Jump to content


Photo

The “ultimate Dashboard Exploit” Aka Ude


  • Please log in to reply
1266 replies to this topic

#421 Grospolina

Grospolina

    X-S Expert

  • Members
  • PipPipPip
  • 642 posts
  • Xbox Version:v1.1

Posted 31 May 2004 - 01:04 PM

QUOTE (evil clone @ May 31 2004, 08:15 AM)
i dont know a whole lot bout buffer overflows and all but im pretty sure this will work.

No, it won't work. The exploit is dependent on the blocksize, so a font with a blocksize of 4 or more will not be able to load anything.


#422 anjilslaire

anjilslaire

    X-S Freak

  • Members
  • PipPipPipPipPip
  • 1,176 posts
  • Location:/home/laire
  • Interests:duh...I'm here, aren't I?
  • Xbox Version:v1.0
  • 360 version:v5.0 (360S - trinity)

Posted 31 May 2004 - 01:14 PM

Has anyone noticed that on the 4920 dash (haven't tried any later dashes):

If you rename the c:\xodash folder, (ie. xodash_ ), the LIVE tab simply disappears. The dash is completely stable. I did this when I was using the Audio Exploit, and just wrote a switching code for mxm when I was running font-audio mech-fonts.

I didn't want any accidental LIVE! clicking when running audio, and it was renamed "phoenix" when mechinstaller was running. Worked like a charm, too: A 4920 dash on boot with no LIVE tab. No modified bios, nothing. Audio worked just fine.

I know this isn't related really, but thought the concept might be a good thing to know, for those who are continuing to tweak this thing.

#423 Ned_Flanders

Ned_Flanders

    X-S Member

  • XS-BANNED
  • Pip
  • 135 posts
  • Xbox Version:v1.0

Posted 31 May 2004 - 02:35 PM

So I wonder how the M$ dash loads its tabs. unsure.gif It must search for certain files and if they are not their it just doesn't load that tab. But I thought M$ would be smarter than that. laugh.gif

#424 chimpanzee

chimpanzee

    X-S Freak

  • Members
  • PipPipPipPipPip
  • 1,020 posts

Posted 31 May 2004 - 03:54 PM

QUOTE (evil clone @ May 31 2004, 02:15 PM)
i have an idea... ok the newer dashes require the fonts loaded to be only 4bytes, ok no problem. We could creat a set of fonts that link to another set of fonts. So that:

Post-4290 D boots
Post-4290 D loads 4b fonts
4b fonts load large fonts
large fonts go to town on the box tongue.gif

i dont know a whole lot bout buffer overflows and all but im pretty sure this will work.



peace
ec

check the code snippet before you said you were sure it would work.

#425 devz3ro

devz3ro

    X-S X-perience

  • Moderator
  • PipPip
  • 348 posts
  • Xbox Version:unk

Posted 01 June 2004 - 04:39 AM

Here is an example of my evox config that switches back and forth between the UDE and the EEE for all those wanting to be able to use Live 2.0.

CODE

UmFyIRoHAM+QcwAADQAAAAAAAADXnnQgkC0A1AEAANoFAAACPcX/7gsWwTAdNQgAIAAAAGV2b3gu
dHh0APDwA3ynGFrw/Pm4LkLcdzKaHmQ2S8SIBUgX4jIF7Ib0yl8Y9awJqy1msWiStE4D9Q5Mw+1s
twIzEW1aXE5S7XRq6QhXLg/S2SNRtLy1nhsO4jY4Zk0j+SJ/Sf3R+i7uXNYw2X/x/XQazPxUer4/
Mov2HfLRriI7s7oUoW22zdSQ2pu3lDQL5RG+EG+nwHZll3EcWy4dxVQCe+CY2MG18Pej+V9MpfTs
OaU6IIMPfz7kiAqOpHNFaa1BqDM6Vd452pMZuZWyoVvsIDwTUrNY60bdaGPy88OjDown2WQzEClO
HCy8yNjEDdIeT4Ze9WKANm8fg8d79vrPYL3wk4WcyxmiUBDCwdeYcpCkH0u/zRhAMZZo7RHuFX4M
hda/weU5lVu+VZYn7x49bpkWGbKfLgUm7GhGbnNnRbRdlF2Fk+Sfz4H3qp8RT5Bd7piMxfvHUVn3
aIY5M89vvt6uXrWGP5wB6aotBrhJQeBGXFeftGYkqYXrW4vYhrBDPlqVwn127eXKEfWxnLjgi6JX
4jDvpUyWFrPctoEk0+eZTvP99ttRD2/ZTgW6syItOYzlKzwwVYvDayD49rM6Dnt2w+qtuPtNHcLi
M/kV1/XL3T5FbAAAAL+IZ/ap/9TEPXsAQAcA


Tomarrow I will write what file does what and how it all works, I'm too tired to finish presently.

-devz3ro

http://sh0x.tk/

#426 PedrosPad

PedrosPad

    X-S Freak

  • Moderator
  • PipPipPipPipPip
  • 1,859 posts
  • Location:UK
  • Xbox Version:v1.1
  • 360 version:v1 (xenon)

Posted 01 June 2004 - 05:08 AM

QUOTE (devz3ro @ Jun 1 2004, 06:39 AM)
Tomarrow I will write what file does what and how it all works, I'm too tired to finish presently.

-devz3ro

Managed to extract them (It's a b64 encoded RAR). Had a quick peek. Looks interesting. A few questions did leap to mind but will await your explanation. smile.gif

Edited by PedrosPad, 01 June 2004 - 01:53 PM.


#427 devz3ro

devz3ro

    X-S X-perience

  • Moderator
  • PipPip
  • 348 posts
  • Xbox Version:unk

Posted 01 June 2004 - 06:33 AM

QUOTE (PedrosPad @ Jun 1 2004, 07:08 AM)
Managed to extract them (It's a b64 encoded RAR). Had a quick peek. Looks interesting. A few question leap to mind but will await your explanation. smile.gif

Ask away, that way when I do respond I should be able to answer all questions fully (yes it works if that was your first question smile.gif). Anyways, I'm off to bed, I'll check this thread when I wake up in about 6 ~ 8 hours.

-devz3ro

http://sh0x.tk/

#428 Grospolina

Grospolina

    X-S Expert

  • Members
  • PipPipPip
  • 642 posts
  • Xbox Version:v1.1

Posted 01 June 2004 - 01:54 PM

It's not hard. I'll assume you're using dashboards 5659 and 4817 for the Easter Egg Exploit (but they could be different). Here's the play-by-play:

QUOTE (devz3ro)

[Action_00]

Info "Turn EEE off & UDE on"
WARNING "UDE is now being turned on..."
1. rename "c:\xboxdash.xbe" "c:\xboxdash.bak"
2. rename "c:\xbřxdash.xbe" "c:\xboxdash.xbe"
3. rename "c:\fonts" "c:\fřnts"
4. rename "c:\fřnt.bak" "c:\fřnt.xtf"
5. rename "c:\˘.xtf" "c:\˘.bak"
6. rename "c:\$.xtf" "c:\$.bak"
7. rename "c:\evoxdash.xbe" "c:\evoxdash.bak"
8. rename "c:\evřxdash.xbe" "c:\evoxdash.xbe"


1. Disable Dashboard 5659.
2. Enable update.xbe.
3. Disable Dashboard 5659 fonts directory.
4. Enable UDE bert_ate_ernie font.
5. Disable Dashboard 4817 bert font.
6. Disable Dashboard 4817 ernie font.
7. Disable EvoX dash.
8. Enable alternate EvoX dash. (I don't know why this is done)

QUOTE (devz3ro)

[Action_01]

Info "Turn UDE off & EEE on"
WARNING "EEE is now being turned on..."
1. rename "c:\xboxdash.xbe" "c:\xbřxdash.xbe"
2. rename "c:\xboxdash.bak" "c:\xboxdash.xbe"
3. rename "c:\fřnts" "c:\fonts"
4. rename "c:\fřnt.xtf" "c:\fřnt.bak"
5. rename "c:\˘.bak" "c:\˘.xtf"
6. rename "c:\$.bak" "c:\$.xtf"
7. rename "c:\evoxdash.xbe" "c:\evřxdash.xbe"
8. rename "c:\evoxdash.bak" "c:\evoxdash.xbe"


1. Disable update.xbe.
2. Enable Dashboard 5659.
3. Enable Dashboard 5659 fonts directory.
4. Disable UDE bert_ate_ernie font.
5. Enable Dashboard 4817 bert font.
6. Enable Dashboard 4817 ernie font.
7. Disable alternate EvoX dash. (I don't know why this is done)
8. Enable EvoX dash.
---

The fonts have ben renamed, but this doesn't affect any of the hacks.

The only thing I don't understand is why you switch EvoX XBE files. Maybe they're different versions, or maybe they're signed differently, but I don't see why they would need to be. It seems like you are using PBL to load them.


#429 PedrosPad

PedrosPad

    X-S Freak

  • Moderator
  • PipPipPipPipPip
  • 1,859 posts
  • Location:UK
  • Xbox Version:v1.1
  • 360 version:v1 (xenon)

Posted 01 June 2004 - 01:56 PM

QUOTE (devz3ro @ Jun 1 2004, 08:33 AM)
Ask away

I didn't know the reasons behind use of the single high-ascii character file names for root fonts, etc. (simply looked like obfuscation, and not helpful if anyone looks back at their HDD in a months time).

And why "disable EEE" didn't do anything with the c:\dashdata...\settings_adoc.xip? (And why you need to disable EEE at all?) If the point of "disabling" it is to return the system to factory settings, to prevent a potential forced update, restoring settings_adoc.xip would seem necessary.

Edited by PedrosPad, 01 June 2004 - 02:16 PM.


#430 devz3ro

devz3ro

    X-S X-perience

  • Moderator
  • PipPip
  • 348 posts
  • Xbox Version:unk

Posted 01 June 2004 - 02:39 PM

Grospolina,

I'm actually using:

Live dashboard = 5960
Non-Live dashboard = 4034
PBL = 1.4.1 (does not work with my s-video cable)

Thanks for explaining, you pretty much nailed it on the head. You are correct, it isn't hard at all, I just thought I would share if anyone wanted to have theirs setup this way (or something like it). To explain the evoxdash switch, what it is, is actually the THC Lite dashboard (renamed because I could not find a 4983 bios editor). One of the xbes has been hexed to look for the "fonts" directory and the other for "fřnts".

& PedrosPad,

QUOTE
I didn't know the reasons behind use of the single high-ascii character file names for root fonts, etc.


Again, these were just for my reference (use your own way, this was just to start you off) and to give everything a "clean" look (I probably did the opposite biggrin.gif).

bert being small, and ernie being huge I renamed accordingly:
˘.xtf = bert
$.xtf = ernie
(˘1 being smaller than $1 obviously)

&

The same for fřnts changed from f0nts

-devz3ro

http://sh0x.tk/

EDIT:

QUOTE
And why "disable EEE" didn't do anything with the c:\dashdata...\settings_adoc.xip? (And why you need to disable EEE at all?) If the point of "disabling" it is to return the system to factory settings, to prevent a potential forced update, restoring settings_adoc.xip would seem necessary.


It is not really "disabling it" It's actually just renaming the fonts to make way for the UDE to be enabled. The EEE & UDE fonts can not be together (As you know smile.gif) Nothing in my configuration is "set back to factory settings". To be honest, I deleted my original settings_adoc.xip off my Xbox (still have a backup on PC). But I figured it would just be replaced if there was ever a dashboard update.

Edited by devz3ro, 01 June 2004 - 03:20 PM.


#431 YoshiKool

YoshiKool

    X-S Expert

  • Members
  • PipPipPip
  • 641 posts
  • Location:Yoshi's Island
  • Xbox Version:v1.0

Posted 01 June 2004 - 04:28 PM

What would happen if you tried to turn UDE on or off twice? Would it just bail out trying to rename a file to an already existing file?

#432 Ned_Flanders

Ned_Flanders

    X-S Member

  • XS-BANNED
  • Pip
  • 135 posts
  • Xbox Version:v1.0

Posted 01 June 2004 - 05:17 PM

devz3ro: You probably won't find a bios config editor because Xecuter encrypted their bios. If you want to change it use 4981 which is editable. The only thing 4983 has that 4981 doesn't is protection against Live! updates (or something similar to that). I am just letting you know but I am sure you already knew all that.

#433 devz3ro

devz3ro

    X-S X-perience

  • Moderator
  • PipPip
  • 348 posts
  • Xbox Version:unk

Posted 01 June 2004 - 05:23 PM

QUOTE (YoshiKool @ Jun 1 2004, 06:28 PM)
What would happen if you tried to turn UDE on or off twice? Would it just bail out trying to rename a file to an already existing file?

To be honest, as funny as it sounds, I have not even thought of trying that (should have been my first test, I thank you for bringing it up.) I don't have my Xbox near by to test, but I believe that no harm will be done. If it works how I think it does, renaming a file to an existing file should not overwrite the existing one. It should just fail and sit there.

-devz3ro

http://sh0x.tk/

#434 krayzie

krayzie

    X-S Elysian

  • Head Moderators
  • PipPipPipPipPipPipPipPipPipPipPipPipPip
  • 9,340 posts
  • Gender:Male
  • Xbox Version:unk
  • 360 version:unknown

Posted 01 June 2004 - 06:39 PM

QUOTE (Ned_Flanders @ Jun 1 2004, 07:17 PM)
devz3ro: You probably won't find a bios config editor because Xecuter encrypted their bios. If you want to change it use 4981 which is editable. The only thing 4983 has that 4981 doesn't is protection against Live! updates (or something similar to that). I am just letting you know but I am sure you already knew all that.

Actually the xbox live disablement was put in the bios since the x2 4980.
The changes from 4983 were just some minor bug fixes, some configuration options and a fixed boot order.

#435 Ned_Flanders

Ned_Flanders

    X-S Member

  • XS-BANNED
  • Pip
  • 135 posts
  • Xbox Version:v1.0

Posted 01 June 2004 - 08:27 PM

QUOTE (krayzie @ Jun 1 2004, 02:39 PM)
Actually the xbox live disablement was put in the bios since the x2 4980.
The changes from 4983 were just some minor bug fixes, some configuration options and a fixed boot order.

Huh. I could have sworn they didn't put Live! blocking in until 4983. Oh well thanks for the correction. I will stop thread crapping now. biggrin.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users