Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Xbox 360 Reset Glitch Hack - Unsigned Code on current Kernels incl. X360 SLIM

  • 28-08-2011 4:22pm
    #1
    Posts: 0 [Deleted User]


    Wow :D


    The reset glitch in a few words
    ===============================

    We found that by sending a tiny reset pulse to the processor while it is slowed down does not reset it but instead changes the way the code runs, it seems it's very efficient at making bootloaders memcmp functions always return "no differences". memcmp is often used to check the next bootloader SHA hash against a stored one, allowing it to run if they are the same. So we can put a bootloader that would fail hash check in NAND, glitch the previous one and that bootloader will run, allowing almost any code to run.
    http://libxenon.org/index.php?topic=145.msg614


«13

Comments

  • Closed Accounts Posts: 33,733 ✭✭✭✭Myrddin


    Aw, now I'm not gonna be l33t cuz I have a jtag :(

    Poor MS!


  • Registered Users, Registered Users 2 Posts: 8,584 ✭✭✭TouchingVirus


    It. Has. Happened!? OMG!

    *drools*


  • Closed Accounts Posts: 33,733 ✭✭✭✭Myrddin


    Whats the c-mod pcb thingy?


  • Registered Users, Registered Users 2 Posts: 1,686 ✭✭✭RealistSpy


    More Info:
    This hack cannot be patched :)

    But at the moment you cannot play any backup, just any applications compiled under LibXenon


  • Registered Users, Registered Users 2 Posts: 1,899 ✭✭✭megaten


    Looking forward to this maturing. I don't really use my xbox and it'd make a great emulation machine.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 8,584 ✭✭✭TouchingVirus


    RealistSpy wrote: »
    More Info:
    This hack cannot be patched :)

    I'm curious as to why the bootloader (CB) can't be patched so that memcmp returns the actual memcmp value, and not "no difference" all the time. Unless the reason memcmp is returning no difference is because of the glitch, if so then epic win :P
    But at the moment you cannot play any backup, just any applications compiled under LibXenon

    Good. Doubtless there are already smart people thinking how to get FreeBOOT running though :P


  • Registered Users, Registered Users 2 Posts: 8,584 ✭✭✭TouchingVirus


    I just read through it all there, absolutely epic stuff from the researchers, really. It is astonishing they were able to figure it all out and yes, it appears there is no way to patch this.

    The CPLD starter kit is rather pricey, and it's getting used every time the glitch happens so I'm going to wait until there's a smaller ARM/PIC version and then I'll get soldering. Fawking SWEEEEEEEEEEET!


  • Closed Accounts Posts: 33,733 ✭✭✭✭Myrddin


    it appears there is no way to patch this.

    I've heard that far too many times in Sony circles, MS will come up with something I'm sure. Though they're tipped to annouce the 360's successor at next years E3 so they may not invest too heavily in fixing this if it proves so.


  • Registered Users, Registered Users 2 Posts: 8,584 ✭✭✭TouchingVirus


    There might be a way to fix it, but it involves changing CB at the very least. So in other words, don't update :D But it's opened up pretty much all consoles to Xell/Homebrew, we're back to 2009 again :P


  • Closed Accounts Posts: 33,733 ✭✭✭✭Myrddin


    There might be a way to fix it, but it involves changing CB at the very least. So in other words, don't update :D But it's opened up pretty much all consoles to Xell/Homebrew, we're back to 2009 again :P

    Indeed, I wonder how long it'll take before we see the likes of FSD on a slim? Not long given how smart some of these guys are. That really came outta the blue!


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 8,584 ✭✭✭TouchingVirus


    EnterNow wrote: »
    Indeed, I wonder how long it'll take before we see the likes of FSD on a slim? Not long given how smart some of these guys are. That really came outta the blue!

    A real team effort over on XBH it seems, completely out of the blue though with no hints or "preview videos" or anything. Love the info dump :pac:


  • Registered Users, Registered Users 2 Posts: 808 ✭✭✭Jimbobjoeyman


    Wahey :D
    I knew it would eventually happen

    downside-there goes the jtag trade with its ridiculous prices

    edit-just looked at the install -thats some delicate soldering in places (makes the jtag hack look like childsplay).
    But Im going to do this to my jasper once this hack matures a bit more and theres more info on it
    Sickened xenons aren't compatible though


  • Registered Users, Registered Users 2 Posts: 1,582 ✭✭✭docentore


    finally something new to do.

    I'm going to deeper study it after my dissertation. can't wait!


  • Registered Users, Registered Users 2 Posts: 1,582 ✭✭✭docentore


    The CPLD starter kit is rather pricey, ...

    not really if you shop around. Farnell has one for £35 and I just found this. Time to buy one before they will be sold out!


  • Registered Users, Registered Users 2 Posts: 8,584 ✭✭✭TouchingVirus


    docentore wrote: »
    finally something new to do.

    I'm going to deeper study it after my dissertation. can't wait!

    Hope it's going well for you docentore :) Thanks for the link too ;)
    downside-there goes the jtag trade with its ridiculous prices

    A JTAG takes at least 2 hours to do between disassembly, soldering the nand, reading the nand, writing the nand, soldering the JTAG, testing and reassembly. Some boards are fussy and take much longer, I've had boards take me 5 hours trying this and that because the regular way doesn't work. This is free time, and I don't know about you but I'm not working in my spare time for free, or even remotely near minimum wage.
    Sickened xenons aren't compatible though

    Me too, but I have Jasper I can try it on :D


  • Closed Accounts Posts: 2,828 ✭✭✭Reamer Fanny


    Great news a little more than a year since the Slims release and they have already managed to crack it open


  • Registered Users, Registered Users 2 Posts: 8,584 ✭✭✭TouchingVirus


    Ordered a JTAG programmer and two C-mod boards (same ones used by the libxenon folks) so I've got one spare if anybody feels up for a challenge - PM me :)

    *Edit: Mods - if this breaks any rules or lies borderline, then work away. I'll post it for sale on adverts instead [when it arrives]*


  • Closed Accounts Posts: 2,828 ✭✭✭Reamer Fanny


    Ordered a JTAG programmer and two C-mod boards (same ones used by the libxenon folks) so I've got one spare if anybody feels up for a challenge - PM me :)

    *Edit: Mods - if this breaks any rules or lies borderline, then work away. I'll post it for sale on adverts instead [when it arrives]*

    First in line when it arrives how much did you get them for?


  • Registered Users, Registered Users 2 Posts: 8,584 ✭✭✭TouchingVirus


    Total price was €64 for two C-mod boards and the JTAG3 LPT programmer - USB XilinX programmers are definitely not cheap at €45+. Taking off the price of the JTAG3 cable, and splitting the costs down the middle it works out at €26.50 inc shipping each.

    Obviously ordering in bulk is the thing to do as shipping wasn't cheap but there's not much point in ordering lots as I'd say there are people converting it to work on other cheaper setups and Xecutor will likely come up with a nice fancy PCB job soon. I just couldn't wait :D


  • Registered Users, Registered Users 2 Posts: 1,582 ✭✭✭docentore


    I'm just after going through ebay and other sites in search for cheap jasper/slim with broken dvd etc. There are some cheap slim mobos on fleabay. Might pick up one to play around with it


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 8,584 ✭✭✭TouchingVirus


    I thought about that too but it'd be dodgy enough buying a slim mobo on ebay - never know what some guy has done to it like heatgunned the crap outta it :D

    I have a Jasper on the latest dash I'm going to test this on, got my eye out for somebody willing to loan me their slim too :P
    Thank you for your order.

    Because of an unexpected great demand for C-Mod we have a delivery bottleneck. At the moment we can't say a deliver time.
    We hope that we know more until tomorrow and inform you about a delivery time than.

    Your credit card reservation has not been booked yet.

    Thank your for understanding.

    Best regards

    LOL! :D


  • Registered Users, Registered Users 2 Posts: 8,584 ✭✭✭TouchingVirus


    FFplay360 was released - a homebrew media player based on ffmpeg that'll play 720p and they're working on 1080p too. This week just gets better!

    *Edit:* With the board being out of stock I might be able to amend my order to add more people on and split the cost better. Failing that I'll just go to the supplier myself, they deal with the public but it takes a bit longer for delivery. So yeah, if you're in any way interested in jumping on the early glitch train, PM me :)


  • Registered Users, Registered Users 2 Posts: 14,309 ✭✭✭✭wotzgoingon


    This is brilliant news! EPIC!


  • Closed Accounts Posts: 17,661 ✭✭✭✭Helix


    any relation between this and the new banwave thats just kicked off?


  • Closed Accounts Posts: 33,733 ✭✭✭✭Myrddin


    Helix wrote: »
    any relation between this and the new banwave thats just kicked off?

    Unlikely surely? Seeing as it cannot run backups at the moment it wouldn't be of interest to most of the folks the banwave would be targeting...


  • Registered Users, Registered Users 2 Posts: 8,584 ✭✭✭TouchingVirus


    Cmod supplies just dried up until October ... o_O :eek:


  • Closed Accounts Posts: 2,828 ✭✭✭Reamer Fanny


    Cmod supplies just dried up until October ... o_O :eek:

    Oh no! :O


  • Registered Users, Registered Users 2 Posts: 8,584 ✭✭✭TouchingVirus


    It's all right, I just trawled through a thread over on TX that said they've designed a Nand-x Add-on (like the Probe is an Add-on to the CK3) already. I guess the next stage is production of a few boards, testing, refinement and mass production. Should be seeing low-cost activity by then, and there'll probably be a rebooter available too :D


  • Closed Accounts Posts: 2,828 ✭✭✭Reamer Fanny


    It's all right, I just trawled through a thread over on TX that said they've designed a Nand-x Add-on (like the Probe is an Add-on to the CK3) already. I guess the next stage is production of a few boards, testing, refinement and mass production. Should be seeing low-cost activity by then, and there'll probably be a rebooter available too :D

    So TX have jumped on the glitch hack?


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 1,582 ✭✭✭docentore


    justryan wrote: »
    So TX have jumped on the glitch hack?

    thats excellent news for them. No more solutions one box for multiple consoles. They can sell thousands of modchips again


  • Registered Users, Registered Users 2 Posts: 8,584 ✭✭✭TouchingVirus


    justryan wrote: »
    So TX have jumped on the glitch hack?

    Ah yeah, I told you they'd want to spin a profit off it :p


  • Registered Users, Registered Users 2 Posts: 4,983 ✭✭✭Tea_Bag


    really looking forward to this. I'm all for homebrew stuff! not interested in backups tbh, but I really hope it doesn't ruin legit games with their **** 'infections'
    I just started getting back into COD4 last night but the game is ruined.


  • Registered Users, Registered Users 2 Posts: 8,584 ✭✭✭TouchingVirus


    Tea_Bag wrote: »
    really looking forward to this. I'm all for homebrew stuff! not interested in backups tbh, but I really hope it doesn't ruin legit games with their **** 'infections'
    I just started getting back into COD4 last night but the game is ruined.

    The rebooter is coming, you can guarantee that. And if you think it's bad now then wait until more consoles get in on the MW2 modded lobbies etc...


  • Registered Users, Registered Users 2 Posts: 4,983 ✭✭✭Tea_Bag


    The rebooter is coming, you can guarantee that. And if you think it's bad now then wait until more consoles get in on the MW2 modded lobbies etc...
    **** sake. for the life of me i cant work out why they do it? your e-peen doesnt get massive because you made yourself indestructible/cheated. it just ruins everyone elses game.

    last night i played against a guy who could only be killed by headshot, and i was in a public lobby. i literally stood behind him stabbing him 3 times before he turned around and killed me. after working it out that i only killed him when getting headshots, i went all R700 on him and kicked his ass. what a loser though.


  • Registered Users, Registered Users 2 Posts: 8,584 ✭✭✭TouchingVirus


    Tea_Bag wrote: »
    **** sake. for the life of me i cant work out why they do it? your e-peen doesnt get massive because you made yourself indestructible/cheated. it just ruins everyone elses game.

    last night i played against a guy who could only be killed by headshot, and i was in a public lobby. i literally stood behind him stabbing him 3 times before he turned around and killed me. after working it out that i only killed him when getting headshots, i went all R700 on him and kicked his ass. what a loser though.

    Hope you reported him for cheating too. I think there will be punkbuster-esque tech enabled in the next COD, software based anti-cheating instead of relying on the throughly-debunked idea of hardware-based security.

    As for why people do it? I honestly don't know. I don't get the appeal of walking around invincible or whatever. It ruins games for people who aren't modding. Just keep your JTAGs offline and be done with it.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 8,584 ✭✭✭TouchingVirus


    justryan wrote: »
    So TX have jumped on the glitch hack?
    Due to the new reset glitch hack announced this weekend by GliGli and Tiros, we are happy to announce a new add-on for the NAND-X Kit that is based on the Xilinx CoolRunner-II CPLD.

    This simple addon has been designed to work out of the box with the Zephyr, Jasper and Trinity(Slim) motherboards - and can also be updated for any future code changes / motherboard revisions.

    Simply connect the included Phat or Slim adapter to the Xecuter CoolRunner and away you go.

    Easily dump your nand with the Xecuter NAND-X and then install the Xecuter CoolRunner to get instant access to homebrew and beyond !

    Easy install for anyone who can solder. The Slim is 7 wires and the Phat is 6 wires.

    Production has started so you should expect these to be in stores within the next couple of weeks.

    As expected, product announced and in production already. Good they didn't try to milk this as a fully-fledged product too, hopefully it's reflected in the price.


  • Closed Accounts Posts: 2,828 ✭✭✭Reamer Fanny


    As expected, product announced and in production already. Good they didn't try to milk this as a fully-fledged product too, hopefully it's reflected in the price.

    Any idea why the Xenon motherboards are unsupported?


  • Closed Accounts Posts: 33,733 ✭✭✭✭Myrddin


    Bestpig is already on the glitch bandwagon, no need to go installing python etc...his usual gui goodness to the resuce

    http://www.bestpig.fr/news-26-ecc-glitch-generator-v10.html


  • Registered Users, Registered Users 2 Posts: 8,584 ✭✭✭TouchingVirus


    justryan wrote: »
    Any idea why the Xenon motherboards are unsupported?

    I guess the Xenon CPU isn't susceptible to the glitching. Different CPU revision and different track layout? Falcon isn't quite supported yet as they haven't figured out the timings but it'll come, somebody out there will figure it out.


  • Moderators, Technology & Internet Moderators Posts: 11,017 Mod ✭✭✭✭yoyo


    I guess the Xenon CPU isn't susceptible to the glitching. Different CPU revision and different track layout? Falcon isn't quite supported yet as they haven't figured out the timings but it'll come, somebody out there will figure it out.

    Its to do with the lack of HDMI port I read (The glitch uses the HDMI chip)

    Nick


  • Advertisement
  • Closed Accounts Posts: 2,828 ✭✭✭Reamer Fanny


    This glitch hack is a game-changer I'd imagine Microsoft are pissed!


  • Closed Accounts Posts: 33,733 ✭✭✭✭Myrddin


    justryan wrote: »
    This glitch hack is a game-changer I'd imagine Microsoft are pissed!

    Is it really though, surely XBL retains its security still? I'd wager MS care more for XBL subscribers than those with lone consoles off the grid. Plus the 360 is almost at the end of its run, with the successor tipped to be annouced at E3 2012.


  • Registered Users, Registered Users 2 Posts: 8,584 ✭✭✭TouchingVirus


    yoyo wrote: »
    Its to do with the lack of HDMI port I read (The glitch uses the HDMI chip)

    Nick

    The glitch uses a call on the HANA/ANA to slow the clock of the CPU to get the timing right but the Xenon has a HANA/ANA chip so I can't see why that's the problem :confused: Oh well, either way a Xenon version doesn't look likely since they're the most abundant version available cheaply and the guys didn't release one initially


  • Closed Accounts Posts: 2,828 ✭✭✭Reamer Fanny


    The glitch uses a call on the HANA/ANA to slow the clock of the CPU to get the timing right but the Xenon has a HANA/ANA chip so I can't see why that's the problem :confused: Oh well, either way a Xenon version doesn't look likely since they're the most abundant version available cheaply and the guys didn't release one initially

    Could be due to different pinouts? The xenons have a surface mount style ANA chip while the HDMI versions are mounted by BGA


  • Registered Users, Registered Users 2 Posts: 8,584 ✭✭✭TouchingVirus


    EnterNow wrote: »
    Is it really though, surely XBL retains its security still? I'd wager MS care more for XBL subscribers than those with lone consoles off the grid. Plus the 360 is almost at the end of its run, with the successor tipped to be annouced at E3 2012.

    Ah yeah, XBL security is still very much intact and that is the way it should be to be honest. You either get your console and do your homebrew offline or you stay way from homebrew and enjoy online gaming/benefits. That's cause enough for two consoles in my book.

    As for the 360 being almost at the end of its run - nah, not unless Microsoft throw some serious money at the project. E3 2012 is 10 months away but Microsoft were only advertising jobs for Hardware/System Architects in March 2011 (rumoured to be Xbox 360 successor jobs). I expect nothing, but an early prototype at E3 2012 is a possibility. Microsoft was looking at the life of the current gen of consoles extending until 2014/2015


  • Registered Users, Registered Users 2 Posts: 8,584 ✭✭✭TouchingVirus


    justryan wrote: »
    Could be due to different pinouts? The xenons have a surface mount style ANA chip while the HDMI versions are mounted by BGA

    Ah yes, I suppose I could change around my original hypothesis that it was a difference in CPU revision to a difference in HANA/ANA revision preventing the lowering of the clock in Xenon models. I would read more into it but the bottom line doesn't change, no Xenon exploits :(


  • Registered Users, Registered Users 2 Posts: 14,309 ✭✭✭✭wotzgoingon


    I'd say Microsoft have teams working around the clock trying to counter this glitch hack.


  • Moderators, Technology & Internet Moderators Posts: 11,017 Mod ✭✭✭✭yoyo


    I'd say Microsoft have teams working around the clock trying to counter this glitch hack.

    Just don't update the box :P:P

    Nick


  • Closed Accounts Posts: 33,733 ✭✭✭✭Myrddin


    yoyo wrote: »
    Just don't update the box :P:P

    Nick

    Indeed, once a console is jtagged there's very very little that can't be done on it with regards future games/security etc.

    New hardware revision? Unlikely.
    New mandatory dash? Highly likely.
    Patchable? Maybe not, but with added security I'm sure MS will find a way to compensate?
    Will it matter? The XBL users will have to go with it. It's buy a 2nd console time in my eyes though :)


  • Registered Users, Registered Users 2 Posts: 8,584 ✭✭✭TouchingVirus


    New hardware revision isn't likely? Nah, of course it is. If this can be defeated with a hardware solution they'll see what they can do in future slim revisions - it's Microsoft and they're changing up the DVD drives often enough to let you know they mean business :D If they have a software solution to fix it then yes, they'll be releasing a new dash so don't update.

    Get your glitchable xbox and get your virgin for Live; the homebrew train is here and isn't going anywhere :P


  • Advertisement
Advertisement