Jump to content


Photo

Could One Intentionally Burn An Efuse?


  • Please log in to reply
11 replies to this topic

#1 mrkleen340

mrkleen340

    X-S Enthusiast

  • Members
  • 3 posts
  • Interests:Programming, Modding, and anything fun.
  • Xbox Version:v1.4
  • 360 version:v1 (xenon)

Posted 23 July 2011 - 01:27 AM

Is it possible to burn the eFuses holding the CPU key? If we were to burn all of them we would then know what the CPU key was without xell and if we had a decrypted nand couldn't we now use this key and write that nand to the console after getting the DVD key by other means? In theory we could uncripple a whole bunch of consoles or mismatched dvd/mobo (for offline play of course)

#2 kkdd

kkdd

    X-S Member

  • Members
  • Pip
  • 103 posts
  • Location:London, UK
  • Xbox Version:v1.3
  • 360 version:v4.0 (jasper)

Posted 23 July 2011 - 12:32 PM

You want to protect efuses, and not burn them. With post-7371 consoles they're already burnt so no-go.

#3 mrkleen340

mrkleen340

    X-S Enthusiast

  • Members
  • 3 posts
  • Interests:Programming, Modding, and anything fun.
  • Xbox Version:v1.4
  • 360 version:v1 (xenon)

Posted 23 July 2011 - 04:29 PM

For the most part I would agree with you, but if you target only the fuses holding the CPU key you could (in theory) manually set your key to all F then alter a donor nand to work with this key? This would obviously only be for consoles where CPU key recovery is impossible.

#4 No_Name

No_Name

    X-S Freak

  • Members
  • PipPipPipPipPip
  • 1,154 posts

Posted 23 July 2011 - 04:59 PM

There is more than likley checks to check that a CPU key is valid before allowing the system to boot to prevent this type of hack.

Also you run the risk of burning the wrong fuse lines and rather than compromising the system locking the console down even further.

#5 JJTag83

JJTag83

    X-S Enthusiast

  • Members
  • 4 posts

Posted 08 August 2011 - 09:08 PM

QUOTE(No_Name @ Jul 23 2011, 04:59 PM) View Post

There is more than likley checks to check that a CPU key is valid before allowing the system to boot to prevent this type of hack.

What if burn part of them like 31 of 32?
And then try to guess last one? 256 NAND writes.
If last byte is already FF and FF...FF blocked in 1BL then console bricks.
Or new 2BL doesn't allow JTAG anyway?

#6 No_Name

No_Name

    X-S Freak

  • Members
  • PipPipPipPipPip
  • 1,154 posts

Posted 08 August 2011 - 09:45 PM

You still will be burning blind and will end up having a brick for a console.

The CPU is locked down tight, its a fortress within a fortress.

Forget the fuses and instead look for holes in the hypervision as its the only logical way to get the right level of access to run unsigned code, but good luck with that..
Its also a fortress which to date has only had one small chink in the armor.

#7 JJTag83

JJTag83

    X-S Enthusiast

  • Members
  • 4 posts

Posted 09 August 2011 - 07:16 PM

QUOTE(No_Name @ Aug 8 2011, 09:45 PM) View Post

You still will be burning blind

What if send command via pins on CPU to blow fuse and then somehow check use of R6T3 but do not allow voltage come through this resistor?

If voltage used only in case of fuse blow then we can determine fuse state without blowing it.
Of cause it's a long shot and may be totally stupid.

Prerequisites:
1. Can blow fuse through pins on CPU.
2. Voltage from R6T3 used only in case of blow of un-blown eFuse, but not in case of blow blown eFuse.

#8 No_Name

No_Name

    X-S Freak

  • Members
  • PipPipPipPipPip
  • 1,154 posts

Posted 09 August 2011 - 11:47 PM

Honestly.. I am not sure if you can blow a fuse through the pains, but you still are blowing blind.

You wont know what fuse gets blown as you have no control over the process and could fry the CPU instead of blowing a fuse.

Seriously, this is newbie type questions and no suited for this forum.

Like I said the CPU is a fortress, the EFuse system is very very secure and its pointless attacking them as you will do more damage rather than find an exploit.

#9 JJTag83

JJTag83

    X-S Enthusiast

  • Members
  • 4 posts

Posted 29 August 2011 - 10:59 AM

QUOTE(No_Name @ Aug 9 2011, 11:47 PM) View Post

Like I said the CPU is a fortress

Fortress, huh? Reset glitch hack! biggrin.gif

#10 No_Name

No_Name

    X-S Freak

  • Members
  • PipPipPipPipPip
  • 1,154 posts

Posted 29 August 2011 - 08:25 PM

QUOTE(JJTag83 @ Aug 29 2011, 02:59 AM) View Post

Fortress, huh? Reset glitch hack! biggrin.gif

*Rolls eyes* Context FTW there.

Read the whole sentence I posted, here it is again

QUOTE
Like I said the CPU is a fortress, the EFuse system is very very secure and its pointless attacking them as you will do more damage rather than find an exploit.


#11 ichigo1234

ichigo1234

    X-S Enthusiast

  • Members
  • 25 posts
  • Xbox Version:unk
  • 360 version:unknown

Posted 20 September 2011 - 09:50 PM

Simple answer no lolol.

Long answer Reset Glitch.

#12 clt42

clt42

    X-S Enthusiast

  • Members
  • 5 posts
  • Interests:XeDK's <3
  • Xbox Version:unk
  • 360 version:v1 (xenon)

Posted 26 January 2013 - 06:43 AM

QUOTE(No_Name @ Aug 9 2011, 03:47 PM) View Post

Honestly.. I am not sure if you can blow a fuse through the pains, but you still are blowing blind.

You wont know what fuse gets blown as you have no control over the process and could fry the CPU instead of blowing a fuse.

Seriously, this is newbie type questions and no suited for this forum.

Like I said the CPU is a fortress, the EFuse system is very very secure and its pointless attacking them as you will do more damage rather than find an exploit.

Time to find a leaking function in the hv lol




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users