If you have updated to dash 8XXX or above - what can you do - read HERE !

[Arakon]

Yes, something DID change in hardware. They blew efuses. And it's not about money.. people have been working on this for years.

[n00bpwner360]

The existing hack methods do not work on 8xxx consoles simply because of this. 8xxx updates install a new bootloader which will only boot 8xxx kernels. The current JTAG hack at some point in the boot process loads a 4xxx kernel because 2 of the 4xxx kernels were exploitable (4532 was it? 4548? I always forget)

Without the ability to boot a 4xxx kernel, you can't run the hack. And the new 8xxx bootloader does just that, restricts booting to anything but 8xxx and above.

Why can't we downgrade the bootloader to the old one? The one that boots any kernel? Well because an efuse is burned to prevent any lower bootloader from booting.

Basically

console does this

get efusevalue;
If(efusevalue == newbootloadervalue && bootloaderinnand==oldbootloader )
{do not boot;}
If(efusevalue == newbootloadervalue && bootladerinnand==newbootloader)
{boot;}

However the old consoles that haven't been updated to 8xxx, the efuse value that the Xbox retrieves, isn't == newbootladervalue, its == oldbootloadervalue, and the oldbootladerinnand will boot;

Am I making any sense? I tried to make it as simple and dumbed down as I could.

Рубить существующие методы не работают на 8xxx консоль просто из-за этого. 8xxx обновлений установите новый загрузчик которая будет загружаться только 8xxx ядер. Нынешний JTAG рублю в определенный момент в процессе загрузки нагрузок 4xxx ядра, поскольку 2 из 4xxx орехов были Пригодный (4532 это было? 4548? Я всегда забывают)

Без способности к загрузке 4xxx ядра, вы не можете запустить рубить. А новые 8xxx загрузчик делает как раз то, ограничивает загрузку ни к чему, но 8xxx и выше.

Почему мы не можем понизить загрузчик в старый? Тот, что любое ядро сапогах? Ну так efuse сжигается для предотвращения любой загрузчик из нижней загрузкой.

Основной

Консоль это

получить efusevalue;
Если (efusevalue == newbootloadervalue & & bootloaderinnand == oldbootloader)
(DO NOT загрузки
Если (efusevalue == newbootloadervalue & & bootladerinnand == newbootloader)
(BOOT;)

Однако старые приставки, которые не были обновлены до 8xxx, efuse значение, которое извлекает Xbox, не == newbootladervalue, его == oldbootloadervalue и oldbootladerinnand будет загружаться;

Я каких-либо смысл? Я попытался сделать его максимально простым и упрощенных вниз, как только мог.

Рубить, звучит сочень смешно в переводе с англиского на руский, наверно также и я писал с русского на англиский))))
Thanks
сегодня сниму прошивку с Xbox kernel 8xxx (нужно идти к другу, так как у меня notebook) и буду ее смотреть, моя цель вытащить DVD key, так как привод у меня умер. Спасибо всем большое больше не буду беспокоить. Если что-то получиться напишу

If I'm understanding you correctly you want to extract your DVD key from your 8xxx firmware? That's not possible because the DVD key is encrypted using the CPU key. Unless you know the CPU key you cannot decrypt the DVD key from the flash.

[ZerOneX]

So guys... just to simplify

- Original Dash and R6T3 - no problem

- Original Dash and no R6T3 - Error E80

- XBReboot and R6T3 - no problem, but efuses can blow with "true" updates.

- XBRebbot and no R6T3 - no problem and eFuses will not blow with "true" updates.


Am I right??

Thanks.

[makemebad]

Guys, i have few boxes from 2006 with 2859 and few with new update. How can i help you?

[Joka Macer]

Makemebad,

can you send 1 to me ?

regards,

Joka Macer

[ZerOneX]

Anyone could answer my question please?

Thanks folks.

[ReverseAffect]

So guys... just to simplify

- Original Dash and R6T3 - no problem

- Original Dash and no R6T3 - Error E80

- XBReboot and R6T3 - no problem, but efuses can blow with "true" updates.

- XBRebbot and no R6T3 - no problem and eFuses will not blow with "true" updates.


Am I right??

Thanks.

XBRebbot and no R6T3 - no problem and eFuses will not blow with "true" updates

correct...the only update it might ask for is for the avatars...so not a problem there
your safe...

[ReverseAffect]

Guys, i have few boxes from 2006 with 2859 and few with new update. How can i help you?

help us with what?

you can jtag them boxes and have fun with homebrew...that's helping...lol

[psybersoma]

The existing hack methods do not work on 8xxx consoles simply because of this. 8xxx updates install a new bootloader which will only boot 8xxx kernels. The current JTAG hack at some point in the boot process loads a 4xxx kernel because 2 of the 4xxx kernels were exploitable (4532 was it? 4548? I always forget)

Without the ability to boot a 4xxx kernel, you can't run the hack. And the new 8xxx bootloader does just that, restricts booting to anything but 8xxx and above.

Why can't we downgrade the bootloader to the old one? The one that boots any kernel? Well because an efuse is burned to prevent any lower bootloader from booting.

Basically

console does this

get efusevalue;
If(efusevalue == newbootloadervalue && bootloaderinnand==oldbootloader )
{do not boot;}
If(efusevalue == newbootloadervalue && bootladerinnand==newbootloader)
{boot;}

However the old consoles that haven't been updated to 8xxx, the efuse value that the Xbox retrieves, isn't == newbootladervalue, its == oldbootloadervalue, and the oldbootladerinnand will boot;

Am I making any sense? I tried to make it as simple and dumbed down as I could.

so if someone got crafty enough to write a new 8XXX bootloader that looked like 8XXX and was 8XXX, but booted up everything that was thrown at it, wouldn't that work??

I guess the next stage in this XBOX 360 hacking is to figure out what M$ is doing to build these updates and create a modified one that looks just like a legit update, but is custom code and then once flashed it blows some efuses as well sothat any future updates from M$ will be denied..

anything is possible..

not sure if there will be a 360 emulator out for those of us who have highend gaming rigs...  I'm sure if there was, then that would be quite interesting.. running homebrew in a virtual instance of a xbox360 on a quad-core rig with a ATI 5870 or Nvidia GTX 300 series... 

[Joka Macer]

Quote from: globolizator on January 16, 2010, 03:01:50 AM
The existing hack methods do not work on 8xxx consoles simply because of this. 8xxx updates install a new bootloader which will only boot 8xxx kernels. The current JTAG hack at some point in the boot process loads a 4xxx kernel because 2 of the 4xxx kernels were exploitable (4532 was it? 4548? I always forget)

Without the ability to boot a 4xxx kernel, you can't run the hack. And the new 8xxx bootloader does just that, restricts booting to anything but 8xxx and above.

Why can't we downgrade the bootloader to the old one? The one that boots any kernel? Well because an efuse is burned to prevent any lower bootloader from booting.

Basically

console does this

get efusevalue;
If(efusevalue == newbootloadervalue && bootloaderinnand==oldbootloader )
{do not boot;}
If(efusevalue == newbootloadervalue && bootladerinnand==newbootloader)
{boot;}

However the old consoles that haven't been updated to 8xxx, the efuse value that the Xbox retrieves, isn't == newbootladervalue, its == oldbootloadervalue, and the oldbootladerinnand will boot;

Am I making any sense? I tried to make it as simple and dumbed down as I could.


so if someone got crafty enough to write a new 8XXX bootloader that looked like 8XXX and was 8XXX, but booted up everything that was thrown at it, wouldn't that work??

I guess the next stage in this XBOX 360 hacking is to figure out what M$ is doing to build these updates and create a modified one that looks just like a legit update, but is custom code and then once flashed it blows some efuses as well sothat any future updates from M$ will be denied..

anything is possible..

not sure if there will be a 360 emulator out for those of us who have highend gaming rigs...  I'm sure if there was, then that would be quite interesting.. running homebrew in a virtual instance of a xbox360 on a quad-core rig with a ATI 5870 or Nvidia GTX 300 series...  Roll Eyes

For psybersoma,

i came here to see "what i can do in F&%%¨&&&¨%$ dash 8xxx"!!!

no for more and more speculation!!!


I think everyone is like me...

i tired of this, then so if you have serious idea, or something real to do, post here...otherwise NO!!!

[ReverseAffect]

i came here to see "what i can do in F&%%¨&&&¨%$ dash 8xxx"!!!

no for more and more speculation!!!


I think everyone is like me...

i tired of this, then so if you have serious idea, or something real to do, post here...otherwise NO!!!

you can't do a dam thing with it, as in jtagging and homebrew....
can't you read or what?
speculation? it's a fact....hardware stops you, software stops you... it ain't speculation..

[dtrmad2004]

@psybersoma To do such things you would need the MS private key as everything is signed with it.

If you had that then you would not need to hack the dash, you could sign your own Xex's

[readerfeifei]

As I am in 8498 ,Something I have to do and I can only do is to remove the r6t3?

[Arakon]

What for? you can't do the jtag hack on it, no point in preventing updates and keeping new games from working.

[readerfeifei]

Because,you just said that "With some luck this may get read and understood by people who have just updated their vulnerable consoles to 8xxx or beyond.The simplest solution if you want to keep an exploitable console, is to remove the R6T3 resistor which permanently disables efuse blowing."
So forgive me,if there are some misunderstandings,I have bought my xbox three days ago,I'm a green hand  .

[Arakon]

Your console isn't exploitable anymore, so there is no point in removing the resistor. It's meant to keep the consoles that are still exploitable from accidently being updated.

[cfw34683]

I'll bet 20 bucks that the dude GeoHot, the guy that hacked the PS3 after 3.6 years of being called UNHACKABLE. Could do it. Hell, he hacked the unhackable Iphone.

[Arakon]

Yeah, he also hacked a great photoshopped screenshot. You'd lose those 20 bucks verrrry quickly.

[tsvetko]

How about:
1. Applying an old update e.g. 2241 to get the old dashboard
2. desoldering R6T3 to stop all eFuses from burning
3. compiling one really old kernel with proper cb/cd, etc. (e.g. 2241). This update does not blow a eFuse as far as I know, so it should not check for blown ones I suggest
4. then flashing this kernel to the console nand (a whole 16MB image I mean).
5. then if the console bootts normally, put a 10k resistor at R6T3 to restore its functioning
6. Applying regular update (e.g. 7371 kernel)
7. Do the JTAG?

Is this going to work?

[Arakon]

Did you even bother to read ANYTHING? You can't get the old dashboard. If it was that easy, everyone would be doing that already. Old Dashboards no longer run. Also, in order to compile a new kernel, you'd need the CPU key, which you can't get.