Jump to content


Photo

The “ultimate Dashboard Exploit” Aka Ude


  • Please log in to reply
1266 replies to this topic

#61 Nailed

Nailed

    X-S Expert

  • Members
  • PipPipPip
  • 577 posts

Posted 23 May 2004 - 01:21 PM

Absolutely brilliant work, PedrosPad & rmenhal. To quote the Merovingian... "Okay, you have some skill." wink.gif

#62 wivenhoe123

wivenhoe123

    X-S Enthusiast

  • Members
  • 9 posts

Posted 23 May 2004 - 01:26 PM

anyone know how i can get my xbox up to dashboard 4920 cause trying to update it using splinter cell fails and i don't know another way!

cheers
mark


#63 diablohtr

diablohtr

    X-S Enthusiast

  • Members
  • 7 posts

Posted 23 May 2004 - 01:27 PM

I would like to do this exploit but I was wondering if it will work with my xbox. k:5101
d:5659

Thanks

#64 arel

arel

    X-S Enthusiast

  • Members
  • 6 posts

Posted 23 May 2004 - 01:43 PM

sorry guys,
sometimes things don´t work....trouble in paradies...

in this case....here is my bad and sad "story".

---------------
configuration:
Xbox: Kernel 4817 (stated after 007 hack, in evo-x settings display)
Dash: 4920 (exactly copied from slayers 2.5 .../all/C directory)...by the way there are more than one "versions" which called 4920 dashboard...mine has a directory named "xboxdashdate.1012a700"
-----------------

after I´ve copied the files to C from Slayer I´ve tried to start the "refreshed" raw Xbox....what I´ve got was error 21

therefore I don´t expected to get the exploit running as described...
so I´ve connected my pc and the box again by using 007 hack (evox)
and I´ve copied the "update.xbe" on C:\ and renamed it to xboxdash.xbe. afterthat ive copied the bert_ate_ernie.xtf to c:\. Last but not least I´ve renamed the fonts directory to F0nts (yes it´s a zero).
After booting the box shows the green "blubber" and after that the box was frozen (during the X screen, where you can read "MS")

I thought it could be, that I´ve signed the default.xbe (located on e:\) wrong ?

therefore I´ve copied the evo-x version which i usually use with the 007 hack to e:\default.xbe (this have to be a habibi signed XBE, because it runs perfect after starting it through 007 savegame...)
the result was the same....screen frozen....

Maybe we have to admit, that "earlier" Kernels (e.g. 4817 ?) will not run the 4920 Dash ???

any hints ??

So it could be that this (former) unbeatable exploit know is a solution for Xboxes which have a kernel "younger" than 4817 and older than 57xx ?

Sad, but a possible "restriction".

greets
Arel


#65 CooperS

CooperS

    X-S Young Member

  • Members
  • Pip
  • 39 posts

Posted 23 May 2004 - 01:46 PM

Fantastic work guys!
K:5101 D:4920

BTW. I never could get PBL 1.41 to work with ANY exploit on my box, if you're having trouble maybe use 1.4 like I do.

#66 X_n00b

X_n00b

    X-S Enthusiast

  • Members
  • 8 posts

Posted 23 May 2004 - 02:52 PM

QUOTE (rmenhal @ May 23 2004, 02:40 PM)
Here's the md5sum and crc-32 of my update.xbe so you can check you have the correct file. Remove the first 8192 bytes of the file - in unix-type systems you can do this with "dd if=update.xbe of=noheader bs=8192 skip=1".

md5sum: 571de69aaf0a32a59f843b50cc922521
crc-32: b8fa9c6e

Hmmm, I get a different MD5Sum (haven't tried CRC32) - Looks like I have the wrong update.xbe... unsure.gif

EDIT: Also CRC'd now, and it's also different. Tried both the stripped and unstripped version (just incase) and I definately get a different result.

Edited by X_n00b, 23 May 2004 - 03:01 PM.


#67 {later}

{later}

    X-S Senior Member

  • Members
  • PipPip
  • 242 posts
  • Xbox Version:v1.0

Posted 23 May 2004 - 02:55 PM

okay, here's what happens (with the first and your new xtf file)

xbox boots up, I see xbox screen and MS letters, then it just stays there with a green led.

when I press eject my xbox resets, and then it all starts over.

so i really think that my kernel crashes :S

also, I'm using windows xp, and I dunno how to remove the first 8192 bytes from a file sad.gif so i cannot check my crc, could you upload your update.xbe file to that ftp server? would be of great help.

#68 PedrosPad

PedrosPad

    X-S Freak

  • Moderator
  • PipPipPipPipPip
  • 1,859 posts
  • Location:UK
  • Xbox Version:v1.1
  • 360 version:v1 (xenon)

Posted 23 May 2004 - 02:57 PM

QUOTE (PedrosPad @ May 23 2004, 12:59 AM)
I don't want to take this thread to far off topic, but...

I named the exploit the "Ultimate Dashboard Exploit" because I think I've already devised a solution to:
  • Cons:
    • No Dashboard access to the XBOX!Live console.
(Rendering the remaining "No XBOX!Live game access to the XBOX!Live console." irrelevant.)

And if it works out, there'll no longer be any reason to manually toggle the exploits.  (My idea is restricted to accessing the XBOX!Live console in a safe state - XBOX!Live games will still need to be played from original media!)

I get broadband in 10 days - So I'll know a lot more then.

Regarding restoring Dashboard access to the XBOX!Live console…

I’m a great believer in K.I.S.S. (Keep-It-Simple-and-Straightforward), and try to avoid getting ‘prematurely complicated’. I’ve many ideas for restoring Dashboard access to the XBOX!Live console when using the “Ultimate Dashboard Exploit” (so don’t get disappointed by the simplicity of this first suggestion).

Let’s leave PBL out of the picture initially.

It’s a given that we need to be in an unexploited, safe, system state before launching the xonlinedash.xbe. What this actually means is at-the-point xonlinedash.xbe is launched, the BIOS must be unmodified (because it’s known that XBOX!Live checksums it). The unmodified BIOS can only launch M$ signed XBEs – Now that’s convenient as xonlinedash.xbe happens to already be M$ signed. It’s also known that xonlinedash.xbe doesn’t use the C:\fonts\ folder – so no issue there.

Thus, how about:
Boot->update.xbe->bert_ate_ernie.xtf->Evox->restore.xbe->xodash\xonlinedash.xbe

Key:
Blue = M$ signature in effect.
Red = Habibi signature in effect.

Update.xbe is M$ signed.Bert_ate_ernie patches the BIOS signature to the habibi signature (i.e. pokes a few bytes), and launches Evox.
An Evox menu launches restore.xbe.
restore.xbe itself is habibi signed, but simply patches back the
original M$ key (pokes a few bytes) in the BIOS, then launches xonlinedash.xbe.

I think this has a chance because xonlinedash.xbe is already M$ signed, and already has the XBE_MEDIA_HDD media type (unlike XBOX!Live games that have the DVD_MEDIA_TYPE, which can’t be changed without breaking the signature, or the BIOS modified to work around – due to the BIOS checksum).

Anyone see any issues with this? It all sounds too easy.

PS. PBL could also be launched as an app from this boot-Evox menu, removing the need to for every XBE to be re-signed.

Edited by PedrosPad, 23 May 2004 - 06:49 PM.


#69 PedrosPad

PedrosPad

    X-S Freak

  • Moderator
  • PipPipPipPipPip
  • 1,859 posts
  • Location:UK
  • Xbox Version:v1.1
  • 360 version:v1 (xenon)

Posted 23 May 2004 - 03:02 PM

QUOTE (arel @ May 23 2004, 03:43 PM)
sorry guys,
sometimes things don´t work....trouble in paradies...

in this case....here is my bad and sad "story".

---------------
configuration:
Xbox: Kernel 4817 (stated after 007 hack, in evo-x settings display)
Dash: 4920 (exactly copied from slayers 2.5 .../all/C directory)...by the way there are more than one "versions" which called 4920 dashboard...mine has a directory named "xboxdashdate.1012a700"
-----------------

Maybe we have to admit, that "earlier" Kernels (e.g. 4817 ?) will not run the 4920 Dash ???

So it could be that this (former) unbeatable exploit know is a solution for Xboxes which have a kernel "younger" than 4817 and older than 57xx ?


My only XBOX has K:4817. Nuff said.

Edited by PedrosPad, 23 May 2004 - 03:07 PM.


#70 {later}

{later}

    X-S Senior Member

  • Members
  • PipPip
  • 242 posts
  • Xbox Version:v1.0

Posted 23 May 2004 - 03:12 PM

okay I'v uploaded my update.xbe file (that doesnt seem to work with the exploit) to digisatman's ftp server. Could someone with a working exploit please compare his update.xbe with mine? I really think the problem is in the update.xbe file.

#71 devz3ro

devz3ro

    X-S X-perience

  • Moderator
  • PipPip
  • 348 posts
  • Xbox Version:unk

Posted 23 May 2004 - 03:26 PM

Maybe this should have been an official help thread. I knew there was going to be problems with this because of:

1. The way it has to be installed
2. Not all Xboxs are the same (different regions)
3. Its nature, since xboxdash (the real one) isn't being booted first

Another note, please do not post any ftps / links that could contain M$ copyright code, they will be removed (such as full dashboards etc.)

-devz3ro

http://sh0x.tk/

#72 afon

afon

    X-S X-perience

  • Members
  • PipPip
  • 401 posts

Posted 23 May 2004 - 04:44 PM

Fell asleep last night waiting the ftp transfer, and just woke up. I can not get this to work. My settings are as follows:
Xbox: Kernel 4817
Dash: 4920

Ive got bert_ate_ernie.xtf of my C drive, along with: Update.xbe (xboxdash.xbe), xodash, xboxdata, skins (for unleashx), evoxdash.xbe (unleashx), MODxboxdash.xbe (Retail 4920).

On my E drive i have a habibi signed default.xbe (PBL 1.4.1 by Guex)

I obtained the update.xbe by: Downgrading dashs, unplugging ethernet, and entering xbox live option in unreal.

Symptoms;
QUOTE
It just freezes in the xbox-logo screen? What happens if you eject the tray at that point? If your box reboots, then the kernel has crashed - possibly because the exploit didn't work.

Edited by afon, 23 May 2004 - 04:46 PM.


#73 rmenhal

rmenhal

    X-S Senior Member

  • Members
  • PipPip
  • 254 posts
  • Xbox Version:unk
  • 360 version:unknown

Posted 23 May 2004 - 04:48 PM

I checked the update.xbe included in SlaYer's v2.1 and it does NOT work with the current bert_ate_ernie on my box. The file size is 1914880 bytes and has md5sum (without removing the first 8192 bytes) 73402a42463766842e56e82b839d5669. I don't know what update.xbe is included in other SlaYer's discs.

There's probably nothing else wrong with these other versions of update.xbe except that they just require a specially "tuned" version of bert_ate_ernie. Here's the md5sum of my update.xbe - again, but now without removing the first 8192 bytes:

8ab653c39f555758fb65d9014928c4cd

The file size is 1974272 bytes.


#74 PedrosPad

PedrosPad

    X-S Freak

  • Moderator
  • PipPipPipPipPip
  • 1,859 posts
  • Location:UK
  • Xbox Version:v1.1
  • 360 version:v1 (xenon)

Posted 23 May 2004 - 04:57 PM

update.xbe
QUOTE (rmenhal @ May 23 2004, 06:48 PM)
The file size is 1974272 bytes.

Snap here! - I know I used PAL Splinter Cell to update my pre-live 4817 to Live 1.0 Dashboard 4290.

#75 ldots

ldots

    X-S Freak

  • Members
  • PipPipPipPipPip
  • 1,496 posts

Posted 23 May 2004 - 05:03 PM

Yup! With the current bert_ate_ernie you need to use the right update.xbe

I have succesfully used the one from Slayers v. 2.5 Final which has the same checksum as Rmenhal posted : 8ab653c39f555758fb65d9014928c4cd

I then tried the one that Splinter Cell updates me to (still dash 4920) and it doesn't work. This has the same checksum as the update.xbe from Slayers v. 2.1 : 73402a42463766842e56e82b839d5669

On a different subject. I just tried cleaning my C: drive and then only uploaded update.xbe (renamed to xboxdash.xbe) and C:\fonts\bert_ate_ernie.xtf. Nothing else! The exploit ran beautifully. So making an installer for this should be really easy. I guess even if one by accident had the dash upgraded on live and save game restore option would just have to replace the fonts folder with C:\fonts\bert_ate_ernie.xtf and xboxdash.xbe with a save update.xbe.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users