Post by: devz3ro on September 22, 2004, 11:13:00 PM
Sorry Pioneer owners, none work as of yet.
Taken from disc 2:
xboxdash.xbe (1,568,768 bytes & found in xboxdash)
| CODE |
Certificate ~~~~~~~~~~~ Size of certificate : 0x000001EC Certificate timestamp : 0x3F205497 Thu Jul 24 17:50:15 2003 Title ID : 0xFFFE0000 Title name : "Xbox Dashboard" Alternate title ID's : none Allowed media types : 0x00000030 : XBE_MEDIA_1LAYER_DVDROM : XBE_MEDIA_2LAYER_DVDROM Allowed game regions : 0x7FFFFFFF : XBE_REGION_US_CANADA : XBE_REGION_JAPAN : XBE_REGION_ELSEWHERE Allowed game rating : 0xFFFFFFFF Disk number : 0x00000000 Version : 0x10202100 |
default.xbe (127,614,976 bytes & found in root)
| CODE |
Certificate ~~~~~~~~~~~ Size of certificate : 0x000001EC Certificate timestamp : 0x3F205409 Thu Jul 24 17:47:53 2003 Title ID : 0x56550011 Title name : "The Hulk" Alternate title ID's : none Allowed media types : 0x00000030 : XBE_MEDIA_1LAYER_DVDROM : XBE_MEDIA_2LAYER_DVDROM Allowed game regions : 0x00000001 : XBE_REGION_US_CANADA Allowed game rating : 0x00000004 Disk number : 0x00000000 Version : 0x00000001 |
-devz3ro
This post has been edited by devz3ro: Oct 10 2004, 08:20 AM
Post by: devz3ro on September 22, 2004, 11:30:00 PM
| CODE |
Certificate ~~~~~~~~~~~ Size of certificate : 0x000001EC Certificate timestamp : 0x3F205409 Thu Jul 24 17:47:53 2003 Title ID : 0x56550011 Title name : "The Hulk" Alternate title ID's : none Allowed media types : 0x00000001 : XBE_MEDIA_HDD Allowed game regions : 0x00000001 : XBE_REGION_US_CANADA Allowed game rating : 0x00000004 Disk number : 0x00000000 Version : 0x00000001 |
Post by: knight_of_flowers on September 22, 2004, 11:52:00 PM
Hope these xbes can be exploited...thanks IDOTS..didn't see the HDD flag
This post has been edited by knight_of_flowers: Sep 23 2004, 10:52 AM
Post by: ldots on September 23, 2004, 02:21:00 AM
| QUOTE |
| ***Great anticipation*** Hope these xbes can be exploited...no more region changes needed! |
Only the xboxdash.xbe from disc 2 is multi-region but it is not HDD media flagged. The HDD flagged default.xbe is region 1 only.
But a PAL version of the game could have the same files...
Post by: devz3ro on September 23, 2004, 05:32:00 AM
if that's what you meant. I just opened all the cache drives and manually looked.-devz3ro
Post by: ldots on September 23, 2004, 06:43:00 AM
I think knight_of_flowers just edited his post because he didn't see the lack of the HDD media flag in the multi-region xbe. Dont think he was trying to give me any credit I don't deserve (though I some times get that)
Post by: Kthulu on September 23, 2004, 08:16:00 AM
http://forums.xbox-scene.com/index.php?sho...ic=278283&st=50
anyway, what we were wondering is we can burn those dash files to a dvd+r with book type set to DVD-ROM and if it would present us with a 'homemade' boot disc that boots on unmodded xboxes. my tests/failures are in that thread. should i repost here since this is the most appropriate thread for discussion?
anyway, once we prove that we can make this boot disc work, then we can start looking at how to perform an exploit on the boot disc. angerwound opened the xboxdash.xbe in a hex editor and he thinks it might look for fonts on the dvd if it is run from dvd and there are fonts present. this seems like a very promising potential exploit. am i barking up the wrong tree?
i can't change the book type with my burner, so i can't test any further. if this has potential, can somebody try burning a UDF disc with the contents of the \xboxdash\ folder from Hulk disc2...with a book type of DVD-ROM?
This post has been edited by Kthulu: Sep 23 2004, 03:16 PM
Post by: devz3ro on September 23, 2004, 08:34:00 AM
| QUOTE (Kthulu @ Sep 23 2004, 04:19 PM) |
| hi, angerwound and i have been looking at the dash files on Hulk disc2 as well (see the following thread) http://forums.xbox-s...ic=278283&st=50 anyway, what we were wondering is we can burn those dash files to a dvd+r with book type set to DVD-ROM and if it would present us with a 'homemade' boot disc that boots on unmodded xboxes. my tests/failures are in that thread. should i repost here since this is the most appropriate thread for discussion? anyway, once we prove that we can make this boot disc work, then we can start looking at how to perform an exploit on the boot disc. angerwound opened the xboxdash.xbe in a hex editor and he thinks it might look for fonts on the dvd if it is run from dvd and there are fonts present. this seems like a very promising potential exploit. am i barking up the wrong tree? i can't change the book type with my burner, so i can't test any further. if this has potential, can somebody try burning a UDF disc with the contents of the \xboxdash\ folder from Hulk disc2...with a book type of DVD-ROM? |
Changing the DVD's book type is something I am unfamiliar with. Are you aware of how this is performed? I did a few UDF tests on DVD-R's last night with no positive results
. Explain how to change the book type (with what program etc.) and I will gladly try it.BTW: What writer do you have? I have a Pioneer A06 (FW 1.08).
This find is very interesting, I might rent the star wars disc to see if we can make a boot disc with that. If there is a forced dash update with it, there has to be a update.xbe on it. If we are lucky the date of this xbe could be during 2002 or early 2003 giving us alternative exploit if this hulk one doesn't work out. Of course this is only a exploit if the xbes look for their corresponding fonts on the DVD.
-devz3ro
Post by: evil_inside on September 23, 2004, 09:23:00 AM
Post by: PedrosPad on September 23, 2004, 09:32:00 AM
| QUOTE (evil_inside @ Sep 23 2004, 05:26 PM) |
| is it possible to take the Hulk Disc 2(or SWT Disc 4), rip an ISO, replace the update.xbe with the UDE exploited version and insert Fonts folder or f0nts and then burn the ISO as a DVDROM? |
The UDE exploited version of update.xbe only has the HDD media flag, so it won't launch from any other media (e.g. DVD).
Post by: devz3ro on September 23, 2004, 09:35:00 AM
| QUOTE (evil_inside @ Sep 23 2004, 05:26 PM) |
| Excuse my ignorance(I'm not a coder, so if any of my following suggestions are rubbish ignore them) but is it possible to take the Hulk Disc 2(or SWT Disc 4), rip an ISO, replace the update.xbe with the UDE exploited version and insert Fonts folder or f0nts and then burn the ISO as a DVDROM? |
While a great idea, I have to sadly inform you this would not work. The media flag for the update.xbe used for UDE1 / 2 are HDD signed media *only*.
I believe the problem with making a 1:1 copy is the media and not the burner itself (I could be wrong). Keep in mind these xbes are still on "read only" pressed discs, while DVD-R and DVD+R's are certainly not.
-devz3ro
Post by: PedrosPad on September 23, 2004, 09:40:00 AM
.Edit: Althrough the update.xbe on the SWT DVD may have! - but I bet it would be too recent for the font exploit to work.
Post by: Angerwound on September 23, 2004, 09:46:00 AM
EDIT: If anyone has the Star Wars trilogy disc please contact me via PM or Email.
EDIT2: I am also told of Shrek's DVD containing a demo. Can anyone confirm this?
This post has been edited by Angerwound: Sep 23 2004, 04:48 PM
Post by: PedrosPad on September 23, 2004, 09:54:00 AM
| QUOTE (Angerwound @ Sep 23 2004, 05:49 PM) |
| I am told this HULK dvd contains not only a default.xbe but has an xboxdash.xbe as well as dashdata folder. I have already asked about there being a settings_adoc.xip within hulk and it doesn't exist. Can someone check the Star Wars disk and see if this file slipped in? |
The SWT DVD just has:
dashupdate,xbe - XBE self-extractor that puts D:5659.03 on C:\
default.xbe - 171 MBs - XBE self-extractor for STBF demo.
update.xbe - IIRC
and no other XBOX files.
Post by: Kthulu on September 23, 2004, 09:58:00 AM
here is a link to info on setting the book type:
http://www.dvdplusrw...=0&sid=2&aid=44
as far as i can tell from the other thread, SW doesn't have the \xboxdash\ folder already on it for immediate exploit-consumption, but PedrosPad could tell for sure...
here are the results i had trying to burn a boot disc:
disc1: UDF format; DVD-R media; book type DVD-R; invalid media error
disc2: FATX(with gdfimage); DVD-R; book type DVD-R; invalid media error
disc3: UDF; DVD+R; book type DVD+R; invalid media error
here's what i'd like to try:
UDF format; DVD+R media; boot type DVD-ROM
with the contents of HulkDisc2\xboxdash\ in the root of the burnt DVD and the xboxdash.xbe renamed to default.xbe
if that works, we could attempt to include hacked fonts on the DVD and see what happens. someone has said that the xboxdash.xbe on Hulk is an early version of 4920. that doesn't make sense to me. 4919 would...anyway, i bet the hacked 4920 fonts would work with this puppy. did the 4920 dash look for fonts specifically on C or wherever the xbe was launched from?
Post by: Kthulu on September 23, 2004, 10:01:00 AM
my fingers and toes are crossed. i'll let you guys know tomorrow what happens.
Post by: Kthulu on September 23, 2004, 12:03:00 PM
Hulk DVD exploit
is it possible?
Post by: Kthulu on September 23, 2004, 12:10:00 PM
| QUOTE (jonny_eh @ Sep 23 2004, 02:05 PM) | ||
Hi, I just posted the following message to the Star Wars thread, it may be relevant here too. I apologise to anyone reading both threads 
|
i'm not proposing to hack (hex edit or alter in anyway) the xboxdash.xbe on the Hulk dvd. it is a a version of the xboxdash that can be run from dvd (according to the media flags). the objective (in my mind) is to create a boot disc that basically does on dvd what we've already been doing on the C drive. no, that doesn't really accomplish anything that hasn't already been accomplished with gamesave hacks and other soft-mods, but perhaps along the way more useful things will be discovered. as for myself, i'd love to be able to install soft-mods on an xbox with one boot cd instead of using a game cd, memory card, and special game-save.
feel free to move along at any time jonny_eh
Post by: kingroach on September 23, 2004, 12:47:00 PM
| QUOTE (Disabled @ Sep 23 2004, 08:42 PM) |
| @Kthulu THE purpose for doing this is not installing some softmod without gamesaves or game discs and stuff. THE purpose for doing this is virtually removing the Xbox copy protection. Imagine exploited default.xbe boots a loader.xbe then boots the game.xbe! Run unsigned code on ANY - not hardmodded, not softmodded - Xbox. An multi purpose on-the-fly exploit. You could of course still use it to softmod your box, but you would not need to mod your box at all! |
lol if this happen.. all the xbox modchip makers will be out of business.. But MS can always launch xbox with new kernel that somehow disables loading .xbe from dvd-vid.
Post by: total_ass on September 23, 2004, 12:50:00 PM
Post by: b01 on September 23, 2004, 12:58:00 PM
| QUOTE (kingroach @ Sep 23 2004, 08:50 PM) |
| lol if this happen.. all the xbox modchip makers will be out of business.. But MS can always launch xbox with new kernel that somehow disables loading .xbe from dvd-vid. |
When you think about it, this is what is happening to the PS2 scene with the advent of the HDDLoader. No need for a Mod-chip, just buy PS2 hard drive hook up, and ther you have it.
It's kinda like is selling a 40GB Modchip, thus Sony has defeated Mod-chip makers by jumpeing into the Mod-Chip scene.
Can't beat them, then join da club, become club president, then kick them out!
Post by: kingroach on September 23, 2004, 01:11:00 PM
Post by: Kthulu on September 23, 2004, 01:26:00 PM
| QUOTE (Disabled @ Sep 23 2004, 02:42 PM) |
| @Kthulu THE purpose for doing this is not installing some softmod without gamesaves or game discs and stuff. THE purpose for doing this is virtually removing the Xbox copy protection. Imagine exploited default.xbe boots a loader.xbe then boots the game.xbe! Run unsigned code on ANY - not hardmodded, not softmodded - Xbox. An multi purpose on-the-fly exploit. You could of course still use it to softmod your box, but you would not need to mod your box at all! |
you just described a soft-mod...which is exactly what i'm talking about
| QUOTE |
| Imagine exploited default.xbe boots a loader.xbe then boots the game.xbe! Run unsigned code |
is that not the definition of a soft-mod?
Post by: total_ass on September 23, 2004, 01:28:00 PM
That is indeed a softmod.
Post by: Kthulu on September 23, 2004, 01:42:00 PM
| QUOTE |
| QUOTE (rmenhal @ May 19 2004, 09:17 AM) We know that kernels 5713 or higher won't allow dash downgrades. Actually - while I didn't bother to trace out the logic exactly - there's a new check in 5713's XBE loader. It checks the XBE certificate structure. If the title ID is 0xFFFE0000 (dash's ID), the kernel then checks the time and date field and anything prior to about Aug 5 2003 causes it to bail out. So dash 4920 and prior versions are out. |
perhaps (if we are very lucky), the 5713 and above kernels make an exception for dashboard xbes with layer1 and layer2 dvd-rom media flags! it would seem like a sensible thing for MS to do, in order to ensure compatibility with these files they have floating around on DVD movies...
Post by: regress on September 23, 2004, 05:20:00 PM
)But a big downside is it can't be distributed for free (or at all really). I think looking for an exploit in the DVD-Playing software would be a nicer solution since everyone could legally download a modified DVD-Video disc with a linux installler . . . ah, but I get carried away ^^
anyways, let's keep going, see if there's any way to get it to work (though I tried to think of a way for teh starwars one, seemed impossible since it has close to no attackable surface area).
Regards,
regress
Post by: Kthulu on September 23, 2004, 06:29:00 PM
anyways, i got home installed it. downloaded the booktype.exe and set the book type for all DVD+R burned with it to be DVD-ROM. i then burned another boot disc proto-type. i checked the book type after burning and it was shown as DVD-ROM instead of DVD+R. i call this disc4.
disc 1-3: when inserted into an already booted xbox, they all gave the invalid media error. they also gave this error when booting with the disc in the drive.
disc 4: UDF format on DVD+R media with book-type set to DVD-ROM...
when inserted into an already booted xbox, gave the dirty disc error. when the xbox was booted with the disc in the dvd drive, it gave the Error 21 screen that is quite familiar to anyone that has accidentally deleted files off their C drive or botched a softmod job.
This leads me to believe that the xbox is actually booting the disc, but this magic xboxdash.xbe (renamed to default.xbe) is looking for a file that it cannot find. i feel like this is a break-thru, but now i'm stumped as to what file it is looking for. any ideas on how to find out?
Post by: Kthulu on September 23, 2004, 06:38:00 PM
default.xbe...size=124,624kb
\xboxdash\
...default.xip...1509kb
...dvd.xip...164kb
...jkeyboard.xip...716kb
...keyboard.xip...643kb
...message.xip...783kb
...settings3.xip...2743kb
...settings_clock.xip...1645kb
...settings_language.xip...1397kb
...settings_list.xip...2861kb
...settings_panel.xip...2669kb
...settings_parental.xip...985kb
...settings_timezone.xip...1340kb
...settings_video.xip...1932kb
...xboxdash.xbe...1532kb
i have taken the contents of \xboxdash\ from the Hulk and burned them to the root of every disc so far (after renaming xboxdash.xbe to default.xbe.
Post by: Chicken Scratch Boy on September 23, 2004, 06:49:00 PM
Post by: Kthulu on September 23, 2004, 07:05:00 PM
| QUOTE (Chicken Scratch Boy @ Sep 23 2004, 08:52 PM) |
| have you tried having the dash files in the folder and vice versa? |
here's what i've tried:
i put all the 4034 dash files in a folder on my PC. i then copy the contents of Hulk,disc2\xboxdash\ (listed above) to that same folder on my PC. when it asks if i want to over-write the files already there, i say yes. then i rename the xboxdash.xbe to default.xbe and burn the contents of the PC-folder to disc.
now that i have the book type set, i don't get the invalid media error. i get the MS Error 21 screen when trying to boot to the disc.
i've also tried this method starting with the 4920 dashboard files and get the same results...Error 21 screen.
Post by: Chicken Scratch Boy on September 23, 2004, 07:14:00 PM
Post by: devz3ro on September 23, 2004, 08:23:00 PM
| QUOTE (Kthulu @ Sep 24 2004, 02:32 AM) |
| well, i've grown so obsessed with this that i went to bestbuy after work to look for a lite-on burner so i can set the book type when i burn the disc. i think i got a great deal. a liteon 832s...it's a dual-layer burner! that will burn to -R or +R and it was only $90. anyways, i got home installed it. downloaded the booktype.exe and set the book type for all DVD+R burned with it to be DVD-ROM. i then burned another boot disc proto-type. i checked the book type after burning and it was shown as DVD-ROM instead of DVD+R. i call this disc4. disc 1-3: when inserted into an already booted xbox, they all gave the invalid media error. they also gave this error when booting with the disc in the drive. disc 4: UDF format on DVD+R media with book-type set to DVD-ROM... when inserted into an already booted xbox, gave the dirty disc error. when the xbox was booted with the disc in the dvd drive, it gave the Error 21 screen that is quite familiar to anyone that has accidentally deleted files off their C drive or botched a softmod job. This leads me to believe that the xbox is actually booting the disc, but this magic xboxdash.xbe (renamed to default.xbe) is looking for a file that it cannot find. i feel like this is a break-thru, but now i'm stumped as to what file it is looking for. any ideas on how to find out? |
Very interesting.
The error 21 even though bad, is much better than the invalid media error. I believe there might be some sort of disc check. Maybe the size of disc, or other missing files. What I don't understand is: "Why is it there?". Good question, why would they need a xboxdash folder?
I wonder...
Tearing the xbe apart should help solve this problem, I hope it's something that can be fixed, ill go out and buy a lite-on or plextor
-devz3ro
Post by: Chicken Scratch Boy on September 23, 2004, 08:32:00 PM
see if can snag a copy of the hulk special edition and see what i can hack up...
i'll prolly be able to get a copy to boot, but i dont know about exploiting...
Post by: JimmyGoon on September 23, 2004, 08:33:00 PM
- the xbe n00b.
Post by: kingroach on September 23, 2004, 08:40:00 PM
Post by: EthanHunt_IMF on September 23, 2004, 08:40:00 PM
| QUOTE (JimmyGoon @ Sep 23 2004, 10:36 PM) |
| sorry ... but what is all this talk about lite-on and this other type of DVD-burners .... are they like better or something. - the xbe n00b. |
they support bitsetting... which makes a dvd+r look like a dvd-rom to a player
Post by: Chicken Scratch Boy on September 23, 2004, 08:51:00 PM
Post by: Angerwound on September 23, 2004, 09:51:00 PM
Thanks to kthulu for doing all sorts of testing
Post by: eh. on September 23, 2004, 10:17:00 PM
)Post by: Angerwound on September 23, 2004, 10:44:00 PM
I'm not even sure how these files made their way on the disc. Quite interesting actually.
I will look into this much more.
4920 xboxdash.xbe - "d:\xboxret\private\ui\xapp\obj\i386\xboxdash_2002.exe"
HULK xboxdash.xbe - "d:\xbox-dx2\private\ui\xapp\obj\i386\xboxdash_2002.exe"
Anyone able to decipher the the abbreviations 'xboxret' and 'xbox-dx2' ?
Post by: eh. on September 23, 2004, 11:00:00 PM
Post by: Chicken Scratch Boy on September 23, 2004, 11:11:00 PM
in the "about" menu or whatever?
Post by: Angerwound on September 23, 2004, 11:14:00 PM
I guess the upside would be we have booted the very first backup on an unmodified console. Chip maker's beware.
Post by: Chicken Scratch Boy on September 23, 2004, 11:17:00 PM
does it say in other dashes
maybe it can be extrapolate
Post by: Angerwound on September 23, 2004, 11:25:00 PM
4920:
| CODE |
| \Device\Harddisk0\partition2\xboxdashdata.%08x..f.i.l.e.:...*...* |
HULK -
| CODE |
| Device\Harddisk0\partition2\xboxdashdata.%08x..\Device\CdRom0\xboxdash.f.i.l.e.:...*...* |
Anyone else notice it's trying to read the xboxdash folder on the HULK DVD?
Post by: eh. on September 23, 2004, 11:32:00 PM
(Also, this would mean it's more recent than the other 4920's eh.)
Post by: Chicken Scratch Boy on September 23, 2004, 11:37:00 PM
what folder does it make?
Post by: Angerwound on September 23, 2004, 11:38:00 PM
Post by: Kthulu on September 23, 2004, 11:45:00 PM
| QUOTE (Chicken Scratch Boy @ Sep 24 2004, 01:40 AM) |
| lets downgrade the dash to 4920 and then update it off the hulk automaticly... what folder does it make? |
i've tried that...well, with 4034 installed on C. i've let the demo run and update the dash on C, then i've tried booting with the boot disc we are trying to construct.
we've gotten past the Error 21 to the X logo screen. on some tests, the dvd thrashes for ever at the X logo screen. on some tests, it just sits there quietly at the X logo.
i'm sometimes wondering if it's a debug/developer's version of 4920. maybe i'll look into installing a debug dash i have on my C drive and try all of the discs i've burnt again.
like angerwound said, i did burn the demo (default.xbe) from Hulk disc2 onto a DVD+R with book type set to DVD-ROM and it did run...i even got a little side tracked smacking those soldiers around on the first level of Hulk LOL
i imagine the same thing could be done with the default.xbe from Star Wars.
i'm very interested to hear back from remhnal and devz3ro...
Post by: Chicken Scratch Boy on September 23, 2004, 11:45:00 PM
perhaps there is an updater in there...
Post by: Angerwound on September 23, 2004, 11:47:00 PM
Post by: Kthulu on September 23, 2004, 11:57:00 PM
| QUOTE (Chicken Scratch Boy @ Sep 24 2004, 01:48 AM) |
| anger, have you checked the files unpacked into the cache drives? perhaps there is an updater in there... |
i don't think it does. i think whatever new dash files the demo extracts are embedded in the demo (default.xbe) itself. it doesn't hit the net to update. i've had my network cable unplugged. the only thing i ever see out in X, Y, and Z is the actuall hulk demo and resource files (mini version of Hulk game dvd) on X.
Post by: eh. on September 23, 2004, 11:57:00 PM
Regarding the 10202100 ... it's the FFFE0000's 'Version' from the xbedump eh.
Post by: Angerwound on September 23, 2004, 11:57:00 PM
And I'm out of DVD+R to try with it there.
Post by: Kthulu on September 24, 2004, 12:02:00 AM
| QUOTE (Angerwound @ Sep 24 2004, 02:00 AM) |
| I just noticed mainmenu5.xip is not within the original HULK /xboxdash/ folder. And I'm out of DVD+R to try with it there. |
i put all the xips from 4920's xboxdashdata folder in the xboxdash folder on the last dvd we tried...stuck on X logo
EDIT: unfortunately, i did not fill the disc to the brim, so i think the xbox just couldn't get to the cente of this tootsie-roll pop LOL
Post by: Chicken Scratch Boy on September 24, 2004, 12:13:00 AM
try newer xips and stuff too... maybe?
Post by: Angerwound on September 24, 2004, 12:17:00 AM
Taking eh's advice I renamed 4920's dashdata folder to that of this xbe's version ending up with dashdata.10202100. Afterwards I hexedited the .xbe to look for the fonts in f0nts and placed 4920's fonts there. The xbe now launches and the magic dash version we are looking for is..... D: 5680
A completely new dash version that at least I haven't seen before.
Now, for further investigation.
Post by: Chicken Scratch Boy on September 24, 2004, 12:20:00 AM
edit: no positive hit on this forum...
edit2: or any other X-S forum...
Post by: Angerwound on September 24, 2004, 12:30:00 AM
I'm off to sleep for the night - should be up shortly to work some more.
Post by: Chicken Scratch Boy on September 24, 2004, 12:41:00 AM
my complusive refresh habits dont help either
i'll see if i can snag a copy of the hulk on my way home from school
Post by: John Hoek on September 24, 2004, 12:46:00 AM
We can also those explore...
Post by: ldots on September 24, 2004, 02:25:00 AM
Maybe the EEE can be used if the HULK xboxdash.xbe doesn't validate settings_adoc.xip (just like the 5960 dashboard). This exploit would of course make it less convienient but still...
settings_adoc.xip is not in the xboxdash folder as listed by Kthulu, but the xboxdash.xbe does have a reference to settings_adoc.xip in the part of the code concerning soundtracks.
Again this is assuming the dash will run from DVD...
Post by: Angerwound on September 24, 2004, 05:49:00 AM
Post by: Angerwound on September 24, 2004, 06:19:00 AM
Post by: EthanHunt_IMF on September 24, 2004, 06:22:00 AM
Post by: heinrich on September 24, 2004, 06:39:00 AM
| QUOTE (Angerwound @ Sep 24 2004, 10:22 AM) |
| Can anyone confirm of deny this about Shrek? Was this Shrek 1 or 2? |
would have to be 1, 2 is not out yet.
Post by: Angerwound on September 24, 2004, 06:42:00 AM
| QUOTE (heinrich @ Sep 24 2004, 08:42 AM) |
| would have to be 1, 2 is not out yet. |
LOL makes sense, thanks heinrich I'll pick her up in a few hours.
Well, I took a look at the coverart for the shrek dvd. It seems there is only 'hints for the xbox game exclusively on this dvd'. I'll still go buy it and check it out.
Post by: PedrosPad on September 24, 2004, 07:00:00 AM
| QUOTE (EthanHunt_IMF @ Sep 24 2004, 02:25 PM) |
| that default.xbe (the one that extracts everything for the demo) also loads up fonts, maybe that one can be exploited |
Very interesting idea Ethan. I too considered this (after >>this<< happened), and looked at the date on the SWBF self-extracting XBE but guessed it was too recent (so didn't actually investigate any further!
). If the Shrek 1 DVD works the same way, it might just me old enough for this idea to fly.
Post by: Kthulu on September 24, 2004, 08:22:00 AM
does shrek actually contain an update.xbe? has anyone verified that there are any xbes on shrek at all? i'll find it and buy it today if so...
when (approximate date) was the font-hole fixed? this would give us a range of dvds to start looking at...
a font-exploited xbe from a movie dvd seems like the best hope...
Post by: PedrosPad on September 24, 2004, 09:25:00 AM
| QUOTE (Kthulu @ Sep 24 2004, 04:25 PM) |
| well, based on the lack of a font-hole in the default.xbe and xboxdash.xbe from the Hulk disc, it seems like a lost cause to get the hulkdash to boot from dvd. |
Has it been determined that there is no font hole in the hugh self-extracting default.xbe on the Hulk disk?
devz3ro's post shows the date of the Hulk self-extracting default.xbe as Jul 24 17:47:53 2003 - this is before the Aug 5th, 2003 date the latest kernels use to prevent exploitable dashboards from running.
Although this >>post<< is talking about the STBF self-extractor, it very likely that the Hulk self-extracting default.xbe also uses C:\fonts.
The SWBF self-extracting default.xbe throws Error 21 when it find the exploit fonts in C:\fonts - indicating that the font hole is plugged - but the Hulk's hugh self-extracting default.xbe is older......
Post by: triggernum5 on September 24, 2004, 09:26:00 AM
Post by: total_ass on September 24, 2004, 09:38:00 AM
P.S its SWBF, not STBF
Post by: PedrosPad on September 24, 2004, 09:40:00 AM
| QUOTE (regress @ Sep 24 2004, 05:35 PM) |
| The hash collision detection seems like that'd be one of the best ways to do it, if we can get a hold of that algorithm. |
163MBs of bits for John to toggle with
Post by: Kthulu on September 24, 2004, 10:13:00 AM
| QUOTE (rmenhal @ Sep 24 2004, 03:10 AM) |
| The known font hole has been closed in the Hulk xboxdash.xbe (i.e. not exploitable that way even if fonts could be loaded from the disc.) |
@PedrosPad
the default.xbe in devz3ro's original post has the same date as the xboxdash.xbe, so if remhnal says there is no font-hole in hulkdash, there wouldn't be a font-hole in the hulk demo either (default.xbe)...or would there?
Post by: Kthulu on September 24, 2004, 10:40:00 AM
| QUOTE (jonny_eh @ Sep 24 2004, 12:24 PM) |
| I doubt that the hulk default.xbe would even use the dash stored on the DVD. What purpose does that dash serve? My guess is it's there as a backup to the HD dash? I doubt there's any point to finding holes in the included dash if it isn't even loaded. Does the SW DVD contain a dash? If not, then the dash probably isn't necessary, therefore never used, and therefore not exploitable. |
as far i can tell, the xboxdash.xbe doesn't even get used by the demo. it almost seems like somebody forgot to delete the folder before they started pressing the discs. the attractive thing about the xboxdash.xbe, was the fact that it was flagged to be run from dvd.
i started looking at the hulkdash way back because i didn't think the self-extracting default.xbe (hulk demo) even used fonts. now, according to PedrosPad, they do use fonts, so i agree...i don't see any point in playing around with the xboxdash.xbe on the Hulk dvd...especially if it is not font-exploitable. i don't think there's any hope of getting it to boot far enough to use the EEE. a font exploit is what i was hoping for the whole time because the fonts are the first thing the dash loads, right? if so, it wouldn't matter if some of the other file it wanted weren't there...it would load the fonts, go crazy, and load pbl or something.
but the xboxdash.xbe from the hulk dvd and the default.xbe from the hulk dvd have the same date. remhnal said the font-hole was closed in the xboxdash.xbe, so i would think it's closed in the default.xbe too. perhaps remhnal could look at the default.xbe too and tell us what he thinks about the possibility of it being font-exploitable.
EDIT: anyone know if there are xbes on Shrek yet?
Post by: total_ass on September 24, 2004, 11:09:00 AM
Post by: BluhDeBluh on September 24, 2004, 11:37:00 AM
You run the Hulk dash on the DVD, you run the Easter Egg exploit on that dash, you have unsigned code running on your Xbox. And... the Save Game exploit is dead.. and you can install the UDE on Xboxes with nothing more than a crossover cable and a burnt DVD... Hell, you don't even need a crossover cable... the DVD could have everything you need on... think about it.
Post by: Angerwound on September 24, 2004, 11:59:00 AM
Post by: total_ass on September 24, 2004, 12:31:00 PM
| QUOTE (Angerwound @ Sep 24 2004, 07:02 PM) |
| I've been looking at that same idea for a bit now. I don't have any dvd+r to throw some tests at the box.. However, I would think the 4034 xbe that would be named 'settings_adoc.xip' would certainly look for the fonts on the root of /c/. I could be wrong - it may check on the disc first since it's where it's being launched from. Anyone else have any thoughts on this before I go buy another box of dvdr? |
yeah, buy cheap dvd+r and make sure the booktype is dvd-rom
Post by: Kthulu on September 24, 2004, 01:18:00 PM
what if XBEIMAGE_MEDIA_TYPE_DVD_X2 is just a XBE_MEDIA_1LAYER_DVDROM or XBE_MEDIA_2LAYER_DVDROM with a special book type....
(in other words, what if an xbox game disc is just a normal 2layer dvd with a special book-type). i don't think the filesystem (UDF, DVDX, etc. factors into the media flag/check. am i wrong?
instead of changing the book-type of a DVD+R disc to DVD-ROM, what if you could change the book-type to XBOX-DVD (or whatever it is supposed to be)...???
that makes me want to find out where exactly the book-type bits are on a dvd and read them off of an xbox disc. then create a hack that changes the book-type of dvd+r to match...but i don't know how
Post by: eh. on September 24, 2004, 01:23:00 PM
| QUOTE (PedrosPad @ Sep 24 2004, 09:28 AM - snippet) |
| the Aug 5th, 2003 date the latest kernels use |
Has that date been confirmed for sure?
The "about" in rmenhal's original findings (below) is partly why I'm asking this again eh.
| QUOTE |
| If the title ID is 0xFFFE0000 (dash's ID), the kernel then checks the time and date field and anything prior to about Aug 5 2003 causes it to bail out. |
Post by: PedrosPad on September 24, 2004, 01:40:00 PM
| QUOTE (eh. @ Sep 24 2004, 09:26 PM) | ||||
Has that date been confirmed for sure? The "about" in rmenhal's original findings (below) is partly why I'm asking this again eh.
|
nope
I was basing my comments of that quote of rmenhal's you found.
Post by: Kthulu on September 24, 2004, 01:44:00 PM
Post by: XanTium on September 24, 2004, 03:01:00 PM
Tried to find some of those DVDs here in europe.
Star Wars Triology also has xbox content on CD 4
The Hulk 2cd edition does not have any xbox content here.
Shrek1 ... could only find the "3D" edition and it has no xbox content.
Post by: Chicken Scratch Boy on September 24, 2004, 03:20:00 PM
| QUOTE (XanTium @ Sep 24 2004, 02:04 PM) |
| FYI ... Tried to find some of those DVDs here in europe. Star Wars Triology also has xbox content on CD 4 The Hulk 2cd edition does not have any xbox content here. Shrek1 ... could only find the "3D" edition and it has no xbox content. |
ah, but xant,
| CODE |
| Allowed game regions : 0x7FFFFFFF : XBE_REGION_US_CANADA : XBE_REGION_JAPAN : XBE_REGION_ELSEWHERE |
threfore, with waht we found in the us hulk disc, we can make a universal boot disk... if we can just find an exploit in that dash...
Post by: anjilslaire on September 24, 2004, 04:31:00 PM
In fact, I just picked up a new spool of 100 Ridata (RICOHJPN) +Rs from newegg that my box reads very well as -rom.
Post by: EthanHunt_IMF on September 24, 2004, 06:39:00 PM
My question is how?
If memory serves, we replace settings_adoc with an older dash that is font exploitable, but until now all dashes are set only with the XBOX_HDD flag. So my guess is we still can't run anything by replacing the easter egg xbe on the "boot disk" that isn't flagged 1/2LAYER_DVDROM.
Post by: Angerwound on September 24, 2004, 06:52:00 PM
Post by: Chicken Scratch Boy on September 24, 2004, 06:59:00 PM
do you think that maybe it's just a matter of shifting some bits on the fonts? or what...?
Post by: Chicken Scratch Boy on September 24, 2004, 07:06:00 PM
i'm just theorizing, but if we some how exploited the dvd.xip file, and since it's udf we could maybe put some dvd header stuff with a few "changes"?
or we can have the cd rip itself?
is this dash seceptible to audio exploit, because we may be able to have the naming scheme for the cd info all jacked up in such a way, that when it rips it generates an audio exploit track, which we can use to run our habibi signed code?
Post by: Angerwound on September 24, 2004, 07:10:00 PM
None seem to workable at the moment, but I will look into them.
Post by: Kthulu on September 24, 2004, 07:19:00 PM
all xbox dashboards (xboxdash.xbe) check for d:/default.xbe as soon as they load. if it finds a file by that path and name, it will try to launch it. that is why my xboxdash boot discs have been hanging at the X logo screen and the dvd drive can be heard thrashing about. the box boots d:/default.xbe (which is hulk's xboxdash.xbe renamed). it is booting, i'm sure of it. but once it boots, it sees d:/default.xbe (itself) and tries to launch it. so it goes into an endless loop.
i know i aim'd you about this theory earlier, angerwound, and then i expressed doubt about it, but i'm sure this is what's happening. here's what made me waffle back to that theory: in a modded state and using a homebrew dash that does not autolaunch games, insert a game disc into the dvd drive. a system notification is sent out. your homebrew dash detects and starts querying the drive for media info. when it's done it tells you have a game disc in the drive or a video disc. but it does not launch it. launch another homebrew dash that configured not to autolaunch D. it loads itself, not the disc. the bios isn't launching d:/default.xbe after boot...the currently loaded program is. now launch the normal MS Dash. All you'll see is the X logo screen i've been seeing, then you'll see whatever loads from the dvd.
i would suspect that the MS Dashboards check for d:/default.xbe and attempt to launch it before they ever even look for a resource file.
Post by: Angerwound on September 24, 2004, 07:27:00 PM
Post by: Kthulu on September 24, 2004, 07:29:00 PM
what i think may have loads of potential, would be to find out exactly what the Xbox Game disc book type is and develop a book type setter for it. this direction of thought would perhaps present a method of making game backups that would work on unmodded xboxes....which is what we did we burnt the hulk demo to dvd-r with book-type=DVD-ROM and it worked.
Post by: Kthulu on September 24, 2004, 07:32:00 PM
| QUOTE (Angerwound @ Sep 24 2004, 09:30 PM) |
| Yes, but are fonts loaded into memory before any checking of the dvd is done? If so, we'd be out of the dashboard's code by that time. |
| QUOTE |
| i would suspect that the MS Dashboards check for d:/default.xbe and attempt to launch it before they ever even look for a resource file |
test it in a hacked state. delete the font files from C. insert a game disc. launch xboxdash.xbe...
Post by: XanTium on September 24, 2004, 07:37:00 PM
http://www.liteonit....ip/BookType.zip
Post by: Angerwound on September 24, 2004, 07:38:00 PM
Post by: Angerwound on September 24, 2004, 07:41:00 PM
Post by: Kthulu on September 24, 2004, 07:43:00 PM
i'm using x2 4981, tsop flashed. i inserted a game disc. then i deleted all fonts from my C drive. then i launched xboxdash.xbe. i got no errors...it just booted the game disc.
when i deleted everything but xboxdash.xbe off my C drive, and launched xboxdash.xbe, i got error 21.
Post by: Kthulu on September 24, 2004, 07:45:00 PM
| QUOTE (Angerwound @ Sep 24 2004, 09:44 PM) |
| You could also test by placing 4920 and the old bert&ernie hacked fonts on /c/ - and make sure they boot to the hacked dash. Turn the box off with your burnt disc inside and turn on - See if results are different then before. It will more than likely reboot. |
it will definitely boot the dvd in that case. the bios loads it (before it even attempts to load xboxdash.xbe)
Post by: EthanHunt_IMF on September 24, 2004, 07:59:00 PM
| QUOTE (XanTium @ Sep 24 2004, 09:40 PM) |
| Another info note: the newer Sony writers (DRU-700A and probably also 710A) also have support for bitsetting (booktype) using Lite-On's BookType Utility. http://www.liteonit....ip/BookType.zip |
From what I can tell/have read, all Sony drives are rebaged lite-ons... Seems like they are in business together, reading my TDK's (mine is also a rebadged lite-on) eeprom you can find "SONY.CORPORATION" in there.
off topic i know, but still useful for those experimenting that have a Sony drive.
Post by: eh. on September 24, 2004, 09:13:00 PM
(The "Exclusive! Hints for Shrek Xbox Video Game Only Available on this DVD" is just some drawings and words - nothing from the game at all eh!
)Post by: patto on September 25, 2004, 11:20:00 AM
Post by: Chicken Scratch Boy on September 25, 2004, 11:22:00 AM
it says on the cover that it is only hints
Post by: eh. on September 25, 2004, 03:30:00 PM
Although far from being the utopia still hoped for, if it does have the Audio flaw and if there's a way to boot it accordingly from the video DVD, then I suspect it'd be especially useful for non-NTSC-U 5713+ softmodders plus provide an XBL compatible backdoor for every softmodder eh.
____________________________________________
Edit: corrected "everyone" to be "every softmodder".
Update: The above '5680' testing was perfomed via PBL-lite->EvoX(bios&dash) and therefore may not be valid (alas) ... via both nkpatcher and direct habibi my box reboots (instead of displaying the 100 sound track message) eh.
Post by: triggernum5 on September 25, 2004, 03:52:00 PM
Post by: Chicken Scratch Boy on September 25, 2004, 03:56:00 PM
we'll need a compatible exploit too
Post by: Kthulu on September 25, 2004, 03:57:00 PM
i also have some great news! i have discovered WHY the xboxdash.xbe is on the Hulk disc!
when you load the Hulk game demo, you have 2 choices: Play game or Watch DVD (does SWBF demo have these options?)
if you select Watch DVD, it calls d:/xboxdash/xboxdash.xbe to play it!!!
how do i know? i deleted xboxdash.xbe off my C drive and then loaded the Hulk demo and selected Watch DVD
Post by: eh. on September 25, 2004, 04:14:00 PM
Post by: Kthulu on September 25, 2004, 04:16:00 PM
Post by: Chicken Scratch Boy on September 25, 2004, 04:21:00 PM
Post by: eh. on September 25, 2004, 04:28:00 PM
Post by: Kthulu on September 25, 2004, 04:32:00 PM
when i launched the hulk demo and then launched the hulkdash (with no xboxdash.xbe on C) it created a Launch.txt file on C. the only thing in the file is "Y:\default.xbe"
Post by: Kthulu on September 25, 2004, 04:34:00 PM
| QUOTE (eh. @ Sep 25 2004, 06:31 PM) |
| (It doesn't seem to be font exploitable; that flaw appears to have been fixed eh.) |
perhaps it just needs different fonts. what fonts did you use and what were the results?
Post by: Chicken Scratch Boy on September 25, 2004, 04:34:00 PM
Post by: eh. on September 25, 2004, 04:44:00 PM
Post by: Angerwound on September 25, 2004, 05:04:00 PM
Post by: Kthulu on September 25, 2004, 05:05:00 PM
i flashed my tsop just before launching the hulk demo. when i launched the hulkdash from the hulk demo, i did not get a dashboard screen prompting me to set my clock. normally, i would have to do this when launching the normal xboxdash.xbe from C...
Post by: JimmyGoon on September 25, 2004, 06:20:00 PM
| QUOTE (dootdoo @ Sep 26 2004, 01:58 AM) |
| I'd like to note also that the dvd itself is mounted as a:\ as well as d:\ not sure if that will be of any use.. |
what?
umm....... sorry but you are wrong.
Post by: Chicken Scratch Boy on September 25, 2004, 06:24:00 PM
oh yeah can we get the dash to load the fonts of the disk?
Post by: dootdoo on September 25, 2004, 06:29:00 PM
| QUOTE (JimmyGoon @ Sep 25 2004, 09:23 PM) |
| what? umm....... sorry but you are wrong. |
I'm not really sure where you are coming from, but with the hulk, when the first default.xbe is ran, it mounts a symbolic link between the cdrom, and the letter 'a'.. in addition to the symbolic link between the cdrom and 'd'..
This is the behavior I have observed..
Post by: JimmyGoon on September 25, 2004, 06:35:00 PM
| QUOTE (dootdoo @ Sep 26 2004, 02:32 AM) |
| I'm not really sure where you are coming from, but with the hulk, when the first default.xbe is ran, it mounts a symbolic link between the cdrom, and the letter 'a'.. in addition to the symbolic link between the cdrom and 'd'.. This is the behavior I have observed.. |
......... hmm I'm still not understanding... a --- how do you know this? b --- what diff. c---- ????????? confused = me.
Post by: Chicken Scratch Boy on September 25, 2004, 06:35:00 PM
Post by: JimmyGoon on September 25, 2004, 06:48:00 PM
| QUOTE (dootdoo @ Sep 26 2004, 02:45 AM) |
| I don't want this to break down into an argument about something thats likely not important at all. But I will address your points anyways.. a) its what I observed while messing with it  'what diff' - I assume this means whats the difference, as far as I can tell I can't say it is different from anything, I'm just saying it happens, the same thing happens when you insert a dvd while running the xdk launcher also, so its significance could be moot, its very possible that most things ran from dvd do this, but I was never motivated enough to trace its happening..c) If you are confused, then you shouldn't tell other people that aren't that they are wrong. And at the end of the day, it probably doesn't matter.. So just smile and nod and hold off on your disputing of things posted unless you have directly found the opposite to be true.. Which is possible, I do make mistakes while tracing through programs, and while debugging them.. As for font loading, I havn't investigated that, I figured that angerwound was working on that *cheers* |
your right. I was confused.
I thought you were talking about something else. you're right. I should have jsut "STFU"!
Post by: triggernum5 on September 25, 2004, 07:16:00 PM
Post by: JimmyGoon on September 25, 2004, 07:20:00 PM
it is the same basic xbox OS same parameters same limits or lack-there-of...
maybe...?
Post by: Kthulu on September 25, 2004, 07:26:00 PM
| QUOTE |
| The 5680 dash is only loaded if c:\xboxdash.xbe doesn't exist, or did I misread? |
well, i have no way of knowing for sure, but i don't think that is true. why would they assume there would be no xboxdash.xbe on C and put one on the dvd just in case? i think the purpose of the xboxdash.xbe on the dvd (hulkdash) is that when the Hulk dvd was made, the current MS dash wasn't designed to skip d:/default.xbe and just play the dvd/movie content. i think the current dashes are able to do this if they are called with a paramenter...i think SW is doing this because there is no xboxdash.xbe on the SW bonus disc. short answer: i think the hulkdash is called everytime you boot the game demo and select Watch DVD.
| QUOTE |
| I don't understand why MS would bother putting that kind of check/fix into the dvd. I mean only modded boxes would be missing a valid c:\xboxdash.xbe, so why bother putting the means to allow them to play the dvd on the disk? |
exactly
Post by: triggernum5 on September 25, 2004, 07:30:00 PM
| QUOTE |
| i think the purpose of the xboxdash.xbe on the dvd (hulkdash) is that when the Hulk dvd was made, the current MS dash wasn't designed to skip d:/default.xbe and just play the dvd/movie content. i think the current dashes are able to do this if they are called with a paramenter |
Pure speculation, but I'll jump on that wagon.. Seems to make sense atleast..
-
Title: Hulk, The Special Edition
Post by: eh. on September 25, 2004, 07:44:00 PM
-
Post by: eh. on September 25, 2004, 07:44:00 PM
| QUOTE (Angerwound @ Sep 25 2004, 05:07 PM) |
| Yep, i've got her crashing with fonts. |
I've changed my HDD test setup and that's happening for mine too now, however, it continues to do so even when I put the real fonts back into the test directory eh!
(Maybe there's something cached and/or my setup's unsuitable now ... I'll try some more things eh.)
-
Title: Hulk, The Special Edition
Post by: Kthulu on September 25, 2004, 07:51:00 PM
-
(Maybe there's something cached and/or my setup's unsuitable now ... I'll try some more things eh.)
Post by: Kthulu on September 25, 2004, 07:51:00 PM
| QUOTE (triggernum5 @ Sep 25 2004, 09:33 PM) |
| Pure speculation, but I'll jump on that wagon.. Seems to make sense atleast.. |
here's another thing that makes me say that, but is also speculation...
when i use a filemanager to directly launch hulkdash (d:/xboxdash/xboxdash.xbe), my box simply reboots. but i'm 100% sure that the hulk demo is calling hulkdash to play the dvd content because i've deleted C:\xboxdash.xbe and it plays when launched from the demo. so, the hulk demo must be passing some argument to hulkdash in my mind. if you can pass arguments to hulkdash (which is old) i'm sure there are arguments that can be passed to newer MS dashes.
Post by: eh. on September 25, 2004, 07:51:00 PM
| QUOTE (Chicken Scratch Boy @ Sep 25 2004, 06:27 PM - nag) |
| oh yeah can we get the dash to load the fonts of the disk? |
One step at a time eh.
Post by: Kthulu on September 25, 2004, 08:08:00 PM
| QUOTE (dootdoo @ Sep 25 2004, 09:59 PM) |
| what happens to me is if I try to run the hulk dash from the dvd, it loads the content extracted on first insert thats on the utility drive (the menu selector).. I'm trying to rebuild the large demo installer so I can see exactly what its doing, but it will take me some time. |
you're right. my bad. i forgot that when the reboot thing happened to me, it was because i had my bios flashed to ignore d:/default.xbe and look for d:/boot.xbe
noobs: DO NOT START ASKING HOW TO EDIT YOUR DAMN BIOS HERE. SEARCH.
sorry, i just don't want the thread getting cluttered
Post by: eh. on September 25, 2004, 09:28:00 PM
| QUOTE (eh. @ Sep 25 2004, 07:47 PM) |
| or my setup's unsuitable now ... |
Yep, it was (I'd put the wrong mainmenu5.xip in the new setup's test directory) eh! 
Moving on, here are my test results...
The HDD version of the '5680' dash...
(i) displays normally with both retail font files in the fonts directory;
(ii) displays only a feint webbing background if they're not (including when only one of the retail font files is in the fonts directory) and then hangs;
(iii) displays normally with no font files in the fonts directory but with both retail font files in the root directory;
(iv) displays only the feint webbing background if they're not (including when only one of the retail font files is in the root directory) and then hangs.
This suggests to me that it's not font exploitable, as it seems to require both retail font files (but I realize that it doesn't prove that) eh.
-
Title: Hulk, The Special Edition
Post by: Chicken Scratch Boy on September 25, 2004, 09:35:00 PM
-
what are you talking about?
-
Title: Hulk, The Special Edition
Post by: eh. on September 25, 2004, 09:59:00 PM
-
Moving on, here are my test results...The HDD version of the '5680' dash...
(i) displays normally with both retail font files in the fonts directory;
(ii) displays only a feint webbing background if they're not (including when only one of the retail font files is in the fonts directory) and then hangs;
(iii) displays normally with no font files in the fonts directory but with both retail font files in the root directory;
(iv) displays only the feint webbing background if they're not (including when only one of the retail font files is in the root directory) and then hangs.
This suggests to me that it's not font exploitable, as it seems to require both retail font files (but I realize that it doesn't prove that) eh.
Post by: Chicken Scratch Boy on September 25, 2004, 09:35:00 PM
Post by: eh. on September 25, 2004, 09:59:00 PM
| QUOTE (Chicken Scratch Boy @ Sep 24 2004, 12:44 AM) |
| i'll see if i can snag a copy of the hulk on my way home from school |
Did you bother; are you testing and/or do you have any potentially helpful feedback eh?
-
Title: Hulk, The Special Edition
Post by: Kthulu on September 25, 2004, 10:02:00 PM
-
-
Title: Hulk, The Special Edition
Post by: Chicken Scratch Boy on September 25, 2004, 10:19:00 PM
-
Post by: Kthulu on September 25, 2004, 10:02:00 PM
Post by: Chicken Scratch Boy on September 25, 2004, 10:19:00 PM
| QUOTE (eh. @ Sep 25 2004, 09:02 PM) |
| Did you bother; are you testing and/or do you have any potentially helpful feedback eh? |
well i got to the video store, then i reliezed i had only 8 bucks
Post by: eh. on September 26, 2004, 01:33:00 AM
)
Post by: patto on September 26, 2004, 01:42:00 AM
| QUOTE (Chicken Scratch Boy @ Sep 26 2004, 06:22 AM) |
| well i got to the video store, then i reliezed i had only 8 bucks |
little struggles
Post by: Kthulu on September 26, 2004, 01:55:00 AM
i don't use nero to burn, but i am using it to verify that the book-type is correct after i burn. from nero's main menu (not the wizard stuff), select Recorder, Disc Info. that screen will tell you what the actual book-type is.
here's how i created my last disc:
copy default.xbe and /xboxdash/ from hulk dvd to Dfolder on PC. copied the contents of 4920's xboxdashdata folder into Dfolder\xboxdash\...choosing No when it asks if i want to over-write. then i copied a very large (3gb) iso file (it was a dvd rip) from another place on my PC to the Dfolder and renamed it to '0dummy'. then i used gdfimage.exe to make an xbox iso file out of Dfolder. then i put a dvd+r into my burner and run the booktype.exe to set the book-type to DVD-ROM. then i launch RecordNow and burn the xbox iso image i created from Dfolder.
i have created UDF dvds with the hulk files that boot too, but i felt like making xbox isos might help speed up the access to files on the dvd.
this last disc i made boots, extracts the hulk demo to X, then launches it. from the game demo menu, i select Watch DVD and it launches D:\xboxdash\xboxdash.xbe. it presents me with a full dash menu that i can actually navigate through. the memory and settings menus often hang, but the Music menu works very well.
i've done this with 4920 dash installed on my C. i know that it is at least reading the Music menu from the dvd because i have been able to go there after deleting all the xips (xboxdashdata folder) and xboxdash.xbe off of C.
Post by: Kthulu on September 26, 2004, 02:08:00 AM
| QUOTE |
| copied the contents of 4920's xboxdashdata folder into Dfolder\xboxdash\...choosing No when it asks if i want to over-write |
d:/xboxdash/xboxdash.xbe is (at least) loading the mainmenu and music xips from d:/xboxdash/xboxdash.xbe (because i have deleted them from C). i looked at a couple of these 4920 xips with xbedump and they are flagged for XBOXMEDIA_HDD only. but they are loading from dvd! i guess MS dashes don't really care about the media flags of their xips, as long as the sig is still correct...
Post by: Angerwound on September 26, 2004, 02:11:00 AM
Post by: Kthulu on September 26, 2004, 02:24:00 AM
at one point, the only things on my C were:
\Audio
\fonts
that's it. nothing else. the menu i got from d:/xboxdash/xboxdash.xbe:
Memory
Music
Settings
Music was the only one i could go into. Memory and Settings would hang.
on another note, from this same disc that we are speaking of...
i just triggered the EasterEgg. and i know it's running from the dvd cause when it tried to launch settings_adoc.xip, it gave me an invalid media error. settings_adoc.xip (from 4920) is flagged for HDD only.
all of the things i'm telling you here are done in an unmodded state (tsop flashed to 4034 kernel)
Post by: Kthulu on September 26, 2004, 02:40:00 AM
Post by: Kthulu on September 26, 2004, 02:48:00 AM
worst case: hangs when d:/xboxdash/xboxdash.xbe tries to load
best case: it reboots
with only the 4920 fonts folder on my C, i obtained a fully functional menu consisting of:
Memory
Music
Settings
i was able to look at my save games and settings. i was able to view my soundtracks and play them. since i have no Audio folder on C, of course there were no sound effects. sometimes shit doesn't work tho cause it's having trouble finding it on the dvd fast enough.
Post by: tempchicken on September 26, 2004, 04:34:00 AM
| QUOTE |
| ...they are flagged for XBOXMEDIA_HDD only. but they are loading from dvd! i guess MS dashes don't really care about the media flags of their xips, as long as the sig is still correct... |
Way out of left field here, but can we replace an xip with code of our choice, or does it really check for signing, but not media flags?
also,
Can we some how get this dash to call an older dash placed on the disc which is font exploitable if the media flag issue is skirted?
Post by: Kthulu on September 26, 2004, 06:29:00 AM
| QUOTE |
| Can we some how get this dash to call an older dash placed on the disc which is font exploitable if the media flag issue is skirted? |
nope. it's the same issue. the older dash would be HDD flagged, so it wouldn't launch from dvd. and even if it did, it seems apparent and makes perfect sense to me that all dashes look for fonts on C...not wherever they are launched from. so no boot disc. at best, we would have a box that is unmodded and live-safe normally, but pop in a cd whenever you want to run modded...not much of a market for that i think. but if other people would want to do that, let me know cause i have some ideas.
Post by: jonny_eh on September 26, 2004, 11:03:00 AM
I agree too, this looks hopeless, unless we find another way to exploit the dash included on the Hulk DVD.
What does the 'Hulk dash' actually access from the disc (as opposed to the HD)? I take it it gets the fonts from the HD. Are there any other resources it loads from the disc? Maybe somekind of jpeg file, since an exploit for that just came out for win2k dealing with jpegs? Boy am I grasping at straws there.
Kthulu: I think you hit the nail on the head as to why The Hulk uses its' own dash, AND the SW DVD automatically updates the dash. They use different methods to accomplish the same purpose. I guess MS added the ability for the xbox to load DVD-video content from within a game (i.e. Watch Movie) from DVD movie discs after the box was shipped, hence the need for an updated dash. This is significant because it can lay to rest fears of commercial games forcing dash upgrades, since they don't NEED to.
Hmm a thought just came to me. How would the Hulk dash know NOT to run the default.xbe on the hulk DVD (so it can 'watch movie' instead). Maybe it's a hacked xbe that is designed to avoid reading the default.xbe from the disc. That doesn't help though.
Post by: eh. on September 26, 2004, 11:03:00 AM
)Post by: mkjones on September 26, 2004, 12:52:00 PM
Sounds like a nice idea, in theory, maybe something will come of it.
Its nice to see people get so enthused about the exploit scene
Post by: Kthulu on September 26, 2004, 01:37:00 PM
| QUOTE |
| This is significant because it can lay to rest fears of commercial games forcing dash upgrades, since they don't NEED to. |
really? it can? i would treat every game as though it were going to force a dash upgrade. if i were MS, i would encourage every game publisher to include a dashupdate on their dvds and to automatically call it from their game. it would be like having Windows Updates push out Windows XP to 98 and 2000 users. everyone would be on the same OS eventually and you know that's what they want. then they wouldn't have to worry about how different dashes are going to react to different features etc. it would also be attractive to them as an anti-mod measure, but i don't think that's nearly as important to them as eliminating support calls and avoiding bugs.
if they did start forcing updates from the games, wouldn't it be easily patchable?
Post by: total_ass on September 26, 2004, 02:01:00 PM
what we need is a fontless ude, though i know nothing about these sorts of things and it is most likely impossible.
Post by: Kthulu on September 26, 2004, 02:13:00 PM
| QUOTE |
| What does the 'Hulk dash' actually access from the disc (as opposed to the HD)? |
all of the xips are access from the dvd. the fonts are always accessed from C.
Post by: Kthulu on September 26, 2004, 02:26:00 PM
| QUOTE (eh. @ Sep 26 2004, 01:06 PM) |
| @Kthulu: I'm sure that would be very useful (as indicated here: http://forums.xbox-s...05#entry1842717) eh. (P.S. Thanks for everything you're doing with this eh! ) |
can someone who knows for sure answer the following question:
let's say i have a kernel > 5713 and a dashboard installed on C that 5713 likes. is it the kernel or the dash that prevents an audio exploit from working?
i would think it's the dash, but i'm not certain.
Post by: eh. on September 26, 2004, 02:34:00 PM
Post by: Kthulu on September 26, 2004, 03:47:00 PM
if the audio exploit is fixed in 5680, i bet the font exploit is too.
Post by: PedrosPad on September 26, 2004, 03:53:00 PM
| QUOTE (Kthulu @ Sep 26 2004, 11:50 PM) |
| i just tested the audio exploit with my home-made boot cd. it didn't work. the box just rebooted. |
IIRC a Dash with a fixed audio flaw reports "Error >100 tracks" or some such - a reboot is a symtom of a crash - which means it may be exploitable.
(The reboot is most likely caused due the memory being laid out differently to the layout the audio exploit was authored to expect - it may just need tweaking)
PS. Did you put the audio exploit's ST.DB on D: or C:?
Post by: triggernum5 on September 26, 2004, 03:56:00 PM
Post by: Chicken Scratch Boy on September 26, 2004, 04:01:00 PM
| QUOTE (PedrosPad @ Sep 26 2004, 02:56 PM) |
| IIRC a Dash with a fixed audio flaw reports "Error >100 tracks" or some such - a reboot is a symtom of a crash - which means it may be exploitable. (The reboot is most likely caused due the memory being laid out differently to the layout the audio exploit was authored to expect - it may just need tweaking) PS. Did you put the audio exploit's ST.DB on D: or C:? |
good to hear...
but... doesnt the st.db go in E:/tdata/iforgotthefolderhere/
Post by: triggernum5 on September 26, 2004, 04:13:00 PM
Post by: PedrosPad on September 26, 2004, 04:14:00 PM
| QUOTE (Chicken Scratch Boy @ Sep 27 2004, 12:04 AM) |
| but... doesnt the st.db go in E:/tdata/iforgotthefolderhere/ |
Ok, Ok, I meant the DVD or the HDD
I imagine you're right and it was in the standard location on E:\ - but this isn't bad - as the retail fonts would remain intact so the XBOX would boot as normal, when no mod-disk was in the drive.
Post by: Chicken Scratch Boy on September 26, 2004, 04:18:00 PM
Post by: eh. on September 26, 2004, 04:22:00 PM
| QUOTE (eh. @ Sep 25 2004, 03:33 PM) |
| I rented HULK (the "2 Disc, Widescreen, Special Edition") and my HDD based tests suggest its '5680' xboxdash.xbe is audio exploitable (as it hangs instead of displaying the 100 sound track message) eh! Although far from being the utopia still hoped for, if it does have the Audio flaw and if there's a way to boot it accordingly from the video DVD, then I suspect it'd be especially useful for non-NTSC-U 5713+ softmodders plus provide an XBL compatible backdoor for every softmodder eh. ____________________________________________ Edit: corrected "everyone" to be "every softmodder". Update: The above '5680' testing was perfomed via PBL-lite->EvoX(bios&dash) and therefore may not be valid (alas) ... via both nkpatcher and direct habibi my box reboots (instead of displaying the 100 sound track message) eh. |
(In case it helps, my '5680' HDD based tests were with a correctly setup, proven Audio explot [via a 3944 kernel] eh.
)
Post by: PedrosPad on September 26, 2004, 04:30:00 PM
Maybe it was built from an older dashboard source tree for some reason/by mistake? (NB - The actual exploits don't work - but that could be due to changes in memory layout)
Post by: Chicken Scratch Boy on September 26, 2004, 04:39:00 PM
Post by: triggernum5 on September 26, 2004, 04:52:00 PM
On a side note, does anyone know what the password verification/accept/reject strings in these files pertain to?
Post by: eh. on September 26, 2004, 04:55:00 PM
| QUOTE (PedrosPad @ Sep 26 2004, 04:33 PM) |
| Posts here imply that this 5680 Dashboard seems to have both the font and audio flaws still in it - which is very odd given it's build number. Maybe it was built from an older dashboard source tree for some reason/by mistake? (NB - The actual exploits don't work - but that could be due to changes in memory layout) |
Pedro, I hope I'm wrong but my findings yesterday and today have me believing it requires retail fonts eh.
In addition to the test results I posted about this, I've confirmed that the '5680' xboxdash.xbe includes some explicit (Y: based) references to the two .xtf's, similar in appearance to those in .xbe's that pre-validate some files. However, as I indicated, the dash hangs instead of 21'g (so there's still a ray of hope) eh.
Post by: Kthulu on September 26, 2004, 07:49:00 PM
i'll try to answer some questions about my testing and such...| QUOTE |
| PS. Did you put the audio exploit's ST.DB on D: or C:? |
i put st.db in E:\TDATA\fffe0000\music
| QUOTE |
| What kernel are you running? |
4034 (my original kernel; i have a 1.0 xbox)
now i have some questions...
| QUOTE |
| IIRC a Dash with a fixed audio flaw reports "Error >100 tracks" |
what does IIRC mean?
eh
nevermind, i just re-read your post
again, i'm surprised too that none of the 'cool people' have posted until now...very glad to see you here PedrosPad!
Post by: Chicken Scratch Boy on September 26, 2004, 07:52:00 PM
| QUOTE (Kthulu @ Sep 26 2004, 06:52 PM) |
| what does IIRC mean? |
If I Recall Correctly
mmmmkay?
Post by: Kthulu on September 26, 2004, 07:58:00 PM
) i tested my disc with only bigfonts on C and it just hung up (no reboot)is that a good sign?
Post by: eh. on September 26, 2004, 08:32:00 PM
| QUOTE (eh. @ Sep 25 2004, 09:31 PM - ii) |
| (ii) displays only a feint webbing background if they're not (including when only one of the retail font files is in the fonts directory) and then hangs; |
Post by: Kthulu on September 26, 2004, 09:21:00 PM
with only bigfonts bert and ernie in C:\fonts...
i boot with my disc. it launches the demo on X or Y. from the demo, i select Watch DVD. it launches d:\xboxdash\xboxdash.xbe. a blank green globe screen appears for a second, then the box reboots, loads the demo on X or Y. i select Watch DVD again. the green globe screen appears and stays on the screen and the xbox is locked up. i power it off and then back on and the same series of events happens again.
Post by: Kthulu on September 26, 2004, 09:46:00 PM
cold boot. hulk demo loads. i select Watch DVD. the green globe screen loads but locks up, no reboots. when i say locks up, it sounds more like it's in a loop because i can hear like a 1 second peice of background audio being repeated over and over. if keep pressing stuff on my gamepad, the tone of the background audio changes...like it advanced another 1 second, then repeats that piece of audio over and over...
sounds exploitable to me, am i wrong?
Post by: triggernum5 on September 26, 2004, 09:51:00 PM
Post by: Kthulu on September 26, 2004, 10:00:00 PM
| QUOTE (PedrosPad @ Sep 26 2004, 06:33 PM) |
| Posts here imply that this 5680 Dashboard seems to have both the font and audio flaws still in it - which is very odd given it's build number. Â Â Maybe it was built from an older dashboard source tree for some reason/by mistake? (NB - The actual exploits don't work - but that could be due to changes in memory layout) |
here's my imaginative explanation of the high version number that still has font and audio flaws (hopefully)...
at production time of hulk dvd, MS had already developed a dash up to 5680 and they were getting ready to release it into the world. then they became aware of the exploits here and started over from an older source tree, patching the holes as they went. if that is true, it is so funny that the exploit developers here set them back so far
i think this would help explain why SW doesn't include a dash too. i bet it is exploitable and they realized this after hulk was pressed, so they decided it was a bad idea to include dashes on dvds in the future. safer to force an hdd-dash update...
Post by: eh. on September 26, 2004, 10:17:00 PM
If you have a chance, please could you try the following and post the outcome:
I. put only the retail "XBox Book.xtf" and "XBox.xtf" back into "C:\fonts";
II. confirm the dash works again;
III. rename "XBox Book.xtf" to be "XBox.xtf" and "XBox.xtf" to be "XBox Book.xtf" (in place on the disk, with an interim rename so it allows it);
IV. confirm whether the dash still works; if it doesn't, as is the case for me...
V. rename "XBox.xtf" back to "XBox Book.xtf" and "XBox Book.xtf" back to "XBox.xtf";
VI. confirm the dash works again.
Post by: Kthulu on September 26, 2004, 10:26:00 PM
| QUOTE |
| @Kthulu: That pre-reboot phase is interesting |
i'm not sure it's a 'real' reboot. what i suspect is happening is that the fonts are loading and messing with memory. it creates a problem and 5680 launches the app that launched it...the demo, straight from X. this leaves some bad stuff still out there in memory, so when it happens again, it all piles and pushes it over the edge...to lock up.
that's what the Force tells me anyway i'll try that stuff tomorrow. i gotta get some sleep and starting to get burned out testing stuff...i think my thomson drive is getting worn out too
Post by: EthanHunt_IMF on September 27, 2004, 12:08:00 AM
a) softmod an xbox with a boot disc
or
put the exploit files on a back-up to play back ups on unmodded boxesIf we have to access the hd to change fonts to make this boot disc work, what's the point?
Post by: eh. on September 27, 2004, 12:39:00 AM
(1) be really useful for non-NTSC-U 5713+ softmodders (as it's "region free");
(2) provide a non-gamesave, XBL compatible backdoor eh.
Post by: EthanHunt_IMF on September 27, 2004, 12:55:00 AM
When Softmods Attack!! Part 21...
Post by: PedrosPad on September 27, 2004, 03:16:00 AM
| QUOTE (PedrosPad @ Sep 27 2004, 12:33 AM) | ||
Posts here imply that this 5680 Dashboard seems to have both the font and audio flaws still in it
|
GIGO - Garbage In, Garbage out. I did say "Posts here imply that..." - I've seen posts that state the font flaw isn't caught, and posts that say the audio flaw isn't caught - both promising.
| QUOTE (triggernum5 @ Sep 27 2004, 05:54 AM) |
| Different fonts with different results? Sounds like a good sign.. |
I concur.
| QUOTE (eh. @ Sep 27 2004, 08:42 AM) |
| @EthanHunt_IMF: I agree about the fonts, but the audio could potentially... (1) be really useful for non-NTSC-U 5713+ softmodders (as it's "region free"); (2) provide a non-gamesave, XBL compatible backdoor eh. |
I concur.
Leaving the C:\fonts as retail will allow retail XBOX functionality - boot to M$ Dash, access to XBL console, etc.
If the DVD-Rom booted Dashboard suffers from the audio exploit, the HDD modification may be limited to the E:\TDATA\fffe0000\music\ST.DB file. Since this file contains user entered track names, it can't be signed by M$ (which, btw, is why this file was originally targeted for exploit). A future M$ HDD boot Dashboard could validate, and zap this file on boot (similar to the way that D:5690 verifies C:\xodash\xboxonlinedash.xbe) but there's not one out yet - and if released, would only kick in if the user booted the new Dash from the HDD.
(And yes, I realise that all this would still require one time FTP access to the XBOX HDD to place the ST.DB file.)-
Title: Hulk, The Special Edition
Post by: PedrosPad on September 27, 2004, 03:17:00 AM
-
On another point, I've seen several posts asking "how this helps?", "how do we get this on the HDD?", etc. I think these people are missing the vision. I believe any breakthroughs here would be used to create DVD-Rom based homebrew that boot on unmodified XBOXs.
E.g. Once you're in the club, and have a working E:\TDATA\fffe0000\music\ST.DB file on your, otherwise unmodified, XBOX HDD (even one running the latest M$ Dashboard - with all holes closed!)...
You pick up a copy of the latest homebrew XBOX Linux dist. at a car boot sale,
pop it in your XBOX and boot from it (drive D:).
it boots the DVD-Rom D:5680 Dashboard (which, in this dream, still has the audio flaw), (drive D:)
You fire the audio exploit (copy track), (drive E:)
The audio exploit then launches D:\homebrew\default.xbe. (drive D:)
While far from ideal or easy to use - still something not previously possible.
-
Title: Hulk, The Special Edition
Post by: PedrosPad on September 27, 2004, 03:24:00 AM
-
Leaving the C:\fonts as retail will allow retail XBOX functionality - boot to M$ Dash, access to XBL console, etc.
If the DVD-Rom booted Dashboard suffers from the audio exploit, the HDD modification may be limited to the E:\TDATA\fffe0000\music\ST.DB file. Since this file contains user entered track names, it can't be signed by M$ (which, btw, is why this file was originally targeted for exploit). A future M$ HDD boot Dashboard could validate, and zap this file on boot (similar to the way that D:5690 verifies C:\xodash\xboxonlinedash.xbe) but there's not one out yet - and if released, would only kick in if the user booted the new Dash from the HDD.
(And yes, I realise that all this would still require one time FTP access to the XBOX HDD to place the ST.DB file.)
Post by: PedrosPad on September 27, 2004, 03:17:00 AM
that boot on unmodified XBOXs.E.g. Once you're in the club, and have a working E:\TDATA\fffe0000\music\ST.DB file on your, otherwise unmodified, XBOX HDD (even one running the latest M$ Dashboard - with all holes closed!)...
You pick up a copy of the latest homebrew
XBOX Linux dist. at a car boot sale,pop it in your XBOX and boot from it (drive D:).
it boots the DVD-Rom D:5680 Dashboard (which, in this dream, still has the audio flaw), (drive D:)
You fire the audio exploit (copy track), (drive E:)
The audio exploit then launches D:\homebrew\default.xbe. (drive D:)
While far from ideal or easy to use - still something not previously possible.
Post by: PedrosPad on September 27, 2004, 03:24:00 AM
| QUOTE (rmenhal @ Sep 27 2004, 11:13 AM) |
| The Hulk xboxdash.xbe code indicates that the audio hole has not been closed. It'd be easy to take the source code from the doubledash package I once made and adjust it. |
Sounds like excellent news rmenhal.
Do you have any ideas as to the conflicting messages regarding the 5680 Dashboard font flaw? I imagine you examined the code before posting that you believed it closed, but actual experimentation is throwing up some odd results.
Post by: PedrosPad on September 27, 2004, 03:38:00 AM
| QUOTE (devz3ro @ Sep 23 2004, 07:16 AM) | ||
| Taken from disc 2: xboxdash.xbe (1,568,768 bytes & found in xboxdash)
|
The red ink above implies that ROE would be on if this disk was booted - which kills the idea of creating a single exploit disk, booting to Evox, then swapping the disk for a standard homebrew
DVD. However, compatible DVDs may still be able to be created - as described here.
Post by: total_ass on September 27, 2004, 03:45:00 AM
i still stand by my previous statement that an exploitable 1.6 pal is the most important thing to concentrate on.
Post by: PedrosPad on September 27, 2004, 03:48:00 AM
| QUOTE (rmenhal @ Sep 27 2004, 11:45 AM) | ||
Well, with 5659+ you get error 21 with hacked fonts because the checksum (the first 64 kb) for the fonts don't match. That code is not yet quite ready in the Hulk xboxdash.xbe because there's an infinite cli, hlt instead. |
Thanks for that explanation rmenhal. That explains the lack of the Error 21 screen, and the lockups. But the reboots?
Post by: BluhDeBluh on September 27, 2004, 04:20:00 AM
| QUOTE (total_ass @ Sep 27 2004, 11:48 AM) |
| there has been some excellent possibilities occuring, i only hope that you guys can exploit these to improve softmodding. i still stand by my previous statement that an exploitable 1.6 pal is the most important thing to concentrate on. |
I think you're kinda missing the point. The best way to find an exploit is to find what's already there waiting to be discovered, rather than try to discover something that doesn't exist. Example in point, the Star Wars thread which created this thread which found the exploit that has always been there.
BTW, great news about the Audio Exploit. Looks like we're going oldsk00l - the Audio Exploit rebirth.
Never saw that one comin'....
Post by: total_ass on September 27, 2004, 04:26:00 AM
| QUOTE (BluhDeBluh @ Sep 27 2004, 11:23 AM) |
| I think you're kinda missing the point. The best way to find an exploit is to find what's already there waiting to be discovered, rather than try to discover something that doesn't exist. Example in point, the Star Wars thread which created this thread which found the exploit that has always been there. BTW, great news about the Audio Exploit. Looks like we're going oldsk00l - the Audio Exploit rebirth. Never saw that one comin'.... |
it's possible that an exploitable pal does exist, it just hasn't been found yet. i mean i can't say for sure, but i bet it was pure luck that the exploitable nfl fever xbe was found.
Post by: BluhDeBluh on September 27, 2004, 05:07:00 AM
| QUOTE (total_ass @ Sep 27 2004, 12:29 PM) |
| it's possible that an exploitable pal does exist, it just hasn't been found yet. i mean i can't say for sure, but i bet it was pure luck that the exploitable nfl fever xbe was found. |
Yeah, it is but we can't actively do much to find it, while we can actively work on this new audio exploit.
Post by: Angerwound on September 27, 2004, 07:09:00 AM
Post by: Kthulu on September 27, 2004, 08:30:00 AM
i'm no historian, but most significant discoveries/advancements that i've seen on discovery channel
were made by accident. people trying to turn lead into gold, lead to many important discoveries in the area of chemistry. no, they didn't succeed in turning lead into gold, but think about what we wouldn't have if they hadn't tried...
Post by: triggernum5 on September 27, 2004, 08:34:00 AM
| QUOTE |
| no, they didn't succeed in turning lead into gold, |
Haven't succeeded yet actually.. Ppl are still working on on the whole transmutation thing..
-
Title: Hulk, The Special Edition
Post by: Chicken Scratch Boy on September 27, 2004, 08:39:00 AM
-
if we can get a working st.db we can work on ghetooing it onto the hdd later...
-
Title: Hulk, The Special Edition
Post by: PedrosPad on September 27, 2004, 09:03:00 AM
-
Post by: Chicken Scratch Boy on September 27, 2004, 08:39:00 AM
Post by: PedrosPad on September 27, 2004, 09:03:00 AM
| QUOTE (Kthulu @ Sep 27 2004, 04:33 PM) |
| i understand PedrosPad's vision for this, but i still don't see how it's very useful. |
This research could be very useful for a PAL v1.6 K:5713+ XBOX owner, with good investment in original PAL XBL games.
Since UDE2 prevents access to the original PAL XBL game collection (due to the mandatory region change), currently there are few avenues open to play your PAL XBL game collection, and the occasional homebrew
title from DVD media. In fact the only method I know of is the PAL EEE/SC1 exploit - for which a noob package doesn't even exist yet.
(Short of toggling your EEPROM back and fourth.)
Post by: eh. on September 27, 2004, 09:51:00 AM
| QUOTE (total_ass @ Sep 27 2004, 04:29 AM - part) |
| but i bet it was pure luck that the exploitable nfl fever xbe was found. |
It wasn't "pure luck", it was more of an "evolution" that went something like this (IIRC) eh...
PedrosPad and other visionaries identified and pursued the double-dash possibility, rmenhal overcame the font barrier, devz3ro nurtured and grew it with Angerwound plus Pedro recognised and established UDE (all with more godly fonts and files from rmenhal).
devz3ro then identified the XBL HDD possibilities, PedrosPad pursued that and ldots created a scanner. This enabled other sceners that were willing to make an effort and help to do so ... almost immediately it revealed the UDE2 bootstrap had been staring someone in the face but they (embarassingly) hadn't even realized eh!
Although it was apparently pure luck that it was present in my box, wasn't it the case that the efforts and achivements of these folks (and others that preceded them) resulted in it being found eh?
-
Title: Hulk, The Special Edition
Post by: Kthulu on September 27, 2004, 09:58:00 AM
-
yeah, achievement always requires some effort. a little luck never hurts tho.
i hope everyone that's been reading this thread has checked all their DVD movies for xbox content. i would especially check movies that have a corresponding video game....like Chronicles of Riddick (is that on dvd yet?), spider-man, blade, etc...
-
Title: Hulk, The Special Edition
Post by: Angerwound on September 27, 2004, 10:00:00 AM
-
Normally they will announce the xbox content on the dvd. I have googled all over looking and can't seem to find any others besides these two.
-
Title: Hulk, The Special Edition
Post by: Kthulu on September 27, 2004, 10:02:00 AM
-
yeah, i've done the googling too, but i still checked my Spider-man and Blade dvds...double-checking never hurts, but i do have a feeling these are the only 2.
-
Title: Hulk, The Special Edition
Post by: rmenhal on September 27, 2004, 10:05:00 PM
-
Here's my version of the audio exploit for Hulk. The Hulk xboxdash.xbe is compiled with a function return pointer address protection/check so the exploit can't be done exactly the same as before. Currently I use kernel version specific database file. So copy an ST.DB matching your kernel version to E:\TDATA\fffe0000\music\ST.DB and then launch the exploit via the usual button smashing. It boots habibi-signed E:\default.xbe.
PedrosPad and other visionaries identified and pursued the double-dash possibility, rmenhal overcame the font barrier, devz3ro nurtured and grew it with Angerwound plus Pedro recognised and established UDE (all with more godly fonts and files from rmenhal).
devz3ro then identified the XBL HDD possibilities, PedrosPad pursued that and ldots created a scanner. This enabled other sceners that were willing to make an effort and help to do so ... almost immediately it revealed the UDE2 bootstrap had been staring someone in the face but they (embarassingly) hadn't even realized eh!
Although it was apparently pure luck that it was present in my box, wasn't it the case that the efforts and achivements of these folks (and others that preceded them) resulted in it being found eh?
Post by: Kthulu on September 27, 2004, 09:58:00 AM
i hope everyone that's been reading this thread has checked all their DVD movies for xbox content. i would especially check movies that have a corresponding video game....like Chronicles of Riddick (is that on dvd yet?), spider-man, blade, etc...
Post by: Angerwound on September 27, 2004, 10:00:00 AM
Post by: Kthulu on September 27, 2004, 10:02:00 AM
Post by: rmenhal on September 27, 2004, 10:05:00 PM
| CODE |
begin-base64 644 hulkaudio.tar.bz2 QlpoOTFBWSZTWSwmtV8AGOf///3/yhn+7///f///7v////4qKsJWJBxgcuig AYy5yq2b4AxfAByjsNbZbGqgIUBQUKBNgoaACDTIyDJiNNMCaYIMmIwEZNGj EGIZDJoyYIZGJoYIZMjQNMQ0DIaZMA0QpM0nplHqY1Tyn6QCeo0ZPQIYEGJi aGAaAIxGRkGBNMjEDJkYQ0yBiaaAkhCJoZCMp6mptT0jINAaeo0PRNBoNNAN AAAAZAaek00AADQBoAACDTIyDJiNNMCaYIMmIwEZNGjEGIZDJoyYIZGJoYIZ MjQNMQ0DIaZMCDTIyDJiNNMCaYIMmIwEZNGjEGIZDJoyYIZGJoYIZMjQNMQ0 DIaZMAVJIIEACNMmpk0bUYmQKfkeqnqPU8myEwKZPFMyaZNNGp5R6amjNTaa jGpsmp6npNDRvVG1PQ0anXFw+bhHpfb9PtWUc6dFQ+MbOeHKiWsgJVBJIagy SI/wFQ/tFIQiemKFCol4rWFRDkiwshcNoWhIRLD4B+YcodgNYcofEMo6nT26 rqbzLdfh1Mm4xRMEYy0TlKR1MZGyKhsCtUUMKiM27zK6uGzlDIMl1hcFChQt LBa1Cw2RYWF1C0LCwVC0EIlh9gUP2DdH3xgNAduFChQOeKC4aQ9YWFrBoFw6 AsLhfQvG2Llw+iPcFz2xtTXPs73J9mcb2sc2Ev37q7bPjVU8aHWZKUnt+IYR zm11PnpITiUFs0oZO4/mTKCJvwBgepxQ4aCkZJqR0DPCZDHBgnIHoydn76+j iDa7IKBSjamvUOXURpVdRCqi5Ui6VVStVY430P6Lo6U8MHp6ulxMOnwo89MM Wt6Vg+xx05KavUkzGarBSWwnSDA8+TkUaLzWaWKZrzSv0sL40rIqhqO85SMU lE6oWXDKL9d6GknMjhnYv4Hy0qMl6VMk9SpykteM2/pfCCWzr2cPJl6uFPF0 InzhMogtiLy0lSnHBwqENQFMWkQOR4ZsHJNhMymUeZy6qpoGrwXbvrYmNTCu NyLY/fH4B4I8kcI7sdMHzD5x/cLh8Qoe8J/mPdD1hkCMwsPxjyxwST1x6olD yx/2OsPhHgchR3cTMXOV3fq/j4N7sO0/j4u8U5tcTF3vR5zY4uZEWGKGrUWP cgbLvIpkpRmXqDPt4jg4ZS3Tbe4iOfMb5afy01Yd1Dcvw2enW5r7Uu9je2bo yfhlhi4BluwWyUkKbS8QAQiHKL9JZHldMhSxyKyRWGiQdVym5B9VyzL1Tder pw3eS5cOHtzNG1fa5rqse9pDmMzX+3A9ADVA4wFtXA3231gZg83iH3GCbop1 rvxdORc6U+9xuHLLUnJ8Xo912ndPa7WbY8e+6Ha3c+vuOKOfwVaaMuxp3R5D NnryVFqilOwMmejszqmHbVxTHrEcl0eRbDIX8EpYAzsGjxwLS6NFXXWehejQ SIIjvijSsVyC2GkNNjkF6CBQCkpubN+uQDp/zy37h9K+dzUM8j+8d756JvxN nX2hOmy7nBbvmjJjLX4L71ZBNAoNnj9AVUklXImO7D/H3btbGRktk1u3Glj0 Y7dFr7oswzD8HuNBMImdErQ9QMA7JmOLevwIo1DGhPmrYfCtUqJ7DeoMddee q3YbbNx8IY22pV1So06FUdjayX1fWlUi15aCE0c7Oziyad5lWSZJhIh77MsR 7gEMzwYoPJv+0MmxMdiZ0TTzXcuGbDQ+t+ofVHzjHcZ9DSrxs84TaKE6Wap1 BW6UYXI1dSvOgqnRCYx6acGvywyyNGaty5llx41UzYKs7gqipHiWU1JgqDFO 7AB8uPSERXwlF2Kd0SZo0Ki1rbR5totgEbYJARU1TOz1O7xUXrM9dHswQxf3 JLAZcYy7wBxCqQSta7EO0xJ6gcHm02dhxnYfY3Ky6xrRnxAMhMDQIuxRgpiv Fk7PaejMzSmmi4UF+FMQryFw3koYSqibVlQXILC0LcCGBX9CqU9gIgMNciFH U7Zw/z28jp2wrve9h5BxUdgqrFbQq6y1kXJ4lTjQ9MGPH861w8QewP9h7yON u7vYaWxJPtrtnw2pdEyN/N0ZucDDg7PLa6Zt8qt5XI+uyyYu8Fhn5nDg0tLY 4ol/D1nLwmu5nhq4obX3R8Imrm2pJ7X8zYmDSUkYtTd4GmO66s84DjgcwAUV u41Qgh3fqY38fDmQx2JsanMdj8o3PRXO5fBp6ekfYpH0qkqvMKwwqsPBDeX9 WsJVKqq9+0ONl158g8ofWHqN2HTemOY3B+YV1x5gzjri8WGvOkyDW6qrvCR3 jVvnkQ3YwRtr/BGmNgb8TzR2mlpXxrc13HcjP2Y8seONweqjzRvBtPyj+Kbk 7Oq5umO5HvjDmC8eiLvp1CqVSjq1aLVa3cQ1Rv5YcUL/W4Kho8XzzI+jXgUn pVap29Tq+FkysmYOU607GZi31vhuVBgZF5C1LRZ3Vx4OpPaHLj50LbZdlfsa Imdmh7C6aId56aOq8iabRovPs6rWzTHR9SJ9SHhu+y5ZIy9brURt9Do1Jxvt bqOrU5rhd/3e9kNKG61oZaDpasTj3N7CJfE1V9yL27Wpdjg2MtatuXWjFbJM kRm2pqHLpV9EaVML5fVbbUZ2dVpIpGSGqs5EPqwxyyM7Zib+3g04bXj5NbDa 0xNCvAZONpj5HfQHtjBEkKM440SYer1dOydZGWVkrKMqnnPQHKhhNFGMqqal kqq39elJU7yyKFSyyxUaGlutGRjGSpVSqNjZ1bjPUVUvzyFT4obEjqnf8fmz BpzNN2g5M9zByHOa2m5fGuzSbDal3Gmp2zYc6FbOvPXcrmuPxrciF1QtDlvC u5+9omRNmEbWGvSYN6AbjaAkVvqtu4fwNbx9zXuXgajkRCOhfLoY3r1acw4M qiupTHzv0/q5317VSdTQydLnUz1UvsspVThWU4cJcjtocy7pXsjTvkqrtc9C dnKqoqzi02n0eHvmLSiVnUS0zqJ0L2bXTGF3muV8I+UfkH3h645oxDyx6g/I Lht7c4h2+r2FQtvROLbPoY3wcPdyu5eD3U5NR2NRqpWtnozDvwzJPHaTL0TH GGxVGxZwmzy5taWvqQ7IxmhZhSVwkM3TlqLJTRVrCNqWlUp6MQzMgqZhiZn4 eOlavlY1ct5S8oO4VJUFImlboW4WZg3VEK7E+XYbDLgiB9DIBwwhMQykSImU gJDuVBNGpUZwyWjHRy0ip3DTbalTS0KlZPZ8rgMgmxNZOC5S231xvWHD48wy JtSZp2d3K2cIkYtwd4NQjRtzCK7GJv3GxUvORKskYROpfi0GO8eAyzBmaJjJ W/yGe5MjSJr2LUxZcLKioscu+OTjfV1CpYkaty2qywsTd0jJqIyRbGXSqYxN JuGxFQisJ8QDrslXsE7ZJeGDMjTC5KWmgwiAYafkAjwgPBlWkyl0FVCYuVEq quUrbu1NOO0LKYYwpWeGzs5E1WiRbdwwrmX7TPrK7bD9Y90jf88aeHcqyxNh 2QWhberx6javnQNG1KLs0SMpP94na+qMZI221D0pd0mVhv7t6RZku3s5WnSp VUzMwMUd4dxmHHhoB2UQzjO29ZFNJBlr5DZZtBzxtbkz2ttrlqU1tOSca28K 72PjH0xrcXk8zxq9QeoPZH6B+cfoG4HCHziw64+QfsFw8UUP0jnC22P+hZ8Y /1k64rzBeNoUPbH7xag+6PkH/g8QYQnjD5Rvi4LDgDsh5oXw90coWwFD3h+s awxGmNIWExD5h/oLDqj9w/ELu06v7c4vDoDgFo64ob/7/291WQfuGJJJCcn+ FZJZ6I+AdqPzj5RcPwh5Q9AUFg0D+A/KO0Fw54+ce+NMfOP/xdyRThQkCwmt V8A= ==== |
Post by: rmenhal on September 27, 2004, 10:08:00 PM
| QUOTE (PedrosPad @ Sep 27 2004, 11:51 AM) |
| Thanks for that explanation rmenhal. That explains the lack of the Error 21 screen, and the lockups. But the reboots? |
I don't think I'm going to bother with that. It's possible to crash dash 5659.03 to a null pointer reference too. And Kthulu's reboots didn't seem very consistent.
Post by: triggernum5 on September 27, 2004, 10:09:00 PM
Post by: Chicken Scratch Boy on September 27, 2004, 10:17:00 PM
now for getting it onto the hdd
Post by: EthanHunt_IMF on September 27, 2004, 10:40:00 PM
| QUOTE (rmenhal @ Sep 28 2004, 12:19 AM) |
| Audio data for each track is in separate files (on the HD). The exploit uses the database file ST.DB which contains all info on how the tracks grouped/organized. Couldn't really be on read-only media since the database needs to be modified when adding new tracks. |
I'm sure I'm misunderstanding what you are saying some how. But would it be possible to create an audio CD that creates an ST.DB just like yours on the HD?
So our "boot disk" would actually be 2 discs that consisted of
1. a hacked audio cd that will create an ST.DB that would launch a habibi signed D:\exploit.xbe and
2. a boot dvd with hulk dash (default.xbe) and a habibi signed D:\exploit.xbe
I'm sure this is not possible, but would just like to be told so by someone who knows more about what is possible/impossible with this exploit.
Post by: triggernum5 on September 27, 2004, 10:45:00 PM
Post by: Pillzburydoofus on September 27, 2004, 11:39:00 PM
I personally think it would be great if someone could do the whole sha1 hack idea talked about earlier in this thread, but that seems like it's a bit farfetched at the moment without actual working knowledge of sha1 encryption. I've been following this thread since day one and I'm impressed with how quickly an audio exploit was created! Just took the "big dogs of softmodding" to jump on board! I'm still convinced that the font exploit is possible due to the results of testing in this thread, and I hope no one gives up on that angle. Unfortunately, I don't have the hulk dash, and I can't change the booktype for my dvdr's because my dvd burner doesn't support +r (I know, I'm oldskool, but I got it early in the dvdr scene and it's for a laptop.)
Post by: Kthulu on September 27, 2004, 11:44:00 PM
| QUOTE (rmenhal @ Sep 28 2004, 12:11 AM) |
| I don't think I'm going to bother with that. It's possible to crash dash 5659.03 to a null pointer reference too. And Kthulu's reboots didn't seem very consistent. |
i'd like to add my props to rmenhal! great work!
i think most of the unexpected reboots i got when testing this stuff was due to disc reading problems. because of this, i recommend the following when anyone is making a hulk boot disc. fill the disc all the way up! use a big dummy file. i used a dvd movie ripped into a 3gb .iso renamed into 0dummy (no extension). make an xbox iso and burn that dvd. if i were to make another disc, i'd use a 4g dummy file.
i've never looked at the hacked st.db files before. would it be fairly straight forward to hex it into loading d:\abackup.xbe? this would be what PedrosPad had in mind i think. this would also be very useful in a future when MS forces hdd dash upgrades from every xbe they make (like the SW bonus disc). let's hope that doesn't become the norm, but if they do, soft-modders can survive thanks to this. unless they start 'repairing' st.db when they do a dashupdate...
EDIT: um, nevermind that d:\abackup.xbe non-sense. it's best to go ahead and load a pbl or something...and it's best to do that from hdd...
Post by: Pillzburydoofus on September 28, 2004, 12:14:00 AM
Put the hulk as default.xbe and the hulk dash on the disk as normal, then put your entire game on the disc in the root directory as say d:\game.xbe and re-route the st.db to load game.xbe from D. Then you insert the disc, trigger the exploit as normal and voila your habibi signed d:\game.xbe boots to that backup. This is the most MINIMAL installation on your hdd, as all it requires is the st.db file! If only you could find a resource it loads from the disc, then no files would be required on the hdd.
EDIT: You could also load pbl metoo/fbl from the disc and have that boot d:\game.xbe if you wanted to load a bios for any reason and still keep hdd installation minimal.
Post by: eh. on September 28, 2004, 12:33:00 AM
| QUOTE (rmenhal @ Sep 27 2004, 10:08 PM = "Softmod - The Movie!") |
| Here's my version of the audio exploit for Hulk ... |
Awesome rmenhal.
(It's working via my HDD based test eh. 
)Post by: eh. on September 28, 2004, 01:57:00 AM
| QUOTE (Pillzburydoofus @ Sep 28 2004, 12:17 AM - part) |
| Put the hulk as default.xbe and the hulk dash on the disk as normal, |
Hopefully the xboxdash.xbe can be the default.xbe for the disc (thus enabling an "any region" boot of the 5680 dash) eh.
Post by: PedrosPad on September 28, 2004, 02:51:00 AM
| QUOTE (Pillzburydoofus @ Sep 28 2004, 08:17 AM) |
| Put the hulk as default.xbe and the hulk dash on the disk as normal, then put your entire game on the disc in the root directory as say d:\game.xbe and re-route the st.db to load game.xbe from D. Then you insert the disc, trigger the exploit as normal and voila your habibi signed d:\game.xbe boots to that backup. This is the most MINIMAL installation on your hdd, as all it requires is the st.db file! |
I concur. K.I.S.S. - Keep It Simply and Straightforward - leave BIOS loaders out of the loop, and habbi sign the game.xbe (less involved - less to go wrong!).
Post by: PedrosPad on September 28, 2004, 03:06:00 AM
| QUOTE (eh. @ Sep 28 2004, 10:00 AM) |
| Hopefully the xboxdash.xbe can be the default.xbe for the disc (thus enabling an "any region" boot of the 5680 dash) eh. |
The few tests I've had time to perform have been in this area.
For those who didn't notice in the root post, the Hulk SFX XBE that Kthulu has had success with is XBE_REGION_US_CANADA only!.
However, the 5680 Dashboard is all regions.
- but, personally, I've struggled to get this to boot At the moment I think I'm struggling with bad burns (I'll try with the 4GB dummy file Kthulu suggests in future
)But Kthulu also mentioned that the Dashboard itself seems to check for, and if present attempts to execute, D:\default.xbe on launch - which would cause a recursive loop (since the Dashboard itself is named to D:\default.xbe).
More tests needed to confirm theories and verify findings.....
If this is the case, I'm kind'a hoping that
1. the font exploit does work (although rmenhal's not been wrong yet)
2. and the fonts fire ahead of the D:\default.xbe check.
Post by: Anusko on September 28, 2004, 07:24:00 AM
| QUOTE (wrayal @ Sep 28 2004, 03:17 PM) |
| Sorry about my totally useless suggestion - my knowledge of the audio hack is basically non-existant. One thing, however Pedros: what is the point in a font hack for it? It still loads themn from HD doesnt it? So it will be loading the same fonts as the HD-dash would be -> all the normal problems, or does it have a different boot order. Plus, is there any chance of a true utopia disc? Because this (it seems to me) is like the gamesave but worse. A hard to get hold of xbe, difficult disc to create, and it screws up your custom tracks... Imi probably being an idiot and missing something entirely, but hey... Wrayal |
no, we are talking about reading font files from the dvd.
i can't see any BIG advantage in this audio exploit, we still have to do the game save hack... i hope that a font exploit is possible, that would be a "boot" disk
d:/default.xbe (hulk dash and font exploit) --> d:/nkpatcher.xbe (or pbl) --> d:/game/default.xbe
Post by: wrayal on September 28, 2004, 07:28:00 AM
BTW: rmenhal, if the 5659.03 is crashable with that null pointer thing, does that effectively mean an audio exploit could be made for it? Just wondering...
Wrayal
Post by: Kthulu on September 28, 2004, 07:55:00 AM
| QUOTE (PedrosPad @ Sep 28 2004, 05:09 AM) |
| The few tests I've had time to perform have been in this area. For those who didn't notice in the root post, the Hulk SFX XBE that Kthulu has had success with is XBE_REGION_US_CANADA only!. However, the 5680 Dashboard is all regions. - but, personally, I've struggled to get this to boot At the moment I think I'm struggling with bad burns (I'll try with the 4GB dummy file Kthulu suggests in future )But Kthulu also mentioned that the Dashboard itself seems to check for, and if present attempts to execute, D:\default.xbe on launch - which would cause a recursive loop (since the Dashboard itself is named to D:\default.xbe). |
in my excitement over the 5680, i had forgotten about this. it really sucks for soft-modders that don't live in US or Canada because you have to use this xbe to launch the hulk demo xbe on hdd, which launches \xboxdash\xboxdash.xbe. there's no other way i've found that will work. yes, it will go into an infinite reboot loop if you have 5680 as d:\default.xbe. that was what i tried the first 5 coasters i burned. this is why i believe that the hulk demo on hdd is passing a parameter to xboxdash.xbe that tells it to ignore d:\default or to at least play DVD content first.
5680 WILL NOT load fonts from dvd. consider the layout of my last disc:
\fonts\
\fonts\Xbox.xtf
\fonts\Xbox Book.xtf
\xboxdash\ (4920 xips over-written with 5680 xips)
\xboxdash\fonts\Xbox.xtf
\xboxdash\fonts\Xbox Book.xtf
\xboxdash\Xbox.xtf
\xboxdash\Xbox Book.xtf
default.xbe (original default.xbe from Hulk)
Xbox.xtf
Xbox Book.xtf
as you can see, the fonts are in every directory + root on the disc. with this disc, if i deleted the fonts from C, i did not get a menu. the dash did load without lock ups, but there is only the green globe screen. you can make movements with the dpad and you'll here the sounds. you can press buttons and hear the sounds, but there's nothing on the screen other than the green globe.
Post by: triggernum5 on September 28, 2004, 08:02:00 AM
Post by: PedrosPad on September 28, 2004, 08:09:00 AM
| QUOTE (wrayal @ Sep 28 2004, 03:17 PM) |
| One thing, however Pedros: what is the point in a font hack for it? It still loads themn from HD doesnt it? So it will be loading the same fonts as the HD-dash would be -> all the normal problems, or does it have a different boot order. Plus, is there any chance of a true utopia disc? Because this (it seems to me) is like the gamesave but worse. A hard to get hold of xbe, difficult disc to create, and it screws up your custom tracks... |
Good and fair questions all, Wrayal.
My thinking goes like this...
The HulkAudio exploit requires manual intervention to use - doesn't boot directly to the on-media homebrew
. The GameSav doesn't allow you to exchange the XBOX original game disk with one that contains your homebrew
program. If possible, custom fonts, seeded on the HDD, would facilitate seamless launching of the on-media homebrew
program. Most of what I'm doing is just fun (but I do still have a few ideas at the back of my mind).
| QUOTE (wrayal @ Sep 28 2004, 03:31 PM) |
| Font files load from the DVD?? Sorry, missed that - my bad! That would be _exceedingly_ cool, I didnt realise it was possible. Ignore me, Im an idiot! BTW: rmenhal, if the 5659.03 is crashable with that null pointer thing, does that effectively mean an audio exploit could be made for it? Just wondering... Wrayal |
Wrayal, you're right - The font files are read from HDD - Unfortunately.
And yeah I wondered about the rmenhal's new audio exploit too. If it now works a new way, any chance it now works on newer Dashboards?
Post by: mkjones on September 28, 2004, 08:14:00 AM
| QUOTE (PedrosPad @ Sep 28 2004, 04:12 PM) |
| And yeah I wondered about the rmenhal's new audio exploit too. If it now works a new way, any chance it now works on newer Dashboards? |
This caught my eye as well
as it would go really well with a new package idea I had a while ago Anyone tried it out?
Post by: Kthulu on September 28, 2004, 09:36:00 AM
| QUOTE (wrayal @ Sep 28 2004, 10:59 AM) |
| Oh, one last thing. Just because these won't run, doesn't mean others won't. Might it be worth having an ldots scanner type system to search for 1-layer-dvd signed xbe's? Would I be right in saying that any signed with this media type could be made to boot in the same way as this hulk dash does? Wrayal |
that would be right, but they are going to be very rare.
Post by: eh. on September 28, 2004, 09:54:00 AM
| QUOTE (PedrosPad @ Sep 28 2004, 08:12 AM - re fonts) |
| The font files are read from HDD - Unfortunately. |
And if this previously posted test was an indicator, they seem to be explicitly validated too eh.
I. put only the retail "XBox Book.xtf" and "XBox.xtf" back into "C:\fonts";
II. confirm the dash works again;
III. rename "XBox Book.xtf" to be "XBox.xtf" and "XBox.xtf" to be "XBox Book.xtf" (in place on the disk, with an interim rename so it allows it);
IV. confirm whether the dash still works; if it doesn't, as is the case for me...
V. rename "XBox.xtf" back to "XBox Book.xtf" and "XBox Book.xtf" back to "XBox.xtf";
VI. confirm the dash works again.
I. put only the retail "XBox Book.xtf" and "XBox.xtf" back into "C:\fonts";
II. confirm the dash works again;
III. rename "XBox Book.xtf" to be "XBox.xtf" and "XBox.xtf" to be "XBox Book.xtf" (in place on the disk, with an interim rename so it allows it);
IV. confirm whether the dash still works; if it doesn't, as is the case for me...
V. rename "XBox.xtf" back to "XBox Book.xtf" and "XBox Book.xtf" back to "XBox.xtf";
VI. confirm the dash works again.
| QUOTE (PedrosPad @ Sep 28 2004, 08:12 AM - re audio) |
| And yeah I wondered about the rmenhal's new audio exploit too. If it now works a new way, any chance it now works on newer Dashboards? |
I'll try it with my setup and report back ASAP eh.
-
Title: Hulk, The Special Edition
Post by: PedrosPad on September 28, 2004, 10:08:00 AM
-
Post by: PedrosPad on September 28, 2004, 10:08:00 AM
| QUOTE (eh. @ Sep 28 2004, 05:57 PM) |
| And if this previously posted test was an indicator, they seem to be explicitly validated too eh. I. put only the retail "XBox Book.xtf" and "XBox.xtf" back into "C:\fonts"; II. confirm the dash works again; III. rename "XBox Book.xtf" to be "XBox.xtf" and "XBox.xtf" to be "XBox Book.xtf" (in place on the disk, with an interim rename so it allows it); IV. confirm whether the dash still works; if it doesn't, as is the case for me... V. rename "XBox.xtf" back to "XBox Book.xtf" and "XBox Book.xtf" back to "XBox.xtf"; VI. confirm the dash works again. |
The Hulk Dashboard XBE has an "XIPS" section containing an embedded XIPS file (like all Dashboards) - this file appears to be a manifest of the Dashboard's support files, along with their SHA1 digests (or some sort of digest anyway).
The last four entries are:
y:\fonts\XBox.xtf
y:\fonts\XBox Book.xtf
y:\XBox.xtf
y:\XBox Book.xtf
along with their digests.
I believe these fonts were left out of the manifest on pre-live Dashboards and D:4290 - that's why the font files were targeted as exploit candidates. But no longer.
Post by: total_ass on September 28, 2004, 10:54:00 AM
Post by: eh. on September 28, 2004, 10:57:00 AM
| QUOTE (mkjones @ Sep 28 2004, 08:17 AM) |
| Anyone tried it out? |
It gives me the 100 soundtrack message for 5960 and 5659.03 (whereas it reboots 4920) eh.
If anyone's got, or knows anyone with, a 5659.01 it'd be worthwhile trying it on that too. (M$ must have had a good reason for superceding that so quickly eh...
)Post by: Chicken Scratch Boy on September 28, 2004, 11:05:00 AM
maybe we can exploit a few of the resources loaded from the disk (which whould be?
)
Post by: eh. on September 28, 2004, 11:12:00 AM
| QUOTE (total_ass @ Sep 28 2004, 10:57 AM) |
| it doesn't look like this hulk exploit is going anywhere. do you guys have any other leads? |
Huh? It's already been exploited (see page 15) eh!
Post by: Kthulu on September 28, 2004, 12:57:00 PM
is there any possibility whatsoever of injecting the code from one of these dashes into 5680 and still maintaining a valid signature on the xbe? thereby, allowing us to font-exploit completely from dvd?
i'm way over my head here, but here's an illustration of what propose:
|5680 signature|5680 media flags|5680 code|
replaced with...
|5680 signature|5680 media flags|5680 code^4034 code^5680 code|
prolly not as it would be the same as hexediting the the dash to the proper media flags, right?
Post by: EthanHunt_IMF on September 28, 2004, 01:15:00 PM
| QUOTE (Kthulu @ Sep 28 2004, 03:00 PM) |
| were there any old dashboard versions that did not look for fonts specifically the C partition, but in their immediate directory? is there any possibility whatsoever of injecting the code from one of these dashes into 5680 and still maintaining a valid signature on the xbe? thereby, allowing us to font-exploit completely from dvd? i'm way over my head here, but here's an illustration of what propose: |5680 signature|5680 media flags|5680 code| replaced with... |5680 signature|5680 media flags|5680 code^4034 code^5680 code| prolly not as it would be the same as hexediting the the dash to the proper media flags, right? |
until that SHA1 collision stuff from the other thread gets worked out, editing a single bit will invalidate the signature and a retail bios will tell you to go to hell
Post by: PedrosPad on September 28, 2004, 02:07:00 PM
| QUOTE (total_ass @ Sep 28 2004, 06:57 PM) |
| it doesn't look like this hulk exploit is going anywhere. do you guys have any other leads? |
Always
Post by: farbird on September 29, 2004, 01:45:00 AM
There are people whom are doing mass piracy with dvd printing machines.. with this exploit, they can just plug this exploit in and the games will run, without even requiring the set to be modded... [ that is assuming that the xbe can be exploited and the fonts can be placed in the dvd and that it calls for the game xbe to be loaded...
this will mean an end for those whom do softmods... and the last person laughing loudest will be the pirates..
but then again.. .that is my opinion...
I feel that a mod must be only able to be done by someone whom have the technical knowledge...
This xbe run from media exploit might just be the killer.
Post by: triggernum5 on September 29, 2004, 01:51:00 AM
But your vision is looking a bit unrealistic, the utopia disc everybody except you wants seems to be out of reach..
Post by: farbird on September 29, 2004, 03:25:00 AM
I am excited about this also..
I hope to see it being able to run..
but my worry is in the long term..
no hard feelings....Post by: Chicken Scratch Boy on September 29, 2004, 08:29:00 AM
| QUOTE (triggernum5 @ Sep 29 2004, 12:54 AM) |
| But your vision is looking a bit unrealistic, the utopia disc everybody except you wants seems to be out of reach.. |
lets just see what the UXE is...
Post by: total_ass on September 29, 2004, 08:47:00 AM
that's just a guess though..............
Post by: triggernum5 on September 29, 2004, 09:26:00 AM
On the otherhand.. if they put a utopia type disc in my hands I'll be man enough to bow in respect..
Post by: Kthulu on September 29, 2004, 11:41:00 AM
Post by: eh. on October 01, 2004, 07:58:00 AM
Post by: eh. on October 05, 2004, 12:38:00 AM
)A question was raised (here) about the 5680 dash .wav's and so far as I could tell, the 5680 dash only gets its .wav's from within the C:/Audio directory tree ... I had them placed everywhere it might reasonably look for them on the DVD and renamed C:/Audio ... silence resulted (as per the 4920 dash) eh!
Additionally, I confirmed the 5680 dash doesn't run at all when two of the .wav's were renamed to eack other (whereas the 4920 didn't seem to care about that). However, if individual .wav's were renamed 5680 didn't mind (so if they're present in C:/Audio it pre-validates them, otherwise it's not concerned) eh.
Interestingly, there seemed to be 3 more .wav's in 4920 than there are in the 5680 manifest ... maybe they provide an opportunity for a potential wav hack (but since that would need to be via the C:\ drive, it's unlikely to be worthwhile anyone pursuing it) eh?
Post by: John Hoek on October 05, 2004, 01:05:00 AM
Interestingly, there seemed to be 3 more .wav's in 4920 than there are in the 5680 manifest ...
unquote:
If you place this 3 .wav files on DVD and erase them on HDD;
does the dash also not load them from DVD?
It is possible that the dash needed certain .wav files on a spcific location on HDD; hense it even checks if they are not renamed.
Maybe this 3 files are not checked by the dash and yet working from dvd.
Can you test that also?
Post by: PedrosPad on October 05, 2004, 01:33:00 AM
| QUOTE (eh. @ Oct 5 2004, 08:41 AM) |
| so far as I could tell, .... |
eh., sounds like you're doing excellent research.
-
Title: Hulk, The Special Edition
Post by: eh. on October 05, 2004, 10:11:00 AM
-
Post by: eh. on October 05, 2004, 10:11:00 AM
| QUOTE (John Hoek @ Oct 5 2004, 01:08 AM - request) |
| Maybe this 3 files are not checked by the dash and yet working from dvd. Can you test that also? |
I've tried a number of things and these three .wav files are almost certainly not being used by the 5680 nor the 4920 dash (and presumably that's why the 5680 manifest doesn't include them) eh:
C\Audio\AmbientAudio\AMB_EC_Voices13.wav
C\Audio\MusicAudio\Games Info Screen In.wav
C\Audio\MusicAudio\Games Info Screen Out.wav
Instead of the latter two, they use C\Audio\MusicAudio\Games Info Screen {In|Out} MSurr.wav (and all four work fine when substituted in the 4920 dash, but 5680 only runs when the correct MSurr pair are on the C:\ drive) eh.
Post by: devz3ro on October 06, 2004, 01:13:00 AM
Would it be possible to create a audio cd in such a way when copying the audio track, it creates your hacked st.db onto the hard disc? I'm pretty sure this has been discussed before, forgive me if this was already proven false.
If true, we would have a 'utopia-like boot disc'
Sure it would be a few finger-presses, but you would only need 1 cdr and 1 dvd+r to have a modded xbox.
Just some late-night brain cells floating around.
-devz3ro
EDIT:
What I had in mind was after the st.db was copied, and audio exploit launched it would:
1. Execute d:\root.xbe (a habibi signed metoo).
2. Have metoo load a BFM bios, and run d:\root\default.xbe (homebrew) first.
Post by: Midri on October 06, 2004, 04:13:00 AM
Post by: triggernum5 on October 06, 2004, 06:32:00 AM
Post by: Kthulu on October 06, 2004, 09:42:00 AM
Post by: JimmyGoon on October 06, 2004, 09:43:00 AM
| QUOTE (Kthulu @ Oct 6 2004, 05:45 PM) |
| i thought about this too before rmenhal posted the st.db, but i figured if it were possible you guys would have already thought of it. it would be great if this were possible, but i doubt it is. even if this magic cd track can be crafted, won't there be ROE issues to this...when you eject the dvd+r to insert the cd+r(w)? unless you can put the cd track on the dvd+r...??? |
The point would just be to get the hacked st.db file on there to (at exploit exec) load up a UDE_INSTALLER.xbe or something.
Post by: Kthulu on October 06, 2004, 09:48:00 AM
| QUOTE (JimmyGoon @ Oct 6 2004, 11:46 AM) |
| The point would just be to get the hacked st.db file on there to (at exploit exec) load up a UDE_INSTALLER.xbe or something. |
i have no idea why you quoted my post in yours. it says nothing that addresses the points i raised in my post. we're talking about getting the st.db on the hdd from dvd/cd without having to use a game-save hack and ftp it in. i DO understand how an audio exploit works
Post by: JimmyGoon on October 06, 2004, 10:39:00 AM
I was just explaining that I thought it was a jumpstart to boot something off the CD .... such as a UDE installer...
If that was the case then.... .what part of it would suffer from ROE?????
Post by: triggernum5 on October 06, 2004, 10:59:00 AM
Post by: eh. on October 06, 2004, 11:29:00 AM
(I guess the creation of a hacked st.db might theoretically be possible via the stock box's dash instead though eh?
)
Post by: mckenn88 on October 06, 2004, 03:40:00 PM
Post by: eh. on October 06, 2004, 04:42:00 PM
Post by: eh. on October 06, 2004, 06:35:00 PM
| QUOTE (wrayal @ Oct 6 2004, 01:54 PM - mostly) |
| Don't think you guys have said this already, but I suggested this earlier in this thread and the oracle himslef (rmenhal ) said it would not be possible. However, that may have only applied to my specific suggestion |
I think this linked post directly relates and (as per devz3ro) hope that rmenhal will have an opportunity to confirm (regarding the st.db created just for the 5680 dash) eh.
Post by: Kthulu on October 06, 2004, 06:51:00 PM
| QUOTE (eh. @ Oct 6 2004, 01:32 PM) |
| I think his point was that (since it'd be a stock box) a bootable 5680 dvd+r would need to gain the initial access and as soon as it did ROE/J would be on, so you wouldn't be able to swap it for a cd-r(w) eh. (I guess the creation of a hacked st.db might theoretically be possible via the stock box's dash instead though eh? ) |
yes, this was exactly my point. thank you eh.
Post by: Kthulu on October 06, 2004, 07:06:00 PM
and my own limited experiences with programing when i say that i don't think this is possible. here's why:when you rip an audio track to the hdd using ms dash, the audio track has no bearing whatsoever on what's written into the st.db file. the audio track is simply converted to wma and stored on the hdd in the music directory. the dash then records this location (~path~\filename) in the st.db along with whatever 'naming' data the user entered from the on-screen keyboard. so it wouldn't really matter what you embedded in the audio track on the cd. garbage track in, garbage wma out.
i can't say for sure that's how it works cause i don't work for MS and i ain't about to try to analyze about a million lines of hex, but doesn't that seem like the only logical way for the dash to handle the ripping of audio tracks?
Post by: Kthulu on October 06, 2004, 07:14:00 PM
i'm not familiar with the technical details of the format of an audio track on cd. do the *.cdda files on a music cd have something like headers in them? like a header that describes the whereabouts(location) and size of the audio track it's embedded in? if so, perhaps (instead of trying to cook up a malformed audio track that cooks up 'malformed' st.db file)...perhaps an audio track could be cooked up with a malformed header that causes execution of CODE embedded in the audio track...something like the JPEG exploit (or font exploits?), but with an audio track instead...???
of course, even if this is possible, the ROE would still be an issue if you're trying to boot from dvd+r then swap it for a cdr(w)...unless you can make mixed/hybrid dvd+r disc that has the audio track on it...and the dash will recognize it...
Post by: PedrosPad on October 07, 2004, 05:48:00 AM
| QUOTE (Kthulu @ Oct 7 2004, 03:09 AM) |
| when you rip an audio track to the hdd using ms dash, the audio track has no bearing whatsoever on what's written into the st.db file. the audio track is simply converted to wma and stored on the hdd in the music directory. the dash then records this location (~path~\filename) in the st.db along with whatever 'naming' data the user entered from the on-screen keyboard. so it wouldn't really matter what you embedded in the audio track on the cd. garbage track in, garbage wma out. |
Well described Kthulu. That's exactly how I understand it.
(PS. I suspect that the length of the track also makes it into the ST.DB).
Post by: Chicken Scratch Boy on October 07, 2004, 10:30:00 AM
what are the security features on these things anyway?
what do they do? arnt the asome sort of compression format?
Post by: EthanHunt_IMF on October 07, 2004, 04:11:00 PM
| QUOTE (Chicken Scratch Boy @ Oct 7 2004, 12:33 PM) |
| i guess exploiting xips is the only other possiblity.... what are the security features on these things anyway? what do they do? arnt the asome sort of compression format? |
as per devz3ro, the xips are checksumed so they are out too, the only thing left would be finding a bug in the way the dash handels DVD files (ifo, bup, vob) and trying to exploit that, but we'd still need a DVD dongle if the check for the dongle is done before the DVD movies files are even touched...
Post by: Chicken Scratch Boy on October 07, 2004, 04:15:00 PM
Post by: EthanHunt_IMF on October 07, 2004, 05:01:00 PM
| QUOTE (Chicken Scratch Boy @ Oct 7 2004, 06:18 PM) |
| a dvd dongle is quite a bit cheaper then a memory card, and AR (or alternative) and an exploit able game, iirc... |
you're right... i forget to factor in the cost of an exploitable game when going the memory card route since I bought SC before finding out about softmods.
Post by: Chicken Scratch Boy on October 07, 2004, 05:43:00 PM
Post by: eh. on October 09, 2004, 10:59:00 PM
Potentially for Hulk (or SWBF?) there may even be a way to include all required files on the disc ... the .xbx filename section of xboxdash.xbe (5680's at least) references \Device\Cdrom0 too eh!
(Alternatively/additionally a MU would likely be necessary initially, to "join the club" eh.)
Post by: Chicken Scratch Boy on October 09, 2004, 11:31:00 PM
now the exploit...
on the disk
3 bin files... 1 file is 1mb (bios), 1 file is 59,510 bytes, 1 file is 195,388,034 bytes
1 dll, a bitmap and a true type font
possible exploits...?
Post by: devz3ro on October 10, 2004, 01:15:00 AM
| QUOTE (Chicken Scratch Boy @ Oct 10 2004, 07:34 AM) |
| i think the XDK recovery disks can be burned to ANY dvd or cd (according to the certificate) and be put on the hdd. it is also for every region... now the exploit... on the disk 3 bin files... 1 file is 1mb (bios), 1 file is 59,510 bytes, 1 file is 195,388,034 bytes 1 dll, a bitmap and a true type font possible exploits...? |
Certificate is what we are looking for, but signature is not (hence the TESTTESTTESTTESTTESTTESTTESTTEST in the header of the default.xbe). This default.xbe is unsigned by MS, so its as good as any habibi signed xbe, not booting on a retail bios directly.
Root post updated with hulkdash.zip which contains hulkdash.exe. Just place the original hulkdash.exe from dashboard version 4920 in the same folder as xboxdash.xbe and run it. This will create the xboxdash.xbe that is on the Hulk dvd. Intended for those interested in playing that haven't had the chance yet.
-devz3ro
This post has been edited by devz3ro: Oct 11 2004, 05:50 AM
Post by: Chicken Scratch Boy on October 10, 2004, 08:39:00 AM
Post by: xxwillisxx on October 20, 2004, 02:01:00 AM
Post by: chanceeight on October 21, 2004, 07:00:00 PM
Conjecture: The Hulk default.xbe could be used to boot backups/modded games (Halo, etc.)
Assumptions:
1) default.xbe launches the Hulk Gamedemo menu with choice to "watch DVD"
2) when you select "watch dvd", default.xbe calls d:/xboxdash/xboxdash.xbe
3) the default.xbe can be workably burned onto dvd+/-r media (booktype change)
along with other files not related to the hulkdvd? (games, etc)
I think that's right. So could we either:
1) swap out xboxdash.xbe with either a renamed default.xbe from a dvd-signed game, or one of the hacked MS demo menus?
OR
2) hexedit hulk's default.xbe to point to a different .xbe?
The possible obstacles to this (that I can see):
* For method 1, renaming a game's default.xbe may render the game/demomenu unplayable. (demomenus may be okay, I dunno)
* Also, for method 1, original games may be signed for a different media than what is on (or can be run) from the hulk disc. Can't remember off the top of my head.
* I don't really think method 2 would have any chance of working, since I believe hexediting the hulk default.xbe would leave it unsigned. We couldn't resign it, could we?
Post by: _name_here_ on October 21, 2004, 09:43:00 PM
Post by: Shadow_Ryo on October 23, 2004, 07:42:00 PM
But, can't we get a game (say halo) and burn it in Booktype DVD-ROM, what would the xbox do just goto and error screen? original xbox game arn't pressed as DVD-ROM are they?
anyways,
Thanks in advance! :D
EDIT: Oh and a while back I was talking to some guy at work about modchips (This was before I got mine) and he said something about using a DVD +/- Codec and not needing a modchip. :unsure: I didn't really trust him, but do to the recent events he might not have been lying. Does any one know how to use a +/- Codec or is that the same as booktype? :blink: If I knew what it is/does I'd call him and ask him, unless he's fully on crap! :angry: Still seems kinda fake.
Sorry, if this has all ready been explained or something.
Thanks in advance! :lol: (I sure hope he wasn't lying, but then again)
This post has been edited by Shadow_Ryo: Oct 24 2004, 03:22 AM
Post by: triggernum5 on October 23, 2004, 08:09:00 PM
Post by: Kthulu on October 24, 2004, 08:01:00 PM
if so, there might be some enormous potential here. i know that menus can be created for cdx that copy saved-games over to the hdd. IIRC, it can also add wma files to the xbox soundtracks. if it does, i doubt it brings up the ms keyboard for the use to name the track...perhaps the audio exploit code could be inserted into the st.db this way...i doubt it, but worth looking into...maybe???
the idea is to fashion a dvd+r disc that boots CDX. the menu of CDX would allow the user to copy a game-save or audio track over to the hdd. it would also allow the user to launch the hulk demo. the hulk demo would allow the user to launch the 5680 dash...something along those lines.
for that matter, if there were a DVD-ROM flagged version of CDX, perhaps it has some sort of font vulnerability...
just some desperate imaginings...
Post by: PedrosPad on October 25, 2004, 01:54:00 AM
| QUOTE (Kthulu @ Oct 25 2004, 04:04 AM) |
| are there any versions of CDX that are signed and flagged for DVD-ROM media? |
Not that I've seen, and I've been keeping an eye out
Post by: patto on October 25, 2004, 09:56:00 AM
Post by: devlkore on October 30, 2004, 07:15:00 AM
Someone earlier mentioned putting code into an audio track on a CD and seeing if it could cause something exploitable when played (not when copied). I too wonder if this is possible, since MS can't sign/verify CD tracks.
Also, I'm pretty confident that this won't work, but is it possible to change the booktype of a DVD+R to Xbox-DVD and if so could this help in any of this?
Keep up the good work, BYEEEEE!!
Post by: eh. on January 01, 2005, 07:41:00 PM
i) obtained the HULK's xboxdash.xbe from the DVD
(you could make it with the root post's .zip's .exe and 1012a700's xboxdash.xbe)
ii) hex'd that to change its /fonts references to be /f8nts and habibi signed it
iii) created /C/f8nts and /C/xboxdashdata.10202100 directories
(they coexisted with whatever was already in /C)
iv) copied the 2 retail .xtf's from /C/fonts into /C/f8nts
(it doesn't matter which post-live release it is, sfaik)
v) copied the 20 retail 4920 xboxdashdata .xip's into /C/xboxdashdata.10202100
(it doesn't matter which release of 4920 it is, sfaik)
v) overwrote the corresponding .xip's with the HULK's from the DVD
(this is optional, so no worries if you don't have the DVD)
vi) added the hex'd HULK xboxdash.xbe to my (evoX) menu and ran it.
____
rmenhal's associated ST.DB is linked here eh.
Post by: eh. on January 02, 2005, 01:07:00 PM
Post by: bipolardragon on January 02, 2005, 03:15:00 PM
Post by: Keo-Keo on January 02, 2005, 03:28:00 PM
QUOTE(bipolardragon @ Jan 2 2005, 11:46 PM)
I wonder if Idots is around here still, if he was he could help you put it into a package, lol. Or..... you could try building your own package, but I think the dvdrw would be the better way of going with this exploit.
-
Title: Hulk, The Special Edition
Post by: eh. on January 03, 2005, 09:11:00 AM
-
Thanks for the idea and offer dudes but (IMO) this isn't package material eh. (I posted the steps above merely to assist others with trying the 5680 dash for themselves, and/or understanding the concept.)
-
Title: Hulk, The Special Edition
Post by: kingroach on January 03, 2005, 11:17:00 AM
-
I was reading about how downloaded .wma files from kazaa and other file sharing clients can be dangerous. The article said the networks are flodded with scripted .wma files and as soon as you try to play the files, they installs spyware in the pc. I was think if its possible to make scripted .wma files with exploted files in the cd and when we play the .wma file from cd, the file will copy the exploted files to apopriate directory of hard drive. I dont know if .wma files behaves same in xbox as pc.
*the article is in pcworld.com*
-
Title: Hulk, The Special Edition
Post by: scimitar116 on January 03, 2005, 11:25:00 AM
-
ha ya i read the same article yesterday, and thought the same thing,, but i dont think it will work, because the scripts ran thru a flaw in the DRM (Digital Rights Management) of the .wma, and i dont think the xbox cares about DRM (although i DEFINITELY could be wrong)
Post by: eh. on January 03, 2005, 09:11:00 AM
Post by: kingroach on January 03, 2005, 11:17:00 AM
*the article is in pcworld.com*
Post by: scimitar116 on January 03, 2005, 11:25:00 AM