Jump to content


Photo

Wanted... "rmenhal-like" Skills For Development Of


  • Please log in to reply
84 replies to this topic

#1 Ndure protagonist

Ndure protagonist

    X-S Expert

  • Members
  • PipPipPip
  • 544 posts
  • Xbox Version:v1.0
  • 360 version:none

Posted 23 September 2005 - 04:07 PM

Ndure's fonts and retail Uber Double Dash setups seem to provide a unique Audio Exploit opportunity, that could enable a 'purely MS dash' way back to the softmod from the "full retail" (Live console compliant) dashboard!

On 5713 & 5838 kernels, that's currently only possible using SCEEE and MAEEE, which is far from ideal. Additionally, UDDAE wouldn't suffer from reset-on-eject...

It requires a suitably exploited ST.DB file plus the xboxdash.xbe and six XIP* files from the UberDash (or SlaYers 2.5's 4920, the XBE via a patch**).

The ST.DB's the challenge... since UDDAE's triggered first by easter-egging the xboxdash.xbe (as settings_adoc.xip in the 5960 dash) then triggering the audio exploit (via the Uber4920 dash) the memory layout isn't what the existing ST.DB was coded for,I presume, as the Xbox reboots.

Anyone interested in attempting to get it working (maybe by re-coding rmenhal's hulkstdb.asm***) and/or have any questions/comments?


* default, keyboard, mainmenu5, music_copy3, music_playedit2 and music2 (place in xboxdashdata.17cdc100).

** http://forums.xbox-s...dpost&p=2351379 (place in xboxdashdata.185ead00).

*** http://forums.xbox-s...dpost&p=1849661 (HULK audio exploit; suitable baseline?)

Edit: This pertains to the Ndure fonts setup too...

Edited by Ndure protagonist, 23 September 2005 - 04:15 PM.


#2 Textbook

Textbook

    X-S Hacker

  • Last Chance
  • PipPipPipPipPipPip
  • 2,552 posts
  • Location:Near Flint, Michigan
  • Interests:Xbox and Computers
  • Xbox Version:v1.0
  • 360 version:v1 (xenon)

Posted 23 September 2005 - 04:14 PM

If this happens, which it probably will, will you have to change your name to UDDAE protagonist? I don't know anything about the whole development side of anything, I just know how to use the softmods, but this sounds like great news as I was a fan of SCEEE and even wrote a tutorial on it. Good luck with your next project, mr. UDDAE protagonist.

#3 Ndure protagonist

Ndure protagonist

    X-S Expert

  • Members
  • PipPipPip
  • 544 posts
  • Xbox Version:v1.0
  • 360 version:none

Posted 23 September 2005 - 04:56 PM

Addendum:

Re. the xboxdash.xbe being placed in xboxdashdata.185ead00: it needs to be named as settings_adoc.xip in there.

Re. the .xip's being placed in xboxdashdata.17cdc100: there will consequently be two xboxdashdata.{version#} directories; my tests found this one isn't affected by dashupdate.xbe runs.


{: Textbook, in not so many words (tee-hee) it was previously introduced re. "UD-eh!" :}

#4 kingroach

kingroach

    X-S Hacker

  • Dev/Contributor
  • PipPipPipPipPipPip
  • 2,741 posts
  • Xbox Version:v1.4
  • 360 version:v5.0 (360S - trinity)

Posted 23 September 2005 - 05:11 PM

I never did any audio things.. whats the button sequence for activating settings_adoc..

#5 krayzie

krayzie

    X-S Elysian

  • Head Moderators
  • PipPipPipPipPipPipPipPipPipPipPipPipPip
  • 9,340 posts
  • Gender:Male
  • Xbox Version:unk
  • 360 version:unknown

Posted 23 September 2005 - 05:20 PM

to trigger the easter egg (settings_adoc.xip):
QUOTE
This works best when you already have a soundtrack copied to your HD using the msdash.
Select music, the soundtrack you copied over, copy, copy, new soundtrack, and put in the following as name. This must be
exactly like this: <<Eggsox>> ,Done (the <<>> are under symbols and the is under accents. Also note the capital E)


#6 xman954

xman954

    X-S Messiah

  • Dev/Contributor
  • PipPipPipPipPipPipPip
  • 3,028 posts
  • Location:the bottom of Tampa Bay
  • Xbox Version:v1.0
  • 360 version:v1 (xenon)

Posted 24 September 2005 - 07:27 PM

QUOTE
since UDDAE's triggered first by easter-egging the xboxdash.xbe
(as settings_adoc.xip in the 5960 dash)

this xboxdash.xbe is from the uber4920 dash (17cdc100) ???
QUOTE
then triggering the audio exploit (via the Uber4920 dash)

how is it triggered ?
how many dirrerent types of exploited ST.DB are there ?

so what will happen:
5960 dash > st.db > (<<Eggsox>>) > uber4920 > trigger? > st.db > habibi signed code

the 5960 dash must also see this st.db as valid ?
at what point does it reboot ?

#7 Ndure protagonist

Ndure protagonist

    X-S Expert

  • Members
  • PipPipPip
  • 544 posts
  • Xbox Version:v1.0
  • 360 version:none

Posted 25 September 2005 - 01:45 AM

QUOTE
this xboxdash.xbe is from the uber4920 dash (17cdc100) ???
Yes (which can also be made from 1012a700's with the patch)

QUOTE
how is it triggered ?
how many dirrerent types of exploited ST.DB are there ?
The audio exploit is triggered by pressing the button sequence below.
I know of only two "types" of exploited ST.DB; the 4920 dash (I've tried catfish's) and the HULK movie disc (rmenhal's).

QUOTE
so what will happen:
5960 dash > st.db > (<<Eggsox>>) > uber4920 > trigger? > st.db > habibi signed code
Yes (the st.db being in E:\TDATA\fffe0000\music and "trigger?" as below)

QUOTE
the 5960 dash must also see this st.db as valid ?
at what point does it reboot ?
It will (the 5960 dash's easter-egg doesn't validate the st.db).
With the st.db's I've tried, the reboot occurs as soon as you press the last button:
CODE
A (MUSIC)
Down
A (blank)
Down
A (COPY)
Right
Right
A (COPY)
A (NEW SOUNDTRACK)
A (DONE)


#8 xman954

xman954

    X-S Messiah

  • Dev/Contributor
  • PipPipPipPipPipPipPip
  • 3,028 posts
  • Location:the bottom of Tampa Bay
  • Xbox Version:v1.0
  • 360 version:v1 (xenon)

Posted 25 September 2005 - 08:29 PM

what makes the code start running from address 0 in the "hulk" st.db
from looking at it, that is what happens....

if codes is running the thing that is not known is where the Kernal table is ?

if so do you think it is possible to search for the "XePublicKeyData" the MS Key
using: [address] that has 31415352h for data, and [address+10h] must have 10001h for data...(maybe 1st, 2nd, 3rd or last instants of it)
start search at 80000000h ? (the lowest address it could be)

then calculate all the other Kernal table entrees on the fly from there ?

#9 Ndure protagonist

Ndure protagonist

    X-S Expert

  • Members
  • PipPipPip
  • 544 posts
  • Xbox Version:v1.0
  • 360 version:none

Posted 26 September 2005 - 02:44 AM

xman954, to be honest I have hardly any understanding of that ... wish I did!

I don't even know whether a 4920 dash audio exploit source might be a better baseline (than HULK's)?

It sure would be great if a generic ST.DB (which I think you're suggesting) is a possibility for Ndure though.


#10 dus

dus

    X-S Young Member

  • Members
  • Pip
  • 47 posts

Posted 26 September 2005 - 08:09 AM

QUOTE(xman954 @ Sep 25 2005, 09:40 PM)
what makes the code start running from address 0 in the "hulk" st.db
from looking at it, that is what happens....


It doesn't start at 0. The three dd:s (HEAD012) are actually very important...
I don't know much, but I believe they are used to corrupt the stack when st.db is read.

Good luck!

#11 PedrosPad

PedrosPad

    X-S Freak

  • Moderator
  • PipPipPipPipPip
  • 1,859 posts
  • Location:UK
  • Xbox Version:v1.1
  • 360 version:v1 (xenon)

Posted 26 September 2005 - 03:37 PM

QUOTE(Ndure protagonist @ Sep 25 2005, 02:56 AM)
It will (the 5960 dash's easter-egg doesn't validate the st.db).

View Post



A quote from rmenhal:
QUOTE(rmenhal @ May 24 2004, 04:51 AM)
You forgot that audio exploits don't work with post-4920 dashes

View Post


sad.gif

Edited by PedrosPad, 26 September 2005 - 04:01 PM.


#12 Ndure protagonist

Ndure protagonist

    X-S Expert

  • Members
  • PipPipPip
  • 544 posts
  • Xbox Version:v1.0
  • 360 version:none

Posted 26 September 2005 - 04:01 PM

PedrosPad, your pre-edit info. was correct, which is why UDDAE needs 5960's easter-egg capability to launch the Uber4920's skeleton, which is then audio exploited...

(Hopefully this clarifies your post-edit too.)

Edited by Ndure protagonist, 26 September 2005 - 04:03 PM.


#13 PedrosPad

PedrosPad

    X-S Freak

  • Moderator
  • PipPipPipPipPip
  • 1,859 posts
  • Location:UK
  • Xbox Version:v1.1
  • 360 version:v1 (xenon)

Posted 26 September 2005 - 04:06 PM

QUOTE(Ndure protagonist @ Sep 26 2005, 05:12 PM)
PedrosPad, your pre-edit info. was correct, which is why UDDAE needs 5960's easter-egg capability to launch the Uber4920's skeleton, which is then audio exploited...

(Hopefully this clarifies your post-edit too.)

View Post



5960 dash > (<<Eggsox>>) > Uber4920 > trigger > audio exploit(st.db) > habibi signed code.
(correction to post #7! - tongue.gif )

Edited by PedrosPad, 26 September 2005 - 04:18 PM.


#14 Ndure protagonist

Ndure protagonist

    X-S Expert

  • Members
  • PipPipPip
  • 544 posts
  • Xbox Version:v1.0
  • 360 version:none

Posted 26 September 2005 - 04:07 PM

{: Yes, as per Post#7... :}

#15 DaBiscuit

DaBiscuit

    X-S Senior Member

  • Members
  • PipPip
  • 243 posts
  • Location:Derby, England.
  • Interests:Videogames, Anime, VGM, Console modding
  • Xbox Version:v1.4

Posted 26 September 2005 - 04:19 PM

QUOTE(Ndure protagonist @ Sep 23 2005, 04:18 PM)
Ndure's fonts and retail Uber Double Dash setups seem to provide a unique Audio Exploit opportunity, that could enable a 'purely MS dash' way back to the softmod from the "full retail" (Live console compliant) dashboard!

View Post



Would you mind clarifying for me what exactly you wish to achieve? I don't entirely understand. NDURE allows a user to boot either a shadow C with retail MS dash, or a modded dash with a homebrew dash. Both work well, so what is it that this new exploit would add?

I'm not trying to be rude, I would like to understand.

Edited by DaBiscuit, 26 September 2005 - 04:19 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users