XboxHacker BBS
 
*
Welcome, Guest. Please login or register.
Did you miss your activation email?
July 28, 2014, 07:20:19 AM


Login with username, password and session length


Pages: 1 2 3 4 »
  Print  
Author Topic: A new revision of the Slim, no more Glitch?  (Read 24145 times)
DARKFiB3R
Member
**
Posts: 28


View Profile
« on: October 18, 2011, 08:14:49 PM »

Google Translated

Quote
A month and a half after leaving the Reset Glitch Hack Tiros gligli and a new hack compatible with all HDMI consoles and that whatever the kernel, we still had not seen any reaction from Microsoft. We learn today with one of our technicians, stephane76700, the answer was already in your resellers ... a new revision of motherboard.

This motherboard has been found in a pack Forza 4250 Go, these new consoles with a matte black shell. The MFR date visible in the back is 2011-08-17 and the reader a Liteon 1071.

The biggest surpise is the absence of HANA chip (visible anyway) is the chip that allowed the management of the timing Reset Glitch Hack ...

It seems that the game of cat and mouse continues so ...



logic-sunrise
Logged
Eaton
Hacker
***
Posts: 73


View Profile WWW
« Reply #1 on: October 18, 2011, 08:30:11 PM »

Corona finally shows its face. Shocked
Logged
glaze83
Xbox Hacker
*****
Posts: 534


View Profile
« Reply #2 on: October 18, 2011, 08:57:58 PM »

Could they have combined the hana and southbridge onto one die?
Logged
ddxcb
Xbox Hacker
*****
Posts: 616


meh, who buys or own ""JTAGS""


View Profile
« Reply #3 on: October 18, 2011, 09:57:14 PM »

Corona finally shows its face. Shocked
More like a Trinity V2
Logged

I'm a ADD modder, got to mod or be bored xD
Arakon
Administrator
Xbox Hacker
*****
Posts: 6926


View Profile
« Reply #4 on: October 18, 2011, 11:24:44 PM »

I doubt they designed, produced and shipped a big new revision like this within a few weeks. Chances are this revision was coming anyways.
Logged

I do NOT give support by email, PM, ICQ or whatever. Anyone annoying me that way will have his balls removed. With a rusty butterknife. Slowly. And I'll enjoy doing it.
snowdaysrule1
Hacker
***
Posts: 79


View Profile
« Reply #5 on: October 19, 2011, 12:08:49 AM »

CPU's gonna be the same in the new revision and hence the console should still be glitchable. The clock source just isn't the HANA anymore, so we'll have to figure out an alternative method of controlling the clock using external hardware. 
Logged
MastaG
Master Hacker
****
Posts: 344


What have you done for me lately?


View Profile
« Reply #6 on: October 19, 2011, 06:12:57 AM »

External hardware for controlling the cpu clock sounds expensive to me.
Logged

I understand. You found paradise in America, you had a good trade, you made a good living.
The police protected you and there were courts of law.
And you didn't need a friend like me.
But, uh, now you come to me, and you say: "Don Corleone, give me justice."
But you don't ask with respect.
You don't offer friendship.
You don't even think to call me Godfather.
Instead, you come into my house on the day my daughter is to be married, and you ask me to do murder for money.
TheFallen93
Master Hacker
****
Posts: 177


View Profile
« Reply #7 on: October 19, 2011, 07:13:53 AM »

Corona finally shows its face. Shocked
More like a Trinity V2
No it is a corona. Trinity was being developed in 2009, Corona has been in development since winter 2010-2011.
Logged
Blackaddr
Xbox Hacker
*****
Posts: 677


View Profile
« Reply #8 on: October 19, 2011, 08:09:05 AM »

The manufacturing date of the new console is August 17th, before the glitch became public.  Glaze83 is probably correct that the HANA and SB have been consolidated.  Less likely is the HANA and GPU have been consolidated.

Just because the two previously separate devices might now sit on the same die (or atleast the same package) does not mean they dont' still communicate over an abstracted version of the I2C bus.  This would prevent the designers having to rewrite all their existing software code.

If that bus is still exposed on the PCB, then nothing really changes.

If the bus is no longer exposed (since everything it connected to is now contained on the unified SB/HANA), then you still can glitch it, but you have to tell the SMC to handle the CPU clock speed adjustments.

I've already made a fair bit of progress towards porting the glitch to the SMC.  To create an SMC based glitch hack for the slim, I was eventually going to have to use the SMC's I2C software routines to change the speed anyway.
« Last Edit: October 19, 2011, 08:23:07 AM by Blackaddr » Logged

360 Info Collection -> http://www.xboxhacker.org/index.php?topic=12940.0

Do not take anything I say as gospel, use your own judgement, make your own decisions.

Please pay attention to which sub-forums are for Research and Technical discussion. The following are NOT for help with and troubleshooting existing hacks.
- Hardware (Technical)
- DVD-ROM Drive and Media
- Hard Disk
- Software (Technical)
MastaG
Master Hacker
****
Posts: 344


What have you done for me lately?


View Profile
« Reply #9 on: October 19, 2011, 08:45:54 AM »

The manufacturing date of the new console is August 17th, before the glitch became public.  Glaze83 is probably correct that the HANA and SB have been consolidated.  Less likely is the HANA and GPU have been consolidated.

Just because the two previously separate devices might now sit on the same die (or atleast the same package) does not mean they dont' still communicate over an abstracted version of the I2C bus.  This would prevent the designers having to rewrite all their existing software code.

If that bus is still exposed on the PCB, then nothing really changes.

If the bus is no longer exposed (since everything it connected to is now contained on the unified SB/HANA), then you still can glitch it, but you have to tell the SMC to handle the CPU clock speed adjustments.

I've already made a fair bit of progress towards porting the glitch to the SMC.  To create an SMC based glitch hack for the slim, I was eventually going to have to use the SMC's I2C software routines to change the speed anyway.

Great work Blackaddr,
Really appreciate your work in perfecting everything for us.
Be sure to keep us posted bro!
You're definitely my favorite hacker/engineer.
Logged

I understand. You found paradise in America, you had a good trade, you made a good living.
The police protected you and there were courts of law.
And you didn't need a friend like me.
But, uh, now you come to me, and you say: "Don Corleone, give me justice."
But you don't ask with respect.
You don't offer friendship.
You don't even think to call me Godfather.
Instead, you come into my house on the day my daughter is to be married, and you ask me to do murder for money.
xboxbreaker
Master Hacker
****
Posts: 284


View Profile
« Reply #10 on: October 19, 2011, 09:07:16 AM »

I've already made a fair bit of progress towards porting the glitch to the SMC.  To create an SMC based glitch hack for the slim, I was eventually going to have to use the SMC's I2C software routines to change the speed anyway.

I have wondered if it was possible to control the clocks and send a short enough pulse on CPU_Reset using SMC, that was about all the thought I gave to it though. Glad to see someone working on using the SMC, I hope that works out well!

I also wondered if other IBM PPC architecture chips suffered the same glitch vulnerability, maybe the ps3 cell processor was also vulnerable all along.
« Last Edit: October 19, 2011, 09:13:18 AM by xboxbreaker » Logged
Blackaddr
Xbox Hacker
*****
Posts: 677


View Profile
« Reply #11 on: October 19, 2011, 10:21:52 AM »

The SMC itself is not fast enough, per say.  A NOP instruction takes 170 ns.  You still need an external circuit to precision delay the reset, but the circuit is not that complicated.  I've noticed the pulse width is not that important on my Falcon, the moment where the pulse begins is.

Regarding security, and how MS might fix the glitch vulnerability, here are my thoughts:

The IBM processor as provided by IBM is not really a secure processor itself, nor should it be.  The security layers are provided by microsoft.

The mistake MS made was in not doing anything to prevent hardware attacks, as Tmbinc noted back in 2007.  That includes glitches on power, clock and reset.  You don't have to worry about voltage glitching on a big processor because of capacitance.

Clock glitching is tough to protect against.  Reset glitching is not.  Regardless of whether your system needs security or not, even if your system uses asynchronous resets inside, you always buffer and extend the reset to ensure clean resets going to the asynchronously reset flops.  Ultimately this was Microsofts responsiblity, not IBM.  You never just pass an external reset signal directly into your logic where security is a concern.  MS had ample opportunity to heed Tmbinc's advice and correct this each time they spun the CPU, they did not.

We might still see a properly buffered reset on future CPUs and it wouldn't be that hard or expensive for MS.  If they are like most ASIC designers, you sprinkle unused logic gates around your custom logic.  This is done so that if you need to fix anything, you use the existing (though unused) logic already there, and you only change the metal layers (the wiring) not the silicon (the logic).

Where as changing the logic (silicon) mask can cost a million dollars and take 6 months to spin, changing the metal interconnect often costs tens of thousands, and could be spun in a month.  Not to mention you don't waste leftover bare dies that haven't had metal layers added.

Even cheaper of course is to just change the PCB.  If MS thinks they can reliabliy fix the problem with a new PCB, we'll see yet another one after Corona, rather than a new CPU.  But, that's still avoiding the original problem with the reset.

Now of course MS engineers should KNOW ALL OF THIS, they're not stupid, and I'm sure someone is saying to their managers, "I told you so!".  I suspect any future hacking depends on what MS managers decide, not what MS engineers know or don't know.
« Last Edit: October 19, 2011, 03:20:35 PM by Blackaddr » Logged

360 Info Collection -> http://www.xboxhacker.org/index.php?topic=12940.0

Do not take anything I say as gospel, use your own judgement, make your own decisions.

Please pay attention to which sub-forums are for Research and Technical discussion. The following are NOT for help with and troubleshooting existing hacks.
- Hardware (Technical)
- DVD-ROM Drive and Media
- Hard Disk
- Software (Technical)
xboxbreaker
Master Hacker
****
Posts: 284


View Profile
« Reply #12 on: October 19, 2011, 11:54:33 AM »

I think they will be more likely to keep up the cat and mouse game with the dashboard, keeping hacked consoles off live as their priority, rather than producing new secured hardware. Even if they did, it is pretty futile considering total quantity of vulnerable consoles out there, think there has been 55 million sales since launch. The counter measures will probably stay where they are, keeping backups and hacked kernals off XBL.

I would be surprised if we have any more than 2 or maybe 3 (at a push) years left out of the current generation of consoles, so I guess they will concede this HW hack (at least the CPU hardware protection anyway) and save their best motherboard design tricks for the next generation console.
We have had 6 years of xbox 360, which is substantially longer than the previous console, and PC games are now leaving the console games in the dust in terms of graphics and game design. Look at the changes they made for crysis 2 to shoehorn it into the console market, and I'm not big on PC games atall. Deus ex is another game with a vast difference in quality.
« Last Edit: October 19, 2011, 11:59:31 AM by xboxbreaker » Logged
peshkohacka
Master Hacker
****
Posts: 276


View Profile
« Reply #13 on: October 19, 2011, 12:27:41 PM »

MS decided to integrate HANA to SB just because HANA proved to be the root of many RROD-related problems. Its naive to think they'll put money into re-designing the hardware of a dying console, they have a core team working on their next xbox and im pretty sure the glitch will remain active, its not to say they won't fight with software, but that's another topic.
Logged
DARKFiB3R
Member
**
Posts: 28


View Profile
« Reply #14 on: October 19, 2011, 02:11:19 PM »

Some really interesting insight there, thank you for putting it in layman's terms, Blackaddr. I actually understood most of that, at least conceptually Cheesy
Logged
skinnymathew
Hacker
***
Posts: 54


View Profile
« Reply #15 on: October 19, 2011, 02:56:40 PM »

I'm sure someone is saying to their managers, "I told you so!".

LOL. Another great post, Blackaddr  Smiley
Logged
VeJLEXDK
Member
**
Posts: 30


View Profile
« Reply #16 on: October 19, 2011, 05:49:19 PM »

I'm sure someone is saying to their managers, "I told you so!".

LOL. Another great post, Blackaddr  Smiley
again thanks. remembeer when gligli announce the rgh, he put in there that they were gunna remove a occilator and try to control the clock itself
just sometihng i wanted to add
Logged
damox
Master Hacker
****
Posts: 485


View Profile
« Reply #17 on: October 20, 2011, 02:53:49 AM »

Interesting that this one has a NAND whereas this one does not:

Logged
d4m4n
Master Hacker
****
Posts: 140


View Profile
« Reply #18 on: October 20, 2011, 03:14:52 AM »

Interesting that this one has a NAND whereas this one does not:

It seem to have a NAND but different package. A better close-up picture with the chip markings visible would be nice.
Logged
ddsdavey
Member
**
Posts: 47


View Profile
« Reply #19 on: October 20, 2011, 04:11:12 AM »

 I suspect any future hacking depends on what MS managers decide, not what MS engineers know or don't know.
Absolutely spot on,you have so much technical know how bud but at least you dont lose track of what they really care about,$$$$
Logged
Pages: 1 2 3 4 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC

Valid XHTML 1.0! Valid CSS! Dilber MC Theme by HarzeM