xb360 jtag exploit - Discussion

[MohsinNisar]

Mubarak Ho
means Congrats

Glad to know the hack is going to be release. i did not update my console yet. Is that mean we should have dual nand chip and and still need infectus to dump it or the nand can be dumped via linux.
Sorry for very outdated question because i was not in touch with the forum for long time so i m not updated.

[Surrido]

yes, i think you could theoretically boot any kernel with this. that means you could actually boot the latest dashes without ever officially "updating" your console. just boot it ;-)
so dual nand comes very handy, correct.

[HiTec]

Yeap. I don´t think that infectus is so good. If you want dual NAND, you should buy Cygnos360 or Cygnos360 v.2.0 (not released yet).

I don´t understand those rumours what says that tmbinc and others are not gonna release that exploit. Why not? As tmbinc earlier said, it´s based to a same hypervisor bug than the original KK exploit. The difference is that now they use hardware modifications to trigger it, and thats´ AWESOME!

Anyway, awesome job tmbinc and crew! Really nice breakthrough with Xbox 360 (and HDMI-X0:s!)

Edit: tmbinc, will the hack work if the dashboard/kernel version is 8496? Or is it the whole 849x series that blocked the exploit? Just asking cause now I have 2 consoles (8496 and 8498) (have to buy Arcade Jasper if also 8496 is dead end).

Edit2: nvm. I didn´t remember the dashboard version correctly in that other Xbox 360. Checked it and its 7xxx- something. So it´s good to go 

[notsonoobesq]

One thing that keeps going through my mind..

if i remember correctly when tmbinc first demo'ed the 360 hack i beleive he contacted microsoft and at least warned them about their forcoming doom...to which they then locked the system down a little bit tighter.

Hope u dont mind tmbinc,  but could i ask.. Was there any prewarning of the hack to them this time to get around legal issues..fair disclosure giving them time to fix their security holes?

I only ask as it seems strange that microsoft fixed this hack ..when as far as i can see nobody was publically acknowledging it even existed.

[HiTec]

One thing that keeps going through my mind..

if i remember correctly when tmbinc first demo'ed the 360 hack i beleive he contacted microsoft and at least warned them about their forcoming doom...to which they then locked the system down a little bit tighter.

Hope u dont mind tmbinc,  but could i ask.. Was there any prewarning of the hack to them this time to get around legal issues..fair disclosure giving them time to fix their security holes?

I only ask as it seems strange that microsoft fixed this hack ..when as far as i can see nobody was publically acknowledging it even existed.

If that what you are saying is/could be truth, I really appreciate tmbinc´s and crews work even more. That´s more "fair play" from looking things through MS eyes and another reason why not to publish that hack.
And well, MS would fix that flaw in no time even if they weren´t warned, so would that be so big deal if they were pre-warned...

I´ll still say, awesome job guys. Waiting for release

[Surrido]

a lot of the hack had been posted here in XBH in the "exploiting HV without KK" thread. MS would be reading this as well, so i would assume that MS decided to fix it which forced the guys to react...

i doubt that it has been an easy descision for MS to update CB. they do this at a great risk...

[MohsinNisar]

Ok now we have 1 nand for latest games and 1 for homebrew. But sorry i still didnt get the proper answer.

1st question is Do i still need to get infectus to dump and flash nand or now the homebrew can run on any update except summer 09 update and dump via linux?
2nd question is Do i still need king kong disc or code can be executed directly?


Thank You

[Arakon]

He did answer that on the first page.
1) you need some means to write the nand. one method will be with a printer port cable.
2) no need for KK.

[jz_5_3]

As far as I understand, you need to have a way to flash the hacked firmware to the nand first before you can run homebrew or linux. there is no need of kk anymore as exploit is done by hardware (jtag and smc).

Ok now we have 1 nand for latest games and 1 for homebrew. But sorry i still didnt get the proper answer.

1st question is Do i still need to get infectus to dump and flash nand or now the homebrew can run on any update except summer 09 update and dump via linux?
2nd question is Do i still need king kong disc or code can be executed directly?


Thank You

[MohsinNisar]

Sorry to annoy you guys
1. Will we be able to run Unsigned xex files and unofficial dashboards?
2. What do u mean by printer cable? does that mean no need for infectus? any info link will help thanks


Sorry again for noobish questions. I was busy for the last few months so i was not able to be active so i m really outdated.

[Ced2911]

I think we will not be able to run unsigned xex at first but something more like an .elf (a free xbox 360 executable ), maybe an xex loader will be out after.

A way to write in the nand will be required:
A infectus can write to the nand.
You will be able to build a cable between your computer and your xbox for writing in the nand, so infectus will not be needed.

For the dashboard, it will not be like the first xbox, not build with the real xdk but with an openxdk ? and propably not today.

We got just a new way to launch executable which are not linked with the official xdk

A real wave of homebrow "non-hacking" apps

sorry for my bad english

[beauchemain]

All the possibility are good for in programming ?
Think of the sdk on XNA or the language C/C++ or the reverse engineering .....
All the way is good for that

[jelle2503]

i hope this goes big in no time. i truly loved the xbox1 homebrew community, but the 360 as of now just became an even bigger passion for me.. it was not as much as xbox1, due to the 360 "hacks" ie, firmware hacks are pretty disappointing hack

i'm pretty sure if you have a full system compromise, you can run XEX files built from ground up ... i hope some homebrew dash will release soon with full 360 capability, so anyone that wants to start programming for it , can start right away.

XBMC360HD that will run every vide codec?.. 1TB drives with games and movies?.. DVD2XBOX360 ?.. playing JAP games (region free console)?.. messing with the colors on the ring-of-light?.. awesome new scripts for XBMC? wtf this is what i've been wet dreaming about the last few years!!

and i'm pretty confident the new 8xxx dash will be hacked at some point as well

[tmbinc]

There are always two parts: Getting control of the machine, and doing something useful with that control.

This hack is about the FIRST part of that - getting control. It executes code, and it's up to the the programmer to do something useful now. The hack will use XeLL as a default payload, because there isn't much more. This hack is a direct replacement to he kingkong hack, and can do exactly the same, just faster and on more hardware, and without the game.

So it's the same as for the KK hack: If some people work on a way to reboot into a MS kernel, that could be used. But that's simply not  part of the hack.

It's like if you ask your car dealer if this car drives you around in spain - sure it will, if you find your way to spain first. Just don't expect the car dealer to take you there, he's just selling cars.

[jz_5_3]

Well said, tmbinc! although I have updated my jasper to the fxxking 8xxx, I am going to buy another jasper or two from dell as soon as your hack is released. I still have an old xenon, but I am afriad it may RROD eventually. I am not sure how soon microsoft will put the 8xxx into production, so a wise decision would be to buy the jasper as soon as possible?

[Intersect]

Ah, sorry i missed that part...

Well i don't see why not, it's not like the keyvault is signed or anything(yet anyway, that i know of), since you have the CPU-key i think it should work just fine as before.

I thought new keyvaults were signed? Also, in nxe they added a new key I.D. 0x44 that does a hash of kv+ 0x18 + 0x4 that is 0xD4 long, Kv +0x18 + 0xE8(start address of the drive key) and this is 0x1CF8 long so it covers the Xeika cert and more, and kv +0x18 + 0x1EE0 which is the cardea cert start address and is 0x2108 long which goes to the end of the 16mb kv. I assume that's to cover old unsigned keyvaults and is probably checked and compared when on live or at their discretion.

[d4k3ss]

There are always two parts: Getting control of the machine, and doing something useful with that control.

This hack is about the FIRST part of that - getting control. It executes code, and it's up to the the programmer to do something useful now. The hack will use XeLL as a default payload, because there isn't much more. This hack is a direct replacement to he kingkong hack, and can do exactly the same, just faster and on more hardware, and without the game.

So it's the same as for the KK hack: If some people work on a way to reboot into a MS kernel, that could be used. But that's simply not  part of the hack.

It's like if you ask your car dealer if this car drives you around in spain - sure it will, if you find your way to spain first. Just don't expect the car dealer to take you there, he's just selling cars.

First, i want say thanks and sorry for my english, i´m from spain, so , it is a very good news, i want know if is possible an emulator of PS2 for example or XBMC, I don´t know the actual posibilities.

Thanks a lot.!

[leorimolo]

^I bet a wii emulator could even be worked out 

[d4k3ss]

^I bet a wii emulator could even be worked out 

with natal!? 

[Ced2911]

lol tmbinc is also a member of the dolphin team ^^