Page 1 of 3 1 2 3 LastLast
Results 1 to 10 of 22

Thread: freestyle dash

  
  1. #1
    Join Date
    Jan 2010
    Posts
    34
    Rep Power
    10

    Default

    ok i so badly want to put frestyle dash in my 360 its banned and it has the old dash not the avatars one so can body point out to me a tut or something about installing freestyle dash on the 360.....

    T.I.A(thanks in advance)


  2. #2
    Powerslave is offline Gone fishin -Hacks Titan
    Join Date
    Apr 2006
    Posts
    7,900
    Rep Power
    0

    Default

    If you were banned, you have the 8955 Dash and Kernel, and if you read anything on it, you CANNOT JTAG your box for this stuff.

  3. #3
    Join Date
    Jan 2010
    Posts
    34
    Rep Power
    10

    Default

    holy crap now i gues my 360 is good for nothing isnt there anyway i can downgrade this?

  4. #4
    Adders is offline -Hacks Smarty
    Join Date
    Nov 2008
    Location
    Essex, UK
    Posts
    189
    Rep Power
    11

    Default

    Nope, if you have the dash and kernel that Powerslave mentioned, the e-fuses have been blown, no way back as of yet. Unlikely ever.
    When the need arises, anything and everything becomes a hammer!

  5. #5
    Join Date
    Jan 2010
    Posts
    34
    Rep Power
    10

    Default

    can i do the timing attack(using infectus) i know i can get my kernel down to 1888 and then upgrade to 4856 or something like 4xxx but the dash stays 2.0 if i downgrade my 360 will i be able to jtag it then?remember its a old xenon

  6. #6
    Powerslave is offline Gone fishin -Hacks Titan
    Join Date
    Apr 2006
    Posts
    7,900
    Rep Power
    0

    Default

    Quote Originally Posted by desperate hacker
    can i do the timing attack(using infectus) i know i can get my kernel down to 1888 and then upgrade to 4856 or something like 4xxx but the dash stays 2.0 if i downgrade my 360 will i be able to jtag it then?remember its a old xenon
    NO dude... Once the eFuses are blown, no other Kernel can run on that new CPU configuration. I explained this, in the lamest terms possible once before; AGAIN:

    eFuses are like tumblers in a lock, and the Kernel is the KEY. If the tumblers (eFuses) change, then that key (Kernel) doesn't work anymore, so you need another one made. SIMPLE as that... YES, it is... Believe it...

  7. #7
    Join Date
    Jan 2010
    Posts
    34
    Rep Power
    10

    Default

    but its still possible(theoraticaly)to unban it and if u say its risky then know this the kv i will use will be of a box which never went and never will go on live trust me i know it .. ....dont tell me how difficult or stupid it is i m jus trying to make a point .....so the point being made here is theoretically u can unban a 360 but




    YOU CAN NEVER HOMEBREW ON A 360 WHICH WAS PREVIOUSLY BANNED....even if its unbanned by changing


    the kv.........correct or not?


    and P.S what do you think about this tut here ..

    http://www.infectus.biz/downloads/iD...%20Xbox360.doc


    and if any of you is annoyed by my silly questions then please say so.....

  8. #8
    The_Wii_Nes_Boy is offline -Hacks Smarty
    Join Date
    Sep 2008
    Posts
    119
    Rep Power
    11

    Default

    Quote Originally Posted by desperate hacker
    and if any of you is annoyed by my silly questions then please say so.....although one guy is an exception ,i like disgracing,annoying him
    Seriously grow up cause that comment just proves how much of a child you really are.

    And on a side not have a read at this

    Downgrade Kernel of 'eFused' Xbox 360 Possible if CPU Key is Known
    >> Some nice progress by several people has been made over at the XboxHacker forums where they found a way to downgrade a kernel even when the eFuses were burned to prevent this. The bad news is that you'll need the CPU key (also 'hidden' in the eFuse data) to do so.

    Originally downgrading kernel was possible but Microsoft blew eFuses during the upgrade from kernel 4548 to 4552 as that's where they fixed the Hypervisor Vulnerability (which only works on kernel 4532/4548 and allows to run unsigned code / linux). It was already known that by removing the r6t3 resistor from the motherboard before the upgrade you could prevent MS from blowing eFuses and thus still be able to downgrade from a 4552+ to pre-4552, but I don't know how safe this is for future kernel updates.
    MS doesn't blow new eFuses (located on the CPU dye) on each upgrade because they only have a limited amount available: 768 (12 'fuselines' of 64 fuses each) in total and only a part of these (5 'fuselines'(= 320 fuses)?) can be used to prevent kernel downgrading (= 80 possible downgrade bans? - once blown it can't be undone}. The eFuses also contain other data like a unique 'CPU Key'.
    According to tmbinc, this key is used for:
    * Encryption of the *keyvault* (that stores: console certificate(s), per-box private keys, DVD key, however NOT any code-related encryption keys)
    * Encryption of an imported console revocation table (CRLL, that stuff which recently hit 360gamesaves.com, and no, this isn't live-related),
    * "Encryption" of the pairing information of the 'CB' and 'CF' (for exact details, please reverse that code, it's a bit hard to describe.)

    'CB' (2nd bootloader?) and 'CF' (kernel patches) are located on the Xbox 360 on-board flash in the "CPU data" section (data which is read when the power is switched on. If invalid, console might blink red etc.).

    To make sure I don't say anything silly/wrong, I'm gonna quote some of the guys themselves for the rest of the info about this hack.
    Quoting tmbinc and TheSpecialist:
    All which is different from pre-4552 to 4552 and up are the G/H bits [part of eFuses]. They encode a "sequence" number, which is also stored in the CF "pairing" data, and one bit here is burnt to "increment" the sequence.
    That means: If you know how to calculate the CF pairing data, you could modify the "expected sequence" value there (this, however, should be verified by someone.) And to be able to calculate that data, you need the "per-box-key". But if you have that, you could set the number of a 4532 to those of a 4552, and it should boot again.

    At byte 0x21F in CF is the number that is incremented when a fuse is burned (thanks to Robinsod). This byte and ONLY this byte causes that you can't downgrade. We wanted to try to decrement that number again, but I just found that that's not possible without knowing the fuse data: byte 0x0 to 0x220 in CF are hashed (hash stored at 0x220). The hash routine uses the cpu key as input and verifies the calculated hash to the one stored at 0x220. So no downgrading without CPU key ...
    So the 'sad' part is that you need this CPU Key if you wanna downgrade to a pre-4552 kernel ... and on kernel 4552+ there's no known way to get this key (yet). On kernel 4532/4548 you can use the Hypervisor Exploit to retrieve this data (like the Xell Linux Loader does) - but if you have one of these kernels you can already run unsigned code. However, if you're still on 4532/4548 this new hack will allow you to retrieve your unique CPU key, upgrade to a newer kernel and you'll be able to downgrade back to a pre-4552 kernel again even if eFuses got burned.

    Robinsod tested this out successfully:
    In the decrypted CF there is a "version lockdown counter" at 0x21F. Every time an update is applied (since version 4532) an eFuse is blown and the counter is incremented by 1 before it is written into the new CF. When booting, a check is made to ensure that the lockdown counter in the selected CF >= number of blown eFuses.
    The good news is that we can modify the lockdown counter byte and re-encrypt the CF section. The bad news is that a hash of the first 0x220 bytes requires the CPU Key. So as long as we know our CPU Key we can downgrade to a vulnerable kernel.

    1) Brand new XBox with 1888 & 2241
    The Version Lockdown Counter in my 2241 CF is 0
    2) Applied 4532
    The Version Lockdown Counter in my 4532 CF is 1
    Also fuseset 07: f000000000000000
    3) Applied 4552
    The Version Lockdown Counter in my 4552 CF is 2. Confirmed that I cant downgrade to unpatched 4532 dump
    4) Fixed up a dump of 4532 with CF Lockdown Counter = 2. Boots!
    Now when I dump my fuse data
    fuseset 07: ff00000000000000
    A second fuse was blown by 4552
    Robinsod also released v0.6 of his 360 Flash Dump Tool(info) that will allow you to fix the 'version lock' in pre-4552 kernels (again - only if you have your unique CPU key) so it'll boot even on a Xbox 360 with eFuses blown by the 4552 update.
    What's new/fixed:
    * (v0.5) Now decrypts and extracts the Key Vault. You will need your CPU Fuses as dumped by Xell. The CxKey.txt file has changed, you need to add a ',' and your CPU Fuse data
    * (v0.6) This release supports downgrading if you know your CPU key. Right click on a CF section and choose "Fix Version Lock", enter the new lock down number, click ok & then click "Patch" and choose the directory/filename for your patched flash image. The file produced is all fixed up and ready to be flashed into your 360.

    So ... conclusion, if they somehow manage to find a way to get the 'CPU Key' out of your Xbox 360 - it looks like it's "game over" for our friends at Microsoft.
    The sleepless insomniac !!
    Check this out-> The Wired Network Box - World of Stuff
    http://twitter.com/WiredNetworkBox

  9. #9
    The_Wii_Nes_Boy is offline -Hacks Smarty
    Join Date
    Sep 2008
    Posts
    119
    Rep Power
    11

    Default

    and this
    2858 to 1888 Kernel 'Downgrade' Confirmed, not working with 4552+
    >> Robinsod posted an update about his hack to downgrade a 2858 (or lower) kernel back to the 1888 'Base Kernel'. By being able to boot the 'Kiosk disc' from recordable media he proofs his 360 is no longer running the 2858 kernel (which blacklisted these XEXs) and boots without applying the kernel patches that have nulled headers:
    Confirmed, downgrading allows the Kiosk disk to run again!

    So I have now proved that kernel 2.0.2858 (won't boot the kiosk disk) can be downgraded to 2.0.1888 and that WILL boot the kiosk disk (or bits of it) from CD-R. This was proved with a mobo for which the DVD key is NOT known.
    However, with newer kernels (4552 and after) it seems to be (currently) impossible to downgrade back to 1888. From Robinsod and Speedy22:
    Until the 4552 update that is exactly what I was doing, erasing/corrupting part of the patch and rebooting. The 360 fell back to the previous patch or, if no patch has been applied, the Base Kernel.
    After the 4552 the 360 WILL NOT BOOT unless the 4552 patch is present in flash.

    More than likely MS has blown an efuse or two with the 4552 update. The efuses are located in the CPU. Anyone interested in learning more should download my 360 CPU datasheet V1.5 from the beginning of March 2005.

    The Hypervisor only needs to test a flag in the processor (blown eFuse) against a flag in the patch to make a boot/no boot decision, there could be any number of these flags but at a rate of 1 eFuse / year then 32 would be more than ample. There's no need to actually modify the hypervisor code at all.

    The efuses act like standard memory and probably contain the HID register data as well. I would guess there are 1K-2K worth of efuses.
    Note: Right now there's no use (or easy way) for end-users to downgrade their kernel ... but it's very interesting research and might be useful in the future or for further research.

    More Details: xboxhacker.net (hacking/tech discussions ONLY! - thx)
    Discuss this news item on our forums: forums.xbox-scene.com
    But weither or not it's true.........
    The sleepless insomniac !!
    Check this out-> The Wired Network Box - World of Stuff
    http://twitter.com/WiredNetworkBox

  10. #10
    Join Date
    Jan 2010
    Posts
    34
    Rep Power
    10

    Default

    i dont have my cpu key and i think my efuses are blown too. ......but somethings missing in this info u posted they didnt talk about the infectus method infectus uses a complex algorithim to find the
    hash of the first 0x220 bytes requires the CPU Key. So as long as we know our CPU Key we can downgrade to a vulnerable kernel.
    THIS IS EXTRACTED FROM THE TUT link above it clearly states here that the cpu key is not needed if u use infectus and also that we can get our cpu key after upgrading to the 4xxx kernel your posts and this is clearly cotradicting


    During the boot process the 360 performs several checks on the contents of the flash to prevent us from downgrading it and exploiting vulnerable versions of the Hypervisor to obtain the “per box� CPU keys. Using the Infectus and some simple software tools we can defeat one of the checks (the 2BL authentication hash) and boot the original launch day version of the XBox software.

    Downgrading is a two stage process, first a “downgrader� flash image is created by combining data from a dump of your current, working, XBox flash and a set of original 2.0.1888 files (these can be found in “the usual places� ). The Kernel is to be downgraded to 2.0.1888 and it is necessary to recreate the 2.0.1888 Filesystem.

    Once an image has been created and loaded into the 360’s flash the Downgrader application is used to search for a “good� 2BL hash that satisfies the 360 and allows us to load the old firmware. You may then update your console to a vulnerable version (4532 or 4548) and obtain the CPU keys for your Xbox
    so heres what i think infectus finds the hash without the cpu key using a complex algorithim and when the 2bl hash is found(robinsod used a cpu key to do this)the 360 reverts to the original fw. and then we upgrade to a vulnerable kernel and revert the lockdown counter to 0 this might require the cpu key but we have it now as we are on a vulnerable kernel

Page 1 of 3 1 2 3 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •