Strange error: 0x81DA07FF

[Tiros]

or can't one use it without challenge response from M$ servers?

BINGO!
Manufacturing mode is nothing new. Thats what the red/green up/dn blinkers means.
mfgbootlauncher.xex is on flash, and and can be made to execute a number of different ways.
Hook up a serial port and you should see the messages about contacting the server etc.
Naturally if your about to get a new KV, youd need to be in contact with the mothership.
imho the whole thing is a dead end.

[q36]

"It does parse values for av/game/dvd region so ms must have left out the code that actually does something with them. Probally for this exact reason."

TheFallen, no, there is no mysterious missing code. As I said before, this is the same structure as xbox.xex/xefu.xex etc. Those are generic checks in the start sequence. Nothing is being set or ever intended to be set there.  Those are just xconfig settings, we can change those by hand by editing the config blocks in the nand, they don't really have that much control over anything important, and if I remember correctly, ExConsoleGameRegion is grabbed from xconfig at kernel init. This is not doing anything interesting at all. There are much better known routes to explore for new exploits.

[thealtaf]

is it possible to recover lost dvdkeys ? what if internet cable is connected and what is the risk if connected to some kind of server

[ddxcb]

is it possible to recover lost dvdkeys ? what if internet cable is connected and what is the risk if connected to some kind of server

its probly trying to connect to a local server or a secure one, and Tiros what terminal do you use for the xbox 360?

[q36]

no, this is not going to recover lost dvd keys or do anything with the dvd drive at all.

[TheFallen93]

"It does parse values for av/game/dvd region so ms must have left out the code that actually does something with them. Probally for this exact reason."

TheFallen, no, there is no mysterious missing code. As I said before, this is the same structure as xbox.xex/xefu.xex etc. Those are generic checks in the start sequence. Nothing is being set or ever intended to be set there.  Those are just xconfig settings, we can change those by hand by editing the config blocks in the nand, they don't really have that much control over anything important, and if I remember correctly, ExConsoleGameRegion is grabbed from xconfig at kernel init. This is not doing anything interesting at all. There are much better known routes to explore for new exploits.

It reads values for av/game/dvd region, I looked at the code. It reads them from the ini. Go look around 0x92058C1C. They are not being grabbed from xconfig, they are read from the ini.

[dtrmad2004]

How do you put this on a MU, noob question I know but I like messing with stuff

[stoker25]

I've gone through the dump and extracted the contents of both partitions inside, along with the extended partition, because not all people can understand dumps ;P
You can simply throw the files in the Data partition folder onto any other MU's Data partition, and it will boot.
Download: http://stoker25.com/xbox/ManufacturingMU.7z

[ReverseAffect]

going through all the info on this mu is ok but worthless...lol

[xbox360noob]

going through all the info on this mu is ok but worthless...lol

why that?

[ReverseAffect]

well because ...as the bigger guys said challenge response is the main goal!
i did see some generic emulator info in it though...
might be something for someone though.
just not my thing....
I don't play with live at all ..only on a legit level...
not to mention if the challenge response is found, it's holy war time with Live and this BS in a bad way

anyways just some random pic's of the utill screens with and without a game in the dvd drive for odd...

[Zellcorp]

Ahhh test discs arent they cool!!! pity they are useless without the server software lol

I still have my Ping 17 Test disc that was left inside a repaired unit years ago, anyone remember this?



It would play 1 level of PGR over and over with cars racing really fast but then it would try and send some info about performance to a network server and then hang.

Without the server side software to make these utilities work they are useless.

I was thinking it would be good if someone with better network coding skills could somehow code a server side app for these utilities.

[Dabman]

Someone try replace default.xex for other ( signed ) one?

[TheFallen93]

Lawl at maxconsole:

An interesting thread at XBH gives hope that an Xbox 360 memory unit can be used to trigger manufacturing modes on an UNMODIFIED Xbox 360 console. Apparently dumps of the specific MU have already been posted and the race for possible exploits has started.

[ReverseAffect]

lmfao...wow
as the world turns...
I think as of now the only sort of default we should be working on is for dumping the nand...
but for why..if it isn't a exploitable unit...unless we can re-hash and re-sign it..it's worthless
but the work load continues ...

[sonic-iso]

unless these xexs can revive blown efuses, it is as tiros said a "deadend".

[l_oliveira]

I remember reading on some IBM datasheet that they're capable of making flash based EFUSES which could be reverted to the original state if needed.

If this is the case, these flash based "EFUSES" would be reversible through the JTAG port.  But then again access to the XENON CPU JTAG port requires authentication, making the EFUSES effectively one-way for everyone but Microsoft.  Still I think it's wrong to automatically assume that the EFUSES on the XENON CPU are of the PROM (real blowing) type.

[ReverseAffect]

why would you think different?
as far as i am concerned working IBM cpus in the past...since 1984 they been securing it like this...
and it was because of a low maintance core issue if one went back it would blow the efuse for that,
 core and resort to a unused one and set up a diagnose state...
Similar EXAMPLE: glass fuse gets blown...
2 options.
1)replace it...easy to do...
2)open the end and replace the wire element with a re-solder...(kinda useless but only a example)..

why would m$ make a switchable on/off(programed/deprogrammed Efuse? I mean they do make them but why for the X360..
or it could be like you stated but a special port hookup so when set to manufacturing mode they can see whats going on,
 and resort back to a past fuse state for troubleshooting a dash or creating a patch when a update goes wrong..

but being just my opinion it's just that...

[damox]

why would m$ make a switchable on/off(programed/deprogrammed Efuse? I mean they do make them but why for the X360..

First thing that came to mind: when they run out of fuse bits to blow.

[TheFallen93]

There are 768 efuses in total, with a possible 512 for updates. Doubt we will run out any time soon.