Swizzy is correct, you are unfortunately giving bad advice.

Perhaps all yer dope smoking has affected your memory
Check my posts, I remember suggesting a rebooter LONG before even arnezami came along (think KK exploit) I called it "two card monte" or "chainloading". in fact I implemented MY idea at that time.
Flaming c4e for not implementing DMI or splitvid? Quite possibly. Was I wrong? How many got banned for that?
Furthermore I stand behind MY post that you quoted. Time will tell.

"Idea Men" are only talk. When you say you have actually tried something, and report your results, at that point you have escalated yourself from being an "Idea Man" to a hacker. Its not my job to explain why ridiculous ideas are flawed. If you think they have merit, than go ahead and implement. Post some results. Ask for help. If you just wanna run yer jaw about them, head on over to XS. Not one single hack has resulted from the speculations of "Idea Men" as defined above. The people capable of implementing thier OWN ideas have provided ALL the results you have seen.

FWIW the checks rely on PHYSICAL characteristics of the media, not only the data. The copy will not be 1:1. Im sure there will be some speculation on some way around that problem as well. Im equally sure that no one in this thread will ever pick up a soldering iron or write one line of code to implement or test any of this nonsense. The people who *might* be capabable, already know better than to waste the time.

I won't be responding in this useless thread again.

And all those flames were well deserved 
This was and still is a stupid idea, proposed again and again by people (aka "Idea Men") who haven't the slightest clue how to pull it off. In fact its even worse an idea now than it was in the pre - ap25 days. Even if you had the uber expensive hardware and the gigantic amount of space required for each image, it still isnt going to encode security information required to pass various disk checks.

The reason for slowing down the CPU clock is twofold:

1) Easier to hit the timing.
2) The RST signal is not async, and without the slowdown, even the very short pulse we currently use, will hard reset the cpu.

Changing the SMC standby clock (proposed) is not the same as changing the HANA dividor that generates the cpu clk (currently). Changing the standby clock will change the entire dividor chain, not just the cpu clk. Attempting to change only the cpu clk (post hana) is ugly, since its a 100Mhz differential clk.

The reasoning behind all this wire length / cap  nonsense is not delay related. The RST pulse and its effect on the cpu, is more of an analog issue than a digital one. The wire lengths and cap combinations are merely "shaping" the RST pulse per individual cpu.

I call shenanigans on x360glitch chip. Everyone grab a broom 

Having an onboard osc. does nothing at all to change the cpu clock speed on the fly.
The clk is only used for timing the glitch pulse, and thats only a PART of what needs to be done.
Apparently the creators of this device dont even fully understand how the hack works

You fried the input protection diode on yer CPU, game over.
Dont know how you did it, but I see people using series caps on this line, and thats a bad idea.
A series cap, AC couples the signal in to the cpu, causing negative voltage swings, that need to be absorbed by the protection diodes.
An overvoltage condition, as well as powering the line, with the cpu unpowered can also cause this.
Witness the assorted southbridges with blown SPI ports for the same reason.

The standby clock is active when switched power is off. So what will happen is the standby clock will try to power the entire coolrunner board, thru the input protection diode. Not a good thing.

Bad advice.
Its never a good idea to have an unpowered device connected to active signals. Over time it can damge the cpld or the signal source itself.
Switching the post is actually a good idea. Its electrically safe and should stop the glitch. You dont want to leave the cpld post in floating when its switched off. To prevent it from toggling in that state, the xilinx can be configured to have a pull up on that pin, by modding the .ucf file. If your not comfortable with that, just use a switch to connect the cpld post in to either the post signal itself, or ground.

Do you disable the cpld by switching only its power?
Its a bad idea to leave an unpowered device connected to active signals.

I dont know what "specifications"  your looking at, but the data sheet for XC2464A says 1.4~1.6 volts is fine. It seems like there are quite a few around who cant interpret these data sheets. 

The slim has 1.8 volt post out. It doesnt need a lower vccio to properly detect post. Furthemore the slim drives by low or Z, so it never outputs any voltage at all to the cpu rst.

On fats, a 1.8volt supply is a tad too high to properly detect post levels. The data sheet says you need 70% of vccio to see a logic one. Thats why there are diodes on fat.

Do you have falcon.xsvf in the current directory? 

I agree, the MTK chip handles all that.
The issue is the Winbond has "brownout" protection, to disable writing during a low VCC condition. The MX does not.
The "pulldown" lowers vcc, enough to trick the MX, but not enough to screw the MTK sata. The Winbond detects the vcc drop and disables writing. The "timing" issue, is with regard to the vcc, trying to get past the brownout protection "feature" of the Winbond.

This mod will get you banned.
Every time you power up with no dvd drive, it gets recorded in secdata.
Confirmed this myself after a heads up by Q36.

The HV exists in encrypted and hash protected memory. So how do you intend to "patch" the syscall?

Personally I don't think the request is all that unreasonable.
When the dvd drive was first being hacked, everybody was working and sharing all sorts of information. Although those people didn't release a "ready to eat" product, they disclosed enough so that someone else could replicate the work. So this new guy comes along. He reads the tech info. He duplicates the original teams results. He releases his implementation. His nick? C4E! Maybe if a few other people were looking and sharing some things, (sans Geremia) the whole world wouldn't be relying on the now "proprietary" situation we have with C4, Tx and co.

The nand ECC algorithm was also posted and shared, and as a result we have flashtool, nandpro, and a host of other tools. Fact is, theres a little "power base" going on whereby these things are now kept secret, for both ego and profit.  

I think it sucks  

Wow, only took someone 18 months to notice.
I was careless, 0x4000 is bytes in hex, and that aint 4k, yet it kinda is when you look at it.
I fixed the typo, thanks

Memory maybe be encrypted, hashed, or both.
As soon as the cpu tries to access the "broken" memory, the system will hang and its non recoverable.
Not to be a wise guy, but its obvious you dont understand how the KK or jtag exploit works, or read the powerpc manual.
Do some more reading, and learning, and if you have a specific question not answered by those topics, I will respond again.
Good luck!

blak,
In fact just the opposite is true, Only the cpu (in hv mode) can write the hv memory. The correct encryption will be applied transparently during the write cycle. The memory encryption/hashing is specifically designed to prevent the sort of attack you describe. Altering memory by some external means will corrupt the crypto, and trigger a machine check (non recoverable, ie: fatal) interrupt as soon as the corresponding cache line gets filled from external memory. Using jtag to modify the memory only works because the hv bug, allows unencrypted external memory to be accessed without the crypto.

Furthermore, as pem said, the crypto is hardware aes, implememented in L2. You won't "guess" the encryption, and it changes on each boot.

I suggest you read up, and fully understand how the jtag hack works before you proceed.

If you dont have xmas lights, its not in manufacture mode.
Changing to FF in the decrypted KV shoulda worked, provided you reencryprted it right, and injected it right.
I was under the impression an invalid KV allways triggered the man. mode.
Make sure you used +W with nandpro or youl pooch the ecc.

How about just writing a zeroed out bin to the KV area in flash?