XboxHacker BBS
 
Home Help Search Login Register
*
Welcome, Guest. Please login or register.
Did you miss your activation email? 		May 22, 2013, 03:26:01 AM


Login with username, password and session length


XboxHacker BBS > Xbox 360 > Xbox 360 General Discussion (Moderators: SiliconIce, Arakon, Redline99) > Cpu key made at factory.
Pages: 1
« previous next »
  Print  
Author Topic: Cpu key made at factory.  (Read 2777 times)
tumba
Member
**
Posts: 30


View Profile
« on: July 25, 2007, 11:31:21 AM »
I get that the cpukey is "written" at the factory, now i was wondering how it is made (calculated)

is it like the first one that goes trough the plant is called for example 100001 and the second one is 100002?
Logged
vax11780
Hacker
***
Posts: 94


View Profile
« Reply #1 on: July 25, 2007, 12:41:17 PM »

Only MS knows. You can bet that it isn't a simple sequential calculation, more likely a psuedo-random number or even a true random number.
Logged
Join my Folding@Home team! Download software from folding.stanford.edu, and join team 13356. PS3's welcome!
tumba
Member
**
Posts: 30


View Profile
« Reply #2 on: July 25, 2007, 01:10:51 PM »
Thx for the reply mate.

And making a database, for cpu, manufactory date etc wouldnt help since like 0.1% the 360 owners can get ahold of their cpu key.
Logged
tmbinc
Global Moderator
Master Hacker
*****
Posts: 286


View Profile
« Reply #3 on: July 25, 2007, 03:55:23 PM »
The code is in the hypervisor "burn fuses" syscall. It will randomize the number by setting a predetermined number of bits at random positions. I don't think there is a database.

(If Microsoft would want to recover a box, they could just go trough manufacturing mode.)
Logged
Please don't copy/quote full text outside this board. Instead, summarize and link to this post. Thanks! This lets me keep information updated and doesn't pull things out of context.
Oneohm
Master Hacker
****
Posts: 100


View Profile
« Reply #4 on: August 06, 2007, 01:34:05 PM »
A good discussion might be on how can we remake the manufacturing mode.
Logged
tumba
Member
**
Posts: 30


View Profile
« Reply #5 on: August 06, 2007, 03:00:15 PM »
However the timing attack seems to be working wich is really nice, so what would be gained by making a factory-reset?
Logged
tmbinc
Global Moderator
Master Hacker
*****
Posts: 286


View Profile
« Reply #6 on: August 07, 2007, 04:03:10 PM »
The mfg mode requires a challenge with an RSA key, so forget it (unless you find bugs in the mfgbootlauncher.xex).
Logged
Please don't copy/quote full text outside this board. Instead, summarize and link to this post. Thanks! This lets me keep information updated and doesn't pull things out of context.
Oneohm
Master Hacker
****
Posts: 100


View Profile
« Reply #7 on: August 08, 2007, 04:52:24 PM »
Not so much finding bugs but reinitialize it like you do on a notebook. I've been finding that they are using a debug board to program the initial boot loader and launch the first firmware programming. The problem is that the debug tool would have to have a firmware of its own to boot the box.
Logged
sentinel0
Master Hacker
****
Posts: 200

Lost and Confused


View Profile WWW
« Reply #8 on: August 08, 2007, 05:32:43 PM »
The largest problem with the mfgbootlauncher.xex I think was posted is the c/r
Logged
Pages: 1
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC

Valid XHTML 1.0! Valid CSS! Dilber MC Theme by HarzeM