New homebrew hack coming DONT update your consoles!!

[Danielle]

Felix Domke, Michael Steil, Free60 Project; 11 August 2009
Dangerous Xbox 360 Update Killing Homebrew
On Tuesday, Microsoft has released an Xbox 360 software update that overwrites the first stage bootloader of the system. Although there have been numerous software updates for Microsoft's gaming console in the past, this is the first one to overwrite the vital boot block. Any failure while updating this will break the Xbox 360 beyond repair. Statistics from other systems have shown that about one in a thousand bootloader updates goes wrong, and unless Microsoft has a novel solution to this problem, this puts tens of thousands of Xboxes at risk.
It seems that this update is being done to fix a vulnerability already known to the Free60 Project. This vulnerability has been successfully exploited to run arbitrary code, and a complete end user compatible hack has been in development for some time and is planned to be released on free60.org shortly. It will allow users to take back control of their Xboxes and run arbitrary code like homebrew applications or Linux right after turning on the console and without the need of a modchip, finally opening up the Xbox 360 to a level of hacking as the original Xbox.
Because of the dangerousness of the update and the homebrew lockout, the Free60 Project advises all Xbox 360 users to not update their systems to the latest software version. The Project website at Main Page - Free60 Project will provide the latest information on this ongoing topic, including the final hack software.
Free60 (Main Page - Free60 Project) is a project that aims to enable Xbox 360 users to run homebrew applications and operating systems like Linux on their consoles. The effort is headed by Felix Domke and Michael Steil, who have a background in dbox2, Xbox and GameCube hacking, and who have spoken at various conferences about their findings. Two years ago, Free60 released a hack that allowed arbitrary code execution using a game ("King Kong Hack") as well as an adapted version of Linux, but this possibility has been disabled by Microsoft in subsequent updates of the Xbox 360 software.
Felix and Michael have repeatedly argued that game console manufacturers should open up their platforms to Linux and homebrew, similar to what Sony has done with the PlayStation 3.
Free60 is a project towards porting GNU/Linux, BSD, Darwin and related open-source operating systems to the Microsoft Xbox 360 video game console.

• 3-core PowerPC, 3.2 GHz
• 512 MB of RAM
• ATI graphics
• (optional) 20 GB hard drive

• DVD drive
• 3x USB 2.0
• 100 MBit Ethernet
• TV/VGA support

Status

• Run Code: You can run your own code on Xbox 360 systems with kernel versions 4532 and 4548. If you own a box manufactured before 2007, upgrade to one of these versions, but to no later one. A new hack is in development which works on all consoles not yet updated to the 849x update (Summer 09). This hack will be released soon.
• Linux Bootloader: A preliminary second-stage boot loader exists.
• Linux Kernel: Patches for the Linux kernel to support a large part of the Xbox 360 hardware exist. As long as you're waiting for a convenient way to boot, you can set up your cross compiler environment.
• Linux Distributions: Several LiveCD variants and installation howtos for Debian-etch, Ubuntu7.04 and Ubuntu7.10 are available.

[Danielle]

Quoted from xbox-hacker.net by Tmbinc

Quote:

We kept on working on this idea, and it worked out. pretty well. We use JTAG to program the DMA target addr, and then SMC to trigger the DMA read. The exploit itself is based on the old 4532 exploit.

The magic is how we launch 4532 - there is a "backdoor" for manufacturing since CB 1920. We have been able to restore the newer CD versions for all hardware types.

This means:
- We can boot own code in HV context ~5s after boot, before any video output, right after the kernel runs.
- we need to reflash the flash, and add 3 resistors for the JTAG (no modchip required! but you might want a dual-nand modchip),
- 8498 kills this by updating the bootloader - it blacklists 4532/4548. it also does hw init stuff which might interefere with the jtag hack, we don't know yet.
- we have a proof of concept hack, we will release it SOON (a matter of hours/days, not more - promised.).
- DON'T UPDATE to summer 09. Did i already say this?
- you don't need to know your cpu key. You can update to all BUT summer '09. you don't need a dvdrom.
- It works on all xenon, zephyr, falcon, opus, jasper. Unless you have updated to 849x. Then you're screwed.

[Danielle]

hahahaha That lasted along time

Quote:

I got some inside info from some people who knew about this exploit for quite a while. They said that the announcement was a leak and the exploit was not being released. I guess they are trying to get the whole announcement removed from here and free60...

This is just what I heard so don't go updating your xbox yet but there is a good chance it won't come out considering my source is very (unfortunately) reliable.

Knickers

[sal]

they would only capitalise on it by selling expensive jtags and such with fancy chips attached so you cant build your own cheaper.

also 360 as reliable as it is does not make a good homebrew platform.

in fact it sux,big time.

i suppose blakey will stick his numbskull in now and say i am mocking you

[Danielle]

XBMC360 would rock HD video being able to get cpu key, custom dashboards huge hard drives, all would be a lot easier IF it surfaces and on what form This could open the door to Xbox 1 levels of busted open. Make no mistake this is the real deal (or why would m$ risk messing with the bootloader) but if we see it is another thing

[BL4K3Y]

I won't stoop down to your level because i'm not going to get myself banned for the sake of arguing with you. Call me what you like, you will be banned sooner or later.

[sal]

well thats off topic and i did say you would stick your nose in.

one thing is for certain,i wont be getting banned for you,i can guarantee you off that.

you seem to think the mods are wrapped around your fingers and the world revolves around you.no it dosnt.your the victimiser and if i wanted to prove it all the proofs in your posts,unlike you i dont go running crying.

2 x i have told you and was right yet you boo hoo.

cygnos360 is not capable of getting the key,only some sort of exploit run from linux or such and that needs no hardware to run bar a way to get it on the 360 and cygnos is not one of them,there wont be any linux for a long time.

you see this:

The Cygnos360 v2.0 has an onboard NAND-flash memory and the external addon (included) allows you to flash it with a PC via USB. With the external switch you can also easily switch between the motherboard and Cygnos flash memory, so u can switch between the lastest MS kernel and an exploitable kernel to boot Linux via the King Kong exploit

the exploit they was supposed to be relasing needs no chips only a way to get there in the first place,thats by their method unless people steal their code and rework it.

but,alas no release no nothing.



see ya.

[Danielle]

Nope its still the same people and the same hack just been developed more

Quote:

I used a Cygnos v2 sample i got (thanks!) and flashed the hack on the cygnos NAND. The original NAND was untouched. I can now boot either the hack or my NXE dash :-)
I opened a virgin box for that. No DVD hack, nothing. Just flashed it onto that Cygnos NAND and bingo...

YouTube - new jtag hack booting off a Cygnos360 NAND

[sal]

the vid looks just as dubious as most the hoax vids going.

all this news does is entertain for a while,so i suppose it does that at least although it might be not much more than a minutes worth of entertainment.

[Danielle]

Quote:

Originally Posted by sal

the vid looks just as dubious as most the hoax vids going.

all this news does is entertain for a while,so i suppose it does that at least although it might be not much more than a minutes worth of entertainment.

If you knew anything about the scene you would know this is pucker, but your right in the fact we may never see it or if we do a watered down version of what is possible..