Advertisement
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
If we do not hit our goal we will be forced to close the site.

Current status: https://keepboardsalive.com/

Annual subs are best for most impact. If you are still undecided on going Ad Free - you can also donate using the Paypal Donate option. All contribution helps. Thank you.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.

Can a 360 kernel be "downgraded"

  • 19-10-2010 04:00PM
    #1
    Registered Users, Registered Users 2 Posts: 8,581 ✭✭✭


    No, is the basic answer.

    However there is the Cygnos360, which I've just bothered my ass to research, and that appears to have the ability to load alternative kernels/dashboards to the one that's physically installed on the 360 (i.e. it could load a lower kernel so you could possibly run the JTAG exploit).

    I'm curious as to how this can work and what you other folks think about it. I'd be interested in turning a few 9199/8955 banned consoles into JTAGs if it actually works :D


Comments

  • Closed Accounts Posts: 2,828 ✭✭✭Reamer Fanny


    Just on a unrelated note have you seen the new utility that can dump the Slim's firmware? I made a thread in this forum but you guys haven't caught on yet


  • Registered Users, Registered Users 2 Posts: 8,581 ✭✭✭TouchingVirus


    justryan wrote: »
    Just on a unrelated note have you seen the new utility that can dump the Slim's firmware? I made a thread in this forum but you guys haven't caught on yet

    First off, I've read the thread and the one over on XBH. Geremia did some work but it's still incomplete. It doesn't seem to work on certain drives/setups and it seems he's abandoned the cause for the time being. It was a stepping stone but I'll prefer to leave my comments until we've got a something a little more solid ;)

    Back to my own topic, I should add that the CygnosV2 seemingly doesn't care about what efuses are blown or what dash you're currently running. It only cares that you have a particular type of motherboard.


  • Posts: 2,032 ✭✭✭ [Deleted User]


    Once the Efuse (8955 update)is blown in the CPU there is no way the current exploit work.

    even if the dash was downgraded the exploit would still be unusable.


  • Registered Users, Registered Users 2 Posts: 8,581 ✭✭✭TouchingVirus


    cisk wrote: »
    Once the Efuse (8955 update)is blown in the CPU there is no way the current exploit work.

    even if the dash was downgraded the exploit would still be unusable.

    Were efuses not blown several updates before 8955? As far as I remember 8955 wasn't the first one to blow an efuse.

    If not then my bad, stupid thread :P It did seem to go against everything I know about the 360, but I thought I'd open it up to the wider forum - cisk's there with the reality check :D


  • Closed Accounts Posts: 2,828 ✭✭✭Reamer Fanny


    First off, I've read the thread and the one over on XBH. Geremia did some work but it's still incomplete. It doesn't seem to work on certain drives/setups and it seems he's abandoned the cause for the time being. It was a stepping stone but I'll prefer to leave my comments until we've got a something a little more solid ;)

    Back to my own topic, I should add that the CygnosV2 seemingly doesn't care about what efuses are blown or what dash you're currently running. It only cares that you have a particular type of motherboard.

    Just keeping you on your toes, it's exciting news and interesting to see some work finally published on the Slim


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 8,581 ✭✭✭TouchingVirus


    justryan wrote: »
    Just keeping you on your toes, it's exciting news and interesting to see some work finally published on the Slim

    I actually don't find it exciting, it was inevitable that work would begin on the Slim. In fact I'd say most of the research work on the Xbox 360 is now begin done on the Slim - is the new console open to a JTAG or other vulnerabilities, is the new console open for firmware modding? etc etc It's all fresh and new and definitely active enough in my opinion.

    Much more exciting is the PS3 stuff and I don't even own a PS3 :D


  • Registered Users, Registered Users 2 Posts: 1,582 ✭✭✭docentore


    there are hundreds of efuses in CPU to be blown.
    each update blows some particular ones which block running lower kernel.

    only way of getting an xbox with dash 8955 and up jtagged is swap CPU with exploitable one.


  • Registered Users, Registered Users 2 Posts: 8,581 ✭✭✭TouchingVirus


    Let's face it, it's a rather uneconomical thing to do. You'd need the CPU key of the victim motherboard too to decrypt the keyvault, or the nand-dump of the donor board so you could use it's KV ;)

    I've got a few broken vulnerable boards, I do wonder how much it'd cost for a lift and replace :D Would it be worth investing if I were to sell it off ..Hmm


  • Posts: 2,032 ✭✭✭ [Deleted User]


    Yep im pretty sure it was the 8955 summer 09 update which blew the Efuses blocking the exploit.

    Yep the whole swapping the CPU thing is pretty hardcore, would really need a rework station.

    Yep unfortunatly i see the 360 jtag scene slowing down, the PS3 exploit is just so much easier, exploitable PS3`s availible and fully open.

    Theirs a guy called marcan42 (http://twitter.com/marcan42) coding a pretty awesome custom linux platform.


  • Registered Users, Registered Users 2 Posts: 8,581 ✭✭✭TouchingVirus


    Yeah. There are not so many limits with the PS3 as with the Xbox. It's a shame really, the JTAG scene was thriving there for a while. Now most people just want it for the piracy-related things.


  • Advertisement
  • Closed Accounts Posts: 2,828 ✭✭✭Reamer Fanny


    I actually don't find it exciting, it was inevitable that work would begin on the Slim. In fact I'd say most of the research work on the Xbox 360 is now begin done on the Slim - is the new console open to a JTAG or other vulnerabilities, is the new console open for firmware modding? etc etc It's all fresh and new and definitely active enough in my opinion.

    Much more exciting is the PS3 stuff and I don't even own a PS3 :D

    How likely are we to see a Jtaggable Xbox 360 Slim? Surely Microsoft have learned from their mistakes and made it impossible? or maybe it's just a matter of time before someone finds an exploit.


  • Closed Accounts Posts: 33,733 ✭✭✭✭Myrddin


    justryan wrote: »
    How likely are we to see a Jtaggable Xbox 360 Slim? Surely Microsoft have learned from their mistakes and made it impossible? or maybe it's just a matter of time before someone finds an exploit.

    I'd think that every new dash, brings 'possible' new vulnerabilities. It's not likely, but a newer dash could have something exploitable that an older one didn't, so there's always hope in some form. Drive flashing a slim 360 holds no interest for me personally, for me it has one purpose & one purpose only. A Jtag, while similar, at least has key learning differences & functions.

    Even though the jtag hack is long known, aside from custom kernels, a few emulators & browsers etc there's not really anything amazing to do on one, given that the console is now fully open. Is this because of the legalities of developing programes on leaked SDK's etc? Or is it just down to piracy is King & there's no desire for much else?


  • Registered Users, Registered Users 2 Posts: 1,747 ✭✭✭Wez


    EnterNow wrote: »
    I'd think that every new dash, brings 'possible' new vulnerabilities.

    That's been ringing in my head the past few days..

    I reckon having a 9199 slim could be handy down the road. Things like the leaked kinect dash must have been slapped together (compared to a finalized release) so I think it'd be a perfect candidate for looking at exploiting (if only I knew what to look for) although I'm sure someones tried.

    Also, on that note (presuming it was exploitable) since most people would be updating to an exploitable dash, burned fuses wouldn't matter since all they do is stop older dashboards being run (hence wanting 9199).

    I'd be tempted to get a rrod going and update to the leaked dash, then dump the nand.. Even just go get a copy out there for people to look at.

    Although there's always hope that after the next official update, more things will be released (like slim DVD drive flashing) since they'll have more time with it.

    Just spilling my brain..


  • Registered Users, Registered Users 2 Posts: 8,581 ✭✭✭TouchingVirus


    It's not the dash that's exploitable, is the CB/Bootloader


  • Posts: 2,032 ✭✭✭ [Deleted User]


    Quite right TV.

    And Slim Drive Firmware/Key/Erase Via Sata is already possible using Geremia`s tarablinda.

    Just waiting on hacked firmware for the slim lite-on. You can however spoof the key to another drive, but that requires custom fabricating them them to fit in the slim.


  • Closed Accounts Posts: 33,733 ✭✭✭✭Myrddin


    So the original exploit would have been valid for any dash had they not patched it? And now that it's patched, there's literally no hope of a new one? Aw TV such a killjoy man :D


  • Posts: 2,032 ✭✭✭ [Deleted User]


    Yup thats why some June 7Xxx Dashes couldnt be Jtaged, this is when MS put the new CB during manufacturing and 360s sent for repair around the same time.


  • Closed Accounts Posts: 2,828 ✭✭✭Reamer Fanny


    Wez wrote: »
    I'd be tempted to get a rrod going and update to the leaked dash, then dump the nand.. Even just go get a copy out there for people to look at.

    Would the LPT connections be the same with the new Slim motherboard?


  • Registered Users, Registered Users 2 Posts: 8,581 ✭✭✭TouchingVirus


    EnterNow wrote: »
    So the original exploit would have been valid for any dash had they not patched it? And now that it's patched, there's literally no hope of a new one? Aw TV such a killjoy man :D

    Yup, exactly. As cisk said, that's why the June-August 2009 consoles are dodgy to get, you might end up with the updated bootloader that killed the attack vector.

    I'm not saying the new bootloader is flawless, but it did take them 4 years to find the first attack vector, so the hope is (puntasticly) slim indeed.


  • Closed Accounts Posts: 33,733 ✭✭✭✭Myrddin


    So it turns out then that the 360 is actually quite secure against hacks, with only one in 4 years (discounting drive flashing, I mean near kernel access). Same as the PS3 statistically speaking...

    If an exploit for newer PS3 firmware arrives, then for all intents & purposes the 360 will be a more secure console :rolleyes:


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 8,581 ✭✭✭TouchingVirus


    Well, a mass hack anyways. Before now you've needed Cygnos and that to get alternative kernels up and running or the King Kong hack (very specific game version, DVD drive and Kernel).


  • Posts: 2,032 ✭✭✭ [Deleted User]


    Yep, they leaned alot form the xbox 1.

    The King kong exploit was around a number of years ago and the information learned from that pretty much led to the Jtag hack.


Advertisement