Προς το περιεχόμενο

XBOX 360 Hacking Topic

sargos

Από τον sargos
στο Console Games

Προτεινόμενες αναρτήσεις

klainmaingr Grand Master

klainmaingr

Δημοσ.
Δημοσ.

Yparxei kapoio site me plhreis guides gia firmware modification olon ton ekdoseon ton Drive?

 

Exo diabasei sxedon oles tis selides tou thread alla katalabaino pos apo to 2005 pou exei dhmiourgithei to topic mexri shmera ta pragmata exoun allaksei arketa! (Stealth - ixtreme - banned consoles etc)

Auto pou me endiaferei kyrios einai an yparxei kapoia ekdosh pou prepei na APOFYGO kai an yparxei kapoia ekdosh pio eykola anabathmisimi kai pio

mod-ath ;)

 

Typou : pare ena 1.50ri psp k oxi ena 3.50ri...

 

Apo to afterdawn den exo brei oloklhromenes apanthseis (exei men guides gia sygkekrimena drive alla... prospatho na kano mia PREBUY ereyna... mhn bretho me ena kouba pou den tha mporei na paizei ta antigrafa asfaleias mou :P

 

Kai telos na po kai edo pos an yparxei h paramikrh periptosh kapoios na barethike - sixathike -exei 2 - kerdise - brhke Xbox360 kai thelei ena wii gia antallagma na mou sfyriksei :P

Yg: Diplofournista k bannarismena mhxanhmata na ta kanete kadro :}

  • Απαντ. 5,5k
  • Δημ.
  • Τελ. απάντηση
jimaros Mentor

jimaros

Δημοσ.
Δημοσ.
Yparxei kapoio site me plhreis guides gia firmware modification olon ton ekdoseon ton Drive?

 

Exo diabasei sxedon oles tis selides tou thread alla katalabaino pos apo to 2005 pou exei dhmiourgithei to topic mexri shmera ta pragmata exoun allaksei arketa! (Stealth - ixtreme - banned consoles etc)

Auto pou me endiaferei kyrios einai an yparxei kapoia ekdosh pou prepei na APOFYGO kai an yparxei kapoia ekdosh pio eykola anabathmisimi kai pio

mod-ath ;)

 

Typou : pare ena 1.50ri psp k oxi ena 3.50ri...

 

Apo to afterdawn den exo brei oloklhromenes apanthseis (exei men guides gia sygkekrimena drive alla... prospatho na kano mia PREBUY ereyna... mhn bretho me ena kouba pou den tha mporei na paizei ta antigrafa asfaleias mou :P

 

Kai telos na po kai edo pos an yparxei h paramikrh periptosh kapoios na barethike - sixathike -exei 2 - kerdise - brhke Xbox360 kai thelei ena wii gia antallagma na mou sfyriksei :P

Yg: Diplofournista k bannarismena mhxanhmata na ta kanete kadro :}

 

To prwto pou prepei na kaneis einai na pareis to 360 sou:)...De mporeis na kaneis tpt gia to drive pou 8a exei mesa opote den exei nohma..Mexri stigmhs ola ta drive mporoun na flasharistoun...Mono gia to nec den 3erw alla den 3erw an vgainei sthn eyrwph:???:...Oso gia to xbox live mexri twra to ixtreme den exei dokimastei kai toso polu....Opote mporei na etoimazesai kai sy gia to kadraki sou..:mrgreen::mrgreen:

jimaros Mentor

jimaros

Δημοσ.
Δημοσ.

ELEOS GAMW THN TRELA MOU GAMW...ELEOS...EXW KAPSEI 6 DISKAKIA GIA NA GRAPSW ENA GAME KAI H VLAKEIA TO IMGBURN MOU PETAEI GIA PRWTH FORA ENA SFALMA 3ARFWTO TELEIOS....

 

E 15:25:54 Failed to read from file: XGD2DVD_NTSC.ISO

E 15:25:54 Reason: Το χρονικό όριο του σηματοφορέα (semaphore) εξαντλήθηκε.

 

Ti sto diaolo einai touto mporei na mou pei kapoios????Ta xw parei agria....Ti sto diaolo ftaei....

Stormwatch Experienced

Stormwatch

Δημοσ.
Δημοσ.

Συνεντευξη του Specialist στο Xlife.nl

 

 

* Xlife.nl:To start with you'll find a quote from TheSpecialist explaining some details of the Xbox 360 security

* TheSpecialist: All executables on the Xbox360 have a signature. This signature is checked by the hypervisor. If we can modify the hypervisor, we can run homebrew.

However the hypervisor is also signed.

The bootsequence is as follow. The first thing that will happen when you power on the Xbox360 is loading the bootloader (=1bl). This is a very small file because it's extremely expensive put store huge files on the CPU. So the bootloader doesn't do much more than load a 2nd (bigger) bootloader (2bl). This one is found on the Xbox360 flash (which you can decrypt/dump with our tool). Also this 2bl has a signature checked by the 1st bootloader (1bl) located in the CPU ROM. The 2bl will then start a sequence to put together the kernel (with the 'base' kernel (1888) and the patches) and the hypervisor. Once done it will start both kernel and hypervisor.

So if you want to run unsigned code you should be able to get around the 1bl. Then you could install your own bootloader that will not check the signature of the 2bl and then you patch the 2bl so it doesn't check the signature of the kernel/hypervisor which would allow you to patch this to remove all checks on signature of executables. Basically it's a chain of signature checks: 1bl checks signature of 2bl, 2bl checks signature of kernel and hypervisor and hypervisor checks the signature of executables. So if you can break the start of the chain, you can change all the rest like you want.

But to get around the 1bl is not easy as it's located on the CPU ... but nothing is impossible.

 

* Xlife.nl: The DVD Firmware hack has been out for more than 1 year now, tell us what happened and what you have been up to since then.

* TheSpecialist: After the disclosure of the DVD FW hack I didn't do any hacking for a few months. Once you start with which a project you really put lots of time in it and it's often hard to stop certainly if you are constantly making progress. It's a bit like watching series like '24' or 'Lost': if you have all episodes it can be very hard to stop because you just want to know what happens next. It's just the same with hacking, you keep progressing and it's hard to take a minute of rest. Thus when the DVD FW hacking was done, I think it was time to do 'nothing' for a while.

But after some time it started to itch again and then I started working on the HDD resulting in 'HDDHackr'. Just after I released that the 'Hypervisor Exploit' got released which opened tons of new possibilities. Then we started researching the flash encryption which resulted in the release of the 'Flash Dump' tool that allows you to decrypt the whole Flash NAND, dump the kernel and keyvault and the latest version even allows you to downgrade your kernel IF you know your CPU key.

Now that these tools start to work great, we started working on a new tool that will allow you to unpack and decrypt XEX files. That tool got finished too in meantime and we can finally decrypt and analyze ALL code found on the Xbox360. However that's a HUGE job. So we are now working on new tools to make analyze all this code a bit easier, for example by recognition and labeling of standard functions in code and stuff like that.

 

* Xlife.nl: So you managed to dump the Xbox 360 kernel. On the DVD FW hack you worked with 6 other hackers, how many people are you working with on this new project?

* TheSpecialist: I work a lot with Robinsod of XBH. But we of course also talk a lot with with other hackers like tmbinc, who found the hypervisor exploit. And there are of course also lots of discussions on XBH.

 

* Xlife.nl: What do you think of the security Microsoft implemented to protect their kernel?

* TheSpecialist: Very good! Microsoft has often been in the news about the lack of security in Windows, but I can only have respect for the security on their Xbox360. The Xbox360 was announced as the most secure console ever. Of course they made a huge mistake on the security of the DVD FW, but the security in the core is really really good.

The idea of the hypervisor and certainly the fuses is simply genius. Putting the bootrom in the CPU was also a real good idea. All communication is encrypted as it should be. Even now we can dump and decrypt all program code and nothing is really 'secret' anymore we still can't run unsigned code on the new kernels. I think that says a lot.

On the other side there's now a huge amount of program code we can analyze. That will just take a lot of time. With the release of the newest info and tools I think it won't take so long until a new hack comes out.

 

* Xlife.nl: You told me that while decrypting the 4552 kernel you found stuff related to DVD FW detection/bans. Is this protection any good? Or does it look better than it really is?

* TheSpecialist: I didn't do any direct research on that, since the disclosure of the DVD FW hack I didn't do any research on it and I also don't plan to do this in the future. The biggest goal of the DVD FW hack was to help find a way to run unsigned code, which also happened. Without the DVD FW hack there would still be no way to run unsigned code on the exploitable kernels.

However I did notice a few things while analyzing the kernel, like the clear text names and types of the DVD drives which weren't found in older kernels. It's obviously used to recognize the type of DVD drive connected with your Xbox360. But like I said earlier I'm mostly working on finding a way to run unsigned code now.

 

* Xlife.nl: Now that we are talking about bans, what's your opinion on the subject?

* TheSpecialist: It's of course not fun for end-users that they can or have been banned. But you have to look at this from the 2 point of views. I'm pretty sure Microsoft has been thinking about a way to motivate people not to play backups. Sony did the same and recently came in the news saying they want to hit hard on users with hacked PS3s, with lawsuits and more. I can imagine what they want to achieve, but if you look at it this way I think Microsoft is doing it in a 'friendlier' way, and thus I have more respect for the way Microsoft is handling it than how Sony wants to do it. And of course ... the Xbox 360 is way better than that stupid PS3, haha

 

* Xlife.nl: Did Microsoft ever try to contact you after the DVD FW release?

* TheSpecialist: No

 

* Xlife.nl: If you manage to hack the kernel (and I have full faith you will) and get total control over the console, will it get distributed like the DVD FW hack, or with it only be announced?

* TheSpecialist: If someone is trying to force the front door of your house, you can call the cops. I think there will only be few people that won't do this, no matter if the person actually manages to get in your house. Microsoft could have chosen for such a strategy too and send their lawyers against the hackers. No matter if that actually leads to any result, these type of lawyers can destroy you.

Luckily they never did that (unlike Sony who's currently threatening with lawsuits for PS3 hacks). Instead they even invited tmbinc and Bunnie after the hypervisor exploit to come to them to talk about the hack. There was lots of criticisms from 'the scene' about this, but I think it was very 'clean' and I have a lot of respect with the way Microsoft currently handles hackers. I think people should not forget that if Microsoft would start threatening with lawsuits many hackers might give up and there might be no new hacks at all.

So in the end I'm very happy with this strategy. As 'counter-payment' I think it's only normal that the hacking scene plays it 'clean' too and talks with Microsoft before releasing a new hack. On the other side, by now everyone knows that they have to remove the R6T3 resistor [which prevents MS from blowing new fuses during kernel upgrades] and I think that everyone that has any interest in running unsigned code already did this. So concerning that I don't think it will make a lot of difference for the end-users and they will still be able to enjoy the hack.

jimaros Mentor

jimaros

Δημοσ.
Δημοσ.
me clonecd dokimases?

 

variemai na psaxnw tora spasmeno to clonecd kai e3allou olo ton kairo me imgburn eggrafa xwris kanena prob...Ti diaolo egine den mporw na katalavw...Den 3erw an to prob einai apo to pionner h apo to program re gamwto...

jimaros Mentor

jimaros

Δημοσ.
Δημοσ.

Afou 3ylwsa to imgburn, ekana format to firmware to pioneer kai to 3anaperasa , grafw me dvd decrypter to 7 ridisk...Etsi kai mou to kapsei 8a ginei ths tourkogyfthsas....

panther_512 Crazy Insomniac

panther_512

Δημοσ.
Δημοσ.

E, εντάξει, το iso σου μπορεί να είναι corrupted.

 

Δοκίμασε κάποιο iso που έχεις γράψει στο παρελθόν. Αν το γράψει, τότε φταίει το συγκεκριμένο iso που προσπαθείς να γράψεις.

modecris Proficient

modecris

Δημοσ.
Δημοσ.

Δοκίμασε να κάνεις επαναφορά συστήματος μήπως και το πρόβλημα

οφείλεται σε τίποτα drivers,dll κτλ.Αν και αφού λέει ''Failed to read from file'' μάλλον φταίει το iso ή το pionner.

Isobitis_r Experienced

Isobitis_r

Δημοσ.
Δημοσ.

to teleyteo kairo exw sto mialo moy ena pragma, oti polla xbox360 petane to ring of death kai mias ki egw to exw anoiksei kamposes fores kai h ms leei oti den ti8ete 8ema eggyhshs an pa8ei kati (estw kai to overheat toy gpu), ksekinisa simera to apogeyma apo nwris na kanw kati, mpas kai prolabw to kako giati an moy anapsei to ring of death apo to overheat, 8a meinw me thn glyka oti eixa kapote to x360. Afoy to anoiksa, kai to eblepa mesa kai epsaksa kai ligo sto net gia plirofories (opws poy bazei h ms thn trith psixtra) ekana to ekseis:

Apo ena silent cooler poy eixa se mia palia vga pira to heatpipe to opoio katelige eksw apo to pc se mikra lamarinakia (kati san psixtra) kai afoy ta strabwsa me prosoxh ebala arctic silver 5, kai ebala tis 2 akres toy anamesa apo 2 lamarinakia ths psixtras toy GPU, ki enw skeftomoyn pws 8a to sterewsw ayto ekei, meta moy eir8e h idea, oti dildi den xriazete sterewma mias kai to dvd rom ka8ete akribos apo panw apo thn psixtra, afoy ksana sindesa to dvd kai to topo8etisa sth 8esh toy opws htan anoixth h konsola thn anapsa kai ebala ena game, apla gia na dw an ta heatpipe poy ebala 8a zesta8oyn. Ayto pige poly kala mias kai ta lamarinakia sto telos twn heatpipes zesta8ikan arketa, sth synexeia eixa ena mikro funaki, kai to topo8etisa apo panw kai ligo dipla apo ta lamarinakia (mprosta apo thn psixtra toy cpu kai dipla akribos apo to dvdrom), ebala ta kalodia toy sto shmeio poy pairnoyn reyma ta funakia toy xbox, kai ton sterewsa me 2 dematika to ena sto keno ths bidas toy dvdrom kai to allo apo to plastiko podaraki ths fisoynas kai to ksana anapsa na dw an ola pane kala. Ola super, (h wra 12 kai kati) ksekinaw loipon tsoykoy tsoykoy na kleisw thn kosnola, eixa problima omws giati h8ele ligo zori gia na kleisei. afoy ekleise to anapsa kai tsoyp 2 kokkina fwtakia....

Me ta polla gia na mhn polylogo ayth thn stigmh den exw bidwsei tis 2 deksies bides (tis fisoynas kai tis gwnias panw apo ta usb) kai epeiseis apo ayth th pleyra den zorisa thn kosnola na kleisei (ta kapakia) diladi ola ta kapakia einai ok ektos ths prosopsis, kai apo deksia ta gantzakia einai anoixta. etsi doyleyei kanonika, an omws to kleisw petaei 2 kokkina fwtakia. KApoy eixe parei to mati moy kapoion na leei gia to sfiksimo stis bides.... den kserw lete na ftaei ayto? h mimpos an kati zorizei to "blepei" kai bgazei fail?? exei kaneis kamia idea???

Sorry gia to long post, foto an 8elete 8a anebasw ayrio, exei asxoli8ei kaneis allos me to overheating??

Stormwatch Experienced

Stormwatch

Δημοσ.
Δημοσ.

Αφου το εσκισες που το εσκισες, βγαλε τα xclamps απο το κατω μερος της motherboard και αντικατεστισε το με βιδες...(δες προσφατο post μου)

Θα εχεις πολυ καλυτερα αποτελεσματα απο τα αυτοσχεδια heatpipes (καλη ιδεα παντως ;) )

 

Παντως τα δυο λαμπακια σημαινουν υπερθερμανση.Προφανως οταν το κλεινεις κατι πιεζεται και ανασηκωνεται η ψυχτρα

Isobitis_r Experienced

Isobitis_r

Δημοσ.
Δημοσ.

h arxiki idea basika htan na antikatastisw thn 8ermoagwgimi ths ms me thn arctic silver 5.... to opoio telika den egine giati den exw to katsabidi gia tis mamisies psixtres, pros to parwn 8a to kratisw etsi kai apo septembrio olo kai kati 8a kanoyme. 8a koitaksw gia to post soy giati sigoyra me endiaferei :) thanks gia thn apanthsh, ta kokkina ta petaei sto boot kai meta to prwto cycle toy ring.

 

Etsi opws to les "antikatestise to me bides" akoygete eykolo, alla me mia prwth matia poy eriksa, 8elei to psaksimo toy.... :D

Αρχειοθετημένο

Αυτό το θέμα έχει αρχειοθετηθεί και είναι κλειστό για περαιτέρω απαντήσεις.

Επισκέπτης
Αυτό το θέμα είναι πλέον κλειστό για περαιτέρω απαντήσεις.
Προς την λίστα θεμάτων
  • Δημιουργία νέου...