|
tmbinc
|
 |
« Reply #220 on: December 18, 2007, 07:57:17 PM » |
|
Well isn't 512+16 fine?
Btw we *could* easily flash in linux. It's just that nobody wants to. If somebody is interested, i might still have some code somewhere which does it.
|
|
|
|
|
Logged
|
Please don't copy/quote full text outside this board. Instead, summarize and link to this post. Thanks! This lets me keep information updated and doesn't pull things out of context.
|
|
|
|
Ell3X
|
|
« Reply #221 on: December 18, 2007, 08:07:27 PM » |
|
Btw we *could* easily flash in linux. It's just that nobody wants to. If somebody is interested, i might still have some code somewhere which does it.
good to know  but i think nobody (maybe a handful people with lower kernel) needs it because they should install the infectus to downgrade the box , in order to update to 4532/4548. maybe in future this feature will be interesting.
sorry for bad english |
|
|
|
|
Logged
|
|
|
|
robinsod
Global Moderator
Xbox Hacker
Posts: 648
Perl packed my shorts during global destruction
|
|
« Reply #222 on: December 18, 2007, 10:06:35 PM » |
|
Well isn't 512+16 fine?
Btw we *could* easily flash in linux. It's just that nobody wants to. If somebody is interested, i might still have some code somewhere which does it.
Erm, that's perfect. |
|
|
|
|
Logged
|
|
|
|
|
HoRnEyDvL
|
|
« Reply #223 on: December 18, 2007, 10:35:38 PM » |
|
Hey im using a 4548 Console Never been updated would be cool if u could flash wih linux down side tho is if u bug the update then ur screwed u cant reflash again u must have infectus as the 360 will no longer boot.
Only best way 2 test out stuff is if there was a kernel rebooter but i think that will be a long way away.
|
|
|
|
|
Logged
|
|
|
|
|
amadeus
|
|
« Reply #224 on: December 19, 2007, 10:26:41 AM » |
|
Btw we *could* easily flash in linux. It's just that nobody wants to. If somebody is interested, i might still have some code somewhere which does it.
I would prefer to do it under Linux  A program using getopts() is most likely what Linux users would crave for to avoid the GTK/QT discussions |
|
|
|
|
Logged
|
|
|
|
|
billak
|
|
« Reply #225 on: December 19, 2007, 10:52:38 AM » |
|
Well isn't 512+16 fine?
Btw we *could* easily flash in linux. It's just that nobody wants to. If somebody is interested, i might still have some code somewhere which does it.
It would be very handy!!! |
|
|
|
|
Logged
|
|
|
|
B0Besh
Newbie
Posts: 1
|
|
« Reply #226 on: December 22, 2007, 05:57:05 AM » |
|
...which shouldn't be a problem as we now have the tool to dump with ECC (from linux).
Which tool do you mean  THX |
|
|
|
|
Logged
|
|
|
|
|
caster420
|
|
« Reply #227 on: December 22, 2007, 04:50:53 PM » |
|
tmbincdump-read3 is what you want to use. You can find it in the tmbincdump pack.
Caster.
|
|
|
|
|
Logged
|
|
|
|
|
Shaun
|
|
« Reply #228 on: December 24, 2007, 08:39:35 AM » |
|
so far so good, infectus in and dump read. altho seems to crash whenever i extract my dump ? using 0.88 with 1bl set i open my dump which reads as. cb + cd 4558, ce 1888, patch0 5759 and pairing has a value in it. when i click extract it crashes but still outpus 'stuff' to the dest folder. 0.87 wont load my dump at all tho ? seems ok atm altho reading is sloooow. got downgrader board to play with at some point when wife lets me  robinsod, is bk appears to be 1888 im assuming falcon bk != zephyr bk so poss need some guidance when i do come to dg |
|
|
|
|
Logged
|
|
|
|
|
Arakon
|
|
« Reply #229 on: December 24, 2007, 09:34:12 AM » |
|
it can't extract everything unless you have your cpu key. also, your dump may be corrupt, make two (better 3) dumps and do a hex compare to make sure they are completely identical.. only then you can assume that the dump is good.
|
|
|
|
|
Logged
|
I do NOT give support by email, PM, ICQ or whatever. Anyone annoying me that way will have his balls removed. With a rusty butterknife. Slowly. And I'll enjoy doing it.
|
|
|
|
Shaun
|
|
« Reply #230 on: December 24, 2007, 12:23:26 PM » |
|
ok, made 3 additional dumps to my inital one i played with, comapred them all in hexworkshop and all 4 are identical.
Can understand that older dump tools may error immediately due to the newer ms 2007 text which robinsod checks. Im not expecting to be able to extract everything just to check everything is 'working' as i plan to register the box and join live to make upgrade to the dash + xvid fix before attempting downgrade (which afaik is possible). if any of u chaps are about in irc i could do with a few pointers if poss
|
|
|
|
|
Logged
|
|
|
|
robinsod
Global Moderator
Xbox Hacker
Posts: 648
Perl packed my shorts during global destruction
|
|
« Reply #231 on: December 24, 2007, 12:41:53 PM » |
|
Currently it wont work  At least it didnt on the first Falcon the scene saw. The reason for the crash is trickier, my tools are very "hackerish and dont respond well to "unusual" flash images. PM me ......... |
|
|
|
|
Logged
|
|
|
|
|
Shaun
|
|
« Reply #232 on: December 25, 2007, 05:07:33 PM » |
|
ok ive reread the beginnings of this thread and chatted a little to robinsod.
my understanding is that 2bl has changed on new factory build board (ie falcon) which, along with other issues currently prevents dump extraction and downgrading. sw tools aside, does ne1 'know' what has changed ? bar reinstalling ida and cross decompiling and referencing the original firm / kernel / hv, im assuming several things
1bl key is unchanged - unlikely due to mass production costs
current existing updates can and always will be vulnerable to re due to access from vulnerable kernels and a comprimised platform.
also, 'part' of the encryption routine may have marginally changed to stop this which may or may not be easy to fix depending if a new 2bl can be re'd
now, from reading b4 i was fully aware of the falcon issue, sum1 had said about them fixing a cmp routine but not the one which the timing attack works on so theoretically the hardware is unchanged, the sw routine is unchanged so the attack can still work but somewhere something is different.
thoughts ? or directions for me to look into so i can frown alot please !
|
|
|
|
« Last Edit: December 25, 2007, 05:10:23 PM by Shaun »
|
Logged
|
|
|
|
|
Shaun
|
|
« Reply #233 on: December 25, 2007, 07:13:05 PM » |
|
ok reading http://www.xboxhacker.net/index.php?topic=8668.msg55044#msg55044 it seems 2bl is altered poss with a diff key /algo but is vulnerable to a timing attack, just not sure what can be done when u have the hash that the inital timing attack gets. poss same hardware used to find an alternate hash for 2bl / 4bl attack ? |
|
|
|
|
Logged
|
|
|
|
|
MODFREAKz
|
|
« Reply #234 on: December 31, 2007, 06:29:11 PM » |
|
found a small bug. if you want make EU version it create a HK/Asia and if you need HK/Asia regio, then you get EU  |
|
|
|
|
Logged
|
|
|
|
robinsod
Global Moderator
Xbox Hacker
Posts: 648
Perl packed my shorts during global destruction
|
|
« Reply #235 on: March 04, 2008, 04:03:14 AM » |
|
NAND Tool 88a is available in English http://rapidshare.com/files/96922443/360_Flash_Tool.88a.rar.htmlA small upgrade allowing the secdata.bin file to be decrypted. You need the XEX and CPU keys (the need for the XEX keys will go away soon, this is a temp fix for now) then extract the filesystem (3rd item in the extract dialog) and you will get a decrypted secdata.bin as well as a bunch of other stuff XEX1=A26C10F71FD935E98B99922CE9321572 XEX2=20B185A59D28FDC340583FBB0896BF91 Obviously, I don't know your CPU key |
|
|
|
« Last Edit: March 04, 2008, 08:46:50 AM by robinsod »
|
Logged
|
|
|
|
|
Pitfall6667
|
|
« Reply #236 on: March 04, 2008, 07:49:50 AM » |
|
nice one |
|
|
|
|
Logged
|
For some people, I wish they were disabled from the fingers on. That way, they wouldn't be able to post.
|
|
|
|
gigabite
|
|
« Reply #237 on: March 04, 2008, 04:11:12 PM » |
|
do the same with the 1BL key too: DD88AD0C9ED669E7B56794FB68563EFA IMHO
gigabite
|
|
|
|
|
Logged
|
 .ISO - he's a wannabe ... feel part of "t3h sc33n" yet ? QQ coming 2009  |
|
|
|
MODFREAKz
|
|
« Reply #238 on: March 04, 2008, 04:45:52 PM » |
|
Thx for update robinsod!!
- How about support for devkit dumps? (I can supply you with raw_dumps + cpu_key + ......)
- The HK/Asia-EU bug is still there, did you fixed it?
- What do you think about integrating "Degraded.exe" into "360 Flash Dump Tool"
|
|
|
|
|
Logged
|
|
|
|
|
zouzzz
|
|
« Reply #239 on: March 05, 2008, 12:34:22 AM » |
|
Thanks Robinsod. Team MODFREAKz (thanks you too): TF supports Dev dump 3215, 4548 but not the Dev dump 6683 ( ), i can extract/mod the kv but i can't extract the FS ( ). XEX1=A26C10F71FD935E98B99922CE9321572 XEX2=20B185A59D28FDC340583FBB0896BF91 1BL key : DD88AD0C9ED669E7B56794FB68563EFA |
|
|
|
« Last Edit: March 05, 2008, 01:03:15 AM by zouzzz »
|
Logged
|
|
|
|
|
