Jump to content


Photo

Kernel/dash Versions For Reference


  • Please log in to reply
54 replies to this topic

#31 ryan_the_leach

ryan_the_leach

    X-S Member

  • Members
  • Pip
  • 114 posts
  • Xbox Version:v1.6b

Posted 05 December 2005 - 08:57 AM

but if this "switching" was done by external hardware?

#32 Monoxboogie

Monoxboogie

    X-S Young Member

  • Members
  • Pip
  • 49 posts

Posted 05 December 2005 - 08:31 PM

QUOTE(ryan_the_leach @ Dec 5 2005, 09:04 AM) View Post

but if this "switching" was done by external hardware?


It doesn't matter. ARP packets are broadcast across the network, and as such, it creates a race condition if a program is able to spoof a header. Google for ARP Poisoning if you wish to understand the underlying workings of it (good), or take a cisco course (better).

#33 Grim187

Grim187

    X-S Freak

  • Head Moderators
  • PipPipPipPipPip
  • 1,663 posts
  • Gender:Male
  • Location:Yakima, Washington, USA
  • Xbox Version:v1.0
  • 360 version:v4.0 (jasper)

Posted 13 December 2005 - 11:38 AM

note acople intresting line in a games xex file

QUOTE

W@.XBOXKRNL

^Decrypted with hex editor
QUOTE

°  xam.xex
xboxkrnl.exe

^found befor a big chunck of encrypted txt

Edited by Grim187, 13 December 2005 - 11:43 AM.


#34 defnator

defnator

    X-S Enthusiast

  • Members
  • 11 posts

Posted 13 December 2005 - 04:39 PM

and what can we do with this insteresting line?



#35 BCfosheezy

BCfosheezy

    X-S Freak

  • XS-BANNED
  • PipPipPipPipPip
  • 1,668 posts
  • Location:Southern Illinois
  • Xbox Version:v1.0
  • 360 version:v1 (xenon)

Posted 13 December 2005 - 04:44 PM

QUOTE(defnator @ Dec 13 2005, 09:46 AM) View Post

and what can we do with this insteresting line?


Well basically nothing at all. There's nothing wrong with finding and sharing information though because the #1 key to manipulating anything is first knowing how it works. We really don't know very much about the 360 so any gathering of information about it brings us a step closer.... albeit much smaller than a baby step but it still brings us closer.

#36 PS2MXBOX

PS2MXBOX

    X-S Young Member

  • Members
  • Pip
  • 36 posts

Posted 14 December 2005 - 12:06 AM

yeah i also found that .exe "executable" line in a xex.
P.s. ive found it in multiple xex's now


now let me ask this, how did that xbox->pc->internet tunneling thing work? did you have to have a modded xbox? if not, is it possible to connect to xbox live via that process and extract incoming data and packets to your pc that way? just a thought


also, i recommend that if you have a pc and can use the iso xtracter (there is no extracter for the mac yet) to extract the xex and look at them with a hex editor. this is what ive found in some xex's

d:\xenonfre\main\core\private\tools\cert\demofixer\obj\xbox\demofixer.pdb

J:\defualt.xex\Device\CdRom0..XLNI_DASH_ARCADE…XLNI_DET_MEDIA…..OK ….OK……OK……OK…..OK…U.x….OK….Aceptar [This game does not support pal 50 please change your display setting to pal 60. To change your setting in System select Console Settings Display

MS XBOX MEDIA_DVD_LAYOUT_TOOL_SIG

Edited by PS2MXBOX, 14 December 2005 - 12:47 AM.


#37 InterestedHacker

InterestedHacker

    X-S Member

  • Members
  • Pip
  • 95 posts

Posted 14 December 2005 - 02:50 PM

QUOTE(PS2MXBOX @ Dec 14 2005, 01:13 AM) View Post

yeah i also found that .exe "executable" line in a xex.
P.s. ive found it in multiple xex's now
now let me ask this, how did that xbox->pc->internet tunneling thing work? did you have to have a modded xbox? if not, is it possible to connect to xbox live via that process and extract incoming data and packets to your pc that way? just a thought
also, i recommend that if you have a pc and can use the iso xtracter (there is no extracter for the mac yet) to extract the xex and look at them with a hex editor. this is what ive found in some xex's

d:\xenonfre\main\core\private\tools\cert\demofixer\obj\xbox\demofixer.pdb

J:\defualt.xex\Device\CdRom0..XLNI_DASH_ARCADE…XLNI_DET_MEDIA…..OK ….OK……OK……OK…..OK…U.x….OK….Aceptar [This game does not support pal 50 please change your display setting to pal 60. To change your setting in System select Console Settings Display

MS XBOX MEDIA_DVD_LAYOUT_TOOL_SIG


This line is particularly interesting:-

d:\xenonfre\main\core\private\tools\cert\demofixer\obj\xbox\demofixer.pdb

Now, assuming that's on the DVD Drive (D: ?) then, it looks to be refering to a certificate / certification process? Maybe someone should take a look at demofixer.pdb if they can. I wonder if it's process that adds a certificate into the system to allow the demo to run?

#38 Darren101

Darren101

    X-S Enthusiast

  • Members
  • 22 posts
  • Xbox Version:v1.5
  • 360 version:unknown

Posted 14 December 2005 - 04:47 PM

About that live update thing.

Isn't there some sort of program, that can dump all of the data that is sent through the crossover cable?

If we could get something like that, we might be able to get a signed bios updater .xex and make our own custom bios.

From what I hear, the xbox360 can run signed .xex files from a burned cd.....

#39 lordvader129

lordvader129

    He Who Posts Alot...

  • Head Moderators
  • PipPipPipPipPipPipPipPipPipPipPipPipPipPipPip
  • 17,752 posts
  • Gender:Male
  • Location:Chicago, USA
  • Xbox Version:v1.1
  • 360 version:v5.0 (360S - trinity)

Posted 14 December 2005 - 05:27 PM

QUOTE(Darren101 @ Dec 14 2005, 09:54 AM) View Post

From what I hear, the xbox360 can run signed .xex files from a burned cd.....

so can xbox1, thats nothing new

the problem is the flash updater will likely fail a media check from a cd-r (it would probably be signed to run off HD only)

also the bios would likely fail a signature check, or a hash check/checksum



i seriously doubt we are gonna make a cd-r that you just pop in and it mods your 360

#40 Darren101

Darren101

    X-S Enthusiast

  • Members
  • 22 posts
  • Xbox Version:v1.5
  • 360 version:unknown

Posted 14 December 2005 - 05:45 PM

Still, if we could get the bios/kernel, it could help us with hacking the xbox360.....


Edit: Spelling Mistakes tongue.gif

Edited by Darren101, 14 December 2005 - 05:49 PM.


#41 lordvader129

lordvader129

    He Who Posts Alot...

  • Head Moderators
  • PipPipPipPipPipPipPipPipPipPipPipPipPipPipPip
  • 17,752 posts
  • Gender:Male
  • Location:Chicago, USA
  • Xbox Version:v1.1
  • 360 version:v5.0 (360S - trinity)

Posted 14 December 2005 - 09:32 PM

QUOTE(Darren101 @ Dec 14 2005, 10:52 AM) View Post

Still, if we could get the bios/kernel, it could help us with hacking the xbox360.....
Edit: Spelling Mistakes tongue.gif

yes it would, the trouble is finding a way to load the hacked/modifed kernel, but thats why we're here, lol

#42 ssj4android

ssj4android

    X-S X-perience

  • Members
  • PipPip
  • 371 posts
  • Xbox Version:v1.0
  • 360 version:none

Posted 22 December 2005 - 03:43 AM

About that "d:\xenonfre\main\core\private\tools\cert\demofixer\obj\xbox\demofixer.pdb":
Well, does it exist on the dvd? Also, I'm just beginning to learn how to program, and hardly know anything about compiling, but I've seen paths to source code files in compiled executables before. Why? And do you think maybe this is something like that?

#43 enixn

enixn

    X-S Senior Member

  • Members
  • PipPip
  • 152 posts
  • Xbox Version:v1.0
  • 360 version:unknown

Posted 23 December 2005 - 08:43 AM

hey i gotta question, when .xex's are signed with the private key, it only references the integrity of the .xex itself, right?...or does it also hash all the content files (that the .xex would load) too?....I dont think this would be the case though because then you have a 4+ gig game and its not gonna hash all of it. So all this means is that we cant modify the .xex without breaking the checksum.....but on the emulation profile update, there is no media check (rather its lenient) But there is only 1 file (the xex)...M$ prolly knew this so included all content into the xex itself so that it would all be checksummed. So, if we could find a signed xex that references some external file, and is signed for lenient media checks, it might be possible to get the xex to load something user created...But then they probably havent made such an xex yet. Bah, wtf i cant sleep right now and i have no idea what i'm talking about sleeping.gif sleeping.gif

Edited by enixn, 23 December 2005 - 08:44 AM.


#44 shakaru

shakaru

    X-S X-perience

  • Members
  • PipPip
  • 355 posts
  • Xbox Version:v1.6
  • 360 version:v1 (xenon)

Posted 23 December 2005 - 09:07 AM

QUOTE(enixn @ Dec 23 2005, 08:50 AM) View Post

hey i gotta question, when .xex's are signed with the private key, it only references the integrity of the .xex itself, right?...or does it also hash all the content files (that the .xex would load) too?....I dont think this would be the case though because then you have a 4+ gig game and its not gonna hash all of it. So all this means is that we cant modify the .xex without breaking the checksum.....but on the emulation profile update, there is no media check (rather its lenient) But there is only 1 file (the xex)...M$ prolly knew this so included all content into the xex itself so that it would all be checksummed. So, if we could find a signed xex that references some external file, and is signed for lenient media checks, it might be possible to get the xex to load something user created...But then they probably havent made such an xex yet. Bah, wtf i cant sleep right now and i have no idea what i'm talking about sleeping.gif sleeping.gif


Well, (depending on what encryption is used) it should be done in two parts. Digital Signiture, and hashing. Xbox used a combination of SHA1 for hashing and RSA1024 for its digital signiture. If the contents of a file have been altered, the SHA1 check fails. The RSA check is to make sure its real aproved code its self.



#45 lordvader129

lordvader129

    He Who Posts Alot...

  • Head Moderators
  • PipPipPipPipPipPipPipPipPipPipPipPipPipPipPip
  • 17,752 posts
  • Gender:Male
  • Location:Chicago, USA
  • Xbox Version:v1.1
  • 360 version:v5.0 (360S - trinity)

Posted 23 December 2005 - 04:47 PM

QUOTE(enixn @ Dec 23 2005, 01:50 AM) View Post

hey i gotta question, when .xex's are signed with the private key, it only references the integrity of the .xex itself, right?...or does it also hash all the content files (that the .xex would load) too?....I dont think this would be the case though because then you have a 4+ gig game and its not gonna hash all of it. So all this means is that we cant modify the .xex without breaking the checksum.....but on the emulation profile update, there is no media check (rather its lenient) But there is only 1 file (the xex)...M$ prolly knew this so included all content into the xex itself so that it would all be checksummed. So, if we could find a signed xex that references some external file, and is signed for lenient media checks, it might be possible to get the xex to load something user created...But then they probably havent made such an xex yet. Bah, wtf i cant sleep right now and i have no idea what i'm talking about sleeping.gif sleeping.gif

well think about it, as you said MS was very careful to make sure the emualtor update was entirely within one xex, so we cant use it for hacking, you think they are just gonna give us another xex that we can use?

but yeah, if they did we might be able to use it, however MS has been uber-careful when letting xbes out without media checks (xbox Live arcade didnt help us any either)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users