xb360 jtag exploit - Discussion

[nickcas]

  - Right now, the only way to support both gaming and hacking would be a dual-nand modchip, which switches between nand contents. Note that you still couldn't update to 8498, as it likely (haven't tried) doesn't run without R6T3.

Get a cygnos 360 if anyone needs a dual nand feature

You would need one anyway to run the exploit if you didn't have an infectus right? This isn't software based is it?

[Straßenkampf]

I think you will have to use a JTAG-Adapter, no Infectus or Cygnos or other NAND Programmer needed?!

[B1N4RY]

According to what tmbinc said, it sounds like that you'll need a jtag adaptor.This isn't timing attack.

EDIT:
Didn't read Straßenkampf 's post...

And no, Infectus will not be needed. This isn't timing attack

[tmbinc]

you don't need a "jtag adapter". What you need is a way to reprogram the NAND flash. This can be an external programmer, a linux tool (if it already runs), or a yet-to-be-announced project which uses a special southbridge mode (details will be coming soon) with just an LPT port. Or a nand-modchip.

[nickcas]

you don't need a "jtag adapter". What you need is a way to reprogram the NAND flash. This can be an external programmer, a linux tool (if it already runs), or a yet-to-be-announced project which uses a special southbridge mode (details will be coming soon) with just an LPT port. Or a nand-modchip.

Thanks. yet-to-be-announced project sounds good  .

[B1N4RY]

Tmbinc your foreshadowings are killing me

[jz_5_3]

"We kept on working on this idea, and it worked out. pretty well. We use JTAG to program the DMA target addr, and then SMC to trigger the DMA read. The exploit itself is based on the old 4532 exploit."

It seems originally we use 4532/4548 HV bug to inject the code. Now if we could use jtag and smc to inject the code, why do we still need to rely on 4532? 

[nickcas]

Tmbinc: I've heard wind that this whole announcement was a leak and is not being released. Is this true? If so, why are you still acting like it is being released? I'm pretty confused right now. Sorry if what I'm hearing is bull$#!t.

[tmbinc]

Because *I* do have everything required for the exploit on my harddisk, and *I* still have the intention to release it. I don't know where this "it's a leak" comes from, but I consider it as bull$#!t.

jz_5_3: Because DMA attacks alone don't help on 360, due to memory encryption. All we can do using DMA is to trigger an exploit in privileged code, i.e. the 4532 HV, because that's the only privileged code we know that has a bug.

[nickcas]

Because *I* do have everything required for the exploit on my harddisk, and *I* still have the intention to release it. I don't know where this "it's a leak" comes from, but I consider it as bull$#!t.

Quite possibly the greatest news I've heard in a while. You're the man.

[B1N4RY]

Tmbinc, is everything ready to be released, or are you still preparing some final touches?

When you release it, it is going to be a POC initially, or an actual "Hack" ?

[XeNoN.7]

Deleted.

[B1N4RY]

Xenon, can you provide a reliable source to what you have just said?

[gamerfreak1727]

nice job tmbinc and team.

[tmbinc]

wtf, drama

[Redline99]

It doesn't matter now anyways, people looking to at this news with any continued seriousness need to know not up update. Whatever the drama, its too late and time to move on.

No more bashing will be tolerated above what has already been mentioned.

[jester]

It doesn't matter now anyways, people looking to at this news with any continued seriousness need to know not up update. Whatever the drama, its too late and time to move on.

No more bashing will be tolerated above what has already been mentioned.

Good choice and I agree. Whether its released or not, the fact that a person/persons has accomplished this, is still good news.

[B1N4RY]

wtf, drama

damnit tmbinc, don't tell me that this thread is just a joke

[ddxcb]

Just releace it Ms patch with the 8498 update or aka Summer 09 update and go on I want linux so bad

[G0t m4xx 21]

Wow.

Not sure what I'd use this hack for (besides resurrecting 360's that have lost their dvd key), but it's still amazing that it was finally cracked.

Besides that, linux on the 360 is cool, a novelty for us techies, but not very practical, I can do the same thing on my laptop/pc without all the hackery

a supercomputing cluster made out of 360's would be awesome though (until one RRoD's  )