fMcBYzUHN81Q0OEhMaDoM1WxpTA1 GGEt40C9sMVKfdUCIkFoaU5KhLuDursu6ZbXcrKY6rQaZLvO8oyshSqRymJ5 K0PeDY3leL4kxNeDNG9mxtBA0m0lnMPRM0vT0Tw3EFDGNtg1IY87aKiAZNRE TsVMBA0Gq0hd/NZZZZZZZZZZs7LLLLLLLLLLLLLLLOrsss3JuNjyuQ4+txX4 fk6WPb3O/la05TFFEod4n67TcBMFyphXhmJ6iODFBemjRdy3RagscMnt5tqH cmC5QTPyfBnuz0RV4V7WzKbly1VnX8maZZfptInZU8zkxJ2jWt5u0ypUUUmb TblR5W2pPLrt8fSPpZeyifacahtkE1Gf5HH2vnZXs93elm9XLasc1gHb1UpT V5/NpSlKdCllKUpSlKUpSlKUpTv8uXLly5cuXLlygAAAAAAeNHoV7iqqqqqq qqqqqqqqqqta1rWtQAAAADRYUpSlKUokkkkkkkkkkkl7n/7wvSbbbbb9S222 2222222z4yPwc90qqqqqqqqqqqqqqqqqqrpVVz1ERERvjWo0AAAAAAAAAdAE AAAAAAAAAAFgAAAAAAAAAB9LVNtttttttttttttttzMzIAAAAiIiIiIiIiIi IiIiIiIiIiIAAAAAI0ERERAAAAAAAB0A5xGtaiJmZmZmZmZmZmZmZmZmZ6TM gAAAAAAAAAAf3AAAAAAAAAAB9g0kkkkkkkqUpSlKUpSlKUpQAAAAA4uiSSSS SSSSSSSSSSSXd18CkkkkkkksGDBgwYMGDBgwYMGDBgwYBaqSZppgHODTNscI xUbFXIXVVaevPUg4JUVMoPF3hIm83emuU9m6JNXAomUiZ8uIVx5lo86ntXbO UPL7KAv0UWxHMjZjc0pX+Zwufa5N6j2Nq1tr1+/1HU2rdvOv0m3ukX82qaeL 2dzMq84ptO9PVy3czXPJbKmanrLl90uiHKKJUkzmmtXfixTctPKldu5+tfoz PzbzJkyZOs3e3yZMmTKyZMGTJkyZMcccccccc+OOOaUpznKQAAAAZ0yQAAAA AAAAAAHpgAAAAAAAAAB58AAAAAAAAAAB/iu9xHpx58cuUco53kcuUZmZmZmZ mZmZmZmZmZl73vcAAAAA2Xdtq2Oda1rWta1VVVVVVVVVVVVVVVeVHlw/UNtt ttttttttttt9G3zjUdsRxGtR6XGojWvkuNaiIj3FVVVVVVVVVVVVVVVVVVe/ 1Vez60kkkkkkkkkkkkkkkt+DuOI4jjjzNR5fHPXHl8Xd3d3d3d+ru7u7u7u9 DQ0NDQ0NDQwda9A6HPhND2qbTbBjIaGMhzjPkfHVVVVVVVV01VVVVVVVVVVV V3Nzz/i7vK6etVWOBmPuySSSSTpk8kkkkkkkkk9Ttdurb7QjAKxWK0ZUxjGM YyxlQYxgr4dBjAHYSSSSSSSSSSSSSSevr6yMhJJJJJJJJJJJJJJJL5fyY1Wv G1F9bFNxe9oc05Qgo3ORAw9rMB5uq5kSNV7spUILY9BgTQEONoAM6gqGgnph pjR7jRTCMY8vy9LJOc56M9Kc5znOc5znOc5znOc+fOc9aegEH2O2VKwiCYYA A9oUFK07pNCWJO/K+ncdJyyJqCJ1KJxSgNYaXnu2xJa84QlhDALAGIBuBiIg H+NO2223j28S223Stttttttttttttttt59trbdzbDB1E2E2MCbuhJto2CSTp aRJPFJJJJJJJPX19fX1+HnlcXHGvEuOXV4vhZmZnqszMzMzO5mZmZmZmZmWW SFqj7W84K7NhDExByZtFHBmHH1cDnOc7Sdkc5znOc5znOc5znOc5znO1rAvm 5hNsCQwhqYK8MiSTokkkkkkkkkkkkk2c7bclShno2Lzk6SqqrjVVVciqqqu9 73ve973ve97vxL9bGud8uPDjtzMzO/zMzPVZmZmZmZmZmZmZmR2d1xHKuNd3 wOq7u7u7u7u7u7u7u7u7vpd3zjUeJxGtR5kR7DlGojnxGo1Gm2222222282b NmzZs2bNm182bNwdXU32T4MG7reo3eHrYxxGcKMHE4rnOc5znOc7ssOHNw4c OHDhw4cOHDhw4cOHDzkbCQ0NgPAOBJNdNhqPBj1scd8236htttt9xttttttt v5mPa/ENtttttttttttttttzMzMzMzMzMzMzMzMzMzMzP8oAAAAAAAAAATMz MzMyAAAGYAAAAZ+3z8/PkALYNWOSNQwEduwDoDAyDARo6Ojo5mZmZmZmZmZm ZmZmdMzPhPfvK9H8yK9PI/Tjnve9+p3ve1VVVVVVVVVVVVVV4/CD0+ft3XsZ /z/ZJJ0SSSSSeYSSSSSSSbRDyru6qG5y2M648QYiSSSSSSeQSSSSSSSSTdv/ WG2KzZZZZZZZZZZZZZZZZZZZZZZZZZmZmZi/Uj6Dl18a4+C+cjMzMzMzMzMz MzMzMzMzMzMsAAAAAAAAAAH53e7OO2O/u7u7u7u7u7u7u7u7u7vpd3ziNRqP E41rURAAAAAAAAAB0A9joAAAAAAAAAAL9GPbtttttttttttttttt/rR2djbb bbbbbbbbbbbbbfsI+LjXtIi7447MzMzMzMzMzMzMzMzMzMzMztinVVVVVVVV VVVVVVVVVVVVVV3QAAAAAAAAAA8XXvUd2PPjy47+qqqqqqq7lVVVVVVVVVVd KqueoiIiO/4jUakAAANcDONulv0uclhhhhhhhhhhhhg222222222/TiuPQ8a O3rj18dW973ve973ve973ve973ve973ve9+yjx499+UhtttvwG2222222222 39Rr63X7Gm222222222222222/IgAAAAAAAAAAPXwAAAAAAAAAAHkdve+d7e Or2PPwMzMzMzMzMzMzMzMzMzM6Zmc9a18jxEa1ER0AOoAAAAAAAOgEzIAAAA Ni46WSWSeSVMuWcskpyyyokkkkkkkkkkkkkkl75vxo8+G2237q2222222222 238t4Ps9d646ufLq58ctRy5xxEd7q87xd73ve973ve/V73ve973ve973ve97 mZmZmZmZmZmZmZmZmZmZmfaxrcaSSSSSSSSSSSSSSSSeuoAAAAAAAAA6Ac9R CjXGtajsio8jtiJkJsGDbDPTY1hYkSGkGsOrd98VDNiZLt06FkGd2y2+kFvs krh4H2x0as0Moa1VZMXmXFAsq6eBU3OZRTVliObmnUTz1T9sxoZnRnH2BQol T25zjUrTUCAM5jAgA1b7779i+++++++++++++++++++++/Xvvv9Pv75G8360 Ox1wOMcBj334obUk7iZwuSdagk0I49wRJkpSlKUpSlKUpSlKUpSlKUpSlKUv IdEdTlDME9b2qVh2Ed8gPBXhw40Rww9nkxPwjoDIMYAFb3ve973vfpaj3ve9 73vxYsWLFixYsWLiaFdkQySSxtiI2z0WN4a0aYb1SKIAgaapJC60fMGItCU9 pWxlscCntJFCTw4XOc5znOyOc5znOc5znOc5znOdwQ8CzvWI9hZHdRB6TiCe K3pBxbUTOi7Kid7gtsPcqm3dpvOk1BnGJwIFQK5eSbpnRYLgIOUe7j7QDUyg IE0ZhkkTNnfIgMu9BSmlaidNksyg9vlq/1AugGoXTU5WdnTGz6/fmYSRmLMy jMSt7F37vIF2ZULZK0bU2gXUy8KYKFuDtjN5RmLdYmM1qgNMMA4mDJSlKUpS lKUlTNSlKUpSlKUpSlKU2+hwoGCq5N7mOizAnNFSqqqqqqqumvHVVVVVVVVV VVdvVhe08KNdWm222233Pdm222222223H2vk69HiI16XWZB8GeY2H0GHXGxH cSkdHtHOt+T3mKFzGcBydSJ0Jgr6VWrOc5z1ZznOc5znOc5znOc5znPXnOdY QcO10rAzAgAyG1DhttEIBMggUxrjg4gnO5FAQjS7TnTTNPenrympPGdeqSlo awdEiekyiUtUulRMkQDJGMYxjGMY6kYxjGMYxjGMYxjrxjH938e479m0ELEH uQxIMVVVVVVVVVVVVVVVVVVVVXLvMeGcvf7nrJhYN0b5JJJJJ5BJJJJJJJJJ O8gHDygHlobrCwWxuQm2Fjt1ygVTegRdvqfTm5gwrov3Hjx48eZjysePHf2U IQhCEIQhCEIQhCENroCflgNzeXDzuzFYGukwgwNQBIoPMpjYjMmEdoML3ve9 73vfyOS973ve973ve973ve/ocHKqYzdNDN0RutsaClQ4hUSlIINEJhbyp0ig TqmIKmVYq66wjGIweTxY8RJJJJOpxySSSSSSSSSsjjRv5dycPhsOuN8jjLHy 27fH3Cz+Jq2mRMaVAXCFsF1avO4T7ERTOcZCaMsDZkrZKfSCAFlvO2Zdrrrr rrrrrrr6qvPrrrrrrrrrrrrrrrrr3KOEtOE91KJPawEwGjke8DBUipJEwYA/ AiJxmNa1rWta1uo1rWta1rWta1rW67Wtr1Go1rr1xGtRAAAAAAAAAB0A7fXa cPaBtIkxYk5hTiGQ1ob2JaJwtVil98uGEklcN/krGjUiIxlQSoVAaQ6NQAyP e973ve9/G1Hve973ve978WLFixYsWmbo4mGRu09ttpSdAqN8LHsb0tCMiInS Up98kO0kYS6SnXEnEUzjU/Dqhk6ukSePHjx48ePHjx5uZjhCEIQhCEIQhCEI Q8WADU26+x1sAQYNCqpmszYq6NWDXc8Yhp2iBWkjDJEZ6Q1UNBaHLCGIvBQT 1IKqgZiSoZMI3hxR0caY0SsYmMRnFGkNGMYxjHVjGOr2UeZGMYxjGMYxjGMY x8DnR1U9EeuLKiJAbg2AwdUVJvAdsBHu++8PR6QxAdUcZETt/uJw3dLmdzdd dddhuuuuu5121dddddddddddddddddc2IjXnR5PLiOG222222222222222/h V6EePrnGoqqqqqqqqqqqqqqqqqqqqquz12o971yjjiOXLlxom6kmTDZCgcOY JSlIhsY+aEKEb1a2v2fac/CIgDEB9/k4IQhCEIQhDVhCEIQhCEIQhCENeEIV hBv7QqEixbRrWkhQNCmJ4EQNADGxoG0YiNca1qIu7u7u7u/WXd3d3d3d3d30 u783zdbjzdVVVVVVVVVVVVVVVVVVVVVXsvWQAAAAB3AiIiIiIiIiAAAAACIi IiIiIiIiIiIiIiIiIiIgAAATMzMzMzPwwAAAAAAAAAARzmZkAAADOM05ylPQ 5JSlsPByyylKUpR7nlEREeHz75JJJeAkkkkkkvDSS6JL8YAAAAAAAAAAP9/M SSSSSSSSSSSSVKUpSlAAAAAD2PE775a1rWta1rWta1rWta1rWta1rWta1AAA AAAAAAADMAAAAGcZpT/fJOU5z6fJKUpzl0n/dja1rWta1rWta1rWta1rWta1 rLWsAAAA2dnZ2dnZ2ex6mn4e9HjdjxPGa1rWta1rWta1rWta1rWta1rWta3Z AAAAAfbouS/bR/Te973ve973ve973ve973ve973ve4AAAAAAAAAAaOUpTlKU 5zlLQREAAAAAAAAHQDnrUa1ETMzMzMzMyAAM4AAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAzAAAABnGac5TnKQAAAAZwAAAAAAGh0+UpznKUdx02XNKU5zlLN/ uWUkkEn0WkJB8Dz/SLtE4gR2rAF6bEJ4L2XMCSC5igEkHkbEAkgulUAkg0en B6wJIGk2wSQNJtgkgaTbBJA0m2CSBpNsEkDSbYJIGk2wSQNJtpCQX4ShtISB pNtISBpNtISBpNtISBpNtISBpNtISBpNtISBpNtISBpNtISBpNtISBpNtISB jAEISy7enwe1+D5mp/nX9X1PU1uT630+X+kBAJIORtDZ+Z0sG2BJBt+w24Tl ACASQTgkg58wkaXjThzbu4o8v/k9//xdyRThQkHMA21s ==== |
Post by: rmenhal on May 25, 2004, 04:08:00 AM
| QUOTE (PedrosPad @ May 25 2004, 09:45 AM) |
| Reboot cycle - if I recall correctly (which surprised the hell out'a me, thought I'd got it cracked). |
Oh.. I guess I should check why it crashed, then.
Post by: TraZer on May 25, 2004, 03:34:00 AM
Post by: PedrosPad on May 25, 2004, 03:45:00 AM
| QUOTE (rmenhal @ May 25 2004, 12:30 PM) |
| Here. This should work for kali too and everyone who has the first one working. "Updating" is not necessary and not recommended, though. |
More excellent work rmenhal,
Now! - back to me,me,me,me,me
Now! - back to me,me,me,me,me
| QUOTE (PedrosPad @ May 25 2004, 08:33 AM) |
| Another interesting observation is that if you hex edit the header of the original bert_ate_ernie.xtf from "XTF0" to "XTF1" UDE no longer works - by complete contrast - I needed to change the header on the attached modified bert_ate_ernie.xtf to "XTF1" in order to make it work. - My theory is the font loader elects to load the latest version of a font, when two fonts for the same typeface are available. |
I think I need a bert_ate_ernie that works then the font header is "XTF1" - I didn't suspect this would matter, since the font is never interpreted - but it does make a difference. That way, when it's along side the other two retail "XTF1" fonts in the directory, it won't be superceded. I know you're curious
PS. I edited my earlier post, containing my clumsily modified bert_ate_erine, so it now has the one the post was talking about.
Post by: tullm on May 25, 2004, 03:56:00 AM
Don´t no if it helps, but good to check before opening the box
regards
tullm
Post by: tullm on May 25, 2004, 04:49:00 AM
To use a softmod exploit you have to sign every xbe file u want to use!
You got the audio hack running? Ok, but also without pbl, right?
Then just put evox or something on e as default and go on and sign everything!
regards
tullm
Post by: PedrosPad on May 25, 2004, 04:52:00 AM
| QUOTE (rmenhal @ May 25 2004, 12:32 PM) |
| Oh.. I guess I should check why it crashed, then. |
Don't laugh, but I kind'a grew your landing zone from 32k to, er, 512k (I started at 1Mb and binary chopped until it worked)
- Pedro suspects that this wasn't helping with the reboot issue. What I think is happening is the update.xbe enumerates through all the fonts in C:\fonts, and peeks into the headers to build up a dictionary of typefaces-to-filenames. It then selects the typeface update.xbe wants and loads in the XTF.
- With only bert_ate_ernie.xtf (XTF0, typeface "XBox Book") is present, the dictionary only contains one entry, the exploit addresses in bert_ate_ernie.xtf are correct, and the exploit fires.
- When Xbox.xtf (XTF1, typeface "Xbox") joins bert_ate_ernie.xtf (XTF0, typeface "XBox Book") in C:\fonts, the built up dictionary now contains two entries - even through only bert_ate_ernie.xtf matches the required typeface of "Xbox Book", and gets selected for loading, the extra dictionary entry, created for Xbox.xtf, throw the exploit addresses out, and it crashes.
- When Xbox Book.xtf (XTF1, typeface "Xbox Book") and only bert_ate_ernie.xtf (XTF0, typeface "XBox Book") are in C:\fonts, I think the single "Xbox Book" typeface dictionary entry is 'updated' when the XTF1 format font with the same typeface is encountered. Meaning that update.xbe loads in the retail Xbox Book.xtf font, and the exploit doesn't fire. Update.xbe actually came up and functioned as M$ intended.
- When bert_ate_ernie.xtf (XTF0, typeface "XBox Book"), Xbox Book.xtf (XTF1, typeface "Xbox Book"), and Xbox.xtf (XTF1, typeface "Xbox") are all in C:\fonts, I think two dictionary entries are created, throwing out the exploit address, and the Xbox Book.xtf (XTF1, typeface "Xbox Book") font, replaces the bert_ate_ernie.xtf (XTF0, typeface "XBox Book"), and believe Update.xbe actually came up and functioned as M$ intended.
- Modified bert_ate_ernie.xtf to XTF0, typeface "XBox". When it was the only font in C:\fonts - the exploit didn't fire. In fact, Update.xbe actually came up and functioned as M$ intended but with no text. I concluded that this was because Update.xbe couldn't find a font with it's required "XBox Book" typeface, and, thus loaded none.
- Lengthened the landing zone in bert_ate_ernie.xtf (XTF0, typeface "XBox Book"). Verified it still worked on it's own, then added Xbox.xtf (XTF1, typeface "Xbox") into C:\fonts. Exploit fired. I concluded that the additional dictionary entry for the other typeface was indeed changing exploit addresses.
- Added Xbox Book.xtf (XTF1, typeface "Xbox Book") to the two fonts above. Update.xbe actually came up and functioned as M$ intended. I concluded that Xbox Book.xtf (XTF1, typeface "Xbox Book") was superceding bert_ate_ernie.xtf (XTF0, typeface "XBox Book") due to it's later XTF1 file version.
- Modified bert_ate_ernie.xtf to XTF1, typeface "XBox Book". When it was the only font in C:\fonts - the exploit didn't fire. Think it crashed. Surprised me - no idea why!
- Added Xbox.xtf (XTF1, typeface "Xbox") , and Xbox Book.xtf (XTF1, typeface "Xbox Book") to above, and Update.xbe appeared and then froze. I concluded that this was because, now being all XTF1 format fonts, bert_ate_ernie.xtf kept it's place in the dictionary, and was actually the font selected for loading - but the exploit addresses were way off.
- Modified bert_ate_ernie.xtf (XTF1, typeface "XBox Book") and added a huge 512k landing zone, and whacked up the exploit address. Tried again with all three fonts in place - and it worked - the exploit fired.
Post by: renZ0R1 on May 25, 2004, 06:11:00 AM
Post by: WBAGAM on May 25, 2004, 07:36:00 AM
just so ya all know
Post by: renZ0R1 on May 25, 2004, 07:54:00 AM
Spec's
K: 5530
D: 4290
P: non ( dont work on 5530 )
E: 3935
used the package from digisatman cause no Idea how to create the font my self, unless some 1 could link to a guide ?
Post by: krayzie on May 25, 2004, 07:58:00 AM
Post by: kali- on May 25, 2004, 08:28:00 AM
i have seen u have post 2 new different version
u need some testing on both or the lastest is same as previous without debug code?
asap i try it, and report back
Post by: StupidKid on May 25, 2004, 08:40:00 AM
Post by: PedrosPad on May 25, 2004, 09:35:00 AM
| QUOTE (StupidKid @ May 25 2004, 05:40 PM) |
| i cant seem to find the bert ate ernie fonts anywhere. |
Err, first post in this thread
Post by: PedrosPad on May 25, 2004, 10:42:00 AM
)The UDE bert_ate_ernie font is be extended to check the DVD-tray state as it fires.
- Scenario 1 - If the DVD-tray state its closed (i.e. you used the power button to switch the XBOX on), patch the M$ key, and launches the habibi signed E:\default.xbe, leading to PBL, Evox, etc.
- Scenario 2 - If the DVD-tray state is open (you powered up the XBOX by pressing the DVD-tray eject), dont patch anything, and safely launch C:\MSxboxdash.xbe (possible because the retail fonts are still present in C:\fonts).
- Pros:
- No risk of clock loop.
- Directing booting to Linux/PBL/Evox, etc.
- Control over when exploit is triggered (very easy).
- Safe access to MS Dashboard
- Safe access to XBOX!Live console, from MS Dashboard.
- XBOX!Live game access to the XBOX!Live console.
- Could still create custom sound tracks (as the DVD-tray is already open simply close it with your media in once the Dashboard appears. (Its only Reset-on-Eject isnt it? )
Probably not exhaustive, but you get the idea.
I think thatd suit everybody.
Hopefully not premature, but, Rmenhal, heres a NASM code fragment to check the DVD-tray state, thanks to Grospolina
:| QUOTE (Grospolina) | ||
Found it.
It calls HalReadSMBusValue() to find the value. Note: I believe this works, but I can't be sure, because it's from an old source file. I don't remember if this file's been tested or not. |
Post by: Dagath on May 25, 2004, 12:06:00 PM
| QUOTE (PedrosPad @ May 25 2004, 07:42 PM) |
"I have a dream
". How this for a vision of the very near future?
I think thatd suit everybody. |
Post by: lalani on May 25, 2004, 12:27:00 PM
| QUOTE (meerdorf @ May 25 2004, 07:56 PM) |
| Can I have some help hex editing the modxboxdash.xbe, i have searched for the fonts to rename them f0nts but to no avail, so basically I cant acces the original dash so far... what am I doing wrong? |
Meerdorf
Make sure you didn't edit the instances of "Font" only "fonts". There should have been two instances of it.
Post by: meerdorf on May 25, 2004, 12:51:00 PM
Post by: debeautar on May 25, 2004, 01:00:00 PM
Thankfully, after taking the update.xbe from Slayer's, and ICEOWSing me some bert-ate-ernie madness... I have had no errors with UDE AT ALL. I wish I knew my kernel. Yeah.
If only you could put the xbox xft's in the root, and the bert xft in the fonts folder... then the dream could be a reality. Alas, hard-coding sucks like no other. Boooooooo...
Yeah.
also... it should be noted that you're not stupid, you just don't normally need to do any hexing on your own, because someone else already packaged it up for you by the time you got to it. I don't hex edit normally, myself... so, it took me a good half-hour to figure it out. Keep the faith, pedrospad... keep it long and strong.
Post by: renZ0R1 on May 25, 2004, 01:41:00 PM
Post by: fatbastard911 on May 25, 2004, 05:02:00 PM
Post by: mafatumatt on May 25, 2004, 06:08:00 PM
any suggestions?????
thanks...
Post by: shanafan on May 25, 2004, 07:24:00 PM
Let's understand this - Xbox-Scene is not a forum to tell members to PM them for MS coded files, or for members to request MS coded files.
A few members who abused these rules in this thread have felt the consequences.
Only need to say this once.. if any member here wishes to join the others, they will suffer similiar consequences. Xbox-Scene will not be shut down due to members who chose to ignore the forum rules.
Post by: Angerwound on May 25, 2004, 07:28:00 PM
Post by: Kthulu on May 25, 2004, 07:31:00 PM
SYMPTOMS:
i get the flubber animation, then Xbox logo, then MS logo, then screen flickers a couple of times and goes blank...whether i'm trying to boot from hdd or 007 dvd.
before someone asks why i was trying this since i can flash my tsop, this sounded pretty good and i wanted to make sure i knew how to do it so i can mod a friends box this way.
EDIT: i think maybe my hdd was locked with configmagic before i tried this. would that be causing my problem? also, my K: 4980, my original '5960 dash' was D: 5659.
Post by: pennywisdom on May 25, 2004, 08:14:00 PM
Post by: PedrosPad on May 25, 2004, 10:33:00 PM
| QUOTE (Dagath @ May 25 2004, 09:06 PM) |
| Seriously, if this can be pulled off, this will be the best mod EVER! |
The Ultimate Dashboard Exploit?
Post by: PedrosPad on May 25, 2004, 10:34:00 PM
| QUOTE (debeautar @ May 25 2004, 10:00 PM) |
| If only you could put the xbox xft's in the root, and the bert xft in the fonts folder... then the dream could be a reality. Alas, hard-coding sucks like no other. Boooooooo... |
hehe - very true.
You have to picture the M$ engineer - he's been told to support pre-live fonts in C:\ and Live fonts in C:\fonts. So he knows that he's going to check one location first, then the next - it so easily could have come down the other way around - makes you weep.
Post by: PedrosPad on May 25, 2004, 10:35:00 PM
| QUOTE (Dagath @ May 25 2004, 11:35 PM) |
| Might I also suggest, PedrosPad and Rmenhal, that the LED glow green when it boots to safe mode and glows red when it is it hacked mode. That is if PedrosPad's dream gets realized. |
Excellent idea. But no blinking! - It's bloody distracting when watching films in low lighting with XBMC.
Post by: chimpanzee on May 25, 2004, 11:04:00 PM
Post by: PedrosPad on May 25, 2004, 11:08:00 PM
| QUOTE (PedrosPad @ May 25 2004, 07:42 PM) |
| "I have a dream
". How this for a vision of the very near future? Assuming:
|
I reserve the right to be the first one to shoot holes in my own ideas...
| QUOTE (PedrosPad @ May 23 2004, 09:35 PM) |
| Thinking more about this candidate solution, Im now wondering what would happen when the launched xonlinedash tries to check the installed Dashboard version, in order to determine if an upgrade is necessary? Does it check the xonlinedash.xbe? or the boot dashboard? which in our case would be a renamed legacy update.xbe. |
Doh!
The previously posted renaming idea may be the only way to go - but, if it's possible to put all the fonts in C:\fonts - this would only involve renaming the C:\xboxdash.xbe. (But this would then need the Easter egg exploit to reverse )
-
Title: The ultimate Dashboard Exploit Aka Ude
Post by: Australian Rat on May 25, 2004, 11:16:00 PM
-
The previously posted renaming idea may be the only way to go - but, if it's possible to put all the fonts in C:\fonts - this would only involve renaming the C:\xboxdash.xbe. (But this would then need the Easter egg exploit to reverse
)Post by: Australian Rat on May 25, 2004, 11:16:00 PM
| QUOTE (PedrosPad @ May 26 2004, 07:35 AM) |
| Excellent idea. But no blinking! - It's bloody distracting when watching films in low lighting with XBMC. |
Can't you just turn the led off in the XBMC xml file? Or hasn't that been added yet?
I know it was done in XBMP cause the LED turns off on mine
Otherwise just use a dash which allows you to customise the colour of the led manually like Avalaunch or UnleashX
Post by: PedrosPad on May 25, 2004, 11:44:00 PM
| QUOTE (chimpanzee @ May 26 2004, 08:04 AM) |
| since I don't use live, can I just put the hack in c:\fonts and use a pre-live dashboard for the dashboard function ? Well, how to launch it is an issue, hopefully the font hack can be made as your described, based on whether I start it with the eject button or power button. eject button load msdash, power button load e:\default.xbe |
Cool idea, and one that should work fine
C:\xboxdash.xbe - Renamed 4290 update.xbe (looks in C:\fonts for bert_ate_ernie.xtf)
C:\MSxboxdash.xbe - 4817 pre-live Dashboard (looks in C:\ for its fonts)
No font clash issue at all. Not suitable for XBOX!Live users who require access to the XBOX!Live console (no retail fonts in C:\fonts
) , but for non-Live users, this is actually quite powerful. The Pre-live Dashboard would allow you to play CD & DVDs, create custom sound tracks, maintain game saves, etc.Notes:
1. UDE (set's habibi key)->PBL->Evox->original 4817 Dashboard = Reset-on-Eject (ROE) would be off, thanks to PBL.
2. UDE (set's habibi key)->Evox->habibi signed 4817 Dashboard = Reset-on-Eject (ROE) would be off, thanks to xbedump fixing the media flags.
3. UDE (leaves M$ key)->original 4817 Dashboard = Reset-on-Eject (ROE) would be on
, due the the original 4817s media flag (ignored on boot, but honored when launched after boot). But then the DVD-tray would already be open , so you can still copy sound tracks from one CD, or watch one DVD - but it'd reboot when it was ejected (we could live with this).Ironically, you're actually better off running a the 4817 Dashboard via options 1 or 2 above - and, in this situation, this should be fine, as there's no risk of being banned from XBOX!Live, as your not going to be using XBOX!Live.
Post by: {later} on May 26, 2004, 07:02:00 AM
Post by: Angerwound on May 26, 2004, 09:24:00 AM
| QUOTE (dropek @ May 26 2004, 05:22 PM) |
| FOA DIGISATMAN: What bios has been used in your package? |
Digisatman has been banned, I don't believe he will be responding to your question.
Okay, kind of based on Pedro's idea without LiVE Support I have another method. I've got the XBE written up for the process as well, except for the decison making. I am still debating on how to check the Tray State within C++ or openXDK. I know the NASM routine was posted but unfortunately I'm not skilled in ASM. Either way, take a look at this.
| CODE |
(c:\) (c:\fonts) (c:\) Update.xbe --> bert_ate_ernie.xtf --> decision.xbe | | / \ / \ / \ IF( tray == open ) IF( tray == closed ) Launch e:\default.xbe Launch c:\msxboxdash.xbe (PBL or Dash of Choice) (Original MS Dash edit for c:\f0nts) |
Again, because the msxboxdash.xbe is edited to load fonts from 'f0nts' it wouldn't be live compatible. But this would allow for an easy swap between both retail dash and hacked dash. Lemme know comments.
JASON REMOVE THE FUCKING PACKAGE!
Post by: Angerwound on May 26, 2004, 10:17:00 AM
| QUOTE |
| - Is there any reason for loading the retail dash (with an unpatched BIOS), besides for going on Xbox Live? If not, can we just load the Xbox Online Dash directly? |
Unless the user is running thC dash they won't be able to change their Video Output settings. Unless they just wanted to launch it from their Hacked Dash.
Post by: ldots on May 26, 2004, 10:20:00 AM
| QUOTE (Grospolina @ May 26 2004, 07:08 PM) |
| - Is there any reason for loading the retail dash (with an unpatched BIOS), besides for going on Xbox Live? If not, can we just load the Xbox Online Dash directly? It's a separate XBE, after all. I haven't tried running it standalone, but I think it might work. |
I once tried renaming xodash/xonlinedash.xbe to xboxdash.xbe to see if it would launch on boot-up. No go! Someone could try making a renamed copy of xonlinedash, resign it with habibi and try running it from evox from a game save hack to see if that makes a difference. Pull the ethernet-cable though, in case it does run
Post by: PedrosPad on May 26, 2004, 10:29:00 AM
See? I found a use for some of that work we did last year
.| QUOTE (Grospolina @ May 26 2004, 07:08 PM) |
| However, I'm wondering why you (Pedro) chose to change "fonts" to "f0nts" in order to change the font locations, instead of doing the traditional XTF to XFT method. I tried it that way and it seems to work fine. |
Only 2 bytes to Hex edit, as apposed to 4 bytes
.There's a little truth to my joke above, I sort'a expected to have to patch the Dashboard dynamically - on the fly, MechFont style, and I thought I might get away with a single byte poke. That was all.
Post by: PedrosPad on May 26, 2004, 10:36:00 AM
| QUOTE (Grospolina @ May 26 2004, 07:08 PM) |
| - Is there any reason for loading the retail dash (with an unpatched BIOS), besides for going on Xbox Live? If not, can we just load the Xbox Online Dash directly? It's a separate XBE, after all. I haven't tried running it standalone, but I think it might work. |
Don't the newer Dashboards 5659, 5960, etc. connect on bootup? My 5659 has options for 'AutoSignIn', etc. Thought out'a game voice over IP was now in the boot Dashboard?
(Getting Broardband next week
)Post by: Angerwound on May 26, 2004, 10:47:00 AM
Post by: PedrosPad on May 26, 2004, 11:09:00 AM
| QUOTE (ldots @ May 26 2004, 07:20 PM) |
| I once tried renaming xodash/xonlinedash.xbe to xboxdash.xbe to see if it would launch on boot-up. No go! |
Saw ya post - didn't believe you. Just tried it (I was passing anyway
)Using Dashboard 5659:
copied C:\xodash\xonlinedash.xbe to C:\xboxdash.xbe
copied C:\xodash\audio to C:\audio
copied C:\xodash\media to C:\media
booted - worked fine
then I deleted C:\audio and C:\media (leaving just the xodash xboxdash.xbe), booted and got Error 21.
Conclusion - You can boot directly into the XBOX!Live console, but it must use relative paths, thus it needs it's support folders along side.
Post by: Angerwound on May 26, 2004, 11:13:00 AM
But could M$ detect it is launching from the root instead of xodash? I can test if it will still go LiVE when I get home.
Post by: krayzie on May 26, 2004, 11:16:00 AM
| QUOTE |
| Here is a new version of my pack. 100% without any copyrighted code. It does include the PBL (legal and open-source) and Xboxdash patcher. |
So why is the rc4 key included in the package?
-
Title: The ultimate Dashboard Exploit Aka Ude
Post by: Angerwound on May 26, 2004, 11:22:00 AM
-
Post by: Angerwound on May 26, 2004, 11:22:00 AM
| QUOTE (krayzie @ May 26 2004, 08:16 PM) |
| So why is the rc4 key included in the package? |
These people posting links and packages and taking PM Requests just stop it NOW! This thread doesn't need to be closed because of all of you. People should know how to acquire these files on their own if they wanted them therefore, why the need to post your own packages containing illegal materials on a public forum? Are you asking for Mr. Gates to be knocking on your door? Either get your files hosted legally somewhere else or don't put the package together at all.
Post by: lalani on May 26, 2004, 11:25:00 AM
Anyone else think this is related to the EEPROM key in the PBL config file?
Post by: Angerwound on May 26, 2004, 11:28:00 AM
| QUOTE (_jenny_ @ May 26 2004, 08:22 PM) |
| krayzie, No RC4Key anymore. _Jenny_ |
Thanks much Jenny.
Post by: caxtor on May 26, 2004, 11:29:00 AM
I cant find any instance of "fonts/" in the file "MODxboxdash.xbe" or "thclite.xbe"(the dash i am runing)...
I know i have to use a HEX editor and i am using XVI32 Freeware.
I make a search for "fonts/" string but i cant find any....
Any suggestions?
Thanks in advanced....
Post by: Angerwound on May 26, 2004, 11:36:00 AM
| QUOTE (caxtor @ May 26 2004, 08:29 PM) |
| OK, i installed this exploit succesfully but i am having a little problem. I cant find any instance of "fonts/" in the file "MODxboxdash.xbe" or "thclite.xbe"(the dash i am runing)... I know i have to use a HEX editor and i am using XVI32 Freeware. I make a search for "fonts/" string but i cant find any.... Any suggestions? Thanks in advanced.... |
"fonts" is in 16-bit unicode. In this case, there's just a 0x00 after each (8-bit) letter. There are two occurrences in xboxdash.xbe.
Post by: caxtor on May 26, 2004, 11:48:00 AM
You made me the hapiest dude on earth!
Cheers! to PedroPad and Rmenhal for this wonderfoul explit!
Cheers!
Post by: Angerwound on May 26, 2004, 11:48:00 AM
Post by: Angerwound on May 26, 2004, 11:49:00 AM
| QUOTE (caxtor @ May 26 2004, 08:48 PM) |
| YAY! Thanks a bunch Angerwound... You made me the hapiest dude on earth! Cheers! to PedroPad and Rmenhal for this wonderfoul explit! Cheers! |
Glad I could help.
Post by: shanafan on May 26, 2004, 11:51:00 AM
| QUOTE (Angerwound @ May 26 2004, 04:48 PM) |
| Alright, thread has been cleaned of illegal posts thoroughly I believe. The thread almost go closed so in the future everyone be careful if you want this project to continue. |
Decided to leave it open, since most here respect XS and its good to continue development discussion.
But, for those who choose to disrespect XS, and post links to MS files, well you will be banned. That simple.. and making more and more accounts won't change anything.
Post by: RiceCake on May 26, 2004, 12:41:00 PM
.Anyhow yes, be a dumbass and post practically any code use on or by a stock Xbox, and your looking for trouble.
Post by: violent_bong on May 26, 2004, 01:44:00 PM
Post by: renZ0R1 on May 26, 2004, 02:09:00 PM
Im wondering if this is because I dont use a bios loader as Im on a 5530 kernel and boot direct to evox ?
( dash im trying to load is 4920 )
Post by: renZ0R1 on May 26, 2004, 03:50:00 PM
Post by: debeautar on May 26, 2004, 04:24:00 PM
Small nuisance, but definitely something to note.
Yeah.
Post by: evil clone on May 26, 2004, 04:30:00 PM
Post by: Angerwound on May 26, 2004, 05:03:00 PM
Post by: fatbastard911 on May 26, 2004, 05:09:00 PM
Mayber just place in retail disc for XBL and the xbox should boot up live and the XOdash should enable you to play live normally!!!!!!!
Quick fix for live - make sure you have latest live dash installed 5960 or whatevver, then place a retail disc in and Blam!!! XBL!!!! Cause the disc should be read in the kernal before the dashboard (PBL, etc...)
I was thinking for an eject or power on solution where one loads the dash and one doesn't, I'd hack the X2 disable on eject bios file and maybe implement it to turn on and turn off the hack. I'm not home right now so I can look into this if everyone agrees.....
Or someone else...
Post by: CooperS on May 26, 2004, 06:27:00 PM
Post by: Dagath on May 26, 2004, 06:49:00 PM
. One question though: why dash 4817? I think the whole point of this exploit is so that it works with the latest dash and will allow for access to Live, why not use Dash 5959 for testing?Forgive my ignorance, but are you using an XBE or modifying bert_ate_ernie.xtf? Details of what you have done may shed light on the workings and progress of this exploit.
Thanks,
Dagath
Post by: Dagath on May 26, 2004, 06:56:00 PM
| QUOTE (evilserge @ May 27 2004, 02:12 AM) |
| alrite im totally confused. my xbox goes to the intro screens then word MS appears. but the dashboard or anything doesnt load after it just sticks at that screen. i did all the steps on the first page correctly. after that i signed pbl 1.41 (by guex) with hababi key using xbedump(odly there was no out.xbe file but the default.xbe file was modified) so i uploaded the rest of the package + the signed file to E drive with extra bioses in the bios folder (xboxrom/evox/mxm) ive read all 21 pages of this topic, and ive found out that i had to put the bert hack in fonts. and ive also put it in main c drive as well cuz i heard it looks at fonts first then the rest of the drive later or something like that. can ne1 help me ive spent three hours trying to figure this out. and evert time i think i get closer i get the same error  also im using 4920 dash, and my kernal is below 5713 (i dont wanna check it out again, that means loading mechassault hack, renaming files bla bla bla) |
I think you may be getting confused because this work is evolving (for the better daily, apparently
) What you will want to do is pick one of the methods and stick to that one to the letter. Angerwound has the most updated one, I believe. You should be fine if you follow his directions and only his directions. Don't mix and match solutions. Having said that, most common trip-ups are not having everything signed and having the wrong update.xbe, make sure you are using the right one. Don't ask for it- find it.
Post by: Angerwound on May 26, 2004, 07:01:00 PM
| QUOTE (Dagath @ May 27 2004, 03:49 AM) |
| Great work, Grospolina! With help from someone here, or on your own, I'm certain you will get it worked out and you'll make a whole heck of a lot of us VERY happy . One question though: why dash 4817? I think the whole point of this exploit is so that it works with the latest dash and will allow for access to Live, why not use Dash 5959 for testing? Forgive my ignorance, but are you using an XBE or modifying bert_ate_ernie.xtf? Details of what you have done may shed light on the workings and progress of this exploit. Thanks, Dagath |
The newest dash's when launched will try and access the fonts dir for it's fonts, well this i s where bert_ate_ernie.xtf is at and will cause the dash to crash.
Post by: Grospolina on May 26, 2004, 07:30:00 PM
The reason I used 4817 was to see if it would work (since it doesn't look for fonts in C:\fonts), and I would say that it failed miserably. Maybe the XBE launch code needs to be changed in order for it to work.
I'd like to get it to work with a newer dash, but from the sounds of it, they look for fonts in the same places, and I can't think of anything that can be done about it.
Maybe use something like the MechInstaller font code to launch a patched dash? It would take some work to see if that's even possible though.
Post by: krayzie on May 26, 2004, 07:38:00 PM
Post by: Angerwound on May 26, 2004, 08:07:00 PM
Post by: Angerwound on May 26, 2004, 08:09:00 PM
Post by: rmenhal on May 26, 2004, 08:54:00 PM
| QUOTE (Grospolina @ May 27 2004, 04:30 AM) |
| I'm modifying the bert_ate_ernie.xtf file through assembly. |
Please use updatefonts2.tar.bz2 in http://forums.xbox-s...c=217686&st=225 rather than updatefonts.tar.bz2 in the first post.
The first one is already known not to work on all xboxes. The size of the landing zone was increased and I also made it jump directly to the exploit code so that possible holes due to memory corruption wouldn't matter that much. I also cleaned up that leftover junk from launchxbe.
| QUOTE |
The reason I used 4817 was to see if it would work (since it doesn't look for fonts in C:\fonts), and I would say that it failed miserably. Maybe the XBE launch code needs to be changed in order for it to work. |
I don't see how that could be the problem. That's the way to launch XBEs.
| QUOTE |
| Maybe use something like the MechInstaller font code to launch a patched dash? It would take some work to see if that's even possible though. |
Don't Mech-fonts actually patch the kernel which then patches the XBE in memory after it's been loaded? By patching the kernel, you can modify any loaded XBE in memory in any way you want.
Post by: lalani on May 26, 2004, 09:04:00 PM
My specs are v1.1 xbox according to config magic. I don't remember the original kernal version and for now I cannot get into a pre patched BIOS state so I can't find that out.
MSDash reports K:4949.06....so pbl has definately patched the BIOS...Shouldn't it be past the point of any drive access locking issues?
Anyhow UDE is great and looks like we have the scene's brightest working on making it truly the ultimate soft mod. Can't wait to see the safe mod on/off choice.
Post by: shanafan on May 26, 2004, 09:19:00 PM
| QUOTE (evil clone @ May 26 2004, 09:30 PM) |
| why were my posts removed... i wasnt linking or directing to any illegal files... infact i was trying to prevent it. all i was hoasting were some of the legal files needed |
Yeah, that's great..
Don't worry about it.
Post by: ldots on May 26, 2004, 10:18:00 PM
| QUOTE (PedrosPad @ May 26 2004, 08:09 PM) |
| Saw ya post - didn't believe you. Just tried it (I was passing anyway ) . . Conclusion - You can boot directly into the XBOX!Live console, but it must use relative paths, thus it needs it's support folders along side. |
So I wasn't saying anything untrue
The reason I suggested to run xonlinedash directly from evox was exactly to eliminate the possibility of missing files/folders.
Post by: fatbastard911 on May 26, 2004, 11:49:00 PM
| QUOTE |
| You seem very knowledgeable on the sbuject so if you don't mind I have a few questions. I want to play on XBL but also like playing mame roms so can i do this with the ultimate dash exploit? Do i just boot off hte original media to play on live or will it ask to upgrade the dash too? If it does upgrade hte dash then the exploit won't work? Now if i load the exploit and play mame i can't just eject the disc and put in an original disc to play on live, I would have to power off hte console and then power it on? Any help/advice is greatly appreciated. |
Answers for your given questions;
1) I am not home right now but I can test this later for this is what I want aswell. I believe that if u use digsatman's package or make your own working dashboard package of the ultiamte dashboard exploit and use PBL (I use PBL 1.4.1 - its quicker) to load up a bgm debug bios (eg. X2 4983.06 or .67 bios), then theoritcally u should be able to load your mame roms, backups, etc without getting ROE Reset on eject problems. To boot live, I believe that the xbox reads retail discs before it loads the dasboard, so thus it does not need to worry if u have the update dash 4817 or not. U can have any version of a dashboard with this exploit - it's just that u need to make sure that u are using the update.xbe from dashboard 4920's package and habibi sign PBL's default.xbe, digsatman did not do this in his package (at least when I had got it.
Your kernal cannot be 5713 or greater, to find ur kernal, go into your normal untouched M$ dashboard, go settings, then go System info and wait, it will say D:4920 or whatever and K: (hopefully less then 5713)
2) Then I would make sure I have no exploit loaded, get an XBL live game, hook my xbox to XBL service, update the dash to their newest dash. Then replace the files with the Splinter Cell/MA/ or 007 hack using Digsatman's or whoever's package installing only the files he gives u and signing the E:/ default.xbe file with xbedump.exe - habibi (U can download it from (www.xbox-Scene.com: tools:Exploits tools). The ultimate dashboard should now load.
3) To play XBL game - u still have the updated XBL dash in XO folder/ so play the XBL game like normal, I shouldn't have to update the dash cause the newest one is already there, it should automatically log into XBL or the troubleshoot to find your connection then go directly go back to the game. PBL did not load nor the exploit in all of this when booting the retail XBL game disc so there was no changes to the BIOS, thus you could not effect the memory kernal, thus cannot be banned.
Again this is all speculation.... I will find a way for everyone to get into the normal dashboard instead of the exploit hopefully by tommorrow.
Post by: fatbastard911 on May 26, 2004, 11:59:00 PM
MS Boot--->Ult. dsh Exploit----"Random.xbe - signed habibi key in E:/" choose 1) MS normal dash 2) PBL Exploit 3) Evoxdash.xbe
????? I will look into that proggy tommorrow,..... i know it's out there! It's just the matter of habibi'ing it!
Post by: Australian Rat on June 05, 2004, 06:28:00 AM
Post by: SpIdErXeN on June 05, 2004, 08:03:00 AM
Post by: YoshiKool on June 05, 2004, 09:47:00 AM
Post by: Australian Rat on June 05, 2004, 04:06:00 PM
| QUOTE (SpIdErXeN @ Jun 6 2004, 12:58 AM) |
| It points to c:\evodash.xbe??!! Shit I had no idea...wonder how I managed to get a version of it that only boots the default.xbe file from discs in the dvd drive...damn, gonna have to do some serious looking for the 4983 that loads c:\evoxdash.xbe first...weird, really had no idea it existed...lol |
If you don't have any of the files in c: that it points to (evoxdash.xbe, maybe avalaunch.xbe), it will boot d:\default.xbe as the next alternative.
The one I use is found in the usual places as a BFM bios
Post by: Australian Rat on June 05, 2004, 07:33:00 PM
Post by: krayzie on June 05, 2004, 07:40:00 PM
So solution A: pause the game take the disc out and do the IGR.
Solution B: Edit the bios so it not looks for d:/default.xbe (not posible yet for the x2 4983)
Post by: krayzie on June 06, 2004, 02:56:00 AM
Post by: Australian Rat on June 06, 2004, 04:32:00 AM
| QUOTE (krayzie @ Jun 6 2004, 11:56 AM) |
| I hope that some of the problems i'm reading aren't caused by the absence of the regular xboxdash.xbe. |
Yeah, we can never be too sure of the long term effects of a different xboxdash.xbe
Post by: gronne on June 06, 2004, 04:42:00 AM
Post by: Australian Rat on June 06, 2004, 04:54:00 AM
| QUOTE (gronne @ Jun 6 2004, 01:42 PM) |
| I'm in something of a hurry here. I'm very cautious. I just downloaded the UDE package from the usual place. From the readme "the xbøxdash.xbe is not provided in this package". What does that mean? Do I have to obtain something elsewhere? Isn't EVERYTHING in the package? I'm switching from some of the audio-exploit's, is there anything I should especially think of? It says the same at the bottom of the readme "the xbøxdash.xbe provided is a hexed 4920 xboxdash.xbe". Well, there is no xbøxdash.xbe in the package. How do I obtain that? Can I follow the readme as is after that? Or maybe I'm asking an illegal question, and if that's the case I take it all back. Please reply soon. |
Everything required to run the exploit is in the package. However if you wish to link back to the original xboxdash.xbe, you will need to hex edit yourself.
How to do this is explained elsewhere in this thread, but in most cases you can't just get an xbøxdash.xbe file that has been pre-hexed and upload it. It has to be relevent to your xbox.
The xbøxdash.xbe file was originally in the package, but was removed I suspect after I mentioned it would only work on very specific dashboards. This should explain the confusion.
But if you're not looking to link back to the original xboxdash anytime soon, the package contains everything you need.
Also just a little warning, don't ask how to obtain files
Post by: gronne on June 06, 2004, 05:08:00 AM
ok ok. So I don't need a file called xb(?)xdash.xbe(or any other strange name of it) at ALL, only if I want to use the original dash? Sorry for dumb questions, but why would I need to use the original Dash? Right now I want to use Evox(it's for my friend). I'll just do what the readme says, but skip the linking-part for now.
ADD: What should I call the Directory font with all it's abbrevations if that file isn't in the package? Can it still be called fønts or does it have to be called something else then? Sorry for all dumb questions.
Post by: gronne on June 06, 2004, 06:07:00 AM
Post by: Australian Rat on June 06, 2004, 06:16:00 AM
Post by: gronne on June 06, 2004, 06:45:00 AM
Post by: ldots on June 06, 2004, 08:04:00 AM
Edit :
Uhh, forgot to mention that if you always have a way to run this package (like if you have one of the exploitable games) you should always be able to restore the C-drive 'to whatever' it was like, before you used the UDE installer. The c-restore option will rebuild the C-drive from a compressed image that the UDE installer makes the first time it is run.
Post by: gronne on June 06, 2004, 09:55:00 AM
Is there a fix for the freezes?
Post by: krayzie on June 06, 2004, 10:22:00 AM
2: U can modify bfm biosses as well if you use a complete debug config
Post by: violent_bong on June 06, 2004, 03:41:00 PM
Post by: tullm on June 06, 2004, 10:48:00 PM
you can´t extract it with "normal" windows tools! You need a xbox iso tool to extract ist!
look here on xbox-scene or the usual places for some tools to downloads!
regards
tullm
Post by: donald321 on June 07, 2004, 01:02:00 AM
| QUOTE (ldots @ Jun 6 2004, 05:04 PM) |
| For all of you unsure/afraid of installing this exploit, may I draw your attention to the UDE installer of my little linux package (look here). Linux is just the engine, you dont have to know linux to use it. Most of you can use this package as you probably all have managed to get ftp access somehow, so you dont need one of the exploitable games, even though it is packaged for a memcard. Just ftp the package (uncompressed) to the UDATA folder and run the mini-linux from your dash. The tools of this package are executed from a telnet connection (made from a DOS prompt). One of these tools (UDE) automates the UDE installation. If you have a kernel version below 5530 it will install PBL,Evox and a patched copy of your xboxdash.xbe (the evox.ini is even linked to this hexed copy). If you have kernel 5530 it will install UDE, and Evox, but not PBL. Just thought I would mention this, as some people apparently still have trouble getting this to work Edit : Uhh, forgot to mention that if you always have a way to run this package (like if you have one of the exploitable games) you should always be able to restore the C-drive 'to whatever' it was like, before you used the UDE installer. The c-restore option will rebuild the C-drive from a compressed image that the UDE installer makes the first time it is run. |
How bad is a idea, UDE only with xboxhdm (without FTP access and without hdkey-eeprom...) using hdd swap?
Post by: ldots on June 07, 2004, 01:09:00 AM
| QUOTE (donald321 @ Jun 7 2004, 10:02 AM) |
| How bad is a idea, UDE only with xboxhdm (without FTP access and without hdkey-eeprom...) using hdd swap? |
If you are asking for a UDE package for xboxhdm, then that's not a bad idea. I allready made that
Have a look at the "UDE package for xboxhdm" link in my signature.
Just get both xboxhdm and the UDE package. Follow instructions on how to build the CD with the UDE package, then hotswap and use the 'UDE' command once xboxhdm has bootet.
The UDE command in this package is different from the memcard packages in that PBL is always installed (will change this in future release), so you need a kernel version below 5530 for this to be useful.
Post by: Australian Rat on June 07, 2004, 01:18:00 AM
Even tested if you remove the AV cable, how it would affect the exploit (as it corrupts the st.db in audio sometimes). Nothing turned up wrong
Post by: Angerwound on June 07, 2004, 04:02:00 AM
| QUOTE (Australian Rat @ Jun 7 2004, 10:18 AM) |
| One bug I will report (that I have replicated several times) is that if you insert a DVD before UDE finishes booting, it will freeze at a black screen. This only happens though if it is inserted before PBL begins to load, but after "MICRO$OFT" appears under the xbox logo. Only bug I could find in it though Even tested if you remove the AV cable, how it would affect the exploit (as it corrupts the st.db in audio sometimes). Nothing turned up wrong |
I've experienced that little bug as well. It's not very harmful though. Just reset and all better.
Post by: Australian Rat on June 07, 2004, 04:04:00 AM
| QUOTE (Angerwound @ Jun 7 2004, 01:02 PM) |
| I've experienced that little bug as well. It's not very harmful though. Just reset and all better. |
Yeah well I'm just being picky
The (almost) Ultimate Dashboard Exploit
Post by: Australian Rat on June 07, 2004, 04:19:00 AM
Post by: xecuterbox on June 07, 2004, 04:45:00 AM
It works fine no discs in
It works fine orig in drive (boots game)
but wont boot with a homebrew or whatever in dvd drive in the drive (black screen)
atm i have to w8 till evox loads bfor inserting disc
i did get annoyyed but now i got a 120 drive n put all the stuff on f lol
2nite i gonna try fixing igr bootin 2 games instead of hd dash
c wat i can do with this bug aswell
Post by: Angerwound on June 07, 2004, 05:38:00 AM
| QUOTE (Australian Rat @ Jun 7 2004, 01:19 PM) |
| Oh yeah, one more. If you play a DVD using the hexed msdash, and eject, screen will go black as well. Then again, it's cured with a power off then on. |
That one is quite strange. I have never played a DVD through the original MS Dash so I wouldn't have noticed.
Post by: PedrosPad on June 07, 2004, 06:08:00 AM
| QUOTE (Angerwound @ Jun 7 2004, 02:38 PM) |
| That one is quite strange. I have never played a DVD through the original MS Dash so I wouldn't have noticed. |
Maybe there are further occurances of \fonts\ in the Dashboard support files (in \Dashdata...\, etc).
Post by: krayzie on June 07, 2004, 06:12:00 AM
Post by: Angerwound on June 07, 2004, 06:13:00 AM
| QUOTE (PedrosPad @ Jun 7 2004, 03:08 PM) |
| Maybe there are further occurances of \fonts\ in the Dashboard support files (in \Dashdata...\, etc). |
That does seem like a reasonable explanation for the bug. Will take a look.
Post by: ldots on June 07, 2004, 06:24:00 AM
)
Post by: YoshiKool on June 07, 2004, 06:49:00 AM
Post by: violent_bong on June 07, 2004, 02:53:00 PM
Post by: krayzie on June 07, 2004, 07:06:00 PM
| QUOTE (violent_bong @ Jun 7 2004, 11:53 PM) |
| I guess i should have been more specific. On my friends box, when he boots up with a game in the drive it does not autoboot anymore, it just loads pbl then evox. Is there anyway to fix this? |
maybe the clock isn't set. When the clock is dead the xbox is known to load the xboxdash.xbe.
Post by: Australian Rat on June 07, 2004, 11:24:00 PM
The xbox does apparently reset, UDE boots PBL fine. But after PBL boots, I get a black screen. Using PBL 1.4 just to clarify.
Anyway, it does reset the box, PBL loads again, but after that it will not load replacement dash (UnleashX). Was thinking of changing to tHc soon anyway, so once I do I'll check if it is just UnleashX or if its an actual problem.
Also a thought, would it have something to do with ROE being enabled when a DVD is played through the original xbox dash?
BTW, anyone who reads this and doesn't understand completely, this does not mean Reset on Eject is enabled with UDE.
And is there any DVD player aside from XBMP/XBMC or DVDx2 that allows use of both the controller and the remote?
Post by: xecuterbox on June 08, 2004, 01:09:00 AM
| QUOTE |
| I guess i should have been more specific. On my friends box, when he boots up with a game in the drive it does not autoboot anymore, it just loads pbl then evox. Is there anyway to fix this? |
if its original should b ok
put box on insert disc then turn off and on
like said b for check clock setup
gd luck
Post by: JammDDR on June 08, 2004, 03:01:00 PM
Post by: krayzie on June 08, 2004, 07:36:00 PM
| QUOTE (Sarvatt @ Jun 9 2004, 12:48 AM) |
| I had this same problem using the mech fonts, the MS dashboard DVD player had major problems whenever I used a font based exploit. I also couldn't use fast forward/reverse on the remote without it resetting that way. It's most likely related to the fonts and not the UDE. |
It's definately the fonts. But that would mean ít's the UDE cuz basicaly UDE is just a font hack. Anyway the system just want to boot back to the msdash again after ejecting a dvd so it will boot xboxdash.xbe and then the hacked fonts. If it hangs there it's maybe cuz the fonts aren't designed to boot from an allready running system. If pbl loads and then a black screen the fonts did work but pbl probably hangs at a black screen cuz the dvd drive is still spinning (searching for a dvd after ejecting) and I noticed that will caus pbl to hang (or delay).
Post by: Wopah on June 09, 2004, 08:05:00 AM
This is a best one yet. Now if only i can get my gaming computer to do something similar this is... i.e. start it up and select the game I want to play without even seeing windows xp explorer but i guess thats what programming is for if I can learn visual C++
Post by: FreqX on June 09, 2004, 08:58:00 AM
| QUOTE (Mullacy @ Jun 9 2004, 05:03 AM) |
| You have a 1.4+ Xbox with a Focus video chip - I think it's PBL 1.4.1 will display properly using that hardware. Note that it isn't an official release of PBL, though. And reading through the whole of the 20+ page threads can be fun... it gives you an insight into the seedy world of Xbox hacking, and how the scene got to where it is today... from the humble beginnings of the 007 gamesave hacks with Morden's packages, to the bleeding-edge UDE which essentially emulates a modchip... Or maybe not, but it gives you something to do while downloading the Slayer package |
I guess it does't really hurt me, the dash still loads fine, was just wondering about it..
And if I were to get pbl 1.4.1, I would need to sign it, correct?
How would I go about doing that?
edit: and I can't find it anywhere in the usual places... >_>
Post by: WBAGAM on June 09, 2004, 10:24:00 AM
I was trying the UDE for the 4th time on a different Xbox. I downgraded the Dashboard to 4920 renamed the fonts folder to f0nts and then I changed the xboxdash.xbe to MODxboxdash.xbe and I took the update.xbe and renamed the copy to xboxdash.xbe and I have the bert_ate ernie.xtf in the root of C and then PBL signed with Habbi to run UnleashX in the E/Mxm/default.xbe but when I restarted my xbox it went to the main dash and tried to upgrade it. It of course failed and I tried to put 007 nigtfire in to FTP it over but it dosnt load up the game it goes right to the dashboard to try to upgrade!!!!
How can I get FTP access to my xbox if it wont load a game?????
Post by: krayzie on June 09, 2004, 10:34:00 AM
Post by: krayzie on June 09, 2004, 10:50:00 AM
Post by: WBAGAM on June 09, 2004, 10:58:00 AM
Post by: krayzie on June 09, 2004, 11:26:00 AM
Post by: ldots on June 09, 2004, 11:39:00 AM
| QUOTE (kali- @ Jun 9 2004, 08:35 PM) |
| tnx i suppose the only good solution is flashing tsop |
Depends on what you want to do.
You can still run UDE and just sign the apps you want to run from there.
Post by: WBAGAM on June 09, 2004, 11:48:00 AM
Post by: Angerwound on June 09, 2004, 01:27:00 PM
| QUOTE (WBAGAM @ Jun 9 2004, 08:48 PM) |
| So since the xbox it self already had a dashboard, UnleashX, Do I just point it to that and flash the TSOP with my friends Chip???? |
Just hot-swap your drive and fix your UDE install.
Post by: WBAGAM on June 09, 2004, 04:06:00 PM
Post by: RiceCake on June 09, 2004, 05:41:00 PM
Alot of people make it though. If you have the chance to flash the TSOP though I'd go for it.
Post by: Angerwound on June 09, 2004, 06:13:00 PM
Post by: WBAGAM on June 09, 2004, 07:12:00 PM
Post by: ldots on June 10, 2004, 03:00:00 AM
When the clock is unset, the retail BIOS sees this on boot and calls xboxdash with some parameters to let the dashboard know it should enter the clock-setting code of xboxdash.xbe before doing anything else.
The update.xbe that we use as xboxdash.xbe in this exploit doesn't have this clock-setting code as it was never meant to be run as xboxdash.xbe, therefore it ignores the request from the BIOS and goes straight on to the exploit code of bert-ate-ernie.
Post by: PedrosPad on June 10, 2004, 03:21:00 AM
| QUOTE (ldots @ Jun 10 2004, 12:00 PM) |
| My understanding is : When the clock is unset, the retail BIOS sees this on boot and calls xboxdash with some parameters to let the dashboard know it should enter the clock-setting code of xboxdash.xbe before doing anything else. The update.xbe that we use as xboxdash.xbe in this exploit doesn't have this clock-setting code as it was never meant to be run as xboxdash.xbe, therefore it ignores the request from the BIOS and goes straight on to the exploit code of bert-ate-ernie. |
Matches my understanding.
Although it now also appears that if the clock isn't set, the BIOS also no longer attempts to boot d:\default.xbe from the DVD drive. Hence the reason peoples game sav exploits are failing them when the clock is unset.
I've read the some people are selling "XBOX recovery DVDs" on Ebay, etc. Apparently these are sent out by M$ support people, when needed. I'm guessing that these DVDs contain a root XBE file of a different name. So it's not that the BIOS isn't checking the DVD drive on boot, just that it's not checking for d:\default.xbe (I'd bet it checking for "d:\recover.xbe" or some such, or even "d:\xboxdash.xbe"). Anyone got one and could confirm what's on the d:\ root of a M$ recovery DVD?
Post by: ldots on June 10, 2004, 04:01:00 AM
| QUOTE (PedrosPad @ Jun 10 2004, 12:21 PM) |
| I've read the some people are selling "XBOX recovery DVDs" on Ebay, etc. Apparently these are sent out by M$ support people, when needed. I'm guessing that these DVDs contain a root XBE file of a different name. So it's not that the BIOS isn't checking the DVD drive on boot, just that it's not checking for d:\default.xbe (I'd bet it checking for "d:\recover.xbe" or some such, or even "d:\xboxdash.xbe"). Anyone got one and could confirm what's on the d:\ root of a M$ recovery DVD? |
Hmm, I have never had my hands on one of these recovery DVD's, but I thought they were sent out to video stores and such, for restoring rental xbox's. To delete game saves, and otherwise make sure the directory layout is as when the xbox is sold.
Can anyone confirm that these DVD's let you boot with an unset clock? I think I once read about a guy caught in the clock loop, and this 'Recovery DVD' did not pull him out.
Post by: krayzie on June 10, 2004, 05:40:00 AM
| QUOTE (ldots @ Jun 10 2004, 01:01 PM) |
| Hmm, I have never had my hands on one of these recovery DVD's, but I thought they were sent out to video stores and such, for restoring rental xbox's. To delete game saves, and otherwise make sure the directory layout is as when the xbox is sold. Can anyone confirm that these DVD's let you boot with an unset clock? I think I once read about a guy caught in the clock loop, and this 'Recovery DVD' did not pull him out. |
Yeah I have read about those restore dvd's also. They have no purpose though to actually restore and reinstall whole partitions. They just delete gamesaves and other person specific info like live acounts and buddies and stuff. They are known to not boot on or fix any looping xboxes and therefore I don't think it has an other bootfile than default.xbe.
Post by: chinmi on June 10, 2004, 06:54:00 AM
thanks in advance...
Post by: krayzie on June 10, 2004, 07:01:00 AM
Post by: nebur on June 10, 2004, 06:41:00 PM
Post by: Angerwound on June 10, 2004, 09:01:00 PM
BTW, someone stated Vice City was giving you problems. None here.
Same goes for the guy having problems with Unreal Championship, no problems.
Here's my setup to compare:
K: 4034
Tray Closed: UDE - PBL 1.4.1 - X2.4983 - Avalaunch
Tray Open: Retail Dash 5960
Post by: Piratevirus on June 10, 2004, 09:27:00 PM
This is a truely great mod
Just took the PBL and MXM from mordens save having to sort that lot out and put em in the right places
can anyone let me know what program u can use to change the file that the set BIOS boots?
And what hex editing program do i use to edit the xb0xdash.xbe to look for f0nts? as i havnt hex edited beofre but will give it a bash,
I have read every post in this thread over the last couple of days but dont wanna search back through it, lol
Then im D0ne
Cheers all and well done for allt he peeps who put this together,
Piratevirus
Post by: PedrosPad on June 10, 2004, 10:28:00 PM
| QUOTE (flYnSt4r @ Jun 10 2004, 08:24 PM) |
| BUT several games (top spin, unreal championship, dtm race driver) lock up which worked using the older st.db audio hack! |
By definition, if you're able to use audio exploit, your clock must be set.
This is no longer guaranteed with the UDE. Could be these games are clock sensitive. Just a thought.
Post by: PedrosPad on June 10, 2004, 10:42:00 PM
| QUOTE (Piratevirus @ Jun 11 2004, 06:27 AM) |
| can anyone let me know what program u can use to change the file that the set BIOS boots? And what hex editing program do i use to edit the xb0xdash.xbe to look for f0nts? |
XBTool, and, XVI32
Post by: nebur on June 10, 2004, 10:52:00 PM
nebur
Post by: Angerwound on June 10, 2004, 11:28:00 PM
| QUOTE (nebur @ Jun 11 2004, 07:52 AM) |
| ok i fixed it. i just had to set the time and the games up and launched. this worked for manhunt and a few neogeo games my emus werent running. have to reload max payne 2 to make sure. set your clock gents that seems to fix the hassle. nebur |
Or just run a dash such as Avalaunch that will automatically set your clock on boot if not already done so.
Post by: fatbastard911 on June 11, 2004, 01:31:00 AM
| QUOTE (brodskive @ Jun 11 2004, 07:45 AM) |
| How did you make this setup??? I want to have mine like this too |
Ya, That is exactly everything and every reason why I have been reading all these posts for the last 3 weeks! Anger... Could you plese explain how you did this and what files you had used?
Post by: PedrosPad on June 11, 2004, 03:18:00 AM
| QUOTE (PedrosPad @ Jun 10 2004, 12:21 PM) |
| Although it now also appears that if the clock isn't set, the BIOS also no longer attempts to boot d:\default.xbe from the DVD drive. Hence the reason peoples game sav exploits are failing them when the clock is unset. |
| QUOTE (PedrosPad @ Jun 11 2004, 07:28 AM) |
| By definition, if you're able to use audio exploit, your clock must be set. This is no longer guaranteed with the UDE. Could be these games are clock sensitive. Just a thought. |
Grospolina, rmenhal,
In view of this, would it be possible to read the clock state and determine if is unset, and set it only if necessary, within the bert_ate_ernie.xtf font?
Maybe the clock state could be read by a BIOS call, or directly from the clock chip. The Bert and Ernie Reloaded fonts set the clock with the code below. Surely there's a reverse of this that'll read the clock state from the clock chip. (This strikes me as a lot more reliable than trying to locate the BIOS passed argument.)
| CODE |
%ifdef RELOADED call reset_clock ; Data section clock_data: db 0x50, 0xFD, 0x38, 0xED, 0x12, 0xDD, 0x05, 0x04 db 0x07, 0x03, 0x2D, 0x02, 0x70, 0x00, 0x40, 0x50 times 48 \ db 0x55, 0xAA db 0x40, 0x40, 0x4A, 0xE0, 0x42, 0xC1, 0x40, 0x40 db 0x43, 0xC2, 0x40, 0xD8, 0x40, 0x3D, 0x7E, 0x20 ; Code section reset_clock: pop esi ; get the offset for the data mov cx, 0x0080 ; initialize loop counter mov bx, 0x0000 ; byte counter out_clock: mov dx, 0x0070 ; set port to 0x70 mov al, bl ; get byte count inc bl ; increment byte count out dx, al ; output byte count to port inc dx ; set port to 0x71 nop ; wait nop ; nop ; mov al, byte [esi] ; get one byte of data inc esi ; point to next data byte out dx, al ; output byte to port dec cx ; decrement loop counter jne out_clock ; loop until finished %endif |
Post by: noselessmonk on June 11, 2004, 04:08:00 AM
.
Post by: Grospolina on June 11, 2004, 06:21:00 AM
Anyways, I'd rather use the code from Bigfonts than from Reloaded. It uses kernel function calls, instead of manipulating ports directly. It also has code to check if the clock is set.
Post by: Angerwound on June 11, 2004, 08:09:00 AM
| QUOTE (brodskive @ Jun 11 2004, 08:45 AM) |
| How did you make this setup??? I want to have mine like this too |
I used a modified version of bert_ate_ernie.xtf that makes calls to the tray state. If someone can confirm that it would be alright to post code for it than I would have no problem posting the ASM....
Post by: rmenhal on June 11, 2004, 08:47:00 AM
It still boots E:\default.xbe, but I put some extra space after the filename (the 12 zero-bytes can be replaced). That makes it easy to hexedit it to boot from whatever location. Since some people seem to have an extraordinary ability to destroy contents in their E drive, I recommend putting everything necessary to boot the system into C. So, for example, replace "\Device\Harddisk0\Partition1;default.xbe" with "\Device\Harddisk0\Partition2\boot;boot.xbe" and put the booting executable to C:\boot\boot.xbe.
| CODE |
begin-base64 644 updatefonts-clock.tar.bz2 QlpoOTFBWSZTWavCkHoAKTF////////////////////////////8jogYq23K zYi97Uzd4CT/dwAAAAAAAHAAAAIAAAw68DABs+hKlcGztjjl3bqUYWzjundA p3YOm246JUBbDKqqk2ySVZtZxELdzqguASAAAAaAaAAA0ABo0AAAyAADRoAG ho0AAAAf+/VVUAAAAAADRk0CCADQMgyADTIAAAA0BtRoAAA0AAAAyYCaGgNG gP//VVSYTIGTQaAA0AyZGgaRJNEamm0ZFNqeU36T9U89lU/0RU/NSh71UTJn 6ogjRkAyNAANAABoaAAADTRv/1SpAAaP1QAAANAAESSEpqYbU9TKeTHlT/9+ hTVUntJKfoahknlNk0anppBphMTamaEBtTRoxDEGQNGhiMgDCMAEZGEGmmIA NBjJKBMCeImEzR//+pQqqf+nqqn6gBMDR/qommJiNNMmmmAAIMAAANRgATE0 wCGIxGBMmEwATAh6CRJAQIBTDQnppk9qjNT9Um9QxP1TKp/6o2lPVP2poFP0 jUekeU9Ie1GKeo9TaQNANA0NMg0PRBo9Q0PUAaAA0Ggaek+jKU2Ko9P1vg+v 1b/WOx9M6Ceo0L3aAPotTsPn/K/U+d7fz/3vc/l/p/t/x/j/T/Gz33afe+/t DvnEQH5HAFe4FAGe4qRlZlt5Nt1+xPPyuXzNFObjcdj8hkclk8TGZTK5bL5j MxsDNZuOzmdgQMRns/oI7Q6LR6TS6bT6jU6rV6zW67Xx+w2Oy2e02u22+43O 63e83u+3/A4PC4fE4vG4/IkJHkyUnKSclKy0vMS/KmJnl8zmzXO5/Q6PS6c3 1OrOdbr9iV7Pame2ne5PT9BO0PdoqPvd/wUXh8VJS+Om8lJ5QAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAACIiIiIiIiIiIiIiAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAER EREREREREREREQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAABp06dOnTp06dOnTp06dOnTpZmZmZmZmZmZmZmZmZmZmZmZmZmZmZ mZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZ mZmZmZmZmZmZmZvA8Ai79xEB8bwA8D8bmDi+b1wf8P7b7f4wTTCkTQvmfDmn DMxV+1T9nLETgkAkg+M17bIEMfaN3vxdX3G/9f6juvOdzr9t2fS5s45d3d3d 3d3d3d3et3d37VorFZvHg+DmzXd3d3d3d3d3d3d3d3d3d+ivXOtzaSSSSSSS SSSSSTkkn+9Vh7YxjGMdCtsVVJJJJJJJJdBJJJJJJJLr6/I9b1nZfT8XJJJP sp1ckknkJJJJJJxySYAAAAAAAAAADtq4/C8H21dVJJ1Ukkkkkkkkkkk45Jzc X1eTo9Zs23zm222230G2222+RtvoHEAAAAHjwAANbW1tbla2trZV1PTPhflm MTGHx934Cp6DMjVd4ZEQQkrhnx20xiYfYGu3wXmThUEMWFiJvSKiTPBQkQBe GlOTi2B+B+kM8DAJhhWleWex3wNQvL1mnwBOR61NJolKpGSmJ5KVZFY2MKiL /xelSUE7q0EabbSD1GkGmwPcNEzqHMQydpjbYNIJcfjqIBkp4hBQ2w9T17rr rrrrrruPd4d3Luuuuuuuuuuuuuuuuuu11vPY+RzB/pbpabhtnKOx1SYin5G9 8SMMvEwSzvXmzowP2GTlVUodReKcuhATirJ62HQ+TOUV0MlpRSYpiK3elBTR KuRc4qgoU4Qr2jDcpTEMvsVE5NELpb0+CjPz5XtrO7OFSrprwKrBxsUtTSm0 I+Xhz8NeLAjVphafejE9J4TVxYORpSoKKiqm9Kj5WrSdvt3uHPPz8/TifkZq G2QTUcv8nt8r2u32OK/fcEYndbV1jhxA4BcMMMMJcPDCzDDc4uGGGGGGGGGG GGGHGw77vvP1WMYqugAAAABzwAAAADta7/i4EkkkkkkkkkkkkkuRLOc5znOc 5znOc5znOcgAbhrEkkkkkkkkkkkkkmnkn/tVqfySSSSSSSSSSSSSSSSHkK/Y 5ySSSSSSXj0kkkkklxpKwAAAAAAAAAAOEAAAAAAAAA4wOWptWKxiqSSSSSSS SSSSSSSSS9ZOJJJJJJJJJKlKUpSlKU09KUAAAAANXAAAADTgAAAZznOc5znO fJ/T4kkkkkkkkkkkkkkuNJZznIAAAAauAAAM5znOc8ec51jFYqvpbYxXh7ej 2xWKqpJJJJJJJJJJJJJJJPZcIAAAAAAAABxgZAAAAAaTWAAA02c5znOc5znj znPa48qkkkkkkkkkkkkkkklzRclJMsTAPrA3TvmUyUcVXkLiVXY7U9SDqn3w iuh1sgiXETEva7hsFI5xtXgnmqGTIsoj30QX3oXioMldTL55A87uQJTsJ2Xh LzJaY3PKWLa7vieZ3cNHm118jDixcbk16t7wtWenFpZ2IOVGLwvLz85xTW8U 9Xku/nueSlRNRKvA6HRDlFEtOadTz6eD8GKr9Lzpalbw4dXs4qtH+Lf39/f5 vM0d/f5+/v7Onv5ZZZZZZZZZZZZZZZZAAAAAEoAAAAAAAAAAPgeYqsYxVJJJ JJJJJJJJJJJJJd7QAAAAAAAG3t7e3t7e3t/t4/i3D6A6Qe8PFXamHvhCEIQh CEIQhCEIQhCEM+fPnz58+fPnAAAAANt+1uV81a1bbbbfVtttttttttvu67yn htttttttttttttttvp106rz3zZJJJJJJJJJJJJJJJOu6PlUkkkl4xJJJJJJJ JJJLtqx4m222KFY0B51g4G4gahQ++SgA4Bpttj4IgGMTaFOmKHwOBpDYILLL LLLLLLLLLLLLLLLLLLLLLLLLLLLLLNfpvnnv/NhNDxptjY2m0mNRjgAeHCp2 MOJ4hCEIQhCEIQhCEIQhCEIQhCEIQhBdzuf58rsejxBUOvxPAqAdrdwiIiIi IiImwiIiIiIiIiIiJ427sRsXWExIlcNsmTk2225OBtwyW5O2Grjx3ve973ve +v3ve973ve973ve9732LDHCSSSSSTYJIAAAAAeF3dY6eOp3m2LrFbbeX37sY 523ieK23cNc7FVxd2pAw7MwH6dfoROiYzP4BUoFS1O+hgISv51fUz6AdlDxq luDXHf+M3xYxrD9E5znPZn1c5zntTnOc5znOc5znOc+p1PndzY6LyGPasJzp KRNsKn1Zvta5jnlPSVBaTqaQoeY+bf6moBqDADOOF4U5znr8Cc5znOc5znOc 5znOc5znPJPw+UOHLLyVQHMJwlIWDVzy5Ikqqq7xVVVVVVVVVVVVVVV6PR6P J4hHPsgSOBgEPGOFbDZjJQidoNdoEQ98ZmePfGZmZmZmZmZmZmZmZmaxFqA7 Hj6nNxckZbMdpawm8tUa+p3WsQxSlKWpKUpSlKUpSlKUpSlKUpSlKUpXBPLW gsw3HB3HDhU/cK9ERE1URERERERERERETl5eXl5eXWK1rmxu2rbqY7y7u7u7 u7u7u7u7u7u7u7u7vWubG7dWNtbtrpXd3w3d3d3d3d3d3d3d3d3d9lddKuz4 ODp93VcPDtjWta4ta1rWta1rWta1rWta1rWta12fS8xVdTdJJJJJJJJJJJJJ JJJ33mvA8Hrtu38jXDnp9lfyuz1hvHa43rnP3uuiIibCIiJtb/fIiIiIiIiI iIic4EclDEjuJEIbS6Y4gAcIhOSQmApL6bqsVwYxivtq2rFV29bVVYxuu7u7 8Zd3d3d3d3d3d3d3d3f4Nd/XnG22222222222222285znOQAAAD/Mkkkkkkk kkkkkkkkgAAAAAAAAAAb1suGhxmGowrWta1rWuv1rWta1rWuuuuuuuuuuuuv mLTsO9F30TGkIiIiIiIiIiIiIiIiJZZZZZZZ0w9hgkeKMEbTBBzNqEuf19xu Qgv/+wiBIiInVIiIiIiIiIiIiIiImREuFvTXjPCc5zu4Dx3w1TMzMz3xmZmZ mZmZmZmZmZmZ8zrPnjkCrNzRmzZru7u+ru7u7u7u7u7u7u7t/y10N3R2xt5T tseqq7u7u8ccccccccdjxxxxxxxxxxxxxxx0gAAaUBnOc5znL8vycu3SrdUk nOkkkkkkkkkkkkknMAAAAAAAAAAHcYAAAAAAAAAADt8ViqxfJryNcOMYrA3u fim22/Gtttttttttt+9qciSXCkkkkkkkkkkkkkuur3tY62q1VPyW227DbfE2 345t89ttttttttvlrvJ3Wd20knDJJJJJJJJJJJJJOfnOc5zkAaUAAfBrP0bX m4LDbsPv4bjh/PN8Pw6Ojo6Ojo6Ojv379+/fv379+/fv379+/fv1v3798r/N JJJJJJJJJJJJJJJLua7GvWV9p5Km2+F9U222222222222+qGeNFjbEjYYiGk jqjDKwLBpZRoCQ6QeAQd0A55EAOX/lVVVVVVVVVVeKqqqqqqqqvNzfb119fF 6ld3jau2x4Vdhi7u7u7vn3d+Ou7u7u7u7u7u79Tj4uPzsYbbbbbbbbbbbbbb bb5Osr9vpJcSSSSSXPSSSSSSSSS5O1rs6+i3xNtttttttttttttvuJ578bo7 cJrWtcOta1rWta1rWta1rWta1rWta9JdedbbbbbbbbbbbbbbbbznOc5znIAA APvZsM2GGavG6GhoZsNDNhoYaGHAaGbVs2G1Yxu4MYxWJJJJJJJJJJJJJJJJ PY8vdV4NSSSSSSSSSSSSSSSSeHvrxPO4+96NcXBtW7HDXFTw+pzyJ+IOAxYu FyYQhCEIQhCEIQhDgQhCEIQhCEIQhAAAAAAywzZ8M1KUpSlKUpSiSSSSSSSS STwAAAAAAAAAa2tra2vrgWEbtpCXfRtQeqrirxD2SoZvzJein2yFVX+AFZzk i8fdfij2JKdrgXXwq8mLFfPiUtzmcU5wB9doGpNTN6DGhmlGke2KFEvsT35o 6IkHGVZURu7u7u7u7u7tKU2acelKUpSlKUpSlKUpTuytG1yASWguV1OoCLGO iLnB3R/hhtSTwJnU7xakpNIXbwCG5W2222222222228a2222222222222222 23N20H2RukIBZmgO0MSMYj7nMpB9apyFbUcz00beaahVitdbJYCjrJ9fcJ50 MqDR3tRT1BsCobAd1es8nEROAICc5znOc5znPjTnOc5znOc5znOc5z5qOcNr nve4VAgL3OBE9HQJwc45EOvA4wiplSRkaArJJbAxF4QUXlfGXxwLCQUQisiI tUiHPjGMYx38YxjHw3EjGMYxjGMYxjGMYx7vnjkuk/co1lJonT5EyFycZ0ex zE1VVFbowThNgoe4X2HwlVfw0lBWrjYJGIoEoFSBgxJN/hF6hFpuIbaGmINo 9aLBJhMoFCTSq6BScE5Q2ewiA62ExSV4GBggoTZJH5BqVHg8INJdc0uQlIJj 0hgzeM4p8fwtSY0rvPNIkLSWjiNFK97zBy+6LiKha5pheL5qnJRANQoxCmFS uWaZzj681OI01z62+XAaQwvzZs2bNsZs2a/pcbaxambNmzZs2bNmzZs2bNmz Zs2vze4hkdddTegOhtuE11x2IiIiIiIiIiIiIiIiIiIiJDpivsjIDEWXLly5 cuXLrWta1rWta1rWta1rWta16723W48DbFVjtK9B6Dvq28nzuGvN+HuxVJzI 8EpHO8pzq0nwsULyWdN1TRCJwTJdiLbbbbbbc6222/bnW222222222222222 226O8+HnSkNNtsG22JsbZI8YeUW8HwVRMvLKgn8rvy4i5ekpJpMC/5HCd4wY V3I6hwkh4C8jBoFFJUaRLhM8qMuXLly5cuXLly5cuhlz58+fPnz58+fPnz58 +fP7cfv7bwnXESOIe/DiHJMzMzMzMzMzMzMzMzMzMzM+3BDj8NzwRB7iJ7iJ 7nB3CDgQqJEIEN8Q+n2dbzFQzrFCW41MNCRjx48dePHjx48eA+EZmZmZmZmZ mZnnIEZi4nCW3uDi4yLtBIAeI7MDU7y8O+deWIkIrbXskYplVQ0qFwUeWMND EYMmTJk1MmTJkss4PE31lllllllllllllllllnI2RN464C0Dl22Xch+rIFFx EMpMEA6KKxFG0AFXNR5wQ8VBeLjJkyZMOTJkyZMmhZxbLLLLLLLLLLLLLLLL LK+oEe52ZxBwyh6QCFVjxh9VRVSlIIJFgMVFPRqFAmSrJyRW4qJSkJprvVSG 8VVVVVVVVVVVVVVVVVVVVVdwXDseE/pkOXy3AFYjtLa8blxEX9faWseUzrcF 9kTm9vFQQu6YlwdvdZOuESmMNB4oJo0QOMSpJT+ebwcZTJJaTjjm5ubm5ubm 5xtzRo4HHy6NGjRo0aNGjRo0aNGjRo0cEq+c4hzCe8g5/Ifz8VQItQCHQcgG o8ryvIsWIWYgCJVVVVVVVVdpVVVVVVVVV5ubm5t+AAAAAAAAAAA/R7XtKrs6 7SuC6nkE66007FqpzinEmoZZtTEpt7NtG6lN74wGIkl1Q5VWviGu8ETnPBPD wOrHVPAGIW22222222228G22222222222222222223sCA2QozVPD9D6gRDEM oDjWqp2rqECxkBCE6YSDoA0pkyBpHSfF0iDaHgAO0jCTQTKoEp6EiqbAAZCC sc1EMZuOgJlCgTcC1sYcWt43ogP1XDGW/GtUWJ5EQF1111111111113W3XXX XXXXXXXXXXXXXXen2QSSJ0MW9duagIYsbnyd2T+a/FZvX7y0Vaw37x6ZaTCw JHSnRExSdNCksA0E4YCJumKkzgnKSitBVMDhROOkK6TYL571ditXkpittPAZ x4l999999999+zfwL777777777775X3333+Kx/XLaLyg5D8wvA8EXDoZh8RJ dgO8HS+l9p/5goPFOfAcRoAl4/76mOJ55Tj9nxtXv7tKUpSlKUpsUzUptUpS lKUpTPSlKUzERF2I5z3B1ddddddbbbbbbbbbbbbb83iqpdzXlMcFYxJJJJJJ JJJJJJJJJJ1vSruK2xtW22N1bVVbVu3btrqcGGTDYQoHExIZKIQxylAQxjGe cEEDcQQuh2vkMvldXsCsAGsBUN2UpS3spSlKXDlKUpSlKUpSlKW3t7e3t7xr m9skpDG8zJEzIGjVDbEtnZ2dnZ2dnZ2b2zd3d3d3d3d3d3d33tdztjo13uJJ JJJJJJJJJJJJJJPuaqvtdqqvZ1tVYxVU22222222261rWta1rWtagAAAAFZJ JJJJJJJJJJJJJJAAAAADSaiSSSSSSSTTSSSSSSSTk5JIAAAAAAAAB676nY11 P/fA1rWta14vWta1rWta1rWta1rWta1r0W9JJJJJJJJJJJJJJJIxivG7VVVV V8vbFVXP9m2222222231j69tttutagAAAAH9+g+bDTeza1rWta1rWta1rW2G 1rWta1rWta1gAAAAD80kkkkkkkkkkkkkkkgAAAABrfS6XVcRm1NrWta1rWta 1rWtsVrWta3ZSSSScwAAAAAAAAAAGPW/5bv+tsabSR7jAR/I/UYDYVDEf/MB fFYj9ZiMrSA/3GMYxjGMYxjGMeJGMYxjGMYxjGMc2TJkyZMmTJkyZMmTJkAA B7/7+W63mvl3v2r3ve973ve973ve973ve973ve973AAAAANrkkkkkAAAAAAA O/qqxVVjGKoAAAACSSSSSSSSAAAAAG2AAAAAAAAAAAYrFVVfv7YxikkqUpSl KUpSlKUpSlKUpSlKUpQAAAAAAAAAAAAAAAC0kkkkkkkkkkkkkkkgAAAAAAAA AAUkkkkkkkkkkkkkkADGKqqpbYqsJJJJJJJJJJJLsOwrsMVjGA53K0o78wIA maBe7NCEkE3qwhJBx+f6P0AdPof5FIhAfJYg43kdr5swJIMNfTkCSD5exy5I QlnNsSDB5lUgO60CCZpCCUHV+okgQhKTABJBNeZfZ9Uyhnos/DZ8xmZnvGfV s+kzhZ/uzhZ5LPdaEktr+gBAJIPD/VWpwa3NqBAclgJH5WqE5QAgEkHnSAJx AvPYhC+hOj3uDw6eyeP5pw0/U//F3JFOFCQq8KQegA== ==== |
Post by: krayzie on June 11, 2004, 08:55:00 AM
Post by: Angerwound on June 11, 2004, 09:24:00 AM
Post by: Grospolina on June 11, 2004, 09:42:00 AM
I guess that "someone" would be me. Yeah, go ahead and post it if you want.
However, how do you get it to boot retail dash 5960 again? Do you have to use a script to rename the fonts (or fonts folder) first?
Post by: krayzie on June 11, 2004, 09:45:00 AM
| QUOTE (Angerwound @ Jun 11 2004, 05:48 PM) |
| Beautifully done job, before I post the code for the tray selection fonts, I will see if I can't include the code for the clock update as well that way it's an ALL INCLUSIVE font, or anyone that already has access to the tray selection fonts feel free and update them yourselves...... |
What purpose does this tray state font have? I asume you still can't go live using the msdash so what would be the difference between that and just a link from the dash your're booting?
Post by: Grospolina on June 11, 2004, 10:32:00 AM
I didn't think that this served any useful purpose, so that's why I didn't release it to the public. It looks nice though, since the LED turns orange when one is booted and green when the other is booted (red makes me think there's an error).
I suppose it could be useful for running Crimson Skies, if you can't get EvoX 3682 (is that the right number?) to load it.
Post by: Angerwound on June 11, 2004, 11:18:00 AM
But on my other box I have it booting back and for the between the 5960 and PBL/AVAlaunch so I can access my video settings and the bit of music still catalogued by the st.db.
Post by: anjilslaire on June 11, 2004, 11:38:00 AM
Post by: Angerwound on June 11, 2004, 12:38:00 PM
| QUOTE (anjilslaire @ Jun 11 2004, 08:02 PM) |
| Can you detail the location & names of the files that are booted by this font, Angerwound? I like tthat setup myself, and would appreciate the code with the file details. |
Well it matters what you want to boot with the tray open. If you are wanting to boot a dash above 4034 your going to have to have it patch the public key and launch a HABIBI signed/Hex Edited retail XBE. (Same setup for XDK boot)
If you are wanting to go the Pre-Live dash route on Tray Open sequence then no patching of the public key is necessary and a 'clean boot' can be accomplished.
I've just about finished up adding in the clock setting routines as well, everything is working okay just adding in a few notes to the ASM code and will UUEncode them and post.
There are a few drawbacks however, LIVE still is not accessible.
Another thing to note, when trying to launch games (retail/backup) from the Retail dash you will recieve an error 21 unless you want to see PBL booted before you hexed dash. Therefore, you can have access to a 'clean' pre-live dash or 'dirty' post-live dash but no game launching is possible. You must reboot into your TrayClosed state for all title launching.
This post has been edited by Angerwound: Jun 11 2004, 07:43 PM
Post by: Angerwound on June 11, 2004, 01:34:00 PM
Clock becomes set to 6/6/04 00:00. Depending upon timezone, you results may vary.
===================================================
BERT_ATE_ERNIE v.1.4
History:
V.1.0 - 2004-05-22 - rmenhal - First release
V.1.1 - 2004-05-25 - rmenhal - Enlarged to work with more kernels
V.1.2 - 2004-05-26 - Grospolina - Reformatted
V.1.3 - 2004-06-11 - rmenhal - Auto ClockSet routines added.
V.1.4 - 2004-06-11 - Angerwound - TrayState Decision Making added.
Current Features:
- No Clock Loop: Old fonts would become stuck within a loop not allowing a XBE to
be launched. Problem Solved.
- TrayState Decision Making: Depending upon state of tray, two different XBE's can
be launched at boot.
- AutoSet Clock if out of Range: If unplugged for periods of time
the clock will reset itself. Box will still boot because of Clock
Loop already being solved. Although, games will not boot prior to loading a dash because of the clock not being set. Problem Solved.
Dual-Habibi.xtf: This font file will launch the following:
Tray Closed: Habibi-Signed E:\default.xbe (PBL)
Tray Open: Habibi-Signed C:\msxboxdash.xbe (Hex-Edited Retail Dash or XDK)
Closed-Retail.xtf: This font file will launch the following:
Tray Closed: Habibi-Signed E:\default.xbe (PBL)
Tray Open: MS-Signed retail XBE (D: 4034 and under; Post-Live Vers. will not work
because they attempt to use c:\fonts\bert_ate_ernie.xtf)
Access to retail dash is only for video settings and music collection within your ST.DB file
Titles can not be launched from the retail dash unless PBL is launched before hand.
Source has been included. If you would like to change the Path/Partition/Filename of files being launched edit the source and compile with NASM. Included both types of XTF's for those of you without NASM.
===================================================
This post has been edited by Angerwound: Jun 11 2004, 09:36 PM
Post by: anjilslaire on June 11, 2004, 01:54:00 PM
I like the idea of booting to a M$ dash, for soundtrack/mem card access , then be able to launch my choice of nonM$ dash, but with the stability of ude. Actual Live access doesn't concern me.
I guess what I need to figure out, is how to hex a M$ dash to rename the LIVE tab and let it launch my choice of *.xbe.
Any suggestions?
EDIT:
posted before I saw the new fonts above :P
I'm guessing the dual-habibi would work close enough. Tray Open, it boots to a post-LIVE dash, correct? Tray closed, it boots to pbl/whatever. Perfect. I just want an easy way to boot either. Great work, Angerwound!
This post has been edited by anjilslaire: Jun 11 2004, 09:01 PM
Post by: Angerwound on June 11, 2004, 01:59:00 PM
Post by: krayzie on June 11, 2004, 02:02:00 PM
Also a smal point on this statement from angerwound:
| QUOTE |
| AutoSet Clock if out of Range: If unplugged for periods of time the clock will reset itself. Box will still boot because of Clock Loop already being solved. Although, some games do not like the clock not being set and will not run. This solves that problem. |
I don't think this was the main purpose for the autoset code. The problem was that when the clock is dead the xbox doesn't load retail games prior to the xboxdash.xbe anymore. So when something fails in the ude/pbl bootproces there wouldn't be a possibility of loading a gamesave exploit. The autoset clockfunction now solves this.
Post by: Angerwound on June 11, 2004, 01:38:00 PM
| QUOTE |
| EDIT: posted before I saw the new fonts above I'm guessing the dual-habibi would work close enough. Tray Open, it boots to a post-LIVE dash, correct? Tray closed, it boots to pbl/whatever. Perfect. I just want an easy way to boot either. Great work, Angerwound! |
Your correct but be sure you hexedit your post-live dash to read fonts from a seperate location.
| QUOTE |
| I don't think this was the main purpose for the autoset code. The problem was that when the clock is dead the xbox doesn't load retail games prior to the xboxdash.xbe anymore. So when something fails in the ude/pbl bootproces there wouldn't be a possibility of loading a gamesave exploit. The autoset clockfunction now solves this. |
Yes, forgot to add that bit in the readme, was throwing things together too fast. - will edit post though. Thx krayzie
Post by: Angerwound on June 11, 2004, 01:42:00 PM
| QUOTE (anjilslaire @ Jun 11 2004, 10:41 PM) |
| Such as c:\f0nts, as originally instructed, right? |
That is one possibility, I still prefer leaving all fonts in the c:\fonts folder just renaming the original fonts to .ftx rather than .xtf. Keeps things a bit tidier.
I also noticed I stupidly called the second font closed-dash.xtf this should more than likely be named open-dash.xtf. But it doesn't really matter I guess since the boot precedure is explained.
Post by: anjilslaire on June 11, 2004, 01:56:00 PM
rename c:\fonts to c:\f0nts
rename & place dual-habibi.xtf to c:\bert_ate_ernie.xtf
Put the appropriate 4920 update.xbe on c:\as xboxdash.xbe
Hex my post-live dash to point to c:\f0nts, and rename to msxboxdash.xbe
Just trying to get these adjustments straightened out with the "normal" ude instructions, lol
Am I close?
Post by: Angerwound on June 11, 2004, 01:57:00 PM
| QUOTE (rmenhal @ Jun 11 2004, 10:48 PM) |
| They set the clock to 6/6/04 00:00 GMT. The time you see on your dashboard depends on the time zone setting. |
Ahh okay, was wondering why it always kicked em to a dif date/time. Either way, excellant job.
Post by: Angerwound on June 11, 2004, 01:58:00 PM
| QUOTE (anjilslaire @ Jun 11 2004, 10:56 PM) |
| So I: rename c:\fonts to c:\f0nts rename & place dual-habibi.xtf to c:\bert_ate_ernie.xtf Put the appropriate 4920 update.xbe on c:\as xboxdash.xbe Hex my post-live dash to point to c:\f0nts, and rename to msxboxdash.xbe Just trying to get these adjustments straightened out with the "normal" ude instructions, lol Am I close? |
Exactly correct. Any problems post them up.
Post by: Jace_100 on June 11, 2004, 02:53:00 PM
Is this normal?
Post by: Angerwound on June 11, 2004, 02:57:00 PM
| QUOTE (Jace_100 @ Jun 11 2004, 11:53 PM) |
| does it take a while to boot up the alternate dash for anyone else? When I turn on my Xbox it goes through all the MS hoo-ha then it gets to the PBL 1.4 screen and hangs on "Booting USB" for about 12-15 seconds then pops me into EvoX. Is this normal? |
Which version of ude fonts are you using?
Post by: ldots on June 11, 2004, 03:03:00 PM
| QUOTE (Jace_100 @ Jun 11 2004, 11:53 PM) |
| does it take a while to boot up the alternate dash for anyone else? When I turn on my Xbox it goes through all the MS hoo-ha then it gets to the PBL 1.4 screen and hangs on "Booting USB" for about 12-15 seconds then pops me into EvoX. Is this normal? |
Try unplugging your controllers and see if that makes a difference.
Post by: Jace_100 on June 11, 2004, 03:14:00 PM
Thanks for all the help!
Post by: whatever2k4 on June 11, 2004, 06:31:00 PM
In my C drive, I have:
f0nts folder ( renamed from fonts )
xboxdash.xbe ( from slayers 2.5 update.xbe )
xb0xdash.xbe ( renamed from my original, hex edited to look for f0nts\... 2 occurances )
bert_ate_ernie.xtf
evox.ini
default.xbe ( renamed from evoxdash.xbe )
4920 dash, 3944 kernel.
Post by: _Cold_Fusion_ on June 11, 2004, 07:27:00 PM
| QUOTE (whatever2k4 @ Jun 12 2004, 01:31 AM) |
| This would be my first soft mod and I think I got UDE to work, but just need to verifty something. I kept getting an error 21 screen, until I renamed the evoxdash.xbe to default.xbe in the c:\ drive. Was I supposed to do this? In my C drive, I have: f0nts folder ( renamed from fonts ) xboxdash.xbe ( from slayers 2.5 update.xbe ) xb0xdash.xbe ( renamed from my original, hex edited to look for f0nts\... 2 occurances ) bert_ate_ernie.xtf evox.ini default.xbe ( renamed from evoxdash.xbe ) 4920 dash, 3944 kernel. |
yeah you got this because after PBL had loaded it didnt find anything to load.
a bios doesnt look for default.xbe on the c drive it looks for dashboard names.
also just going to say that i got this working first try on my friends xbox! (v1.1 PAL) im going to do this on another one soon.
Post by: whatever2k4 on June 11, 2004, 07:52:00 PM
| QUOTE (_Cold_Fusion_ @ Jun 12 2004, 02:27 AM) |
| yeah you got this because after PBL had loaded it didnt find anything to load. a bios doesnt look for default.xbe on the c drive it looks for dashboard names. |
So, what should I do to correct this?
Edit: Problem was the xboxrom.bin file that came with the UDE package was set to look for C:\default.xbe. Easy fix.
This post has been edited by whatever2k4 on Jun 12 2004, 04:20 AM
Post by: GJCD on June 11, 2004, 07:57:00 PM
| QUOTE (Angerwound @ Jun 11 2004, 09:02 PM) |
| Well it matters what you want to boot with the tray open. If you are wanting to boot a dash above 4034 your going to have to have it patch the public key and launch a HABIBI signed/Hex Edited retail XBE. (Same setup for XDK boot) If you are wanting to go the Pre-Live dash route on Tray Open sequence then no patching of the public key is necessary and a 'clean boot' can be accomplished. I've just about finished up adding in the clock setting routines as well, everything is working okay just adding in a few notes to the ASM code and will UUEncode them and post. There are a few drawbacks however, LIVE still is not accessible. Another thing to note, when trying to launch games (retail/backup) from the Retail dash you will recieve an error 21 unless you want to see PBL booted before you hexed dash. Therefore, you can have access to a 'clean' pre-live dash or 'dirty' post-live dash but no game launching is possible. You must reboot into your TrayClosed state for all title launching. |
Is there a way to boot retail/backup with the MS Dash?
I already habbibi sign a game and it doesn't boot or go to error 21 as you said.
I'm asking this because I would like to lauch for instance Crimson Skies.
BTW, thank you for job guys.
Post by: Angerwound on June 11, 2004, 06:37:00 PM
Post by: PedrosPad on June 12, 2004, 01:11:00 AM
(Now if we could come up with open source versions of the previously mentioned file renamers, for execution based on the tray state, we'd gain access to XBOX!Live and reach the original vision.
) Edit: The 'tray open' dashboard renamer would need to reboot once it's renamed the M$ Dashboard back to be boot dashboard, to restore the M$ signature - (will be reversed later by the EEE)
Post by: PedrosPad on June 12, 2004, 01:22:00 AM
PPS. The idea of the C:\UDE folder was just an after thought to keep all the exploit files tidied away - PBL+BIOS, etc. could also go in there.
PPPS(?). and I realise I can do this myself via hexediting
.(They give the man an inch, and he takes a mile
)
Post by: PedrosPad on June 12, 2004, 01:26:00 AM
Edit: Althrough XBINS happily hosts other XDK built XBEs. I see a new UDE!Live package in the making. prompt...prompt...
Post by: GJCD on June 12, 2004, 03:36:00 AM
| QUOTE (Angerwound @ Jun 12 2004, 03:37 AM) |
| I haven't attempted this but in theory I guess you could launch a habibi signed XBE from the Hexedited Retail dash. |
I tried and you can't launch any game or DVD Movie with the MS Dash that loads with the tray open.
At least at my XBOX
K:5101
D:4920
Post by: gronne on June 12, 2004, 01:58:00 AM
Post by: ldots on June 12, 2004, 02:02:00 AM
| QUOTE (PedrosPad @ Jun 12 2004, 10:26 AM) |
| I see a new UDE!Live package in the making. prompt...prompt... |
Still, the biggest task is not finding a way to access Live in an umodded state. Problem is to find a suited backdoor to return to the UDE state, one that could survive an update on Live
I dont see the Easter Egg surviving the next dash update. The audio/DD hacks are also sensitive to updates.
Post by: rmenhal on June 12, 2004, 04:12:00 AM
| QUOTE (PedrosPad @ Jun 12 2004, 10:26 AM) |
| Slightly more seriously, I have looked into the file renaming myself, and too realised that, surprisingly, there no obviously name BIOS function to do this. |
Such things can be done with NtSetInformationFile(). Google for it. ZwSetInformationFile() is the same thing and Google finds more. Sometimes the structures have been slightly changed/simplified for the Xbox kernel so peek into OpenXDK header files too. It would go like this:
NtOpenFile()
NtSetInformationFile()
NtClose()
Post by: xecuterbox on June 12, 2004, 04:49:00 AM
| QUOTE |
| It works as good as my modchip(which is crap btw). Congratulations master's!!! |
IMO this works better than any modchip pon the market hehe
btw what do i hex to make the double boot from angerwood load c:\ude\trayopen and c:\ude\trayclosed
xbes
thx
Post by: Angerwound on June 12, 2004, 08:38:00 AM
BTW, the purpose of the version numbers i threw into the history was to help people differentiate between which BAE they were using.
This post has been edited by Angerwound on Jun 12 2004, 03:43 PM
Post by: PedrosPad on June 12, 2004, 06:53:00 AM
| QUOTE (ldots @ Jun 12 2004, 11:02 AM) |
| Still, the biggest task is not finding a way to access Live in an umodded state. Problem is to find a suited backdoor to return to the UDE state, one that could survive an update on Live I dont see the Easter Egg surviving the next dash update. The audio/DD hacks are also sensitive to updates. |
All true. The only 'update' safe exploit is the game sav, but then EEE works for now!
Post by: PedrosPad on June 12, 2004, 06:58:00 AM
| QUOTE (rmenhal @ Jun 12 2004, 11:12 AM) |
| Such things can be done with NtSetInformationFile(). Google for it. ZwSetInformationFile() is the same thing and Google finds more. Sometimes the structures have been slightly changed/simplified for the Xbox kernel so peek into OpenXDK header files too. It would go like this: NtOpenFile() NtSetInformationFile() NtClose() |
So that's how you rename a file! Cool. Ta. mate
Post by: PedrosPad on June 12, 2004, 12:58:00 PM
| QUOTE (Angerwound @ Jun 11 2004, 09:58 PM) |
| For those of you that want to have a Dual-Path Boot and AutoSetting of Clock features within your Bert_Ate_ernie.xtf's here you are. Readme explains boot procedures. Clock becomes set to 6/6/04 00:00. Depending upon timezone, you results may vary. =================================================== BERT_ATE_ERNIE v.1.4 History: V.1.0 - 2004-05-22 - rmenhal - First release V.1.1 - 2004-05-25 - rmenhal - Enlarged to work with more kernels V.1.2 - 2004-05-26 - Grospolina - Reformatted V.1.3 - 2004-06-11 - rmenhal - Auto ClockSet routines added. V.1.4 - 2004-06-11 - Angerwound - TrayState Decision Making added. Current Features: - No Clock Loop: Old fonts would become stuck within a loop not allowing a XBE to be launched. Problem Solved. - TrayState Decision Making: Depending upon state of tray, two different XBE's can be launched at boot. - AutoSet Clock if out of Range: If unplugged for periods of time the clock will reset itself. Box will still boot because of Clock Loop already being solved. Although, games will not boot prior to loading a dash because of the clock not being set. Problem Solved. Dual-Habibi.xtf: This font file will launch the following: Tray Closed: Habibi-Signed E:\default.xbe (PBL) Tray Open: Habibi-Signed C:\msxboxdash.xbe (Hex-Edited Retail Dash or XDK) Closed-Retail.xtf: This font file will launch the following: Tray Closed: Habibi-Signed E:\default.xbe (PBL) Tray Open: MS-Signed retail XBE (D: 4034 and under; Post-Live Vers. will not work because they attempt to use c:\fonts\bert_ate_ernie.xtf) Access to retail dash is only for video settings and music collection within your ST.DB file Titles can not be launched from the retail dash unless PBL is launched before hand. |
Hi 'authors', Is this now considered the best-of-breed? Shall I update the root post to contain just this font?
Post by: Dagath on June 12, 2004, 03:04:00 PM
The only issue remaining is Live! access from the dashboard.
That problem can be transfigured into another problem by reinstating the retail dash and rebooting--namely getting back to a UDE state--this can be done with EEE, DD, or game save exploit, but something simpler and more automatic and "future proof" is desired.
There is no problem accessing Live! from a direct booted retail game. So long as you don't try to change Live! settings (which would access xonlinedash.xbe) from the game in a UDE state.
So in a UDE state, to prevent yourself from getting banned, xonlinedash.xbe should be renamed and replaced.
-----------------------------------------
In summary, there are two remaining "issues"
1) Live! access from the dashboard in the UDE state
2) Automatically or simply getting back to the UDE state from the Retail state in a "future proof" manner
Any ideas on a solution to one of these (either will fix it and the latter looks more promising)?
Post by: linuXBOX2 on June 12, 2004, 04:24:00 PM
Post by: Australian Rat on June 12, 2004, 04:00:00 PM
| QUOTE (PedrosPad @ Jun 12 2004, 03:53 PM) |
| All true. The only 'update' safe exploit is the game sav, but then EEE works for now! |
Yeah why someone make that as an option?
Most people would assumingly have a copy of SC, 007 or MA or have access to one. It's not that big a deal then to just bung in a copy of a game, have it load evox and have an option in evox to rename the files back.
This is assuming it is working with the trayopen.xbe which would rename files back to retail.
EEE won't survive long, gamesave will.
Post by: Angerwound on June 12, 2004, 04:40:00 PM
| QUOTE (PedrosPad @ Jun 12 2004, 09:22 PM) |
| Hi 'authors', Is this now considered the best-of-breed? Shall I update the root post to contain just this font? |
I would wait a bit to insure no one is having difficulty with these fonts.... There could be a few bugs. The main one I would like to work out is why games will not boot from a 'clean' pre-live dash. Error 21 when trying to boot titles from the original dash. This really isn't a big problem but a pesky bug none the less. If you feel it fitting however go ahead and update the front page.
Post by: Australian Rat on June 12, 2004, 04:04:00 PM
| QUOTE (linuXBOX2 @ Jun 13 2004, 12:48 AM) |
| hey. i have a question about Hex editing MODxbox.xbe, once u have found the two places withe the "fonts\" (unicode: 66 00 6F 00 6E 00 74 00 73 00) what unicode should i replace that with if i renamed my fonts folder to "f0nts\"? thanks |
Most hex editors (I use XVI32) also have another panel where text can be displayed (not sure what the technical term for it is
)But if you insist on using that hex-editor, change 6E to 30. You'll have to do this twice remember.
Post by: Tomilius on June 12, 2004, 06:04:00 PM
| QUOTE (Angerwound @ Jun 13 2004, 01:04 AM) |
| I would wait a bit to insure no one is having difficulty with these fonts.... There could be a few bugs. The main one I would like to work out is why games will not boot from a 'clean' pre-live dash. Error 21 when trying to boot titles from the original dash. This really isn't a big problem but a pesky bug none the less. If you feel it fitting however go ahead and update the front page. |
I'm an extreme newbie at this, and I've been watching the boards - anyway, somewhere I found devz3ro's package and that's the only one that worked (with some adjustments.) I tried your new one, Angerwound, and it would, like you mentioned, come up with an error 21. However, it would do this before it even got a chance to load to even attempt to play a game from it. I rebuilt the ASM with the path to some of the other executables and it worked then - but it never worked when trying to load the "official" XBOX dashboard under any name. Putting in a file that didn't exist gave error 21 as well, which is what caused me to try the other executables... I'm not exactly sure what I'm doing wrong, but, with the INI pointing to the file, I am able to launch the MS Dashboard from EvoX no problem.
OK. I feel extremely stupid and out of place here... and if it's more true than I think, one of the mods may, of course, feel free to delete this post and/or ban me.
EDIT: I wasn't very specific about anything. What I did, exactly, was I changed the DASH_NAME to MODxboxdash.xbe first. That failed with error 21. So, I tried changing the file itself to msxboxdash.xbe and using the original Dual-Habibi.xtf. That failed with error 21. Then, I tried other executables like EvoX or PBL. They succeeded. Finally, I tried putting the original fonts back into the fonts directory. Update loop. At least, I think that's how it all happened. It's not that big of a deal - I'm not sure exactly how it works, but if you were successfully able to (or I was able to figure out how to use your successful method) make it load the MS Dashboard with the tray open, wouldn't that be comparable to a modchip's on/off switch? As in, you could use Live and all of the other original XBOX features just by booting with the tray open?
I'm kind of clueless, I know - but forgive me. I've tried to follow all of this.
EDIT #2 - that's how stupid I am: Oh yeah, and in the latest version of EvoX the Reboot button doesn't work... neither does Power Cycle. They work, but PBL stops at its last function call. Not your problem, of course.
This post has been edited by Tomilius: Jun 13 2004, 01:47 AM
Post by: linuXBOX2 on June 12, 2004, 07:40:00 PM
EDIT : pardon my ignorance for not reading all of the posts, my problem was solved on page 8, it works gr8t now, thanks guys great work
This post has been edited by linuXBOX2: Jun 13 2004, 03:53 AM
Post by: mutha trucka on June 12, 2004, 09:43:00 PM
Thanks for the coolest exploit around!!!
This post has been edited by mutha trucka: Jun 13 2004, 04:49 AM
Post by: irajames1176 on June 12, 2004, 10:38:00 PM
Post by: violent_bong on June 12, 2004, 11:32:00 PM
Post by: rmenhal on June 12, 2004, 11:42:00 PM
@ Anjilslaire and YoshiKool:
Would you like to test this? What kernel version do you have?
Post by: devz3ro on June 13, 2004, 01:00:00 AM
| QUOTE (rmenhal @ Jun 13 2004, 08:06 AM) |
| I've figured out how to get rid of the landing zone / catch net completely and the new font doesn't depend on exact stack positions anymore either. This should eliminate all stability problems. It depends on kernel version though. @ Anjilslaire and YoshiKool: Would you like to test this? What kernel version do you have? |
rmenhal,
I got a PM from you with the following that I know I didn't send you. Maybe whoever did is following this thread and your reply will answer their question
Re:Looking for info about eater-egg
| QUOTE | ||
Read the pinned "Live 2.0 compatible exploit" thread. You need the DoubleDash package from the usual places. |
I can test if you like. My story is, I decided to be a hero and take on the 5713 kernel (traded my halo 5101 w/samsung for a halo 5713 w/philips). Well, I won't go into the entire story, but in the end I resorted to flashing my TSOP (extremely easy on this console). I flashed back to 5101 (for xbox live purposes).
I can test any kernel, post or PM away. I'm falling in love with raincoat 0.7
-devz3ro
http://sh0x.tk/
Post by: rmenhal on June 13, 2004, 05:15:00 AM
| QUOTE (devz3ro @ Jun 13 2004, 10:00 AM) |
| I got a PM from you with the following that I know I didn't send you. Maybe whoever did is following this thread and your reply will answer their question :) |
I just carbon-copied the message to you. I guess the message system here doesn't tell that automatically and I should say about carbon-copying explicitly in the message? :huh:
| QUOTE |
| I can test any kernel, post or PM away. I'm falling in love with raincoat 0.7 :) |
Below are some new fonts. If one of the kernel specific versions work on your box, all of them should (unless I made a mistake looking up values for bert). So I don't think you need to bother testing them all.
There's a generic font, which should work on any kernel version. It is able to automatically locate bert, but still relies on a specific stack location. So it's probably still unstable on some boxes.
There are also kernel specific versions. Currently for 4034.01, 4817.01 and 5101.01. In addition to auto-locating bert, they use a guaranteed fixed memory location in kernel instead of a specific (possibly unstable) stack location.
| CODE |
| begin-base64 644 uftest4.tar.bz2 QlpoOTFBWSZTWUHvm/IAA0R///3o2H1QG//NP0h/5/+9n0pquoiIhokQo+yC xYit7l6d0AN+AAAAEGmJgQYAJppppgAjARiZMAmAAIwjAACMAJkyYTEINMTA gwATTTTTABGAjEyYBMAARhGAAEYATJkwmIQaYmBBgAmmmmmACMBGJkwCYAAj CMAAIwAmTJhMQg0xMCDABNNNNMAEYCMTJgEwABGEYAARgBMmTCYgKpIJkIyF HgmiHqPIgaep4pk0zUaND0jCMQ9TE2k0NHqPUYAGkfpIbSHppqa5PHWoPLFY 7caJZ45tc2O7xzKumWerkwrhC5SDXJQUEoOoeofoapcMSLEQjsEkREYh55NE G4JRCJyRHXJRjiQdklDNz86WdQYqFJizQyZFA+okgyovyYhgyRBScwwScqJR FJ7B0TeR60b3oFUKyjl83maZqCo5AwTlHKKIpNE704xh7x0TUNIt65rFgriF 06ZMfLEtQ2jbOgWjCLBWaRuScwTwHdn75mGIZBbOBDELUK4ZRokX5niY4GZm 8SLxKopjMsQvzOQz4WS/LsOcSQmiIkh0rUE8uXGkTlKFuuUyFqU2iaROWISK ZRYlpSQ/M5pxTwlHDhzoTVwlgR1SV0sYsLGFVWVT8ExcCpC1TNXBiwswt0UW pidRCihCU25K/HFwsEjzTHJGSXTPKjPO0OmZZslBvjnl4zTxFJ+JGuXjwnCL 4jVOIbBvTQIi6XjHJj5j7zkFHkJHpnolw4JvzeE5YN6igmhND9jGOQaZoGmY ZWdyHDMg7Z2yg4ZcKDuaFwqKYdYkYRyYY1/3yyWC2SNEdI/s75rFNsnL62TG EdowDQGtBVBIpJoVwziOeX0MdfE0KzdQ3RaKSxsDsbu5Fk8EMo4JWfAYx5hj mKd0VHEJHViyZhvz4TTNo1jYLx4i8f0bA2C8bs8B75kGwe4RhnoH8nhOyapu DvFQ5R0jZOKYh/h1zknGMA2iweMkFwvjqEx4yc2jWoKD3TjG2bJvjZIkVfcb I2vwN0bsvqIw7p+Rll+LJvz6zsk5dJDIPJPGcYBwIwTykwrJGsVQUjbJkQ4R klZ7JsmGZZ+o3hmjCKjbP/F3JFOFCQQe+b8g ==== |
Post by: Tomilius on June 13, 2004, 05:57:00 AM
Amazing work by the way, everybody! And I thought a modchip was the only option (at one point)... Guess not! Way to go
. It would even more amazing if we (probably not "we," but one of you miracle-workers) got Live to work with this somehow... imagine that.I can see it now: "In order to continue using Live, you must take your XBOX to one of our repair centers or ship it to: ..." - on millions of XBOX machines, just to stop the hackers.
EDIT: Grr! I keep using incorrect grammar at this one spot! That should do it... maybe.
Post by: devz3ro on June 13, 2004, 06:17:00 AM
Post by: rmenhal on June 13, 2004, 07:26:00 AM
| QUOTE (devz3ro @ Jun 13 2004, 03:17 PM) |
| Works great, I have to run out, but I did get a chance to test it on the 5101. Any kernel you want to specifically test on let me know. I will be back soon. |
If you flashed the tsop with a bios meant for pre-v1.4 board, you would at least get a messed up video output. Would the very old bioses even work? I'm pretty sure all the fonts work though - flashing tsop just to test these fonts would be a bit extreme.
Post by: Tipster on June 13, 2004, 07:29:00 AM
Post by: krayzie on June 13, 2004, 07:49:00 AM
Post by: Dolfhin on June 13, 2004, 10:28:00 AM
it starts to be a tradition ) and i'll be happy to test the new fonts.My kernel is 5101 and i'm able to load almost every M$ BIOS trough PBL.
Keep up the good work guys w/h new fonts softmodding the xbox wouldn't be half as much fun as it is now
Post by: anjilslaire on June 13, 2004, 04:19:00 PM
)Has anybody noticed the 5659 xboxdash.xbe has FOUR (4) instances of "fonts" to be hexed? I did and it works just fine getting back to the M$ dash.
Post by: ember on June 13, 2004, 04:25:00 PM
| QUOTE (digisatman @ May 23 2004, 08:01 PM) |
| i have a question, when using this exploit, say i go to play a game like halo for example, then i press the eject button coz i wanna play another game, will it restart my xbox? thanks |
using xboxrom.bin that is evoxM7 BFM or latest Xcutor BFM bios will not reset on eject.
CMIIW.
Post by: anjilslaire on June 13, 2004, 04:36:00 PM
Post by: Nailed on June 13, 2004, 04:52:00 PM
Post by: kkosik on June 13, 2004, 05:00:00 PM
Installed the UDE exploit perfectly... got the update.xbe from slayers 2.5, etc...
anyways, when i go to boot up the hack, it hangs at the logo, with the white M$ text underneath... but when i press eject, it resets VERY fast and loads PBL almost immediately after ejecting the tray???
I'm confused... its not that bad to have to press eject every time it boots, i mean its still WAY better than the audio exploit, but does anyone know how to possibly fix this??
Thanks in advance.
Post by: ember on June 13, 2004, 06:08:00 PM
| QUOTE (kkosik @ Jun 14 2004, 02:00 AM) |
| anyways, when i go to boot up the hack, it hangs at the logo, with the white M$ text underneath... but when i press eject, it resets VERY fast and loads PBL almost immediately after ejecting the tray??? |
pls check your C: drive, there has to be only single *.xtf in there that is bert_ate_ernie.xtf
dont forget to rename fonts folder to f0nts (yes, it's a zero)
Post by: PedrosPad on June 13, 2004, 10:48:00 PM
| QUOTE (Nailed @ Jun 14 2004, 01:52 AM) |
| I'm not real familiar with the inner workings of trainers, but what's the chance the fonts could function as a trainer to load an unchanged retail dash? |
This is a bit tricky - They could do this, and patch the M$ Dashboard to check for fonts in a C:\f0nts\ instead (this was one of the ideas I initially considered), but
1. The 'trainer' monitor code hooks-into the BIOS to ensure that it is eventually called (like a DOS TSR). And by doing this, invalidates the BIOS checksum.
2. XBOX!Live will check the C:\xboxdash.xbe to see if an update is needed, and, finding it's really an old 4290 Dashboard file, will also most certainly force an Dashboard update.
Now, there is a chance that the trainer may also be able to patch the filename that XBOX!Live inspects, however that still leaves us with problem one.
Post by: xecuterbox on June 14, 2004, 12:22:00 AM
| QUOTE |
| Yeah why someone make that as an option? Most people would assumingly have a copy of SC, 007 or MA or have access to one. It's not that big a deal then to just bung in a copy of a game, have it load evox and have an option in evox to rename the files back. This is assuming it is working with the trayopen.xbe which would rename files back to retail. EEE won't survive long, gamesave will. |
I currently use EEE to restore
But still have my 'Special' save which includes a basic evox and a script i made a while ago to rename the files back (which are renamed from ude in an evox comand)
id prefer the xbe files what rename since I now mainly use UnleashX
Post by: xecuterbox on June 14, 2004, 12:36:00 AM
noticed this
| QUOTE |
| If you flashed the tsop with a bios meant for pre-v1.4 board, you would at least get a messed up video output. Would the very old bioses even work? I'm pretty sure all the fonts work though - flashing tsop just to test these fonts would be a bit extreme |
why not use pbl to load a differen ms kernal
Post by: xecuterbox on June 14, 2004, 05:48:00 AM
I use it at home for these code things but i am here at college and found they work in winzip aswell...pretty cool i think
Post by: pdxkid on June 14, 2004, 06:49:00 AM
Post by: devz3ro on June 14, 2004, 06:55:00 AM
| QUOTE (xecuterbox @ Jun 14 2004, 09:00 AM) | ||||
|
I was telling rmenhal that I could check any bios that he wanted me to. He was suggesting that an old original xbox bios won't work because of the focus video chip I have in my 1.4. I could possibly flash and have it load PBL to see video, but If that didn't work I would be screwed. Hence him saying it would be a "bit extreme"
-devz3ro
http://sh0x.tk/
This post has been edited by devz3ro: Jun 14 2004, 02:02 PM
Post by: rmenhal on June 14, 2004, 07:08:00 AM
The dword at offset 0x44 for any kernel could be found out by executing the following (NASM) code under that kernel:
| CODE |
mov eax,[fs:20h] add eax,250h |
EAX now contains the dword. Could be incorporated into an XBE or a game save installer.
| CODE |
| begin-base64 644 updatefonts4.tar.bz2 QlpoOTFBWSZTWRJczNgAEhf///382G1W///8f2//7/////pquoiIhokUo+yC xYjt7l6d4A6+PkQASAAKAAoqgAAAAAAAUQBBkwgyAaGIMmmjJgIwIyaZNDRi DEZMAmjQGjIGIaYTTI00aBkyZMAIMmEGQDQxBk00ZMBGBGTTJoaMQYjJgE0a A0ZAxDTCaZGmjQMmTJgBBkwgyAaGIMmmjJgIwIyaZNDRiDEZMAmjQGjIGIaY TTI00aBkyZMAIMmEGQDQxBk00ZMBGBGTTJoaMQYjJgE0aA0ZAxDTCaZGmjQM mTJgAb1UhTEEPUTyTDU09CZDTRmUaaDNTQGgDQyND1D1GgZNM1A0zUyBo0Gm jQzSaPUHqemoJEggECZNBoQNACNGRoaNFDyGptQ0enqmnpPIIPUzUPUHqPKa NPSNAAADQADMK45lh1IuQ5sb4vc/IN+epNNxI51VezaU7OJjLzXov0XbUkMw pCWFJE5Zinzn0FmkNRFRH3FBDUGuKiSYZQisoifaUi4xJgl/GkwMfQfpb/ox EpelwV1gWpWCFIRNQhdNSgVsRQSOf81KBARL5u6S0pUSAjZAEMkS0euYRWXp RFoxT4DZRtIxeKW5JcLL9wfW4nZcCvKOVC+MiF6ZJklkXh5h+VcNZDdmjOUe 0X7MOeWi5ImkMsqN7iUSk124nD2UwBMYe31/iVi7bDeYrr23BEKEBMGjyIbG MG0/tLstUUfqUAZYDaA+QsCH05pEAXE4CtSSXqsPkGfaPjgbFJJgmML0s5nb xA1l58TH2lQ/WssNNgVHRzoSlYyauILhomUw+zYX1LHXRfpFGYhJLUwPwgkF KE2yjY22DQiTlEATQ17fsuOBqZ7xvHGeKX0jhM5wHGbS3fJkWu0wPqY3SMPi I8Ou+PjbZpLIrOxaM6oiasp45lLKUgcnEx1lScpFlJ0N2EFVMIVmiC+InfUh mTROVsdQw4Mq6LZX15cF5xW3DZmM3Plp0bthZP3bzHLfcgK0hHwb+9dOq4pX 6qKhsLKWys+/4rCdJsh9e7rGZfXYzMbVBrKmwgqMY7BhIY6DsOvtPscnYNxx Hvexs542ldMTqmqo1dH+07T5jTyZ5oHHNubktm2Moq1JQ05+pzueeWbo8Evy 6jUFEa5IpJfIpED0ANyPRDoT3HpnwdMvPAjqHVZbmu7BYlwcAj9wRjirMSGm QRIZPuhQ7odoLByxagwQXSpaMgW0qRGhqEeDJR4sQoXBaXKqWA+8lAeUzvoG GozEyRnYv2mC+WkFBq9l4L7hI4AY1UlkegayvgPUPEX8patpeW7ipmzG9vHQ L+lgSJ8RyWnCZzNfhB0WjMQb8cStNBaMhWF1SDhZoGWXYV3Ei/LVIoXFgXsw rsMTEkYGcZYMoQMlSWBMJlFUoU2GeWWMy4yLhlxUnsteJTcU5RlmYkQt4wPz krzokCTX6LGHRCCAgPMLjoGNUciOQIRkZIPPKzrvJe4JVXAl6cMYegPcakmB Nh09AdG0wtD1svRkh3siE2xsG0iL4SgZK4hEF1s/UItv0dEaOsf3pc8uh0SD oTgJNXDPT6fGEjCRnWfO3o7GRhzMbDOHrmLGeoUbbUwcNujhsbbakuVKgO4V kkaYwgUNwA2FwjmBLYhZks/SSaFQS6OUAQ1Y/yEnFoSJBQ1WDYldKQ0d8JKT W1kcaovtnl5d5bEt3d5f4sXk+KLWmt8fQloUkKwjzRoLBC0M+dUhENWawtkp jzVkZTSRJZt224fcAgLiwxPk0pSyP17AuD40q6M1uuyGwoF0CLTUhQImaSPo FkFjQoafawEpF+FZJVbfGSgQpNmjnA4MMCiCvUFvJfAl/ilnKpnpcRBmQtwU Fbw8mZLkXw7C7XeQYcW8cO9O3P1TgqcaU6ZkK+QtpNmeyclGUBxT5zE0aq2n 76T24iHpoZ8oDIkS3gvzWXN9ZC06rUK+zBEsTEvYjOcFttsQK0eM/qJZkbxW /bVmErlPUEvGSM4hUNFqVZBmei4wKFbVSyztlptZU2liuO4RaGWKW8QhRIrE hGjXKzSEYyOIXHhLDrb1o9CWBFWTzZECFmWR4UpZZg26XnwM0pcLS0mXXArV lCwgyHjbygcBiSFbqNOq0o5naNq7l3lnNPtE7DfObUOmrltV+FCWBh/uLxIO 8kMAaTSXCMGMiFsExDZEkipRJJKk3kpCNiYMk66ooYxTU4xqqtbrJibmZ0W8 uPQ7vbKm8ftwg659NLp9LQPHGdhu5W4ONLWW577e7sLQ6DH4SD6YFvHx+Qkd yq/kEq/uoPZSgNPy7F8w/7Slz97B6AIMwSSm5d0+2lT7pWvPZrGLuAwpRuC/ lddr6pedE35mm2l2SbOYM7FEzDoFc6RhztjzZq1HKhFDui+abOFLZibSDtrq j+yl/sl5qDlOQwtOA16kwW7mIyUka8qnQL0rPjL6XJzD4TAsw6Y59EvSZPl9 dKp6KT9htoYm16bUA0EdJL3UruYDvAecXHt+rIoe0NTKEEnJiibU53JaEul1 2gLQCSFEIvDPI5CFAL1RGRAyPIrNIfQQWAw4ETSX4J3j2laYHvhf6KFgj3vh Y2dUkqNBw5BchNLMF4Hu1GyizAWLMAewHtGpGwZbVlKDTQM1QGo/TAIQoJDP xAPYOxqQB3VcWkH1VnN+aFceMZoW3sdcSsOdC3l9xJsYoTMU1sB99BM0pKQw S7OAhuR1EvIcR10dMPnnVCRakfVOoLtHAFANV57fAYoz9SmowBu5mRQ4biwJ rmC0KEzXQjJFDBoFuJsZxXRDUkIzA0DBUkM0NQhi6JBzEfhkpnEYG40pdNAb 5pRQTMQa3MQswEkBqN8IgYesA0LIStDUBnyIQGskVIRghKxAdJL62wxeaC5c JKJrbiUQtRcW460bUyYz4Rl5gQVMSArm4xZ7QrhNDMyzBJH0RYk78TROwvXS PfJGkColABYjLQhMZ9gvKo1nKDbQ1/EefJJfzCTU1CUIGLmLvWLTA6KsVpeI hH1uxv6RljC00zsRmYmXCbCBU/ANqtA8hwBchchsONLWEwoeyMQzpGgtYyps kZjpnzG+ipI1GK0IV3lnnmlW9Dn74B4DaAdU30ZBm5mxvcoBqFGlATRYugb5 mPnHgA26LW9RAahl5NKeuDtiGvcJ8YjzSpp5gmGIahngAkhQjvs8od4Qectd /fwEb/iO/CQtR1vFw0qea17PhhK1LvySglI4PpSb1hTIT8YxKSRoGW0CZKSU mS1EdmY2dtxRwNtjbbbTY1u3NlDsgPiAJh5FYXFlVuLwsXgPUJHeOZalJNJo Mu/qOY75B5prw0aO66o6ykMzmQgzms2FgWkgMCV5glaBvUPfEvlS+8lqSWdL 7z4fOiBloDJSXZNRn5fSqVa4oNGtAXFxJMtmFKJdlGZHldkVPKWgv4JXkhFw 0y8Gfkklq1Iqh32jCxbSlh5wFAhLSZKbGMvIINwZBjq2QGQrxpHKSEQh0pUA qawQZL0gyKFxyEKXVmWzJjGNDQUILShnTCRFakiEEERBamLEtKKCwUgBlxQI RaMiqkSkJg0I8qC00ryzUQc6OvsRtBoWoNAjrIyS5+SCI4tZ2TSJXHojOXA8 ZFAt5S0IQj3EGjOu1yMojsAuoZjnsDeOAYJktkih65yhwKaQGwcLOkcakrU+ ZufRJECVAsOmy5ASKEkby3gkUM0wSvPu/XS05gsMxKpRKSFRcJBBOjSNSZwG cKoKgmgm1jnLihtoVOTOcaAkjJ+qXGgkILiLyReQ4AGBAWIvIAJmSC8ox8JB IJ3jCC1SJEmOpQaSKlwSTMjoZjAwAOsjElBYCUxeH4jhtzoCugxMAGXIOMqE lzmASEipahUPD1AwkMqtSIUvYPdS30Zy83rSiU4NDfcGdAgkZ7SUrEtQE7bz 4jOaSYBigM5UAihYaUKQshgHEThCqGSgqakWmgFQuSqXpBbMGQooOxHLV3kW gSDEDLxrlMEUMUQ0VMBtCHkc4f6CX9ZVeuTiqNiR/SaAL6HWJLf4g8wM4fz/ P7H4zQ/9f6o0Fx2TbAd41glj/YhWTaymDLbentnWm4O8LZJNolJiSTd1YySU mHM5DSkC9ZLLOcg0whgMiIdUDoSFEBNNqHJEgcSIkoHEKJQ5QoY1Jw/XQMmw wBc/meZ6uJgZ852cu2piwBSMtxBuoSCQ0MZ1iiuWUlUpJ48mlG6mHtKqtFLk wzhFDhxrDIOAeGY5nmKZp0T+TMOmZsM06ZjnSOEbUzTHRMI7kyTcH5nMNUfs W4fIcozjimnP7PeN6ZRdM8tHLKSGjMA4JUbcrM86FkksN8eQaBnHiGciULfe mRDP+s6w2JgWRhaQ4xsDRQvTA7c5BzSwsklIas/6uMYuncRpTqFULhQ5BbkS 8hoFUO7NaXDamcYRsDwIdeYsNMWzQP/F3JFOFCQElzM2AA== ==== |
Post by: PedrosPad on June 14, 2004, 06:43:00 AM
. Well done rmenhal.
Post by: Dagath on June 14, 2004, 07:35:00 AM
| QUOTE (pdxkid @ Jun 14 2004, 03:13 PM) |
| my one question is... exactly what files do i need?? where is this bert ate ernie font? |
This question has been answered a few times in this thread already. You can find the files you need in the "usual places." You can find where exactly that is if you search. I think it might even be in a FAQ! As far as the font, its in the very first post with an updated version just above and another one a couple pages ago. they are where you see CODE followed by something like this in a white code box:
A0ZAxDTCaZGmjQMmTJgBBkwgyAaGIMmmjJgIwIyaZNDRiDEZMAmjQGjIGIaY
TTI00aBkyZMAIMmEGQDQxBk00ZMBGBGTTJoaMQYjJgE0aA0ZAxDTCaZGmjQM
mTJgAb1UhTEEPUTyTDU09CZDTRmUaaDNTQGgDQyND1D1GgZNM1A0zUyBo0Gm
jQzSaPUHqemoJEggECZNBoQNACNGRoaNFDyGptQ0enqmnpPIIPUzUPUHqPKa
NPSNAAADQADMK45lh1IuQ5sb4vc/IN+epNNxI51VezaU7OJjLzXov0XbUkMw
Instructions for how to get the font file from this are also a couple times in this thread and also in the first post I believe.
Post by: Tomilius on June 14, 2004, 07:38:00 AM
Not to leave anyone out, but everyone else who worked on and has been working on this stuff deserves trophies as well. Great job, you all. Can't say it enough.
This post has been edited by Tomilius: Jun 15 2004, 02:36 AM
Post by: devz3ro on June 14, 2004, 07:11:00 AM
-devz3ro
http://sh0x.tk/
Post by: Angerwound on June 14, 2004, 08:06:00 AM
| QUOTE (devz3ro @ Jun 14 2004, 04:11 PM) |
| bert_ate_ernie should now be bert_lost_weight -devz3ro http://sh0x.tk/ |
or 'Bert_Took_A_Huge_Shit.xtf'
Post by: rambo88 on June 14, 2004, 09:24:00 AM
K:5101
D:4920
Would anyone please tell summarize the steps that I need to do for UDE. Where can i get the package?
Post by: old engineer on June 14, 2004, 09:49:00 AM
| QUOTE (rambo88 @ Jun 14 2004, 05:48 PM) |
| I have a 1.4v XboX with K:5101 D:4920 Would anyone please tell summarize the steps that I need to do for UDE. Where can i get the package? |
Try this link m8, it works a treat:
http://forums.xbox-scene.com/index.php?showtopic=223004&st=0
Post by: jesusfreak91288 on June 14, 2004, 10:23:00 AM
Post by: Tomilius on June 14, 2004, 10:27:00 AM
Thanks to everyone who has given feedback on this guide.
This guide has received some good feedback - however, by using it, you understand that user error, the fault of yourself or myself, may occur. It is recommended that you use the UDE package by Idots if you are unsure of your abilities or just want to get it done quicker (see his sig; thanks Idots).
WHAT
This tutorial/guide will inform you on how to softmod your XBOX using the latest fonts and EvoX as a dashboard. After completing these steps, when you boot up your XBOX, you will see the familiar "splash" screen. "MS" will appear in white letters at the bottom of the screen, and shortly after, you'll see the EvoX dashboard - no intervention on your part! Yay! From there, you can access "the usual things," including the MS Dashboard itself - as of this writing, you cannot access XBOX LIVE (for me, the kernel hangs after the splash screen is flaunted), but the future looks bright.
HOW
NOTE: Whenever drive letters are mentioned, they refer to the drives of the XBOX, not of your computer.
* denotes steps that may be ignored when using a "hdd swap" solution.
1. Obtain a gamesave hack on your hard drive.*
2. Obtain the latest version of EvoX. Set up the evox.ini to access "C:\MODxboxdash.xbe" instead of "C:\xboxdash.xbe" as the MS dashboard, among other settings you may desire. You MAY also be able to change the DVD setting to use "C:\MODxboxdash.xbe" as well - but I haven't tested this.
3. Obtain PBL 1.4 (if your kernel is below 5530) and a bios for it. This guide was created assuming that the bios you choose accepts "C:\evoxdash.xbe" and also assuming that the fonts you choose point to "E:\default.xbe". If not, please make changes to suit your needs.
4. Obtain xbedump.
5. Obtain the latest font files from the UDE thread (go to the last page and keep going back till you see code from rmenhal.)
6. Obtain a hex editor.
7. Obtain knowledge of how to use an FTP client.*
8. Obtain an FTP client.*
9. Determine your kernel version and hope that rmenhal has a font for that version in his code which you have extracted using a combination of Iceows/WinRAR(or Winzip or some other extractor). If not, you could always try the generic.
10. Determine your dashboard version. If you don't have 4920, it's harsh, but for now I think you must download the whole Slayer's 2.5 to get the correct "update.xbe". [I can't remember - was there an easier way to get this? You could always update with Splinter Cell...] In addition, make sure you have a program like XisoManager to extract files from Slayer's... At least, I think it's an XISO.
11. Execute the hack by putting in the game and loading the gamesave (should be called "Run Linux").*
12. Set up the FTP settings.*
13. Connect to the XBOX via crossover/router.*
14. Copy all of C and E to somewhere on your hard drive for backup. This step is very important; make sure you have a lot of space.
15. Navigate to C.
16. Rename the "fonts" folder to "f0nts" - note the zero.
17. Either obtain the "update.xbe" from Slayer's 2.5 or, if you have the 4920 dash, use the "update.xbe" in the C:\xodash folder of your XBOX. Copy the "update.xbe", whichever one you had to use, to the root of C.
18. Delete the files "Xbox.xtf" and "XBox Book.xbe" from the root of C if they exist.
19. Copy "xboxdash.xbe" to your computer.
20. Search the dash for occurences of "fonts" in unicode. In hex form, this looks like "66006F006E0074007300". There should be two occurences.
21. Change each occurence of "fonts" to "f0nts" in unicode (meaning the hex editor should show a "." after each character) or, in hex form, "660030006E0074007300".
22. Delete the "xboxdash.xbe" on the root of C and copy the "xboxdash.xbe" you were working on on the computer back to the root of C.
23. Rename the newly-placed "xboxdash.xbe" to "MODxboxdash.xbe".
24. Rename the "update.xbe" which you copied to the root of C some time ago to "xboxdash.xbe".
25. Copy over one of the fonts which you obtained from the UDE thread to the root of C. As mentioned earlier, the font should either contain your kernel version on the end or should be generic. One made specifically for your kernel is highly recommended.
26. Rename the newly-placed font to "bert_ate_ernie.xtf".
27. If you have kernel 5530 or above, skip to step 29 now. Otherwise, continue this step. Signing PBL: Using xbedump, sign "default.xbe" with the habibi key (command: xbedump default.xbe -habibi). Then, rename "default.xbe" to "default.xbe.old". Rename "out.xbe" to "default.xbe". [/b]
28. Copy PBL's "default.xbe" and all other files and folders to the root of E.
29. Using xbedump, sign EvoX's "default.xbe". This isn't required UNLESS your kernel is 5530 or above, but since it's a dashboard, you may at one point use it to boot from... So just sign it with the habibi key the same way as was described step 27.
30. Copy EvoX, including its "default.xbe", "evox.ini", and other folders to the root of C and rename "default.xbe" to "evoxdash.xbe" if your kernel is below 5530. Otherwise, copy them to the root of E and leave "default.xbe" as it is.
RESULT
Kernel below 5530
Drive C
[Audio]
[f0nts] (renamed from "fonts")
[Skin] (from EvoX if found)
[Trainer] (from EvoX if found)
[xboxdashdata.10027100]
[xodash]
bert_ate_ernie.xtf (latest from this thread)
evoxdash.xbe (from EvoX)
evox.ini (from EvoX)
MODxboxdash.xbe (dash 4920, renamed ...
... from "xboxdash.xbe" and hex-edited)
settings_adoc.xip (not required)
xboxdash.xbe (updater to 4920, renamed ...
... from "update.xbe" in "C:\xodash". This is ...
... absolutely necessary. Without it - you're ...
... screwed. Good eye anjilslaire.)
Drive E:
[BIOSES] (from PBL)
- contents: xboxrom.bin (located manually)
[CACHE]
[TDATA]
[UDATA]
bg.jpg (from PBL)
boot.cfg (from PBL)
default.xbe (from PBL)
font.jpg (from PBL)
phoenix2d_logo1.jpg (from PBL)
Kernel 5530 or above
Drive C
[Audio]
[f0nts] (renamed from "fonts")
[xboxdashdata.10027100]
[xodash]
bert_ate_ernie.xtf (latest from this thread)
MODxboxdash.xbe (dash 4920, renamed ...
... from "xboxdash.xbe" and hex-edited)
settings_adoc.xip (not required)
xboxdash.xbe (updater to 4920, renamed ...
... from "update.xbe" in "C:\xodash". This is ...
... absolutely necessary. Without it - you're ...
... screwed. Good eye anjilslaire.)
Drive E:
[CACHE]
[Skin] (from EvoX if found)
[TDATA]
[Trainer] (from EvoX if found)
[UDATA]
default.xbe (from EvoX)
evox.ini (from EvoX)
Thanks to:
anjilslaire
Idots
Grospolina
rambo88
ember
- and anyone else I may have left out.
This guide has been updated to reflect their input.
This post has been edited by Tomilius: Jun 15 2004, 05:24 AM
Post by: Tomilius on June 14, 2004, 10:19:00 AM
Actually, I guess PBL 1.4 doesn't come with a default bios, does it? Well, devz3ro has a package somewhere out there that includes a certain bios - that's the bios I had been referring to. I'll take that into account during revision. Anything else horribly and disastrously wrong? :-D thanks for the help anjilslaire. They would have been stuck on that one for a while.
Post by: ldots on June 14, 2004, 10:38:00 AM
Post by: rambo88 on June 14, 2004, 10:58:00 AM
Is it possible not to use any gamesave hack but simpy use the dashboard hack by applying hot-swapping?
Post by: ldots on June 14, 2004, 11:03:00 AM
Post by: Tomilius on June 14, 2004, 11:06:00 AM
| QUOTE (rambo88 @ Jun 14 2004, 07:58 PM) |
| Many thanx and great job Tomilius! Is it possible not to use any gamesave hack but simpy use the dashboard hack by applying hot-swapping? |
Any time. Eh, yes. :-D That would work too I suppose - although it does kind of defeat the purpose of "software exploitation" IMO - and I've never actually used the hotswap trick. I don't plan on taking my XBOX apart until UDE comes up with working Live functionality and then M$ releases an update so hideous that the XBOX can't even boot ... or something evil like that.
By the way, I have a simple question. I was at the MS Dashboard doing nothing, and I accidentally hit XBOX LIVE. I tried the IGR feature of the BIOS but it didn't take me back to EvoX [forgive me if that makes no sense], so I ran to the XBOX and turned it off. I never let it finish loading its splash screen. Don't think I'm banned, do you?
EDIT: I forgot that I set the router up to block the XBOX Live ports for now (or so I think). But would that have been enough to ban me if I hadn't? I could probably find the answer to that if I looked. Just curious though.
EDIT #2: Just for the sake of my curiosity, I let Live get past its splash, but the kernel crashed (ROE). This is probably to be expected anyway. I should read more.
Post by: xecuterbox on June 14, 2004, 01:40:00 PM
| QUOTE |
| I was telling rmenhal that I could check any bios that he wanted me to. He was suggesting that an old original xbox bios won't work because of the focus video chip I have in my 1.4. I could possibly flash and have it load PBL to see video, but If that didn't work I would be screwed. Hence him saying it would be a "bit extreme" |
ah ok
good exploit this
only prob i c atm on mine is I havedual habibi sige version
Whe I bootwith a c-r or dvd-r it boot to the tray ope state (trayope.xbe) an this runs my oha dash skippingpbl so they dont boot...need to take out dis oot theopen crive put the dici:(
Post by: Tomilius on June 14, 2004, 02:42:00 PM
| QUOTE (kali- @ Jun 14 2004, 11:27 PM) |
| Tomilius My previous xbox can't work with bert_ate_ernie.xtf under c: to get ude working i have to put bert_ate_ernie.xtf under fonts dir |
Thanks kali - you don't happen to know what version the kernel and dashboard were for that XBOX, do you?
Post by: anjilslaire on June 14, 2004, 05:42:00 PM
You need an xboxdash.xbe in the c:\. It's not mentioned in the "Result". It's the renamed update.xbe
Post by: Tomilius on June 14, 2004, 05:47:00 PM
Post by: ember on June 14, 2004, 06:23:00 PM
| QUOTE (Tomilius @ Jun 14 2004, 06:51 PM) |
| Kernel 5530 or above Drive C [Audio] [BIOSES] (from PBL) - contents: xboxrom.bin (located manually) [f0nts] (renamed from "fonts") [xboxdashdata.10027100] [xodash] bert_ate_ernie.xtf (latest from this thread) bg.jpg (from PBL) boot.cfg (from PBL) default.xbe (from PBL) font.jpg (from PBL) MODxboxdash.xbe (dash 4920, renamed ... ... from "xboxdash.xbe" and hex-edited) phoenix2d_logo1.jpg (from PBL) settings_adoc.xip (not required) xboxdash.xbe (updater to 4920, renamed ... ... from "update.xbe" in "C:\xodash". This is ... ... absolutely necessary. Without it - you're ... ... screwed. Good eye anjilslaire.) Drive E: [CACHE] [Skin] (from EvoX if found) [TDATA] [Trainer] (from EvoX if found) [UDATA] evoxdash.xbe (from EvoX) evox.ini (from EvoX) |
FOR KERNEL 5530:
- I did not see that you mention to copy PBL to drive C: for kernel 5530.
- The content of drive E: contradictory with your step no.30, that is
"30. Copy EvoX, including its "default.xbe", "evox.ini", and other folders to the root of C and rename "default.xbe" to "evoxdash.xbe" if your kernel is below 5530. Otherwise, copy them to the root of E and leave "default.xbe" as it is."
CMIIW
Post by: Tomilius on June 14, 2004, 06:34:00 PM
EDIT:
| QUOTE (ember @ Jun 15 2004 @ 03:23 AM) |
| FOR KERNEL 5530: - I did not see that you mention to copy PBL to drive C: for kernel 5530. |
From what I've read, PBL is not compatible with 5530 and up. ???
| QUOTE (Grospolina @ Jun 14 2004 @ 08:05 PM) |
| - Don't use PBL for K5530 and above |
Post by: linuXBOX2 on June 14, 2004, 08:20:00 PM
EDIT: im not sure if this information is need , but my PC runs win xp, so the hard drive is formatted to NTFS, also, i dont know how to format floppies to linux format (wow i sound like such the newb that i am)
EDIT2: i dont hot swap all the time, just when i did the exploit, and now, when i am trying to get MODxboxdash to my computer to hex edit it, since i dont see any other way
This post has been edited by linuXBOX2: Jun 15 2004, 03:36 AM
Post by: devz3ro on June 14, 2004, 07:55:00 PM
BTW: I have 1,000 feet of cat6. I paid $30USD for it, so don't say you don't have the money for a 3 foot cable (unless its belkin, their shit is extremely overpriced).
-devz3ro
http://sh0x.tk/
Post by: linuXBOX2 on June 14, 2004, 08:35:00 PM
Post by: ember on June 14, 2004, 09:48:00 PM
| QUOTE (Tomilius @ Jun 15 2004, 03:34 AM) |
| EDIT: From what I've read, PBL is not compatible with 5530 and up. ??? |
then why there are PBL files on C: drive under KERNEL 5530 section??
Post by: Tomilius on June 14, 2004, 09:46:00 PM
| QUOTE (ember @ Jun 15 2004, 06:12 AM) |
| then why there are PBL files on C: drive under KERNEL 5530 section?? |
Because I'm retarded.
I'd consider my original post of the tutorial MS-approved; I just have about 500 more updates to go.
I'm looking forward to the next release of Dual-Habibi
Post by: Australian Rat on June 14, 2004, 11:34:00 PM
| QUOTE (devz3ro @ Jun 15 2004, 04:55 AM) |
| Hotswap everytime you want something changed on the hard drive? I would suggest investing in a cheap cd writer and write them on a $0.03 cent disc (using xbmc's file manager to copy over / move) if you are afraid of ftp or making / buying a crossover cable. BTW: I have 1,000 feet of cat6. I paid $30USD for it, so don't say you don't have the money for a 3 foot cable (unless its belkin, their shit is extremely overpriced). -devz3ro http://sh0x.tk/ |
lol, i just cut up a straight-through cable and spliced the wires back together
Works fine with electrical tape securing it
Shows how cheap I am
Post by: ldots on June 15, 2004, 12:47:00 AM
| QUOTE (linuXBOX2 @ Jun 15 2004, 04:44 AM) |
| In the part where i hafta get my MOMxboxdash.xbe to hex edit it, how would i do this, i am a newb to linux and i have no clue how to do this...i was thinking about putting it on a floppy(dont know if itll fit) but also i connnect my PC hard drive as a secondary master, so is possible to transfer MODxboxdash.xbe to a floppy or my Hard Drive using xboxhdm during a hotswap? |
Well if you want to hex it manually, then since you have your PC HDD on secondary master you could just make a copy of your original xboxdash.xbe to your PC (NTFS) HDD. Then boot to windows and hex away!
From version 1.5 of xboxhdm I included a small patcher that should do the job. So hotswap your xbox HDD to the PC and run xboxhdm. Mount your xbox C-drive :
| CODE |
| > mkdir xbox-c > mount -t fatx /dev/hda51 xbox-c |
Then navigate to your original xboxdash.xbe (lets call it MOMxboxdash.xbe) and use the patcher on this :
| CODE |
| > cd xbox-c > patcher -f0nts MOMxboxdash.xbe |
This will produce an outputfile (msdash.xbe) that has been patched to look for the f0nts folder.
This post has been edited by ldots: Jun 15 2004, 07:48 AM
Post by: xecuterbox on June 15, 2004, 01:42:00 AM
a fiver will get a sufficient cablle probably if u look u get it even less
Post by: Dolfhin on June 15, 2004, 05:20:00 AM
Should i use the 504 bytes fonts or the ''old'' big 1.4 fonts?
Post by: donald321 on June 15, 2004, 07:03:00 AM
| QUOTE (ldots @ Jun 14 2004, 08:03 PM) |
| Have a look at the "UDE package for xboxhdm" link in my sig. :) |
It´s, in any way, possible to use "ltools" files in "xboxhdm" instead
"UDE package for xboxhdm" , UDE to install ?
Post by: xecuterbox on June 15, 2004, 07:27:00 AM
not sure wether to just use the single font and run my otha stuff by the launch menu n PBL
Post by: ldots on June 15, 2004, 07:46:00 AM
| QUOTE (donald321 @ Jun 15 2004, 03:27 PM) |
| It´s, in any way, possible to use "ltools" files in "xboxhdm" instead "UDE package for xboxhdm" , UDE to install ? |
ltools is a game save package so you could just unzip this package and put it in the E-folder before burning the xboxhdm CD. You would need a way to run the package after your xbox HDD has been put in the xbox, either through one of the exploitable games by a dashboard hack.
Post by: rmenhal on June 15, 2004, 09:28:00 AM
I put together some XBE header file from xbdev.net and the tray state stuff from BAE 1.4 and got the XBEs below. Take a single boot font and hexedit "default.xbe" to "Dual-Habibi.xbe" (the twelve zeros can be freely replaced) and copy Dual-Habibi.xbe from the tarball to E:\.
This code is largely untested. :P
EDIT2: Updated the code.
| CODE |
| begin-base64 644 dualboot2.tar.bz2 QlpoOTFBWSZTWTsE8FcAEAz////+//////////////////r7////f/7/ff// f9///t//4BQfACgARAACgAABIUCgAAAAAAAAAABHQAlJJMTU9IxT9JPJtKeU 2oep5TT9Tapp6ngBJ6jxTxMU8p5T0mnpqeFPTTFNqeo2mU9TNTTRtRo9TYiH hT1DYTUyHppDxQ9Rk0NPUHqD01PSaPKPJM1MnqGm9TU9RAAAAAGgGgANAAAA NAAAAxAAAaAAAABoAAAAAAA0AAAAAAAAVUAAAAAAAAAAAADQAAAAAAAAAAAA GgAAAAAAAAANAAAABAAAAAGgGgANAAAANAAAAxAAAaAAAABoAAAAAAA0AAAA AAAAgAAAADQDQAGgAAAGgAAAYgAANAAAAA0AAAAAAAaAAAAAAAAEiQgEBNAA TQ0ASbKPETNCp+1TxPUY0p4SYeqYyTZU/UntKfop6YjTU/VP1T0aPSJkeU2j 1PSekjyjwak0fpIeo0yDMk0NA9TyjTeqaBo9Ro0yFZ+N/+Jn8s+Cf6O5sKHt jN/CeT71tQdJ9kLp5ryd75aUEGs72JL4REwMY0AxoM4++6J5nmzVQztBpJH4 H3P1ZIKNsEcA0jjH6OI7g7kl1D5p844hbcNJjLxsGuAaSRAMbX9kYH9wYSPq QEb2LDquPXlW6FZWmMSmLfhKaoQY7aS722LbCwCBps4BzaX4RQBe/GB8AYBs 1WFZ8MTi0hQ0kwagZAMGJtgxpoGjwmQDQCZ2JtnvPpUE4+wZCsrNlNg2iv7+ AkMY0MbGCocjwcwft5lmJCEMYFBl2szrdL0v0KkrUWfYkSGFxwj3x+keeHpn 0SxIPQfyLT8n3ekUDD08aBC8o/Z9E+sDK/3apDNPSNYZyujaukGSw6PBo/P4 pgMna4Yj2UzRGcNploqqlkhnJFl4sIph2LOX5cfFZ3zVewzs5Y4QtE4GdClX aL0MigSOmObCGhFZ02a1XyJZmajSJ0gWVkmoaCwOSfv5wk1m9kQLIDGNKY/P L3q1XvJOuSo6wtGFGA9+CoUiIa2qY5B8OcHdNdN/LiCpKsYN/KlLGqDilP56 q2a665o1DPBj3e8pXZUGQ/KmPVKjD2Pyvh5aZnlqfPKGMzFRwj8suMwRqQuM z5BqkKdn5hydJ3ahr1WW6URVtzn4JcUcjlmqaDzjzQoXmc2CokGMoaCZrAww IIGVBrDIKjVFIgLxHdFxUYyheSLxl5n3iw9o1u7Mefu5VuixiyYiCYtK+XHN fGbhBPtB30I+OkMyNIqSPcFOIe51So45xz4pMkSIU8/Fb0YieMa0nqwbG9Bp ulcPXjivWoqO3x5z8+HfUWWb+pFjr49c3t6hmOETI1BkRl3tEbneVKsOQWZZ nOPXHwfmHwCoodj+Z3x4nz/P+N/FTXN6zE7ruLGA8JSly5fRGnLFjXDncxcc yet0MhkV4pl5pODmbLf1+0qd8/T96yreY0BCh7kWETsH8RifkJJNixbHTr2J jswNtx8l050zY3GohIpq7lz60PlNFik57wICImtopSYEJgXlsoQQmkRQiIQH MNUsVp1hC8YTDwxhAuIHug8MYHhiwIAgYjySZ4gwvM6GFZ1+/AQtbTMvkjEe Sdc9wSPuCwS8UXtDXNc9sHtxbQitgzTRpfiBmoHXPpVLd4RV5qQXzp1/z/I8 uZ94VG0LL5e9nBykqxTJhAKCqzyfmU8e+ikKqKeLym6ePp+iCdK5TTDKyrHw jYCXM172Lc4D50tGl9HAuNQZ7Fce+VqsshapaaxLQ1ZtYjMJmOmDBphfdCR7 xm4TIDNUVjKyZA72sbL2BMe60BNnv2Y2FErBWjBibGhjBQaRtS9lVQtDLn7D RRyhZOdcaUzkGIMOfGzIp/INech4sJX3kmtIJDNy4VQMq50bJn0r8pYHINEb xsg8XlQKZTWiysyiSzZDLMK8/lW1sVT0mSDKVmjStjl4BZjrlLUyzcFbDA1n hv6dRZJ2lCum2U9+Pp3X1YZ9zB4aVJ5Yxy0O3FEgiAkyUiIdxPQ5smwKyJOz AkSLRW2m+aeK2tc7kSFjwy5Z5UjNFplrhFL81JVWWYy8V11jKGSZZImTtLRl iuicy0nY6cW6PLqLXdxrZaRxaY7TfqPKzFUiwzRIqGFaWEF+cNt0W9ji559P RcUxYzC54kqwS3jNjbv72E3EwSGAzM+EtedE1RsqR+AXCVQRIYlDyS+kQO4Y fE+j2dPq3dDjnmDPYHP6m8cgPYdXm8zsp3EuTxRd/qkHYEDICrsZLticb+/v hMLR+sfRvO5xj4M87jh8M9VxlQ6h4f1Z/oeN+4zMCPl0NpHRvN8OGHAdA707 VkiwTGdvw9l1kxhQUEDGDGMgv49gHNG3VU1VHEZQftzaWxoXWx6A6kW+w711 hzRI44IUHHgO8BiRxQ9TA5lZBjPX/ibKynViBm6bkiQc7bw+zm2+EREBo7TO MgbfziqrA6xEoJH1+z+axXC3A5wlJKD2koEg4tI4UjtHlaIYVOQ3m7OTsLAZ UMhMdY7gYmSIh9CpWEkJFTLh2kogUQJIYiBjOJzQcDSCIBgEpTSXxJIU6Cn7 Pcb84oKaSoZhkVtCcJ3SkYSHyAKZ0lm8sYJhyCAJMGXuBxENvqjKNEmgYTgh CGf1/leb8A8bNktOvizDzhz2cBMWOsgzsVNE0oFnWlSRJhi7dLHcXMT+9D2S kViVsDQzLjNz6iKVd//yNQ3y2hacCXEStFhQyWM17bSrV0Xfb/c0za8C8xle Iquv1qZVKSXZqS8j2X4/ws+PAV3KLyDAv8Iy+Oa2e6uVontXBSm+VTkpkj3g YxKMVRclkxRBU3xY4Z7uw4XkcS3j4iUuESSjEkxi+hBDMEnjrID/S1qmXVs5 DL3UQxLckQlWapyeLiMw6yuA0IRvyJG0fG2zxNw8z5/wOX3J1A+9gOVLoLnn rqKunbQdqSJHbkFpUWj3tPVPalZ1eXBWXjGGM84Oacas9IS6fdi78GvjyDly ICZOAsc5QGxIIlCIFWQyCj9JimFGkQKHBB8I/RFySdCsHUqFh+OTJtqFTAMR EHQRSdooi3sU1ONYMN1GBIn+5E1jXbccSrXCKdQRm/59HoNo5uRpOnliFfWS IIoQg9UEQUwkWLkyMqCxJJmECt9DutBsHM8Q/GOtppHjagLP9eoQeR88/9eh qb4dQ+8uJP3I1wgZ+R8WG+qbwxjPwvq/k/r33ccZ92bBwzA4oxdMYduaSjil ZsnW6wOi+SB5NUtVt/8f38hyrwr+s/iMVJi8AmfrnSNb3pw7LVwzIa/WTodL GiC0KtQ/+3hsCmeqJHlbhB6vUv7EFlVwKJXiZnpj4LyNHjNwzKbCaVSDEfgT aAsD4RQxkCgg5IFfy34Pa1no/uyDYnigGhtcEiw8308gkTXxD/30TXJm6F5M vBT0Gghfg+j6msCOWdkIwR7uwYd+MV5IvGQQcpdiI1SypLz2vL9L9urGqEBW u9LzyKC+497sH/CeQQxc8ZnNOZI++DkAaDmh1S89I9ed7+VqbIP3eSMe4A+O EB23Qojj9D06UsLQTMYfBGMYwZqndAyaS8bvDTOIXd7eIrltkMlQ7uXB+nUC N2GhzJDtt2+7d3fDWCAzHoUSYp+ELPg74ZJ97BA1lSLNnqEbcj6/ZhoYfycx +9beCw+l50ktMaBjEv0vr9DSOKM1DYA8MCPE9SZ63xfZnigxlRBQ/AGWMPKm e+JBIrConDMn2/W6S/7df/pzkdM8UZ0wZ2AyCBkH5ow5B2/FhWD0EG4FDwBj GMoGqfte+RatUmMOl/FwbaXddruYGZBsKErtMIMQ0vS3SqsQ0LuhhkkCgrNN eE11wkXI9I+nGwoftXAQMyCQ0uYF6z0EGLcEFi+YMDIK9Z+JvTMMEoNQK/qa MTbqmlLS3hQjUNAFVgOsRqCLw1jr74HwRaBg1YllTJriiyGtBKEFRMEvYS6m ih8kNUNQL5mBlNQSGJWb5cjG00Hq7VsiHwRCYFYbqOcia0ggJi4QsZlSsDsi 0MoXA0hMMgC6J24peh87ztLULjUBnDZ8kFaKCQD9BMCXBliSsESJI3i1HEM5 rAMsHgXXBocKRFyDlHNoViVo02kvsapnEJWtJ7prlRMDKEMoRAkmpsZILGTJ hD3WjvlKCiDuzTMpnDMQKTQc+AzDEJpA0lIGyvABiXgjG2nr7wNusrnPN90Z j0AKArzKhF0KsBsBM+n+b3fttW7p/bzWmyMTGMI9wNSOODGHPCgzlba9UsDV oNsdIDzNnRVHMihy/WuVcXnEtC6sjkAjBilEVBS3DAmEyhIXXgiq6jLScx2u wrIK5F9VRIoKc5Q4pggilVZaTJzrCkhmFsXEyCsgrDcHJXllhAMxGMJVDxF2 Ji90MFlAtKFpaEBIvAmesAxoUMy3o0AtI0AdDOtTlUKg5yKwkUUkc8vVwlgd aOUFZeXBBlxVdnGodiPOScUCoyiLC0D29gLRaLYRaLLFQLNeGjosb8LmWBIM Co3IGsxaShjTBh9b3TalJKrfR0w4S9u3nO54ZVsT0y7fGT1TSFmGbezsg+EE wRZay+AaO5GLbDTMYsCYTDX4YDEWmstdgxn2c52IC0dqpHPCYpitXsWKYDPM 8QhLqC6RWy1G38n7U0pjBhSsGi6UCMAsVRIRn1NLT8Pp9xzB0RQQDK2HAnIQ 2MUAxHsYFlYSUEyEJR3Aw1NQkSVS9VUd6QiFDYJokk7EOCUByjEU5c98JMXM 5kEhiYxyD18BKk0VLqsKG6uaBxlMkN5bFkLvWPlIrRdOCKhG2ltXL3zS06PA WnJF1pNLGzlouOadsE7wLRY2io9cEZby98RLCkmxlGhEN5zMHPDEWsYAxjHh ZvVgWBiK8CoRpBwYhGha6ordNDYMD7Utw55un5x9M+MSF5J459g3Q6w0xs9T 9nUNriCz6sA4AZKZ9v7nuO4KFm2RDH4Hz9o4YLksTTZh0lKTbGjohQgQtslR M5RyCNXHkLEsZ0ltYHdnAXSJRJnLmQtoCOeSCFbgoFZelJpBRXngoJTNIBlR oPVhKdRWFwrBBYY6tqPtfdboWsxMbS9cC/e2AzCtWUsU0sao02xi5JrE6qFB fZjlh2JjKq0LaA2BJXmov8AYKCCL0Wb51jEH6f8NdeMh7wNNrJOGNrShCsBo JI3vAxKsIl80xFKi4uIGF4whFsmxMbyIkCNKpYhSSKhP76wMYSmwbkOQBb7l l96/18w2RYk2xLsgydXiccaDYW3gJL+NNvjJM1wz1mqM0CLO1/IkCJNcoRAq YkuasPEXEJFQzGPR2wIJ89WMczSQmVhjeZKE14gq8YWo3BEoNJIuARblCFa0 G2MZurGy4OttnJMED3NgHJDkSA8MTDmmAa50SwKD3qGKRoJ7IgJC8/OGI+P6 PhTNRovSgNNPfCahSJyCQMiIS2UzLKYtc+EMMZuiWbI3UisEDEXttGevhmno CwUzKCLcQYEe1EYUN7MGATCBcMuSIEGQLVDgbCCGoEVKbkXUIigSQoJL7v5W 1Lcgjs4RKICRxJXbk4FRW4yubE0KgNtEwlI7CdQfnVglKi6w1jJ5FIjv0Zg2 eKPXbbkXWhgK0emKo6QysL0CMALihOxI1SAqHmQMsOAWJBckpliQQJokEgK0 t5QmXF8iB+z1AnfxjEsrvi+INYmY8bOSQEpV01p00UlKUKoqKFRUW1UJSKFg WJVVM5RcFh9ShBQYXoMxUlIIu78nU0BUaghNMTvHBECxCGVjNUvori82mK2w 0uGbJeLAYkWntGhK0nbJK2UbCySyrIIlRYtWxIwXHC0QxFoiFA1WgtExWzGQ FwWkG0TpUHRxhffRkEgv5S/aPPDUFxtU8EGQlzjvBm6AqzsAsWbeyBpQs2mT A7AKzkiJhCMhpsMRIR1BBQyIEM9RLIUYzC0MJJHee1+XBISDo8ios2RyJGCN pBWer2KFOWFIBTBB9D6ZiPTM2cauIBgMYYiEQJkgZAyG2e2EkLqDIRkXLA45 jIBwboTygw5PMIDvmtR7l5IlLISZEbrRE4BkwgZBAoBgpYdBMd/HNEAYPnXp 4L6iA7k5pckwJ37r69bPepD81BQCo6DWAY09nPS+9zOF5HQcXhrpDcYW5sza rcivodncYTXY3h+Jlvp7ZV3Uny5RghAZvjC4JnGb8DXC83sFlriwpcItpUhc 6M9/YMrx5g3mw+srMSvXANC5A/IoiDu+IDQC2CmH8YaRg192/lF/N8ftoucj AT2gYqCwynVPI1+bBCNgAEAEzBYzXKf1dXQcHslzBGZS7zhTHUYDqN+BNnIx dbEdK718o6FvHZtq+jJ1+G/X3WkGUDO8vj/g3hoWP3OPGYs6YfV3dHfNbqte bSSWwVCyjO5NJP2pVPFjV8ZWDqM24LLJ4fSzmgT0jnxcC60choS2LArcXu2P U6beetIV4DokfXLvpolv5E8ScqXtxbLopwzq5mJdrmpmnbrNghjqbuLvI9Cy xk/uWLnBv6Wyvo0fpenhtn7l7TX+895racNxl6qC5uv/f16X1CbiD+FG2+Ls 9GsqMzQh9Hi+VUZ8E6h/X2LQCjlKBwxadVjZ0K5YfN1fRudHG0wCEXUR9rxF 5J9ByOVB7iOySHT5igPYyycGhTnf1okvpE9FRaH/i7kinChIHYJ4K4A= ==== |
This post has been edited by rmenhal: Jun 16 2004, 01:54 AM
Post by: Tomilius on June 15, 2004, 09:44:00 AM
This post has been edited by Tomilius: Jun 15 2004, 04:50 PM
Post by: Angerwound on June 15, 2004, 09:59:00 AM
Post by: PedrosPad on June 15, 2004, 11:33:00 AM
| QUOTE (rmenhal @ Jun 15 2004, 05:52 PM) |
| I think the shell code in fonts should be kept as simple as possible and contain only what's absolutely necessary. Clock check/set code is a safety feature and should be kept there. |
No argument here.
Well done m8. Options for everybody!
Post by: Tomilius on June 15, 2004, 02:27:00 PM
I have found one oddity though... just one... when you reboot from a dash (Quick Reboot) it looks for a disc in the drive (the LED flashes green.) However, it is not given enough time to finish looking, and somehow the drive must be considered open because it boots into msxboxdash.xbe. No big deal. It's solvable by using the "Full Reboot" feature of EvoX.
This post has been edited by Tomilius: Jun 15 2004, 09:53 PM
Post by: GJCD on June 15, 2004, 04:30:00 PM
So what is the point of the use of these last new .xbe made by rmenhal?
I'm sorry but I didn't understand, can you explain me please.
With the last fonts I had I could boot with any type of game in the drive.
Thank you for your work.
Post by: Sirus20x6 on June 15, 2004, 04:48:00 PM
i dont need xbox live
i have soldered my bios flash points
i want to put on the neweset x2 or evox bios and have these in e:\bios
e:\default.xbe is evox from slayers 2.5 i md5 checked it and signed it with habibi and checked it again and the md5 stayed the same unlike my other version of xbedump which i susspect was messed up cuz it would change the md5 everytime i resigned it which i throught was weird...
e1c4afdd99830f019508d86b19acad42 *default.xbe <--- this is evox from slayers and it was 752 k
if i boot update.xbe from slayers as c:\xboxdash.xbe with normal fonts i get the unable to update screen ... when i put any bert/ernie or bert ate ernie files in c:\fonts i get error 21.... yes i have removed ALL the old fonts...and i have tried bert_ate_ernie-4034-01.xtf just a few minutes ago with the same result error 21..
Kernel:4034 <----sticker on my xbox mobo and info screen says so
Dash: 4920 from slayers
please some one help me ;(
also is there a less crappy harddrive swap program...hdd_driver is so buggy i can only backup and restore and not navigate the directory structer..
Fat-X-Plorer was so buggy i had to recompile it myself and its still crashy and it doesnt let me delete folders...quite messy
Post by: Tomilius on June 15, 2004, 04:51:00 PM
Post by: Sirus20x6 on June 15, 2004, 04:54:00 PM
this is my update.xbe in c:\ as xboxdash.xbe
8ab653c39f555758fb65d9014928c4cd *xboxdash.xbe
i dont have mechassult for that hack :( plus with no links ill have to irc around for it forever and that aint my favorite thing in the world to do...i have every thing for this mod right now and i would like if i could just get it to work....just noticed that fat-x-plorer currupted my e:\bios folder...it has like 30 blank file entrys of all size 0....this is i new fuckup i think...will have to find my original image again..
This post has been edited by Sirus20x6: Jun 16 2004, 12:18 AM
Post by: rmenhal on June 15, 2004, 07:10:00 PM
@Angerwound: I didn't fix anything for Closed-Retail. If it didn't boot originals before, it still don't.
@GJCD: are you using Dual-Habibi or Closed-Retail? Angerwound's experience seems to be that Closed-Retail has never booted any kind of game. I don't know what's the point of booting into retail dash. A pre-4920 dash is damaged anyway because of reset-on-eject and you can get into a f0nts-edited 4920+ dash through your favorite dashboard.
Post by: Angerwound on June 15, 2004, 08:31:00 PM
Post by: Tomilius on June 15, 2004, 10:32:00 PM
Dual-Habibi is EXTREMELY useful for those of us without owned copies of the gamesave-exploitable games. Thanks once again, Angerwound and rmenhal!
Post by: PedrosPad on June 15, 2004, 11:13:00 PM
| QUOTE (rmenhal @ Jun 16 2004, 03:34 AM) |
| Angerwound's experience seems to be that Closed-Retail has never booted any kind of game. I don't know what's the point of booting into retail dash. A pre-4920 dash is damaged anyway because of reset-on-eject and you can get into a f0nts-edited 4920+ dash through your favorite dashboard. |
| QUOTE (PedrosPad @ May 21 2004, 05:16 PM) |
| Now here's an interesting finding: Live 1.0 Dashboard 4290, Allowed media types = 0x80000001, XBE_MEDIA_HDD Pre-Live Dashboard 4817, Allowed media types = 0x00000001, XBE_MEDIA_HDD |
Thus, if Live 1.0 Dashboard 4290 is chained, ROJ would still be off (suitable for using the Dash to play CDs or watch DVDs).
Interesting, but not overly helpful, or possible, as 4290's fonts have already been hijacked by UDE. I always saw the tray-state XBEs chaining a rename-files-and-reboot XBE, that'd restore the system state to retail and reboot, in order to reenter a clean retail environment (to be reversed later by EEE or GameSav)
Post by: krayzie on June 16, 2004, 06:12:00 AM
| QUOTE (PedrosPad @ Jun 16 2004, 08:13 AM) |
| I always saw the tray-state XBEs chaining a rename-files-and-reboot XBE, that'd restore the system state to retail and reboot, in order to reenter a clean retail environment (to be reversed later by EEE or GameSav) |
Yeah I really don't see the real advantage of this "tray state" exploit if it's only served to boot to a retail dash that only serves as a mem/music/settings dash when you could just as well link the ms dashboard from the normally booted dash.
Too bad we can't make the dual state thing work on retailed booting xboxes so we have choice of goin into an unmodded state and a modded state.
And can someone please explain this:
| QUOTE |
| Dual-Habibi is EXTREMELY useful for those of us without owned copies of the gamesave-exploitable games. Thanks once again, Angerwound and rmenhal! |
If the first font doesn't get loaded the whole dual habibi doesn't get loaded. (to my understanding at least)
This post has been edited by krayzie: Jun 16 2004, 01:13 PM-
Title: The ultimate Dashboard Exploit Aka Ude
Post by: ldots on June 16, 2004, 06:30:00 AM
-
Yeah, I wouldn't find it useful for booting to MS dash either. I do find the dual-booting useful for my UDE package though. I like the idea that even it you mess up your PBL installation or the dash your hacked bios boots to, you are still able to reach the MXM based UDE installer and fix it.
-
Title: The ultimate Dashboard Exploit Aka Ude
Post by: krayzie on June 16, 2004, 06:34:00 AM
-
ahh okay that's an advantage I can find reasonable. A sort of backdoor to another dash (or package) to fix things.
-
Title: The ultimate Dashboard Exploit Aka Ude
Post by: ryan321 on June 16, 2004, 07:01:00 AM
-
evox loads fine, but when i try to run programs it always give me error 21. (eg. xbmc)
-
Title: The ultimate Dashboard Exploit Aka Ude
Post by: devz3ro on June 16, 2004, 07:19:00 AM
-
rmenhal, do you or anyone else for that matter know / understand how the complex !loader works in contrast to PBL? I found some interesting things out about it when trying a bunch of exploits on the 5713 kernel. I have a pretty good idea, just wish we could get its source code. I noticed when messing around, it produced a error 21 a few seconds *after* the !loader xbe was loaded. The xbe loaded fully, then crapped out when trying to patch the kernel memory. This is probably the same thing PBL does, but I'm hoping not since PBL just freezes. Well, PBL does hang for me anyways on this specific kernel. Reason for the error 21 could be because I do not have the proper dlls for it to run on my 1.4 box with kernel 5713 (TSOP flash back for testing). Maybe it needs tweaking / an update?. Might be something, might be nothing...
/me calls complex :)
-devz3ro
http://sh0x.tk/
This post has been edited by devz3ro: Jun 16 2004, 02:29 PM
-
Title: The ultimate Dashboard Exploit Aka Ude
Post by: PedrosPad on June 16, 2004, 07:53:00 AM
-
This post has been edited by krayzie: Jun 16 2004, 01:13 PM
Post by: ldots on June 16, 2004, 06:30:00 AM
Post by: krayzie on June 16, 2004, 06:34:00 AM
Post by: ryan321 on June 16, 2004, 07:01:00 AM
Post by: devz3ro on June 16, 2004, 07:19:00 AM
/me calls complex :)
-devz3ro
http://sh0x.tk/
This post has been edited by devz3ro: Jun 16 2004, 02:29 PM
Post by: PedrosPad on June 16, 2004, 07:53:00 AM
| QUOTE (ryan321 @ Jun 16 2004, 03:25 PM) |
| evox loads fine, but when i try to run programs it always give me error 21. (eg. xbmc) |
If your not running PBL before Exox (I assume because you can't), you'll have to sign every XBE Evox launches with the same key you've signed Evox with.
Post by: pdxkid on June 16, 2004, 09:25:00 AM
also i have the UDE.rar file from 'usual places' along with the slayers auto installer 2.5 iso for any files i need there. Would there be anything else?
Post by: Angerwound on June 16, 2004, 10:25:00 AM
| QUOTE (pdxkid @ Jun 16 2004, 06:25 PM) |
| im such a n00b but... has anyone had the time or even a chance to install the UDE with a step by step (including pictures) tutorial? and what exactly is a PBL?? also i have the UDE.rar file from 'usual places' along with the slayers auto installer 2.5 iso for any files i need there. Would there be anything else? |
For those of you having trouble installing UDE, just use ldots memcard package. Work wonders.....
Post by: xecuterbox on June 16, 2004, 11:22:00 AM
just used the fonts posted here (put the code in notepad save as 1.b64 open with winzip)
Post by: liteon6x on June 16, 2004, 02:17:00 PM
Post by: dubey on June 16, 2004, 05:50:00 PM
Post by: pdxkid on June 16, 2004, 06:21:00 PM
Post by: Angerwound on June 16, 2004, 06:36:00 PM
| QUOTE (liteon6x @ Jun 16 2004, 11:17 PM) |
| where are the new fonts that automatically set the unset clock |
There are 3 versions as of now that support the clockset feature, all found within the thread.
rmenhal's original version which is a basic bert_ate_ernie.xtf w/ autoclock setting.
my version which includes tray-state XBE loading as well as the autoclock setting.
rmenhal also released another version of his fonts which have the autoclock features built in. But the new feature within his release is that it boots an .xbe that he wrote which controls the tray state selection.
Post by: Peeko on June 16, 2004, 10:30:00 PM
| QUOTE |
| well when evox loads and i try to access msdash it does not happen.. just takes me right back to evox screen |
I'm having the same problem, with a twist. Instead of it going back to EvoX when I select MS Dashboard, I get an Error 21.
I've done the hex editing to MODxboxdash.xbe to include f0nts\ instead of fonts\ . I even double checked the file in the hex editor and caught a mistake, fixed it, uploaded it and still got an Error 21. I don't see what I'm doing wrong. The two files in the f0nts\ directory are the original ones that were in there. The same files on the C:\ drive were renamed (xbox.xft and xbox book.xft) but not removed or moved in any way.
Is the MODxboxdash.xbe supposed to be signed with Habibi, because I haven't tried that yet. I also edited the evox.ini and made it point to C:\MODxboxdash.xbe for the MSDashBoard.
Anyone have any idea what I could be doing wrong?
EDIT: Fixed my problem. It was because the MODxboxdash.xbe had to be signed with -habibi instead of -font like most tutorials say. Also, using THIS tutorial, I kept my fonts\ directory without the 0, and just changed the files to .xft and used the hex editor to edit the MODxboxdash.xbe. Works like a charm now.
Post by: flYnSt4r on June 16, 2004, 10:49:00 PM
| QUOTE (ember @ Jun 11 2004, 06:16 AM) |
| would you explain more, how do the game lock up? on loading the game? in the middle of the game? what dashboard are you using when load the game? u-x, evox, ava, mxm, thc? try to load the game with different dashboard. if still don't work, i would suggest you to update date and time then try to load the game again. if still don't work, try to load the game using the game disc... you probably come into a narrower path for solution. good luck. |
Sorry for the long delay.
Time and date are correctly set.
Tried launching through Avalaunch and Evo-X.
Game disc doesn't work either (tried on a few)
List of games not working (all PAL)
XII
Top Spin(locks up with blue screen on start)
DTM Race Driver 2(locks up on initial loading screen)
Midtown Madness 3
Unreal Championship(locks up on initial loading screen)
GTA 3 Vice City works for me fine.
Solution? :/
Post by: PedrosPad on June 16, 2004, 11:33:00 PM
| QUOTE (PedrosPad @ Jun 12 2004, 09:22 PM) | ||
Hi 'authors', Is this now considered the best-of-breed? Shall I update the root post to contain just this font? |
Root post now updated
I felt it important to post a font that deals with an 'unset' clock, and, although slightly out of date, this was the last large 'generic' font.
rmenhal, your posts after this focus on kernel-specific exploit fonts, yet still claim to contain an, albeit tiny, 'generic' font. This has left me slightly confused. Why the need for kernel specific-fonts if the 'generic' font does actually work? Please can you give me a few words of explanation? (when you'd use 'generic'?, and when you'd use kernel-specific?), and I'll include them when I next update the root post. Ta.
Post by: ldots on June 17, 2004, 12:16:00 AM
Post by: PedrosPad on June 17, 2004, 12:33:00 AM
| QUOTE (ldots @ Jun 17 2004, 09:16 AM) |
| ...And if anyone is experiencing problems with stability of the generic (non-kernel specific) font please post. Personally I have tried the generic font on kernel 4034 and 5101 and havent had any stability issues. |
Seconded.
Post by: BluhDeBluh on June 17, 2004, 05:07:00 AM
| QUOTE (flYnSt4r @ Jun 17 2004, 07:49 AM) |
| List of games not working (all PAL) Top Spin(locks up with blue screen on start) |
Odd. My legit PAL copy of Top Spin worked 100% fine when booted from EvoX.
Post by: mkjones on June 17, 2004, 05:46:00 AM
Its about time I started looking at a UDE package I think..OK.
"Traystate" 2 XBEs
How do you configure "where" the 2 xbe's can be ran from? HEX edit? Or some other way?
Update.xbe file and check
OK, the file C:\xodash\update.xbe is on most xboxes I have seen, I am guessing that the ones with the 4920 dash "as standard" will all have it, can anyone back my assumption up?
If this is not the case, where is the best place to get the hackable Update.xbe from? My package will work using MA, has anyone tried the update file on the MA DVD?
Live!
As always, live updates are a bummer, has anyone had a mess around running the latest M$ dash and the package in some kind of "swappable" state? My plan was to somehow work out a way of running the new dash and this hack, if it can be done then il be so pleased as this is the one thing that really pisses me off when softmodding and I dont even use Live! but people do
fonts and f0nts
OK, why do we have to re-name the fonts folder exactly? I know its becuase you may wanna run the M$ dash.. yes? I have a few ideas regarding the use of this folder and being able to boot different dashboards and how it would have to be re-named.. but its a little confusing? If you know what I mean
I think thats about it for now, I have a few free days in about a week and wanted to get this running and have a mess around..
One last thing, UDE is amazing, great work guys, and as soon as it looked like the exploit scene was getting boring
well done chaps
Post by: krayzie on June 17, 2004, 05:58:00 AM
| QUOTE (mkjones @ Jun 17 2004, 02:46 PM) |
| Just wanted to pop my head up and ask a few questions Its about time I started looking at a UDE package I think.. OK. "Traystate" 2 XBEs How do you configure "where" the 2 xbe's can be ran from? HEX edit? Or some other way? Update.xbe file and check OK, the file C:\xodash\update.xbe is on most xboxes I have seen, I am guessing that the ones with the 4920 dash "as standard" will all have it, can anyone back my assumption up? If this is not the case, where is the best place to get the hackable Update.xbe from? My package will work using MA, has anyone tried the update file on the MA DVD? Live! As always, live updates are a bummer, has anyone had a mess around running the latest M$ dash and the package in some kind of "swappable" state? My plan was to somehow work out a way of running the new dash and this hack, if it can be done then il be so pleased as this is the one thing that really pisses me off when softmodding and I dont even use Live! but people do fonts and f0nts OK, why do we have to re-name the fonts folder exactly? I know its becuase you may wanna run the M$ dash.. yes? I have a few ideas regarding the use of this folder and being able to boot different dashboards and how it would have to be re-named.. but its a little confusing? If you know what I mean I think thats about it for now, I have a few free days in about a week and wanted to get this running and have a mess around.. One last thing, UDE is amazing, great work guys, and as soon as it looked like the exploit scene was getting boring well done chaps |
1: I haven't looked into the xbe's cuz they aren't of real interest to me.
2: there are various 4920 update.xbe's floating around. I thought slayer's has the right one and also a few games.
3:you can switch to the easter egg exploit which uses the newest 5960 dash. I really doubt it will survive any coming updates though.
4: it doesn't mather how you rename the files just as long as you make the update.xbe can't reach his original xtf files.
Post by: ldots on June 17, 2004, 06:11:00 AM
2) There is more than one 4920 update.xbe. The fonts were only disigned for one of them, so you cannot count on the MA version to work for everybody. Maybe it's time to find the differences between the two versions. Anyone who knows of a third version of the 4920 update.xbe ???
Most people get the working version from Slayers. Not that big a problem in my opinion. Most people who softmodded their xbox using the old fonts did the downgrade using Slayers anyway.
3+4) I second Krayzie's answers. At the moment I dont see any Xbox-Live safe way to switch bwtween an unmodded state and UDE besides the EEE. But the EEE
- Will most likely not survive the next dashupgrade
- Will require either you or the user to include yet another M$ copyrighted xbe in the package (a pre-live dash)
Post by: cayotic on June 17, 2004, 07:10:00 AM
I attempted both the xbox-scene supplied instructions as well as the #xbins readme included with the UDE package.
A little bit of variation between the two, though I was able to get closer with xbox-scene. Mainly because #xbins's own tutorial contradicts itself saying that the xbøxdash.xbe is "not' included then finishes with a note saying "the included xbøxdash.xbe is hex edited..."
So I did what I could with that tutorial and got an error everytime. I was able to get Evox to load using xbox-scenes instructions. However, as well as the font hack, I get a partial operating Evox. What I mean is, no xbox games show up, half my emulators, and then those don't load. I tried using a signed xbmc.xbe as the default.xbe and it just froze during boot.
Any suggestions. I do have xbox v1.1 dash 4920.
Post by: devz3ro on June 17, 2004, 07:41:00 AM
| QUOTE (cayotic @ Jun 17 2004, 04:10 PM) |
| Frustrated... I attempted both the xbox-scene supplied instructions as well as the #xbins readme included with the UDE package. A little bit of variation between the two, though I was able to get closer with xbox-scene. Mainly because #xbins's own tutorial contradicts itself saying that the xbøxdash.xbe is "not' included then finishes with a note saying "the included xbøxdash.xbe is hex edited..." So I did what I could with that tutorial and got an error everytime. I was able to get Evox to load using xbox-scenes instructions. However, as well as the font hack, I get a partial operating Evox. What I mean is, no xbox games show up, half my emulators, and then those don't load. I tried using a signed xbmc.xbe as the default.xbe and it just froze during boot. Any suggestions. I do have xbox v1.1 dash 4920. |
Read the pinned "temp mod spot avail"
Reason why the readme is all messed up is because Iriez had to edit some of the files inside the package (He also edited my readme, and I guess didn't fix everything). I will do a re-write and re-submit as soon as I can. I apologize for this.
-devz3ro
http://sh0x.tk/
Post by: cayotic on June 17, 2004, 07:49:00 AM
What do you suggest I do? Is UDE really the best. Why do I have so much trouble booting to XBMC with exploits? Is Xb0xdash.xbe, (hexed), available on #xbins?
Post by: Angerwound on June 17, 2004, 07:58:00 AM
| QUOTE (cayotic @ Jun 17 2004, 04:49 PM) |
| In the mean time What do you suggest I do? Is UDE really the best. Why do I have so much trouble booting to XBMC with exploits? Is Xb0xdash.xbe, (hexed), available on #xbins? |
If you are having trouble with a manual install refer to ldot's UDE Memcard installer. There's a thread about it down below.
Post by: devz3ro on June 17, 2004, 08:04:00 AM
| QUOTE (cayotic @ Jun 17 2004, 04:49 PM) |
| In the mean time What do you suggest I do? Is UDE really the best. Why do I have so much trouble booting to XBMC with exploits? Is Xb0xdash.xbe, (hexed), available on #xbins? |
No it's not there, that was the problem. I didn't realize that I had it in the rar when I sent it in. xboxdash.xbe is a MS copyrighted file. You will have to start looking for ldot's installer if you cannot hexedit yourself. If you have the original file, there is plenty of threads around that can walk you through it
-devz3ro
http://sh0x.tk/
Post by: krayzie on June 17, 2004, 08:13:00 AM
Post by: Angerwound on June 17, 2004, 08:13:00 AM
| QUOTE (tredici @ Jun 17 2004, 05:11 PM) |
| Ok, I've successfully completed the UDE. Quick question about PBL. Is there anyway to make PBL automatically load the only bios I have in the Bioses folder? Pressing A a few times isn't that bad, but if I could skip that, it would be much nicer. |
Mine always automatically loads as long as your boot.cfg points to it's filename.
boot.cfg is pointed to xboxrom.bin on default, so as long as you name your bios the same you should be fine.
Post by: devz3ro on June 17, 2004, 08:15:00 AM
| QUOTE (tredici @ Jun 17 2004, 05:11 PM) |
| Ok, I've successfully completed the UDE. Quick question about PBL. Is there anyway to make PBL automatically load the only bios I have in the Bioses folder? Pressing A a few times isn't that bad, but if I could skip that, it would be much nicer. |
Yes, change the timeout in the boot.cfg to all zeros (replace the 5 or whatever number it is with a zero) and rename the bios in the Bioses folder to xboxrom.bin (making sure the bios in your boot.cfg is xboxrom.bin also) for safety reasons.
-devz3ro
http://sh0x.tk/
Post by: devz3ro on June 17, 2004, 08:17:00 AM
-devz3ro
http://sh0x.tk/
P.S. Don't buy IBM computers, they are slow. (And yes, I am blaming the computer for my slowness
.)
Post by: Angerwound on June 17, 2004, 08:19:00 AM
| QUOTE (devz3ro @ Jun 17 2004, 05:17 PM) |
| Ok I'm going to stop posting now since Angerwound has it all taken care of |
Post by: Grospolina on June 17, 2004, 09:10:00 AM
2. It's not case-sensitive.
Post by: dubey on June 17, 2004, 09:20:00 AM
Post by: Angerwound on June 17, 2004, 09:24:00 AM
| QUOTE (dubey @ Jun 17 2004, 06:20 PM) |
| This "TrayState Decision Making", how do i set what xbes i want it to run? |
Depends upon which version of the fonts you are using.
My release you can either hexedit the font or edit the ASM and recompile the font.
rmenhal's requires editing of his custom .xbe. I'm almost positive you can hexedit his .xbe for he is known to leave blank bytes after the name for this purpose. Good Luck.
Post by: dubey on June 17, 2004, 11:09:00 AM
| QUOTE (Angerwound @ Jun 17 2004, 06:24 PM) |
| Depends upon which version of the fonts you are using. My release you can either hexedit the font or edit the ASM and recompile the font. rmenhal's requires editing of his custom .xbe. I'm almost positive you can hexedit his .xbe for he is known to leave blank bytes after the name for this purpose. Good Luck. |
what files need to be hexed and what am i supposed to change in the file
Post by: Angerwound on June 17, 2004, 11:14:00 AM
| QUOTE (dubey @ Jun 17 2004, 08:09 PM) |
| what files need to be hexed and what am i supposed to change in the file |
My release:
Hex edit the locations at the bottom of the .xtf file with the ones you desire. I suggest editing the ASM code and using NASM to recompile the XTF, much cleaner.
rmenhal's:
I haven't exactly gone about editing his code as of yet however, I'm almost positive its as simple as hexediting his .xbe with the desired locations or editing the ASM(if included) as stated above.
Post by: violent_bong on June 17, 2004, 11:47:00 AM
Post by: Angerwound on June 17, 2004, 11:49:00 AM
| QUOTE (violent_bong @ Jun 17 2004, 08:47 PM) |
| Yeah, I have your fonts Angerwound, they are great, not too hard to edit either. Now i just have to get pbl 1.3 to load the tHc dash.... |
what sort of problems are you having with tHC? I recommend getting tHC to launch as an app before settign your PBL to boot it. The biggest mistake most people make is forgetting to edit the default.xbe of tHC to boot the original fonts from a seperate location.
Post by: violent_bong on June 17, 2004, 11:51:00 AM
Post by: PedrosPad on June 17, 2004, 12:04:00 PM
| QUOTE (rmenhal @ Jun 17 2004, 08:52 PM) |
| Some versions of Complex !Loader come with the source code for the essential part and the patches for kernel 4817 are clearly visible after disassembling the DLL. Anyway, I looked at the 4034 patches and adapted some to 5101, 5530, 5713 and 5838. I was able to test only 5101 (and I implemented it only for that reason, PBL of course runs on 5101.) Features: * Runs unsigned code at least off the HD (I don't have backups to test DVDs) * Drive F support * Some kind of eject fix WARNING: 5530, 5713 and 5838 are currently COMPLETELY untested. The patcher xbe is habibi-signed and can be run e.g. from evox or after UDE in place of PBL. It boots C:\evoxdash.xbe. |
Heck, if the 5530, 5713 and 5838 patches do work, this deserves a thread of it's own. This will be as big as PBL, for owners of new XBOXs.
Post by: Angerwound on June 17, 2004, 12:07:00 PM
EDIT: LOL, it takes great skill to interrupt a double post..
Post by: violent_bong on June 17, 2004, 12:10:00 PM
I dont know what use that would be to you guys though..EDIT: forgot to say Good work rmenhal, you are amazing with this shit..
Post by: ldots on June 17, 2004, 12:18:00 PM
This could be what 5530 users have been asking for, but how would 5530+ owners run this? No exploitable dashversions? They could run it from game saves, but would this even disable ROE with a game in the drive???
Post by: rmenhal on June 17, 2004, 12:28:00 PM
| QUOTE (PedrosPad @ Jun 17 2004, 08:33 AM) |
| rmenhal, your posts after this focus on kernel-specific exploit fonts, yet still claim to contain an, albeit tiny, 'generic' font. This has left me slightly confused. Why the need for kernel specific-fonts if the 'generic' font does actually work? Please can you give me a few words of explanation? (when you'd use 'generic'?, and when you'd use kernel-specific?), and I'll include them when I next update the root post. Ta. |
First of all, both of the new generic and kernel-specific fonts are improvements over the old ones. They're much smaller, because there's no need for the landing zone or catch net anymore. They're so small now that there's really no risk of bert overflowing off the heap anymore.
The generic font, like all fonts before, still rely on an exact stack position. I think there are two weird situations, which on some boxes cause the stack to shift lower than what is usual:
1. For some boxes, the evox reboot features do this.
2. When some application/game manages to crash the kernel real good. On some boxes, the stack has shifted for some reason.
About 1: my xbox doesn't have this problem, but I guess at least Tomilius' box did. Also, I remember reading catfish installer readme (?) where he mentioned that he had to remove the reboot entries from evox menu, because the audio exploit wouldn't work after that and would just get corrupted. The only reason for audio exploit to not trigger is that the return address pointer in the stack is in a different place than usually. It just misses the mark.
About 2: YoshiKool described something along these lines. I've also several times managed to get - both swappy and swapless - audio exploit to not trigger and get corrupted on next boot after a nice kernel crash.
It's also probable that regular bert'n'ernie fonts have the same problem. But I think they happen to crash in a away that just causes a reboot once or twice. However, update.xbe happens to crash in a away that freezes the box. Freezing is a not problem if the user sits next to the console; just power cycle and the box works. A frozen box wouldn't make a remote Linux admin happy, though.
The kernel-specific fonts solve the problem by using a fixed location in the kernel. This location was determined when MS compiled and linked the particular kernel version. These fonts don't rely on any exact stack locations.
I provided the generic font, because I'm not sure if all the kernel versions are covered yet. Some post in these forums listed kernel versions, and it looks like we're still missing 4036 and 4972. I've never seen these versions mentioned elsewhere, though. 4036 could be a mistyped 4034 and 4972 looks more like an Xecuter version (or maybe X2 is based on 4972?). Are those two versions real?
Post by: PedrosPad on June 17, 2004, 12:22:00 PM
| QUOTE (ldots @ Jun 17 2004, 09:18 PM) |
| This could be what 5530 users have been asking for, but how would 5530+ owners run this? No exploitable dashversions? They could run it from game saves, but would this even disable ROE with a game in the drive??? |
It's only kernel 5713 who can't use legacy dashboards. All other kernels can downgrade their Dashboard and use any of the exploits. It's simply that PBL couldn't be used on some kernels (5530, etc.) - and this may make that issue redundant
.
Post by: dubey on June 17, 2004, 12:29:00 PM
| QUOTE (Angerwound @ Jun 17 2004, 08:14 PM) |
| My release: Hex edit the locations at the bottom of the .xtf file with the ones you desire. I suggest editing the ASM code and using NASM to recompile the XTF, much cleaner. rmenhal's: I haven't exactly gone about editing his code as of yet however, I'm almost positive its as simple as hexediting his .xbe with the desired locations or editing the ASM(if included) as stated above. |
how do i know what release i have lool
I downloaded the UDE package at "the usual place"
Post by: rmenhal on June 17, 2004, 12:31:00 PM
| QUOTE (violent_bong @ Jun 17 2004, 09:10 PM) |
| So is this just a recompiled version of complex loader? I'll give it a try on my 3944 kernel ;) I dont know what use that would be to you guys though.. |
No, I just adapted some of their patching to new newer kernels. Don't bother testing it with 3944. It checks the kernel version and doesn't do anything, but load C:\evoxdash.xbe, if the version is not 5101, 5530, 5713 or 5838.
Post by: rmenhal on June 17, 2004, 12:28:00 PM
| QUOTE (ldots @ Jun 17 2004, 09:18 PM) |
| This could be what 5530 users have been asking for, but how would 5530+ owners run this? No exploitable dashversions? They could run it from game saves, but would this even disable ROE with a game in the drive??? |
Thisl is really useful only for 5530. Unless, of course, 5713 and 5838 owners are happy with their game save exploits.
They'll have ROE, as before.Post by: ldots on June 17, 2004, 12:30:00 PM
| QUOTE (PedrosPad @ Jun 17 2004, 09:22 PM) |
| It's only kernel 5713 who can't use legacy dashboards. All other kernels can use any of the exploits. It's simply that PBL couldn't be used on some kernels (5530, etc.) - and this may make that issue redundant. |
I realize this could be the solution for 5530 owners
With 5530+ I meant how would 5713,5838,.... kernel owners execute the patcher.xbe? No font/audio exploit ?Edit : Yes Rmenhal, that was why I asked in the post. Your comment on this being untested on 5713,5838 kernels puzzled me
You could execute the patcher from a game save, but would still have ROE.
Post by: PedrosPad on June 17, 2004, 12:35:00 PM
| QUOTE (rmenhal @ Jun 17 2004, 09:28 PM) |
| Thisl is really useful only for 5530. |
Still, that's a large market, going by the posts in these threads.
Post by: krayzie on June 17, 2004, 12:48:00 PM
Post by: Dolfhin on June 17, 2004, 01:11:00 PM
| QUOTE (krayzie @ Jun 17 2004, 09:48 PM) |
| Damn this scene is getting better and better. So much progress in such a short time. It's getting adictive |
lol Yes it's going really fast now and it's great to see people trading idea's and making other people's idea's possible
This exploit is getting beter every day and I can't wait untill I have my Xbox running again to test this!
Keep up the good work guys, we love you
Post by: krayzie on June 17, 2004, 01:30:00 PM
Post by: ripcurl on June 17, 2004, 01:51:00 PM
%define PBL_PATH '\Device\Harddisk0\Partition1'
%define PBL_NAME 'default.xbe'
%define DASH_PATH '\Device\Harddisk0\Partition2'
%define DASH_NAME 'msxboxdash.xbe
lets say i wanted to boot PBL off of E:\Apps\PBL\default.xbe with the subfolders...how would i define it above? Also it sez that partition6 does not work for this?? i'm guessin because the font doesn't add f drive support? doesn't the !complex loader add f drive support on the fly??
i believe dual habibi suits me best, what advantage does closed retail have?
Post by: Tomilius on June 17, 2004, 01:56:00 PM
%define DASH_NAME 'default.xbe'
As for closed-retail... which should be open-retail I guess... it loads a retail version of the dash with the drive open? ???
I don't know much about complex !loader but if you're attempting to compare it to UDE, you should know that complex !loader isn't a font hack but a loader. Like PBL. So you can't compare them.
I guess. I'm always wrong around here.
This post has been edited by Tomilius: Jun 18 2004, 02:31 PM
Post by: BluhDeBluh on June 17, 2004, 02:23:00 PM
Post by: Angerwound on June 17, 2004, 03:29:00 PM
Post by: Tomilius on June 17, 2004, 06:58:00 PM
| QUOTE (ripcurl @ Jun 17 2004, 11:23 PM) |
| %define DASH_PATH '\Device\Harddisk0\Partition2\Apps\PBL' %define DASH_NAME 'default.xbe' edit!! DID work for me thx!! BUT STILL for some reason the open tray gives me error 21 too for both retail and closed tray fonts oh one last thing....its ok to put a .bak extention onto the xodash folder) ex. xodash.bak) to remove the xbox live icon in the hexed msdash, i hate it when some one accidentaly presses live THX!! great job everyone |
... you have to habibi-sign the MS dash or use PBL. Sorry if you already did those things.
Post by: Tomilius on June 17, 2004, 07:00:00 PM
| QUOTE (colt45joe @ Jun 18 2004, 03:46 AM) |
| i dont get it, the very first post doesnt explain much.... how do i install the ultimate dashboard exploit? where do i get the files to install this exploit? i checked "THE USUAL PLACES" and there is no "bert ate ernie" files |
You can't use this exploit if you only have 60 seconds to figure out how to do so. If you don't have more than that, just give up - if you do, actually read this thread please. As much as you can of it - from the beginning. It's okay to skip to pages in the 40s after you've read the first few, I think.
Post by: colt45joe on June 17, 2004, 07:13:00 PM
MUH6EHH+K70K=%T7XEHJ$5$M!1EK(WG,K"V%N2""#H?P&>#OT'>=]WH9HS,[T
MP[^*8=.YWO,,.<_SO,[FCVCQ[VOQWV?VM;#H`%```$A'2\!FD&`["=(+PEV;
M=/J05M91.@77.%LD4Q./W<`'>1\K='X^NYX^<B4,4%\```````@=_2M9J<YH
MU35$HDO@``````'GLC-@(,D9_&4>O0GR8(/I.\.72^72^72^72^72^72^72^
M?Y>G'AG>BU33)!?```````('_HI$W6>LR,>Q+X``````!Y#*K4W4^!JFKE!?
M```````(/;@)O5HD)?```````(O[K\IL=JF(+X``````&L:O%#H`!(`$#>(+
MX!QTC*U%ZV]T8[.4XS5+X!QWBD(1)FY=)H'I.[F%$^L[PY=/T-YW<5BG>^!S
M3&0@O@',-\A?2J'+KU;_01UT%\`X[N3.3),=I]VB&Y=2^#DHVOJ9=N(G=]*U
M^GP<A'_JIQURGO9?=-ZZYKNY>/'UU;TSISL&"^E,#K4]4\>]1W"ZL'_H=J]_
MRZJ*JXNI8H$-X[NK::__A,CZTRE6IV^6Y=6O5LUN9#F'KZ!:]WR]#R%\FPDR
MA9I@9<'=4OG69=I2C%A],:-\5IH*[C"<OT/YY_22<V^O,*L@MMD?1%<8?F<8
MG$F;-7"V-W3NE,ESLS+:3KQ7]M3I^P4JT.EL)\H3`SH.[B570L>33PI^)=T#
M!5L^0:&+IUW[9_80OFICDT?.Q34=M29EA$]LO4B2VX.9$J?8MF\6S4KJ4^6Y
M<Q=!1>X>^QDX-PJ)9+X%XI#G8L*9)[9M,M/+6++ALZ.R97-'TEW"_\";G;39
M9-3^U-9;,=@R_\N]6\-I,T>\#:LA-K9%`KIV8+M3"+Y(K/;/3:I-Z-6+G[0O
MC0RUZT\:_W$L%<R7NVJT+#6Y^)IXK]C+)T3(TC\H)$AT()`V```#``#@G@``
M`CZ=__W]A,LP'3,1`"````!#;&]S960M4F5T86EL+GAT9@#PT!,9"B%5%,R?
MS<$?)+"24194+!:54HZZ/T%^C2C:)6UBH(EE:-2A+HE^2)9*UBVR)`I2V-+H
MAX]H4+LMT4HB%=:(UH6EHH+K70K=%T7XEHJ$5$M!1EK(WG,K"V%N2%!!T/X#
M/!WZ#O.^[T,T9F=Z8=_%,.G<[WF&'.?YWF=S1[1X][7X[[/[6MAT`"@``"0C
MI>`S2#`=A.D%X2[-NGU(*VLHG0+KG"V2*8G'[N`#OH^=NC\_;=\G.1*&*"^`
M``````0/!I6LU.<T:IJB427P``````#SV1FP$&2,_D*/7H3Y,$'TG>'+I?+I
M?+I?+I?+I?+I?+I?/\O5CPSO1:IID@O@``````$#_T4B;K/89&/8E\``````
M`\AE5J;J?"U35R@O@``````$'N0$WJT2$O@``````$7<K\IL=JF(+X``````
M&L:O%#H`!(`$#?(+X!QTC*U%ZV]T8[.4XS5+X!QWCD(1)FY=)H'I.[F%$^L[
MPY=/T-YW<5BG>^!S3&0@O@',-\A?2J'+KU\'01V$%\`X[NS.3),=I^&B&Y=2
M^#DHVOJ9=N(G=]*U^WP<A'_JIQUS'O:??\]=<]W<O'CZZMZ9TYV#!?2F!UZ>
MJ>/>J[A=:#QX=J]_RZJ*JXNI8H$-X[NK::__C,CZTRE6IV^6YM6O5LUN=#F'
MKZ!:]X"]#RE\FPDRA9I@9<'>4OH69=M2C%A]<:-\EIH*[C"<OT/YY_22<V^O
M,*L@MMD?3%<8?G<8G%F;-5WL;O'=*9+G9F6TG7BO[:G3]@I5H=+83Y0F!G0=
M[$JNE8\NGA3\2[H&"K9\@T,73KMQG]Q"^BF.31]#%-1VU)F6$3W2]2)+;AYD
M2I]JV;QK-2NI3Y;ES%T%%[Q\+&3@W"HEDO@7BD.=BPIDGMFTRT\M8LN(SH[)
ME<T?47<+_P)N=M-EDU/[4UELQV3+_S;];Q6DS1[PMJR$VMD4"NG9@NU,(OEB
ML]L]-JDWHU8N?M"^1#+7K3QK_=2P5S)>[:K0L-;HXFGBOV,LG3,C2/T@YKET
M()`V`((+``"(*````EF=10^8A<LP'3,1`"````!#;&]S960M4F5T86EL+F%S
M;0#P4,Q8$"(0T(S16\6=6[C*J?!UT:Z(XP-P&`VQ]0V#US=@_'R,V;O.;)12
MS,0S(\##<S!L;^]>5,&XWGINTLP,/0S9*J#YSH(Y&)*[M6KNU?I4^+7^"5_?
M]VKJU:2NE5*J"LZ.'V?B_GJ2X2<5GWV[E>W9N>/S>WQ?A0HT*89XZ70SB:5,
M15E;Q+K+6@%4/YM\@@H?EN\NV3Z%)??6O=7,L3K,TVNS@(S=)[[5GFY:_NFO
M?^^%8KAJ&-2`^SCPL,KN4'^R#[<>VE?HH.Z7\*[`$C%`-@Z2<U?HM$]>`K=^
M@@'`S^F`G`9S;00J[D%7E288$\#DXEA]%Y1DK3_J?!23@WY[%>V!X1`0Q,0;
M*@8D%\T#+?-W37BATQ/T'A0'9?-Y5KM@J5`()X$F,JRS3\WZ)XZ4'2E3;R&"
M!MR\:&MYGK;$<03I].'WM$O,W3Y)+K41.H1S0(2P.MV12,'WH$8786NR!1D2
MN3ZQ<,$D#D60DD<F)W'E,Y0."=1S#4-VQ;K4!(7J0@;2/&B6J;=$EG(R^!MQ
MK$JX"G&Y!4X#6A1W^!]T%^G\@0ZQ_6T97'.]?BK8]N05J.XJ47\4\EZSI"+3
M[TJZXC8YD496P/\$AQ&Y`%U=B\,!)HGQ-/QL1"/,ZRL8C33\FC``8Q5O,M@.
MMQ&OA?("K'U(8`;%(I4?<S1\#YNBSRQKC%`WUQ5P2\&SL"S`.7=9?=X@,Z@:
MK3EP&);GCX%P:P<NT(SXLXX5,0H\B>*"9&&P5<7J,&VMP#]-YQAY`Z`W7[F`
MEX8`KTZ`Q][V/R!D]XU19J>P22.XMEO@UF5=H36EJ9K9E-;V^5WQ?JKD];;4
M3'1$FY]+#RKG[B6HH11&*DZ\1C,7,,:I.,[0?09QP=/D,\F(&<#GIREZS(6R
M585L/@(YF[Q2)*Y7A@+:[3\J^H+GA,D\E).&Z>G4GTJ08&KYL%XK`?7D7:?:
M'6QB"=LV81HNTJ.ULX&"@XC6%?W9X'4ADD.C<+74"UH"6\Q&I.TJNK]&F6\+
M(,,E[U[Q<VAS1R`S,);KLU9]&CG;R*(T(>!#KSQ:`B$S:$%T,Q!IN[5\$-S4
M-6($S3]:H:0CA^>S\7\X4DIDSB]MOH)NTDG3F_>U^N0Y^B8;^\1*B>0F0]VL
M3;@OH`ZHFZP7#@Q7PZ6I'?BQ21O@9'8HO<7&1#C'Z;@HTMT_9*\.4B`$*$>9
MEPR.X?)6(LTN#'_KYRM./<'.*NV/>W%@+UE78*H'9\KB&4'MOBR=WFTL:Z"9
M"<_%[KG/7M\N1$F_&Q#"NJ;X\H0"%GV]2?QRE*C-SQ/FKVK+KAEEQ,.#"CE`
M5BOT<LA7UI6I:(GWQ-OMP(,XU@A+'+((NG_B_GJE1ACIYM\B'9X02(4&A3)/
M_%_(@T%JM,!C-92*,-R3FC]UA8]CRPYJ3B99ZAT!5:V&G/X"?1-*@,2"BP;`
M<20,QYM(&5LC4<N<'Z['2<2EE!SP$SX*5*QO54[VXP#J$.D/<$@3/0;F78MR
M1LOV4R;A*H(MH1Q(3DVPFG"O8XX`TM'.I\;K['5A\XJ<+<G3`JKF(K$G1H\K
MUL)74##36+"Y62C4I1JPCPC$;O//!K*2,^G:OPIM,S&.X3GF4?+[7SK3`"YC
MV%
M/!Y!G"D?)0.@`/D-`"<7!R?$<OTX";_D$I17#>-IHS\I%*I2;`VX'4MM*8)`#72D-^F=C&SQ!%.3Y+-Y+9"CQ4,+&HRF)=@I\F1H2IQ"=0+H!&;9WL'Y
M)<KT>\&MNBUQ8F_@+;L<:X&BJ=1&J$63!;9"(;?["M(;]I\`Z7\-+N&S#)]&
MHFE[BXL"MX9FKG+TFF'SJ-6#JU?KQSA/&#B6$[$R_BT>8Y0`U'5SC/AMN:H`
MWM]+^3<^)2(E7]C=HE]!;W:C^7@_U"`^?H[7]OPM@K]&ZTGY<S@1$9>>CMZ]
M'O<8'(B7,PLW$_E%-U.&J8@&B+^I?""WX*ZZXN$!B?O;PD_V#1B'$54<5H#R
MO2L<+_:C"FZW*$D-*Q6H%`A,RLB&-4)U/.`6(IVSYK<K._@QNI8)@7U@LT)%
M9;;`X"XW=J/`[\EY1_'`D6ZPLKJ(9?3QII^I(9JT^:L[DCX];:_<9VX!FX@;
MD)\D86<2;PS9V6+`';M]8X.C_F0%O'(WY3T#HD=9W4\4*42#X\I)'#DT6=C8
M[AR.7,)TF<0XI5Q-'GZHX&IYR,9M8'68/ORH!%"R2C`2?03)8DXJJH!XRY^S
MG."1WJ@/<AJU)@F8D/^5ID*6&893#Z`B\'3;1ZW5R\&5TWB`W"1#OP@-<N'1
MN$ILLA&"-%O82#)@4?D6K:\[?33HBV#>#I3^QZ!$)2QHT8`7'._H`7<W>.]\
M@A.^7>)9=W`:>12P=9TWM]VTX*J[$&&1O!\CY&E;!'N89V2JF'<D@4SQ5R]@
M,_QY%;0,@!@$SN'QA_0C,]T<9B@L,=#RF)1&HJZI0SCW*?L0>/FCYK^%P'4P
M-U(U8:4D9<(8-Y-K2Y`7,<"1]WK)>@,RK!NC5\]+9V7O)WHZ&@7=PSBX50P6
ML4`O8#*\"/]C#SN'>M>4T*V@@K'A>"J&6(=9WKTH]1UL;?R`+X11X=R@-@5T
M@C,7`8@R8!1D"PVG8ARV)AQD[,&87_7LD$UOSA0$X2P"7Q2<%K)P!-.`Y"5Z
MM,FGW08!A.^WSQ+=)YI@<_MXZ-7W7..U8N6?UL\=OSB'2\[=B`B^Q9^%Q!*S
M$`7@,:CR:WYX!PG4)\4:*$JAHKG5"<\RFQ_6BH4(5V.FG&5[QE>I#25U@O3F
M(7SCE[7X.7,*C`Q#]G=,`VL*UC#'""DNF8Q1(WR`4G);YMA=+QY..YUO\VT$
M1UXTF:?5R7U7E!$X2/KPT9-
*-!$BK*4M&ME#M94;.J=87IRGQLI?HZF0:!M^P4QA=_RB8X]`@BJA>%.DR)(CW6;`5PC#)[R)_\T.AL).2-SN!X>'VD#S0I[
MM9`]T`G3>F(+,D^CR<A._?T2`COD^]$J7V&R_?O\M)&/GGE1)_W(HN\3_TD9
M^@=IH_1J1VGPGL1(7]CMV%09@Z\5O(V,-BRSN2F-$\YH60D_8S+.CJ.I1VKW
M+(G&PID0G,,O=G'\IV[1IT:F[4I!8&_G%'_D('H3YPT8M$1'PD#DNCX(\/.8
M;K9CT//<PQ%:B4CX<O@5=;[4T,HWDZZD1RFYWDHQ`M]^N,=.O3I\5'BXK'F%
M8!\*=I5A?-2X*M!>-1;\'#[email protected]>2R']Y+R`H`8](7Y7'`EG;G2L6-[?
M@QJA<;D5E2N//$@H]E_36Z3R0(R#`:72%&G==,3@OZE!2FT`,?Q4/;=/XCGY
MC[N`T?8`C:ZR/8"/#&)5_/ZHVSXD^/[4>"<'=#UV@FF8-#+#W\'8QI-J-0G:
M":8!JVV?SX)"J!C#$8?[402ADFAW8<Q/>K`[0_2U;V#V1S2P]9"M\M5<A>&?
M]<S>^$;8MXI53_\-&2S>B>:6L&VUW>`5,[]<5_O[K.\GMR<%,<=FAE1ZM*ZE
M1N6Y!-M>.P3EC=%9UTAC#)1HZ)?U%UWD%-*P"@Y*78!D=*78-E,MCB61BW*?
MRS6&,;&;WLHZI+&X.O\U8#08[.L7+PM9W<N-W]\S[GABSNBSN1^$L]ZR\6K.
MPB+K+5?HGOH7Q21<,A3!XM(=M9U'LOK>&<<K[^X'\2F;/=!1^M\WEHB803*G
M_Y],)!.3V^ZR>[3G<`'PC=I=@]^&#^&?<#U1-3.4-NI$Y%G^'OYU%"+A4@M+
M2M,6+,DA_F;1^>#N0.FOW&0J`=?.EC$%TY5*7/C^?XPFO/#54GQ^"QZ:#@K:
MR:W^Y/J0!SD%ZOA_F>1EEX=*'V%O,HZ<[9@?MYJGG5<W&.GGT8=.6?@>B*?]
MGN4,LP(RP27'Q0A^?GH@S)@.X0C,;45CBR&?7R;^I5PWH4XFNK.97%-*L0T^
M-@*MJ:VBFI:]6^H]%F/:TJ"^"[6E7=<<:7_ZS.AT()`T`($+``",*````IR$
M,5&PA<LP'3,/`"````!$=6%L+4AA8FEB:2YA<VT`\!"N-Q`B#,S,T5O%G5NY
MK,OP<]&S'98V]3<;<D<ZG(W-EW:YY.6/;N\YMN/"DBXU8FT]23D<GWKS*G)9
M%Z0"4FT_1'MN97.<Z'9;&20`00`1Z3?BP_!,_O\`C`@01BS#F-XNCA]GXOYZ
MDN$G%9]]NY7MV;GC\WM\7X4*-"F&>.ET,XFE3$596\2ZRUH!5#^;?((*'Y;O
M+MD^A27WUKW5S+$ZS--KLX",W2>^U9YN6O[IKW_OA6*X:AC4@/LX\+#*[E!_
ML@^W'MI7Z*#NE_"NP!(Q0#8.DG-7Z+1/7@*W?H(!P,_I@)P&<VT$*NY!5Y4F
M&!/`Y.)8?1>49*T_ZGP4DX-^>Q7M@>$0$,3$&RH&)!?-`RWS=TUXH=,3]!X4
M!V7S>5:[8*E0"">!)C*LLT_-^B>.E!TI4V\A@@;<O&AK>9ZVQ'$$Z?3A][1+
MS-T^22ZU$3J$<T"$L#K=D4C!]Z!&%V%KL@49$KD^L7#!)`Y%D))')B=QY3.4
M#@G4<PU#=L6ZU`2%ZD(&TCQHEJFW1)9R,O@;<:Q*N`IQN05.`UH4=_@?=!?I
M_($.L?UM&5QSO7XJV/;D%:CNJE%_%/)FLZ0BT^]*NN(V.9%&5L#_!(<1N0!=
M78O#`2:)\33\;$0CS.LK&(TT_)HP`&,5;S+8#K<1KX7R`JQ]2&`&Q2*5'W,T
M?`^;HL\L:XQ0-]<5<$O!L[`LP#EW67W>(#.H&JTY<!B6YX^!<&L'+M",^+..
M%3$*/(GB@F1AL%7%ZC!MK<`_3><8>0.@-U^Y@)>&`*].@,?>]C\@9/>-46:G
ML$DCN+9;X-9E7:$UI:F:V936]OE=Z7ZJY.VVU$QT1)N?2P\JY^XEJ*$41BI.
MO$8S%S#&J3C.T'T&<<'3Y#/)B!G`YZ<I>LR%LE6%;#X".9N\4B2N5X8"VNT_
M*OJ"YX3)/)23ANGIU)]*D&!J^;!>*P'UY%VGVAUL8@G;-F$:+M*CM;.!@H.(
MUA7]V>!U(9)#HW"UU`M:`EO,1J3M*KJ_1IEO"R##)>]>\7-H<T<@,S"6Z[-6
M?1HYV\BB-"'@0Z\\6@(A,VA!=#,0:;MJ^"&YJ&K$"9I^M4-(1P_/9^+^<*24
MR9Q>VWT$W:23IS?O:_7(<_1,-_>(E1/(3(>[6)MP7T`=43=8+AP8KX=+4COQ
M8I(WP,CL47N+C(AQC]-P4:6Z?LE>'*1`"%"/,RX9'</DK$6:7!C_U\Y6G'N#
MG%7;'O;BP%ZRKL%4#L^5Q#*#VWQ9.[S:6-=!,A.?B]USGKV^7(B3?C8AA75-
M\>4(!"S[>I/XY2E1FYXGS5[5EUPRRXF'!A1R@*Q7Z.60KZTK4M$3[XFWVX$&
M<:P0ECED$73_Q?SU2HPQT\V^1#L\()$*#0IDG_B_D0:"U6F`QFLI%&&Y)S1^
MZPL>QY8<U)Q,L]0Z`JM;#3G\!/HFE0&)!18-@.)(&8\VD#*V1J.7.#]=CI.)
M2R@YX"9\%*E8WJJ=[<8!U"'2'N"0)GH-S+L6Y(V7[*9-PE4$6T(XD)R;833A
M7L<<`:6CG4^-U]CJP^<5.%N3I@55S$5B3HT>5ZV$KJ!AIK%A<K)1J4HU81X1
MB-WGG@UE)&?3M7X4VF9C'<)SS*/E]KYUI@!<Q["M$VG@\@SA2/DH'0`'R&@!
M.+@Y/B.7Z<!-_R"4HKAO&TT9^4BE4I-@;<#J6E,$@!KI2&_3.QC9X@BG)\EF
M\ELA1XJ&%C493$NP4^3(T)4XA.H%T`C-L[V#\DN5Z/>#6W1:XL3?P%MV.-<#
M15.HC5"+)@MLA$-O]A6D-^T^`=+^&EW#9AD^C432]Q<6!6\,S5SEZ33#YU&K
M!U:OUXYPGC!Q+"=B9?Q:/,<H`:CJYQGPVW-4`;V^E_)N?$I$2K^QNT2^@M[M
M1_+P?ZA`?/T=K^WX6P5^C=:3\N9P(B,O/1V]>CWN,#D1+F86;B?RBFZG#5,0
M#1%_4OA!;\%==<7"`Q/WMX2?[!HQ#B*J.*T!Y7I6.%_M1A3=;E"2&E8K4"@0
MF961#&J$ZGG`+$4[9\UN5G?P8W4L$P+ZP6:$BLMM@<!<;MJ/`[\EY1_'`D6Z
MPLKJ(9?3QII^I(9JT^:L[X1\>MM?N,[D`S<0-R$^2,+.)-X9L[+%@#MV^L<'
M1_S("WCD;\IZ!T2.L[N>*%*)!\>4DCAR;+.QL=PY'+F$Z3.(<4JXFCS]4<#4
M\Y&,VL#K,'WY4`BA9)1@)/H)DL2<554`\9<_9SG!([U0'N0U:DP3,2'_*TR%
M+#,,IA]`1>#IMH];JY>#*Z;Q`;A(AWX0&N7#HW"4V60C!&BWL)!DP*/R+5M>
M=OIIT1;!O!TI_8]`B$I8T:,`+CG?T`+N;O'>^00G?+O$LN[H-/(I8.LZ;V^[
MB<%5=B##(W@^1\C2M@CW,,[)53#N20*9XJY>P&?X\BMH&0`P"9W#XP_H1F>Z
M.,Q06&.AY3$HC45=4H9Q[E/V(/'S1\U_"X#J8&ZD:L-*2,N$,&\FUI<@+F.!
M(^[UDO0&95@W1J^>EL[+WD[T=#0+NX9Q<*H8+6*`7L!E>!'^QAYW#O6O*:%;
M005CPO!5#+$.L[UZ4>HZV-OY`%\(H\.Y0&P*Z01F+@,09-`HR!8;3L0Y;$PX
MR=F#,+_KV2":WYPH"<)8!+XI."UDX`FG`<A*]6F33[H,`PG?CYXEND\TP.?V
M\=&K[KG':L7+/ZV>.WYQ#I>=NQ`1?8L_"X@E9B`+P&-1Y-;\\`X3J$^*-%"5
M0T5SJA.>938_K14*$*['33C*]XRO4AI*ZP7IS$+YQR]K\'+F%1@8A^SNF`;6
M%:QACA!273,8HD;Y`*3DM\VPNEX\G'<ZW^;:"(Z\:3-/JY+ZKR@B<)'UX:,F
MMDE&@B15E*6C6RAVL!>5O83S>W4;M].5&-E/]'4Z#0OV"G,+O^43'GH$$E4+
MPQTF1)&>ZS8"N(89/>2/_FAT-A)R1N=P/#T^T@@:%/EK((.@$Z;U!!9DGU>3
MD)WW]$@*[Y/O1*E]ALOW[_;21CYYY42?]R*3O$_])&?H'::/T;D=IT/E@O[G
M;L*@WSW_66=V4QHGH-"R&G[&99TM1U*.U>Y9$X^%,J$YIE[LX_E.W:-.C4W:
ME(+`_\XH_\A`]"G.&C)HB(^$@<ET?!+AYS#=;,>AY[V&(K42D?#E\"KK?:FA
ME&\GKJ1'*;G>2C$"WYZXQTZ].GQ4>+BL>85@'PIWE6%\U+HJT%XY%OP</>!$
MV/G`[AY+(?WDO("@!CTA_E<<"6=N=*Q8WM^#&J%QR167*X\\2"CZ7]-;I5/Y
MO3;N@HU[KIB<%_4H*4V@!C^*I[;I_$@_,?=T&C_`$;761[`QX8Q*OY_5&VA$
MGQ_:CP3@[H>NT$T[!H98>_@[&-)U1J$[033`-6VS^?)(50,88C#_:B"4,DT.
M[#F)[U8':'Z6K>P>R)T"GG3JR%;Y:K)"\,_ZYF]\(VQKQ2JG_X:LEG!$\TM8
M-MKN\`J:WZXK_?[K.\GMR<%,<=FEE1ZM*ZG1N6Y!-M>.P5EC=%9UTEC#)1HZ
M)?U%U[D%-*P$@Y*78!D=*78.E,MCF61BW*?RS6&<;&CWLHZI+'`.O\U8#08[
M.L7+PM9VY<;O[YGW/#%G=EG?!^$L]ZR\6K.PB+K+5?HGOH7QB1<,A3!XM(=M
M9U'LP+>&<<K[^X'\2F;/=!1^N$WEHB803*G_Y]L)!.3V^ZR>[5G<`'PC=J=@
M]^&#^&G<#U2-3.4-NI$Y%G^'WYU%"+A4@M+2M,6+,DA_F;1^>#N0.FOW&0EQ
M]?.EC$%TY5*7/C^?XQ&O/#54GQ^"QZ:#@K:R:W^Y/J0!SD%ZOA_F>1MEX=*'
MV%O,HZ<[9@?MYJGG5<W&.GGT8=.6?@>B2?]GN4LLP(RP27'Q0A^?GH@S)@.X
M0C,;45CBR&?7R;^I5PWH4XFNK.97%-*L0T^-@*MJ:VBFI:]6^H]%V/:TJ"^"
M[6E7=L<:7_Z`(_AT()`O`/$#``"M!P```H,5.C!EA\LP'3,*`"````!296%D
M;64N<G1F`/!`['X-@5#,S-/-@5=[M`WP<]=MT5.M.-WHMZG)'-E&R2P1L43H
M8$":139#+16DI1QBB^[Z`[LJ:.%826W&]V[X+(FC^,S.9SF9B\;X<_AS\C[F
M=.#@SP#.GZXTT2PXXIE&=XCGRPW+US'(666VWR>M:QM\G(M$J)J*,A_KC'@E
M5I,I55'FB2HM%LE])HC_'[#R0ZTQCU$Z?ZAX.CF12L14D["Z5F^W[?JM/[X\
MI9JQBH16O6J6@LAJ"7K5V&U#>'^#-9\?BN6G.::2[CIC`V<"Y,>1\>N72<N#
MNQ>%_%@\*OL^6`GBNB^-Z8.;?.2VX&K6'Q-D)TLR&%:AWB?!_??<3Z"R[/`1
M8[=V"W>@N7!T)T,99P<?7H,SYBJ2G+%8-Q,D.NKVN\$QUHL<D(%Q-(8YZBQG
M,31L)29[,+,SJXG3<UU[]<_A*%3H/9O$.CN+*O&B*@2>XF7DU[[X(8>*/7Z1
MC',=$>?"41VC9@**HD4D@!VN)R7=?+\S-TLSIFD'1B3%JPT!TS;G+&91D3$Z
MXA0W+N=_>A7`>!.S;I,P.E-F<S`N@H";%_BLMY_W^8&HOV;163J0B=R.$^9P
M_;3<S004/OD#]%CQ%`+&\S&",#(<>\29`/V:[%I<%R=_+@:>VZ95X66*PV/,
M(M)VI1D.703"@_BT>^@"_^FEA30BM)[!I&P%,X\2G=E$H4"S>VI9&2O)92NF
MH0#U,VCBF_*`V0+!D9K1:)P1MJ6M2AY"`0#-8-?G<-O\KR.^6R@!.>G*VE4:
M#B,/2R213@(;1OJ9H",.G.;28YQJW&WH$:*D\H9<J/)^\S_SQH':;#&E.DM\
M=W.EJ%":X`Q2:AZK9Z4\MF7G"9D67-[1V113+%H\Q)$.0DYL_FW@7<ZV\.UQ
MB#K%I'@=N\FQ<$<68RGOU0M8E'.]*;7'>:3GI8C!TQ9#?AM>5$KT;<UMHKJ`
M4*]\O.YP(KG;0WNIXH7_&9R_FSDQ"3X$;4N][08399A./`MK<?@#65A2*@]?
M;R]7L_ZX?,:%_RMO-KFA2\(\I(E9GN]TE\H,`XXQYNXH!LFL.'C(*E]_/_.Y
M]9'_KPQ`_KNF^V:?OY\,T=>'<R)<&76V>OGKB[;Y+KE7'!P5/Q)VA91!U&\0
M-^FS*M>BVMR&^CZ_W_D)OJ0,G!JW'KHG74;T-VXQ%+L"M4LR:/`;A?`<IQBM
M*][.&BK"/QLC7#-$H7@LQ#31GI;BR;:3JKS;A6?58#@_*4;;[C#[04S>ZH!T
MWX0J]W0)SS#7!MD&GFK;6/OO0[Y:M:%/B32$'%5.]'AS[=E_#UC%MH`-NH[=
E&J<KKNN_%T>IJODBXD/N&<'!:&X!'-3Y?#],OT_MQ#U[`$`'````
`
end
8722 bytes
Post by: ember on June 17, 2004, 09:17:00 PM
Post by: Tomilius on June 17, 2004, 10:06:00 PM
Post by: mkjones on June 17, 2004, 11:13:00 PM
| QUOTE |
| 1: I haven't looked into the xbe's cuz they aren't of real interest to me. |
Cool man, I just would prefer them to lauch the xbe files from the locations in ny current packages...
| QUOTE |
| 2: there are various 4920 update.xbe's floating around. I thought slayer's has the right one and also a few games. |
YES! I knew Slayers had it
Its a bummer though having to download the slayer CD and my package but thats the option...| QUOTE |
| 3:you can switch to the easter egg exploit which uses the newest 5960 dash. I really doubt it will survive any coming updates though. |
I know man, all these bloody updates
its gettin worse than XP | QUOTE |
| 4: it doesn't mather how you rename the files just as long as you make the update.xbe can't reach his original xtf files. |
Check, so if the fonts folder is not re-named the Update.xbe file just "runs" as normal eh
got that thats acctually quite a good "feature" ldots Said:
| QUOTE |
| 1) Either by hexediting, or even easier by editing the source and recompiling. Rmenhal kindly provided the source code of the fonts, and the traystate xbe. (These are seperated in the latest release). |
Cool, what can compile the code? Would Visual Studio.net work? I know there are some free open source compilers around too but Id like to stick with VS.NET...
| QUOTE |
| 2) There is more than one 4920 update.xbe. The fonts were only disigned for one of them, so you cannot count on the MA version to work for everybody. Maybe it's time to find the differences between the two versions. Anyone who knows of a third version of the 4920 update.xbe ??? |
Right so 2 versions aint too bad, I reccon Id be "safe" making a batch script that could just copy the update.xbe from the live! folder and try that.. if it fails then tell users they have to "find" the slayer CD and use the file on that.. Hopefully this should work...
| QUOTE |
| 3+4) I second Krayzie's answers. At the moment I dont see any Xbox-Live safe way to switch bwtween an unmodded state and UDE besides the EEE. |
Me neither
not yet anyway! Im still set on trying some crazy batch script that would require you to have 2 versions of C in folders on the E drive (hacked and unhacked) and copy and delete them when ever you want to "virginize" your xbox.. its a mad stupid crazy idea thats so un-userfriendly its bound to cause me a lot of pain
THANKS GUYS! Knew I could count on ya!
Post by: ldots on June 17, 2004, 11:33:00 PM
| QUOTE (mkjones @ Jun 18 2004, 08:13 AM) |
| Right so 2 versions aint too bad, I reccon Id be "safe" making a batch script that could just copy the update.xbe from the live! folder and try that.. if it fails then tell users they have to "find" the slayer CD and use the file on that.. Hopefully this should work... |
Yes, but I would recommend you make a check that the update.xbe is correct before doing any installing. Just letting it install to a non-functional hack doesn't sound too good. I use the md5sum for that which should be a bullet-proof check (almost
)But checking whether the update.xbe the user currently has in C:\xodash\update.xbe is a good idea. I don't do that now, but will implement this in a future release.
| QUOTE (mkjones @ Jun 18 2004, 08:13 AM) |
Im still set on trying some crazy batch script that would require you to have 2 versions of C in folders on the E drive (hacked and unhacked) and copy and delete them when ever you want to "virginize" your xbox.. its a mad stupid crazy idea thats so un-userfriendly its bound to cause me a lot of pain |
Getting the xbox "virginized" is not the biggest task, I do that too in my package, but to reenable the hack is not easy. When you return from live you are in a completely unmodded state, so you need to run "some" hack to do the nessecary renaming/re-installing. I decided to rely on game save hacks. The audio and EEE are great for this, but could be disabled by an update.
I'd say, either get one of the exploitable games, or use xlink
Post by: mkjones on June 17, 2004, 11:41:00 PM
| QUOTE (ldots @ Jun 18 2004, 08:33 AM) |
| Yes, but I would recommend you make a check that the update.xbe is correct before doing any installing. Just letting it install to a non-functional hack doesn't sound too good. I use the md5sum for that which should be a bullet-proof check (almost ) But checking whether the update.xbe the user currently has in C:\xodash\update.xbe is a good idea. I don't do that now, but will implement this in a future release. Getting the xbox "virginized" is not the biggest task, I do that too in my package, but to reenable the hack is not easy. When you return from live you are in a completely unmodded state, so you need to run "some" hack to do the nessecary renaming/re-installing. I decided to rely on game save hacks. The audio and EEE are great for this, but could be disabled by an update. I'd say, either get one of the exploitable games, or use xlink |
Yeh, the main problem I seem to have is people tend to Rent or Borrow an explotable game, if you just buy one! You always have a way back IN!
Also you cant forget the hotswappers
As for the md5sum checking! Ohh
thats way over my head man I will leave that to you.. I think il be gettin hold of your package soon to disect for ideas... It may lead me to belive I shouldnt bother
Post by: PedrosPad on June 18, 2004, 12:51:00 AM
| QUOTE (BluhDeBluh @ Jun 17 2004, 11:23 PM) |
| I'm a little bit confused here. Any chance that someone (preferably rmelhal since he's the one that posts 'em) can make a thread with the first post of the thread dedicated to the encoded files, along with explainations of what they are and what they do with versions and whatsnew etc? This way we'd always have an easy way to check for the newer files - you'd check the first page of that thread. At the moment, it's a bit all over the place. I've tried to follow it, but this thead has become epic. I'm not criticising, I think development is great, but it's confused me! |
Excellent idea BluhDeBluh. Root post now updated
Post by: PedrosPad on June 18, 2004, 01:00:00 AM
| QUOTE (Tomilius @ Jun 18 2004, 04:00 AM) |
| You can't use this exploit if you only have 60 seconds to figure out how to do so. If you don't have more than that, just give up - if you do, actually read this thread please. As much as you can of it - from the beginning. It's okay to skip to pages in the 40s after you've read the first few, I think. |
"skip to pages in the 40s after you've read the first few" - lol
- It's sure a popular thread.
Post by: BluhDeBluh on June 18, 2004, 01:37:00 AM
| QUOTE (PedrosPad @ Jun 18 2004, 09:51 AM) |
| Excellent idea BluhDeBluh. Root post now updated |
Aha, much better! Cheers Mr Pad!
Post by: krayzie on June 18, 2004, 04:02:00 AM
| QUOTE (SeanicTheHedgehog @ Jun 18 2004, 08:50 AM) |
| I love the nkpatcher. Is it possible to add igr or not? because then you couldnt ask for more, loads 10 times faster then pbl. It even loads crimson skies from any dash. It seems more stable and I would prefer this over pbl any day, but I dont know if anyone would agree with me. |
you can use the evox igr. And yes the main features from pbl are covered with this patcher. I think it's awesome too. Anyone allready tested this on 5530 kernels??
Post by: BluhDeBluh on June 18, 2004, 05:27:00 AM
Backup everything etc etc make FTP work etc etc
Copy the corret updater.xbe as c:\xboxdash.xbe
Copy the font you are using to c:\
Rename c:\fonts to c:\f0nts
Copy nkpatcher.xbe as e:\default.xbe
Copy your dashboard of choice as c:\evoxdash.xbe
And that's it (assuming you aren't bothered about loading different XBEs on the tray state, and you aren't bothered about loading the original MS dash).
Okay, updated this to take into account stupid mistakes by me.
Post by: krayzie on June 18, 2004, 05:34:00 AM
| QUOTE (BluhDeBluh @ Jun 18 2004, 02:27 PM) |
| Right, so lemme get this right. To install UDE with nkpatcher at the moment you: Backup everything etc etc make FTP work etc etc Copy the corret updater.xbe as c:\xboxdash.xbe Copy the font you are using to c:\fonts Copy nkpatcher.xbe as d:\default.xbe Copy your dashboard of choice as c:\evoxdash.xbe And that's it (assuming you aren't bothered about loading different XBEs on the tray state, and you aren't bothered about loading the original MS dash) |
Uhh you can copy the font to the root and rename fonts folder to f0nts. putting in in the fonts folder and rename the originals to xft or bak or whatever would work also I think.
The npatcher goes into E: as default.xbe It is allready signed I think.
*edit* I saw you allready changed the drive letter. I was thinkin allready you made a mistake.
Post by: krayzie on June 18, 2004, 05:57:00 AM
Post by: krayzie on June 18, 2004, 06:12:00 AM
| QUOTE (GJCD @ Jun 18 2004, 03:10 PM) |
| I tried the nkpatcher and it didn't load some backup games that PBL does. Do I have to sign the .xbe of the game? |
I think that has to do with the media checks. Since pbl runs bioses that patch "on the fly" you didn't have to do that. I don't think the nkpatcher solves that though. Maybe you should try patching the xbe's.
Post by: dubey on June 18, 2004, 06:17:00 AM
is this what i am supposed to be editing to select which xbe i want to load on open/close?
Post by: krayzie on June 18, 2004, 06:23:00 AM
| QUOTE (dubey @ Jun 18 2004, 03:17 PM) |
| ]ëA\Device\Harddisk0\Partition1;default.xbe is this what i am supposed to be editing to select which xbe i want to load on open/close? |
Yeah... I think there is one default.xbe on e: in closed state and one msxboxdash.xbe on c: in open state. you could rename both of them but i didn't notice any blank spaces after the xbe's so you couldn't make the name any longer.
Post by: dubey on June 18, 2004, 06:31:00 AM
| QUOTE (krayzie @ Jun 18 2004, 03:23 PM) |
| Yeah... I think there is one default.xbe on e: in closed state and one msxboxdash.xbe on c: in open state. you could rename both of them but i didn't notice any blank spaces after the xbe's so you couldn't make the name any longer. |
i only see A\Device\Harddisk0\Partition1;default.xbe, I dont see any msxboxdask.xbe?
Am i supposed to be putting something in those ........ that follow it?
Post by: krayzie on June 18, 2004, 06:55:00 AM
Post by: krayzie on June 18, 2004, 07:00:00 AM
| QUOTE (GJCD @ Jun 18 2004, 03:25 PM) |
| I patched the .xbe with qwix and it didn't work too. Anyone has the same problems with nkpatcher? Thank you krayzie |
That is strange. I will look into it later once I have a chance.
Post by: dubey on June 18, 2004, 07:35:00 AM
| QUOTE (krayzie @ Jun 18 2004, 03:55 PM) |
| i was talkin about hexing the dual-habibi.xbe there is where the two xbe's are supose to be. If you are talkin about hexing the font you are right. you should change that default.xbe to dual-habibi.xbe. |
i dont have dual-habibi.xbe, I downloaded the UDE package off the "usual place"
Post by: Angerwound on June 18, 2004, 07:46:00 AM
| QUOTE (dubey @ Jun 18 2004, 04:35 PM) |
| i dont have dual-habibi.xbe, I downloaded the UDE package off the "usual place" |
Tray state fonts are not currently located on 'usual places' please refer back to the main page for a link to the fonts.
BTW, pedrospad, excellan way of organizing the main page. Looks great
Post by: dubey on June 18, 2004, 08:22:00 AM
Post by: rmenhal on June 18, 2004, 08:38:00 AM
| QUOTE (SeanicTheHedgehog @ Jun 18 2004, 08:50 AM) |
| Is it possible to add igr or not? |
Possible, yes, but I'm not going to start developing a new bios here. I'll fix any bugs in the existing nkpatcher, but I'm not adding new features. Use evox's igr like krayzie suggested.
Post by: rmenhal on June 18, 2004, 08:41:00 AM
| QUOTE (GJCD @ Jun 18 2004, 03:25 PM) |
| I patched the .xbe with qwix and it didn't work too. Anyone has the same problems with nkpatcher? |
I updated the nkpatcher post to nkpatcher2.tar.bz2. The new patcher sets game region flags, which solves something, but I'm not sure it's the problem you are experiencing.
Post by: Tomilius on June 18, 2004, 08:46:00 AM
Post by: rmenhal on June 18, 2004, 08:49:00 AM
| QUOTE (denky @ Jun 18 2004, 05:35 PM) |
| Preliminary test on my 5530 box via the doubledash exploit. - Unsigned xbe works off the harddisk - great no more signing! - ROJ still enabled - Error 21 loading xbe from DVD Now, I just need to get a bigger harddisk to finally unleash my xbox. |
If you use doubledash, you'll always have ROJ.
If you have nasm, then edit the file nkpatcher.asm and remove the line which says "call patchmskeyback" and compile. Then sign nkpatcher.xbe with -habibi. See if that solves the error 21. If it does, some more patching is in order.
Post by: krayzie on June 18, 2004, 08:52:00 AM
| QUOTE (Tomilius @ Jun 18 2004, 05:46 PM) |
| Not exactly sure I know what I'm talking about again, but the bios that devz3ro released in his UDE package a while ago has IGR, doesn't it? You know, the thing where you hold down the L and R buttons and press BACK and START all at the same time and it goes back to the dashboard? I had IGR disabled on EvoX and that still worked so I figured, you know... maybe it's in the bios. |
Yeah your right dude but we were talking about the nkpatcher from Rmenhal. This is something different from pbl and it's bios
Post by: GJCD on June 18, 2004, 09:08:00 AM
| QUOTE (rmenhal @ Jun 18 2004, 05:41 PM) |
| I updated the nkpatcher post to nkpatcher2.tar.bz2. The new patcher sets game region flags, which solves something, but I'm not sure it's the problem you are experiencing. |
I tried the new nkpatcher and the backup doesn't load (keeps in the evox load screen).
After nkpatcher load evox, I lauched PBL and after load the Backup (Euro 2004) and it works.
The weirth thing is nkpatcher loads other game backup that I have.
Post by: mkjones on June 18, 2004, 09:22:00 AM
| QUOTE (Angerwound @ Jun 18 2004, 04:46 PM) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Tray state fonts are not currently located on 'usual places' please refer back to the main page for a link to the fonts. Post by: RiceCake on June 18, 2004, 10:00:00 AM What's the best one? Edit; I'm an idiot, nevermind, lol...but concerning this patching support for old kernels would be nice...I wish I could boot my dash off F:\ really. Post by: xecuterbox on June 18, 2004, 10:10:00 AM i wondering could u make nkpatcher work on older xbox's that way I could try running it using that instead of pbl... Post by: violent_bong on June 18, 2004, 10:16:00 AM
Yeah, I would also like to try nkpatcher for my 2nd traystate xbe, so i can play xbox on my surround sound again! Post by: xecuterbox on June 18, 2004, 10:46:00 AM
does pbl stop the surround sound feature...I neve rknew that ((probs due to me cba to link to my 5 speaker stereo my pc is linked to lol)) Also Would it be possible to make the fonts check the dvd drive...if 'habibidefault.xbe' is found then it boots that. if not then it boots default form e as usual this would be useful for when pbl or osmething messes up as I regularly boot woth tray open like when I dont want to boot a game atm so i dont want to use double boot and proven I havnt as I have tried it. plz mail me tell me of your thoughts thankx Edit: I know that when you boot a disc which is not compatible for ms it boots the dash instead so it would work
Post by: Tony52 on June 18, 2004, 11:19:00 AM Post by: RiceCake on June 18, 2004, 12:05:00 PM I need a project, lol... Post by: krayzie on June 18, 2004, 12:10:00 PM Post by: violent_bong on June 18, 2004, 12:12:00 PM
Not exactly, pbl 1.4.1 does not suppord the advanced AV kit, which is need for surround sound. And my pbl 1.3 is retarded so I need a different solution.. Post by: krayzie on June 18, 2004, 12:19:00 PM
Actually it only does not support any advanced cables that use S-video. any other advanced (with optical out) cables using scart do work. Also I heard that it only has s-viseo problems on NTSC tv's and it only likes M$ cables somehow. Anyway if you don't want 1.3 and can't use 1.4 why don't you use 1.3.5 (seems like a logical solution to me) Post by: Angerwound on June 18, 2004, 12:34:00 PM
Ricecake: ldots created an excellant memcard installer as well as a pack for his xboxhdm program. But what is lacking however is a well written tutorial on how to install UDE as well as a simple 'legal' pack of fonts. I would recommend including rmenhal's latest fonts for they include both the traystate abilities as well as autoclock setting. Post by: xecuterbox on June 18, 2004, 02:29:00 PM
Post by: RiceCake on June 18, 2004, 02:30:00 PM Post by: rmenhal on June 18, 2004, 03:17:00 PM
Ah, good. MS key needs to be in place anyway if you want to play originals. I updated the nkpatcher post once again, now to nkpatcher3.tar.bz2. Contains also support for kernels 3944, 4034 and 4817. Post by: dubey on June 18, 2004, 03:18:00 PM Post by: ripcurl on June 18, 2004, 04:56:00 PM And just to clarify, which is the outright best font to use for 5101 and lower using PBL n such. I'm currently using Angerwound's clock setting 1.4 w/ the tray out loading the hexed dash. Can't tell exactly if rmenthal improved that or is just working on 5530+ kernals currently. Also i understand the advantage to specific kernal fonts....but if your local xbox community all have 5101 and lower kernals and know one seems to have problems with cross-kernal fonts....no need to change/upgrade right???? Post by: GJCD on June 18, 2004, 04:59:00 PM I tried the V.3 of nkpatcher and I can't get some games to load. Post by: denky on June 18, 2004, 05:40:00 PM Rather nkpatcher is godsend to owners of 5530 and higher xbox because PBL don't work for us. Another reason one might *replace* PBL with nkpatcher is PBL problems with a few games. Post by: rmenhal on June 18, 2004, 06:24:00 PM
The support for other kernels is there basically because it didn't take much extra effort. I guess sometimes there's a problem with either PBL or the bios loaded and some games don't work. So someone with <5530 kernel may still want nkpatcher sometimes.
updatefonts4.tar.bz2 (V1.5 in the root post) is the latest and improves the reliability of UDE, but the effect can be seen only on some xboxes. They don't contain any tray state branching code, but it is available externally (see the extras section in the root post). If UDE always boots ok with your xbox, there's not much reason to upgrade. If there are no reliability problems with updatefonts4, then they're probably the final fonts on my part.
Right. Post by: rmenhal on June 18, 2004, 06:27:00 PM
It depends. Try signing the game and loading it without either of PBL or nkpatcher. If it works, there's a problem with nkpatcher. If not, there's something odd about the game and I'm not going try circumventing it. Post by: GJCD on June 18, 2004, 07:07:00 PM Is it possible to change the color of the LED? I'd like it green, and it is orange. PBL loads XBMC (orange led), but if I load Avalaunch the color changes to green and I can go to XBMC again that the color remains green. And why I can't hex-edit the Dual-Habibi.xbe? I'd like to load with the tray open c:evoxdash.xbe instead of MSDash (more useful to me). I put the same number of letters (replacing msxboxdash.xbe with evosdashdb.xbe) and when I boot my XBOX the error 21 appears. I found it, forgot to sign it. Post by: krayzie on June 18, 2004, 09:06:00 PM
I think the color is set to different colors depending on the tray state and I'm sure you can hex edit it out. Also I think avalaunch has it's own led color and ignores any other colors that might be set in bios ,patcher etc. Post by: violent_bong on June 18, 2004, 11:09:00 PM
where do i find an ms optical cable? lol and does pbl 1.3.5 support X2 4983.06? BTW: awsome work rmenhal, i will try it out tomorrow on my 3944 and report any bugs if there are any... Post by: krayzie on June 19, 2004, 12:02:00 AM Post by: ldots on June 19, 2004, 12:27:00 AM
LOL, not very high thoughts about my package For those unaware the functionality is :
Plus it has a mini-linux with a bunch of useful tools (xbedump, dashversion, patcher) When we get more feedback on the nkpatcher and 5530 I will add this as an alternative to PBL. Any suggestions on wanted features are welcome. Post by: krayzie on June 19, 2004, 12:40:00 AM
Post by: ldots on June 19, 2004, 12:50:00 AM - I was just teasing.But I thought RiceCake asked for an installer, not a ftp package Post by: krayzie on June 19, 2004, 01:35:00 AM Post by: Angerwound on June 19, 2004, 03:37:00 AM
Post by: timic on June 19, 2004, 10:23:00 AM My Xbox stopped booting at MS logo and could not go further. Kernel: 5101 Dash: 5659 downgraded to 4920 using Slayer's CD Version: 1.4 with Focus videochip Mfg Date: 11/26/2003 How can I fix the problem? BTW: with previous font hack bert.xtf and erbie.xtf, I can boot to Evox. Post by: krayzie on June 19, 2004, 10:28:00 AM Post by: jsrlepage on June 19, 2004, 11:00:00 AM What I did : I put the main dashboard language to Japanese (I use tHc). And now voilà, my box won't go further than the Logo. Oh I so hate this. Is there a version of the font that won't fail with other languages than english? Post by: rmenhal on June 19, 2004, 04:30:00 PM I had to make some non-trivial modifications to the font header to make that other update.xbe to work. Unless there's a third update.xbe around, this is probably the last set of fonts I release. EDIT2: updated to fonts6. See fonts/readme.txt.
This post has been edited by rmenhal: Jun 21 2004, 12:34 AM Post by: Dagath on June 19, 2004, 04:04:00 PM Great job! I think I'll finally install this thing now...
Post by: Angerwound on June 19, 2004, 04:18:00 PM
Post by: colt45joe on June 19, 2004, 04:57:00 PM Now you will need to place any xbe you would like to be loaded (renamed to "default.xbe") in the root of your C drive *note: the xbe you rename to default.xbe and place in the C drive does not need to be signed* ANY xbe? so..anything? i can put in a xbmc default xbe in to the root of my c drive or a halo default xbe in the root of my c drive? Post by: ripcurl on June 19, 2004, 05:01:00 PM there are more than one asm files (shellcode+generic/specific) how do i put them together to compile a new custom font??? thx great work!!! Post by: Angerwound on June 19, 2004, 05:31:00 PM
Yes anything can be placed there for launch. XBMC, EVOX, MXM, AVA, thC....
Just edit the shellcode.asm filewith your desired XBE location, then compile whichever version you desire with nasm, generic or specific(the shellcode gets included if you look at the code). This post has been edited by Angerwound: Jun 20 2004, 12:36 AM Post by: forgreatjustice on June 19, 2004, 06:30:00 PM and i must say i think this is the fasted i have ever seen something developed good job people we just reached 900 posts lol this truly is the ultimate exploit long live UDE Post by: RiceCake on June 19, 2004, 07:10:00 PM
...Okay I think you got that covered! Lol...kits full of all sorts of crap that is really useful in an emergency. Post by: vintage_guitar on June 19, 2004, 08:30:00 PM Post by: SeanicTheHedgehog on June 19, 2004, 11:58:00 PM This post has been edited by SeanicTheHedgehog: Jun 20 2004, 06:58 AM Post by: rmenhal on June 20, 2004, 04:19:00 AM
The easiest way is to just pick the font you want from fonts/ directory and hexedit. The string "\Device\Harddisk0\Partition1;default.xbe" has twelve zero-bytes after it. These zeroes can be freely replaced so you can make the path/filename 12 characters longer if you need. But if you need more than that, you'll need to recompile. The path/file string is in shellcode.asm. Then you can edit either bert_ate_ernie-specific.asm for kernel-specific font file or bert_ate_ernie-generic.asm for generic font. You need to comment/uncomment some lines in those files to choose the proper MS kernel and/or the update.xbe version. Post by: xecuterbox on June 20, 2004, 09:22:00 AM cus i mess around with dashes n pbl...everytime i wreck id like to just boot a special c I have the tools required to do it but no knowledge >.< Post by: ldots on June 20, 2004, 10:19:00 AM
Rmenhal, I just tried the 1914880 update.xbe font and could initially not get it to work. I recompiled the font to use a different boot path and only called the output file bert-ate-ernie.xtf. The hack didn't tricker until I renamed the font file to bert_ate_ernie-generic.xtf as you called your precompiled version. I thought the actual name of the font wasn't even seen by the xbe? I guess it has something to do with the non-trivial modifications the the font header you mention but I would appreciate if you could explain this in greater details. I guess some memory locations will depend on the name of the font? Tried to cut down on the name. The font works as : bert_ate_ernie-generic.xtf bert_ate_ernie-generi.xtf bert_ate_ernie-gener.xtf ... bert_ate_ernie-ge.xtf but fails as bert_ate_ernie-g.xtf Post by: rmenhal on June 20, 2004, 11:18:00 AM
You should use the dualboot extra. See the root post for the link. Post by: rmenhal on June 20, 2004, 11:32:00 AM
The name is seen by the xbe and it allocates memory from the heap the size of the filename string.
Without the modifications, it doesn't work at all. It's not really the memory locations in the catch-net sense. The overwriting bert causes has always corrupted the heap (and, of course, must corrupt!). This other update.xbe is apparently much more sensitive to that than the 1974272-byte one. In your case, it just crashed before it gets to use the dwords at offsets 0x40 and 0x44. I'll investigate some more and see if I can make the font header even better. For now, I don't think anyone should use the 1914880-byte update.xbe. Post by: xecuterbox on June 20, 2004, 02:33:00 PM
is that the one which loads determine on traystate? I canot use this as I get too annoyed when launching the exploit with a disc in the drive (dvd - r) as it doesnt load the pbl but the 2nd boot or if i have disc in want to keep it in like original i usually eject and leave ejected while it loads. Post by: Tomilius on June 20, 2004, 02:52:00 PM
lol... this is very off-topic but I never knew it was Ldots and not Idots. You never can trust these fonts to differentiate between a lowercase L and a capital I. I apologize for any times that I called you Idots, Ldots. Post by: Raebis on June 20, 2004, 03:35:00 PM All works well and i have no issues with running homebrew and backups from the hdd, however the G drive seems to be MIA... (err:3 in avalaunch, even after evox formated the g partition) is this an effect of nkpatcher? if so is there a fix? Post by: rmenhal on June 20, 2004, 05:45:00 PM
Ok, the problem has nothing to do with the font header. Bert's memory block got allocated into a bad place (between two existing memory blocks) and this cannot be controlled with the contents of the font file. I introduced a new file scraps.xtf that will cause some memory allocations before bert is loaded. This will push bert's memory into a better area. More of similar files could be created to push bert even further. I edited the updatefonts5 post to updatefonts6. See fonts/readme.txt. I also removed something silly I introduced to updatefonts5 (doesn't have anything to do with this short filename problem.) Post by: rmenhal on June 20, 2004, 05:52:00 PM
nkpatcher doesn't support G drive at all and likely never will. The maximum hard disk size is 137 GB (2^37 bytes) - the rest of the drive won't be used (can be unleashed later with a bios that supports G drive). Post by: Tomilius on June 20, 2004, 08:48:00 PM I modified the specific asm for use with kernel 4034 by uncommenting the 4034 and recommenting the other one. I made the path: \Device\Harddisk0\Partition2\boot;default.xbe This path worked flawlessly in the previous fonts I used (updatefonts4 I think.) I compiled with nasmw.exe as before. I named the font bert_ate_ernie.xtf and placed it in the root of C just like the other one. I rebooted and got a standard kernel crash (ROE after the "MS" text). Okay, I've spent about 30 minutes trying to find Windows applications that will help me make the B64 code for my font files but I haven't been able to do it... so if someone wants to tell me how I can post the exact ASMs and XTF that I used EDIT: Think I figured it out. Probably a little different from what you guys do, since there's no "begin-base64" type header but it still extracts with ICEOWS if you save it as a b64 file. Oh, and once I pasted it, I had to remove the double line breaks... it was painstaking. So I would appreciate it if someone told me the official way even though it's probably been mentioned before.The XTF I compiled is in the src folder - maybe someone can tell me why that wouldn't work (granted there was actually a boot folder on C with a working default.xbe - which there was.) I assure you that all of my files were in order. All I did pre-reboot was update UnleashX by replacing C:\default.xbe with the newer version and replace the XTF with the new ones and the XBOX would do the familiar crash at the "MS" text ever since. This can't have anything to do with UnleashX because execution never even made it that far.
Post by: rmenhal on June 20, 2004, 10:37:00 PM
The source code was uncommented for the 1914880-byte version update.xbe. You don't mention changing over to that (and there shouldn't be any reason to change). Also if you did, then did you read fonts/readme.txt? Post by: Tomilius on June 21, 2004, 09:43:00 AM
Thanks, rmenhal. No, I didn't change over to that though... the source was already like that (maybe it shouldn't have been?). Guess I should have looked in the fonts folder but I didn't because I just figured the source was the same as before only improved - guess there were more options I should have looked into. I mean, that option was right there but I ignored it because I figured that, as always, all I needed to change was the kernel it looked for and the path. I've decided to rent MechAssault in the meantime so then I should be able to get it working. So now I know what was wrong and can easily get it fixed when I rent it - thanks again.
Post by: violent_bong on June 21, 2004, 10:46:00 AM even when the clock is set it still loads pbl then my dash...BTW: I am using Angerwound's dual habbi fonts... Post by: krayzie on June 21, 2004, 10:53:00 AM Post by: violent_bong on June 21, 2004, 10:56:00 AM Post by: violent_bong on June 21, 2004, 11:29:00 AM Thanks again for this awsome exploit.... Post by: Angerwound on June 21, 2004, 12:37:00 PM Post by: violent_bong on June 21, 2004, 02:51:00 PM Post by: Angerwound on June 21, 2004, 03:31:00 PM I mic or memcard plugged in to the controller will occasionally do the same thing. Post by: Musashi on June 21, 2004, 03:57:00 PM Post by: Angerwound on June 21, 2004, 04:07:00 PM Post by: eh. on June 21, 2004, 07:27:00 PM
I don't believe that happens with PBL 1.3 (which currently still provides superior tray-state booting capabilities with the UDE too, on my v1.0) eh. Post by: eh. on June 21, 2004, 09:02:00 PM Post by: ClagGlue on June 22, 2004, 02:16:00 AM
Post by: mkjones on June 22, 2004, 03:51:00 AM One last question before I install this and start working on some sort of package or package update for one of my exsisting systems.. Been very busy lately, should calm down after glastonbury and Euro 2004 OK.. Which Update.xbe is on the MA DVD? the 1914880-byte update.xbe? or the 1974272-byte update.xbe?
Post by: ldots on June 22, 2004, 04:04:00 AM For a package I think it's safer to go with both fonts. Post by: mkjones on June 22, 2004, 04:06:00 AM
sure is a complex one, I suppose different regions would be a pain as well I belive lots of fun will be had when I have time to mess around
Post by: PedrosPad on June 22, 2004, 06:18:00 AM
Funnily enough I had reason to return my XBOX to 4817 factory settings last night. Then I used my PAL Splinter Cell to upgrade to 4290, and ..... I got c:\xodash\update.xbe 1914880-bytes * snap * So I must have remembered incorrectly. (I was sure this was how I got to 4290 last time ) - Sorry for the misinformation.
Post by: dubey on June 22, 2004, 09:36:00 AM i edited the font to point to this file but when i turn on my xbox i get error 21 with dual-habibi signed. the font is in c and the dual-habibi is in e Post by: Angerwound on June 22, 2004, 09:53:00 AM Post by: violent_bong on June 22, 2004, 01:25:00 PM BTW I upgraded his pbl to 1.3.5i and changed the boot directory in his bios, P.S. for some reason pbl would not boot up X24981.06, pbl would load and sit at a red blinking led Any help would be greatly appreciated... Post by: ClagGlue on June 23, 2004, 02:21:00 AM
why yes i do..... lol sorry my mistake idots
Post by: Grospolina on June 23, 2004, 04:46:00 AM Post by: ldots on June 23, 2004, 04:51:00 AM idiots, I dont care much for though
Post by: anu|b|iss on June 23, 2004, 06:09:00 AM id10t ;P Post by: PedrosPad on June 23, 2004, 11:40:00 PM
No - You can only use a GameSav exploit to launch games copied to the hard disk. Post by: peabo99 on June 24, 2004, 05:36:00 AM K: 4718 D: 4920 Using Ldots MA package I FTP'd files frommy pc to save area, booted MA, run linux, choose UDE install, Linux screen comes up, then disappears, light stays orange for about 5 seconds fan speeds up, xbox powers off. I've FTP'd the same set of files to 2 other xboxes and both have worked fine, but on mine I cannot get it to install. Does anyone have any idea what might be going on? thanks in advance. Post by: ldots on June 24, 2004, 06:26:00 AM Get the "old_kernel" package from the same place where you got the ltools package and follow instructions within. That worked for the other guy
Post by: PedrosPad on June 24, 2004, 10:21:00 AM Therefore no font exploits with work on XBOXs with these Kernels. Only GameSav exploits are possible on these Kernels - and these suffer from ROE, thus are limited to executing files from the hard disk. and, from the root post:
Post by: TrueSkimmer on June 25, 2004, 01:30:00 AM  Check the time K: 5530 D: 5659 Next: Figuring out how to get the XBMC as the default dash, but with the unlimited resources available on XS forums i am 100% certain that if it is possible, i will figure it out. Just wanted to say a big thank you to everybody... Got a little caried away i gues...
Post by: TrueSkimmer on June 25, 2004, 06:55:00 AM
I am so proud, thank you dad
Post by: Raebis on June 25, 2004, 09:16:00 AM
i feel like i should be clapping for u hehe.... Post by: PedrosPad on June 25, 2004, 10:06:00 AM
No one's found a way to burn a DVD that an unexploited retail XBOX can read. (And people have tried - at one point there was a US$ 100,000 reward if someone could do it (see here) - trust me - they tried!) Post by: Dan Wysocki on June 25, 2004, 12:09:00 PM
Post by: PedrosPad on June 25, 2004, 12:17:00 PM
Try re-signing the XBE after hex editing. If you're using PBL or nkpatcher, the signature you use isn't important, but I think there are other checksums in the XBE header that still have to add up. Edit: Sorry read your post more closely - if it's loading at all it won't be a signing issue. Check you've only got retail fonts in c:\f0nts, and double check your hex edits. Post by: Dan Wysocki on June 25, 2004, 12:34:00 PM
Ive done this already, but ill go do it again, just because u suggested it thanks for the quick responce thanks for the sweet exploit guys! edit: Ok, i just re-hexedited and it made no difference, i can only find the occurances of "font" by search for the hex of it, can anyone confirm that there are only the two point that need to be changed? Post by: Musashi on June 25, 2004, 01:16:00 PM Post by: Dan Wysocki on June 25, 2004, 01:44:00 PM
thanks man, ive edited this numerous times now and still cant get it to work, can anyone shed any light on this?
Post by: Dan Wysocki on June 25, 2004, 02:04:00 PM thanks again for this awsome exploit! Post by: gronne on June 26, 2004, 04:07:00 AM I'm very happy as is, but I'm more thinking about if newer kernels ever will be able to run it, like the nkpatcher, but all kernels. Post by: Dan Wysocki on June 26, 2004, 05:40:00 AM
Id like to a see a nice UDE\Audio exploit switcher so you could use live, Im looking into evox scripting (renaming, copying files etc)...Im gonna see if i can get some sort of thing up and running, although I dont know how well MKJones is getting on with his package...
Post by: krayzie on June 26, 2004, 05:45:00 AM Post by: PedrosPad on June 26, 2004, 06:17:00 AM
2 years+ and counting...
Post by: Dan Wysocki on June 26, 2004, 07:53:00 AM
Post by: xecuterbox on June 26, 2004, 09:49:00 AM
Thats exactly how mines done with UDO, EE, and Evox inis i also made it rename the ini n it loads exact same way wether i use ude or ee except in ude it says disable mod in ee it says enable mod on the top of the menu I used evox to rename the dash, font folder, evox inis Post by: Dan Wysocki on June 26, 2004, 10:47:00 AM
Heh, im guessing it wouldnt be very useful for someone (like me) to release a package with everything needed for the switch setup and all the files to run audio\UDE? ah well, at least I have my own package on my xbox I just made mine by making a script for MXM...It renames loads of files, and copies some others to ensure i dont get a corrupt st.db and make sure all my files are how they were before hand
Post by: krayzie on June 26, 2004, 10:54:00 AM Post by: forgreatjustice on June 26, 2004, 08:18:00 PM and secondly what error did u get? Post by: devz3ro on June 26, 2004, 10:25:00 PM
Are you sure you have K:5101? What error code are you getting? 21? On kernel 5101 downgrading dashboards does work. On 5713 and up it does not. -devz3ro http://sh0x.tk/ Post by: SargeZT on June 26, 2004, 10:25:00 PM Post by: Dan Wysocki on June 27, 2004, 02:53:00 AM
My brain may not be functioning properly here, but can you explin why the update would kill the exploit? As far as I can see, UDE doesnt rely on a specific dashbaord, so if all exploit files were renamed, and only the Audio exploit was enabled, wouldnt the ability to rename everything to boot UDE still allow it to work? Again, I apologise if I have missed something here, but would someone mind explaining?
Post by: krayzie on June 27, 2004, 05:01:00 AM Post by: Dan Wysocki on June 27, 2004, 05:15:00 AM
oh rite, yeah that makes sense, but the Audio exploits have been around ages, and still m$ havent patched them up? Thanks for clearing that up for me krayzie
Post by: krayzie on June 27, 2004, 05:36:00 AM Post by: Dan Wysocki on June 27, 2004, 05:49:00 AM
Well bugger me, i didnt know that, but then again, i dont have xbl so...well i guess ill go re-work my switcher to user the easter-egg exploit instead (just incase i get live) thanx for all the info krayzie
Post by: Dan Wysocki on June 27, 2004, 01:37:00 PM
Post by: krayzie on June 27, 2004, 07:40:00 PM The easter egg exploit uses the double dash when it's turned on. When you turn it off again and switch to UDE you wouldn't even use it anymore. @ timic yes this is posible with pbl and a new bios. Look for ldots xboxhdm for more info. Post by: Dan Wysocki on June 28, 2004, 09:45:00 AM
Thanks for clearing that up for me
Post by: wrayal on June 30, 2004, 09:23:00 AM I've got UDE+linux (though Im suing xeb1.1, but its basically the same process). Set up UDE as you like it. Personally, I boot straight into XBMC. Then, stick in the xeb1.0.2 disc. Browse files with XBMC, or I believe launch DVD from evoX should work etc. Basically start it up. Then install as usual (XboxLinuxInstall or something from Command Line I believe). Once it whas installed, you can then manually launch ot from your dash. Not sure if that helped, but best setup? IMO direct boot XBMC, and shortcut to default.xbe (under folder "debian" in whichever partition you use, I believe) BTW UDE is AWESOME! Thankyou everyone involved! Just a couple of q's from me: 1) I had the audio hack installed, but I forgot to backup my st.db. I know, very n00bish, sorry . How can I recover from this? Clean st.db, or simply delete it and re-rip?2) I tried booting evoxM7 within the standard PBL that comes with the hack (1.4 I think). It got partway through, then appeared to hang at one point, while it was saying something about the second bootloader. Cant remember the specific error, sorry. Any ideas why? Corrupt bios? any help would be MUCH appreciated! Wrayal Post by: rambo88 on June 30, 2004, 09:51:00 AM
|
