Ndure Installer For Pc, ndure-complete Options

[kingroach]

no.. yourr setup is good.. shadowc runs in modded state but in real C:\ there is MS dash files, when you start with eject button, it runs in unmodded state and loads MS dash... and they run separate of any exploit so that you can connect to xbox live..

[Takenover83]

Then what is the purpose of shadowc if it is not being used? Im guessing somehow the exploting files are hidden when booted with eject trick? They are still present when hitting eject, correct? It seems if MS wanted they could scan C and find the exploited files.

I thought I was safe because it would be loading a completly clean retail dash from the virtual C-parition, but I guess this is not the case, sence the retail dash is still loading up with nothing on the shadowc...

Ahhh I guess there is some tecnical mumboo jumbo that I am sadly overlooking. Im sure it's been tested by many already safely(no bans) and im just getting worried for no reason.

This post has been edited by Takenover83: Dec 29 2005, 05:59 AM

[kingroach]

virtual C was created when some DVD movie updated xbox and messed up peoples softmods and few multigame dvd's refused to boot.. That was before Ndure was discovered.. so now there is not any groundbraking use of shadowc.. now its used for filling up C drive ( so updates cannt occur) and save C drive incase anything happens.. anyway the modded files are still in C rdive so technically MS could scan the C drive but the dash itself doesnt use any modded files and no one was ever banned from XBL with softmods..

[kingroach]

I uploaded a new build of Ndure installer 3.0.. Now xonlinedash.xbe chooser is intigrated into Nkpatcher.. normally it will boot xboxdash.. if booting of xonlinedash.xbe is needed for account management.. just put boot1.bin in xboxdashdata.185ead00 folder and nkpatcher will boot xonlinedash.xbe..

[krizalid]

I uploaded a new build of Ndure installer 3.0.. Now xonlinedash.xbe chooser is intigrated into Nkpatcher.. normally it will boot xboxdash.. if booting of xonlinedash.xbe is needed for account management.. just put boot1.bin in xboxdashdata.185ead00 folder and nkpatcher will boot xonlinedash.xbe..

I like your work, and i've noticed lots of knowledge comming from you.

1st question.......... your boot1.bin is nothing but a dummy file, what or how did you get the info so you have this in this specific directory to be at to avoid the freeze???

Also, is the xonlinedash.xbe from the 5960 dash, and doesn't the Xbox.xtf in xodash interfier, since all xonlinedash.xbe that's i've hex-studied loads Xbox.xtf from xodash, and fonts folder.

I'm clueless in how you get this to work.

Once again, I downloaded Ndure 3.0 *haven't tested*, and i'm looking at so much improvent over the 2.1 version, and I'm a enthusiast and I like to learn as much as I can.

Thx.

[kingroach]

1. There is no freeze.. Its all in Nkpatcher.. I modified Nkpatcher with soe codes from xman495.. When tray boot is enabled, Nkpatcher does some checks. At this stage, Nkpatcher will look for a specific file "boot1.bin" in xboxdashdata.185ead00 folder.. The path is hard coded into nkpatcher ( you can hex edit and change the path).. the check goes like this:

if C:\xboxdashdata.185ead00\boot1.bin file is present then boot x2onlinedash.xbe with -habibi key
else, boot C:\xodash.xbe with ms key patch back.

however this wasnt my initial plan.. if you looked at some previous test build.. the check was done in a seperate .xbe but intigrating that check code in nkpatcher is much simple and easier to use.

2. xonlinedash.xbe is from 5960 dash.. nomally xodash font check goes like this:

C:\xodash\
C:\fonts
C:\

I just changed the first font check value from C:\xodash\ to C:\fonts\ ( check the Fuckms thread for more info).. also xonlinedash.xbe checks for retail dash in C:\xboxdash.xbe , I changed the value to C:\xb0xdash\.. All of these can be done with hex editing..Then I useed FuckMS patch so that it would boot from -habibi key.. This modified xonlinedash.xbe is renmed as x2onlinedash.xbe and xonlinedash.xbe in C:\xodash\ folder is replaced with 5960 xboxdash.xbe . This way when you are in retail dash, if you try to go to xbox live menu , xbox wont hang ( Because real xonlinedash.xbe checks for 5960 dash in C:\xboxdash.xbe while xboxdash.xbe doesnt so it would just relaunch the MS dash.


hope this answers your question.. or feel free to ask more and give some suggestion after checking it out..

This post has been edited by kingroach: Jan 2 2006, 04:22 AM

[Ndure protagonist]

{; Kingroach: for UDDAE the 12 MB filler1.img in flr.rar is too big; 9.25 MB (9,699,328 bytes) is perfect... ;}

Thanks for fixing that (@Dec.15) kingroach; it can now be used by 2.1 users (and others) to install UDDAE:
http://forums.xbox-scene.com/index.php?act...dpost&p=3123957

kingroach, I was preparing and testing a follow-on post, explaining how non-3.0 Ndure users can also use its UDDAE files to launch the online dash/console from the open tray (retail) state.

However, I noticed you've changed the flr.rar to be fludd.rar (@Dec.29) and it doesn't contain 9.25 MB again! It's contents are less now and consequently leave too much free space in C (re. the linked post's usage) ... have you changed it to be like that for a different purpose?


{? Re. boot1.bin ... maybe a more meaningfully named file in E would be better (like nkp11 uses for switching off the virtual C and EEPROM) so it can be toggled without needing to access the real C ?}

[kingroach]

sorry for late reply.. if you do the UDDAE installation with "ndts" th eresult is 496 MB C.. but over Ndure 2.1 installation, the UDDAE will result in 491MB.. But if I use 9.6MB filler then Ndure 3.0 installation becomes too large.. its some uneasy dilemma..

[krizalid]

Thx alot kingroach, I kinda did think about fixing the xonlindash.xbe to try to change the name of \xodash\Xbox.xtf to something else mb, but never really tried. Well here's some stuff i've been thinkin about but they might not work at all.

* means some possibilities but failed.

*1.- try to exploit the files inside \media\ folder used by the ndure boot, i actually got it to error 21, that kinda tells me it could be possible in a certain way, and that way we don't depend on fonts, but rather other files that loads into the dash.

*2.- fuckMS msdash.xbe when booting retail, but i can't load xonlinedash.xbe retail nor patched.

3.- my last attemp i'm gonna go try.

use update.xbe from UXE to load fonts bert-something.xtf and ernie.xtf to load the softmod, while keeping the other msdash.xbe and xonlinedash.xbe retail and unmodded, and this could be a possible way to load the fonts correctly and have full use of the ms dashboard.

xboxdash.xbe (update from nfl)>fonts\ernie.xtf/bert-kernel or ge.xtf>dual boot etc.

if open tray>msdash.xbe (retail xboxdash.xbe 5960)>fonts\Xbox.xtf/Xbox Book.xtf=fully retail and compatible with the hash checks on the xonlinedash.xbe and vice versa.

*crosses fingers*

[krayzie]

Thx alot kingroach, I kinda did think about fixing the xonlindash.xbe to try to change the name of \xodash\Xbox.xtf to something else mb, but never really tried. Well here's some stuff i've been thinkin about but they might not work at all.

* means some possibilities but failed.

*1.- try to exploit the files inside \media\ folder used by the ndure boot, i actually got it to error 21, that kinda tells me it could be possible in a certain way, and that way we don't depend on fonts, but rather other files that loads into the dash.

*2.- fuckMS msdash.xbe when booting retail, but i can't load xonlinedash.xbe retail nor patched.

3.- my last attemp i'm gonna go try.

use update.xbe from UXE to load fonts bert-something.xtf and ernie.xtf to load the softmod, while keeping the other msdash.xbe and xonlinedash.xbe retail and unmodded, and this could be a possible way to load the fonts correctly and have full use of the ms dashboard.

xboxdash.xbe (update from nfl)>fonts\ernie.xtf/bert-kernel or ge.xtf>dual boot etc.

if open tray>msdash.xbe (retail xboxdash.xbe 5960)>fonts\Xbox.xtf/Xbox Book.xtf=fully retail and compatible with the hash checks on the xonlinedash.xbe and vice versa.

*crosses fingers*

1: very unlikely. it's still a font exploit. other files have been checked..

2: yes that's true

3: when keeping hacked fonts in C:\fonts how do you wanna load msdash? also xonlinedash.xbe needs a retail 5960 C:\xboxdash.xbe (checksum)

[krizalid]

xboxdash.xbe checksum, is that in the loaded memory or the file it self.

Oh, and i think i might of found something that might come in handy to someone that can make a valid expoit.

using Ndure's xboxdash.xbe and media folder, i noticed that if you mess with the file called \media\content\japanesse\ximejpm.dic the xbox will either freeze, or try to load something.

I've tried 2 ways so far, renaming erinie.xtf to this file and replacing, booted to error 21, but it might be that somebody more skilled can find a way to exploit the file ximejpm.dic, i also tried xbox.xtf named to this file, and leads to just a freeze.

Migh be valuable info, who knows???

[krayzie]

the file itself. that's why you have to edit the xboxdash.xbe path in xonlinedash.xbe (and the fonts path) in order to launch it.
And it would be nice if we found another exploit. you can look at what files are called by an xbe using an app called apilogger made by pedrospad. I wouldn't set my hopes on it though. you can probablt crash the xbox in many ways but only few are vulnerable.

[kingroach]

If I remember correctly, you can also load certain named .xmv files with ndure ( xonlinedash.xbe).. The info is somewhere in main ndure thread..

3. you can never launch xonlinedash.xbe with any combination.. other than hash xonlinedash.xbe also checks the signature version of C:\xboxdash.xbe and both UXE and Ndure exploit has signature version 17cdc100 while xonlinedash.xbe (5960) has signature version 185ead00.. now you could possibly insert XONLINE library from ndure.xbe to xonlinedash.xbe (5960) but I havnt been able to do so.. and I dont knwo any tool that can extract/insert library into an .xbe.. I think you can do it with hexedit ( I have seen someone did in developer forum).. still I dont know how much you can gain from it..

[krizalid]

This is what I mean about this file, cause it seems to do something with the kernel.



I'm not much of a hacker, but I"m sure you can do something.

Like I said, mb it's the way we have to set the file, not as a font, cause I got it to error 21, that means it at least tried to find the .xbe in it's target, mb new signature is needed I don't know.

Hopes this comes to good use.

[kingroach]

The two files seems to be japanese character support for xbox.. The two files are XIME file after some research it seems to be xbxo version of Pocket IME ( Input method editor).. from MSDN:

MS® Windows® CE .NET supports the Japanese Pocket Input Method Editor (IME) version 2.0. An IME is a program that allows users to enter complex characters and symbols, such as Japanese Kanji characters, by using a standard keyboard. Pocket IME is a small-size IME that can support embedded systems without keyboards that have small screens and a minimum memory footprint.

this three links might be helpful:

http://msdn.MS.com/library/default...._Pocket_IME.asp

http://msdn.MS.com/library/default...._windows_ce.asp

replace MS with MS..

http://msdn.MS.com/library/default...._code_files.asp


apparantly the source code for pocket ime comes with windows CE.. now I dont have any special expertise on windows ce ( other than few failed attempt to make a customize windows ce for my computer )..


so if pocket ime have any flaw in it, which it should considering its a MS product you could certainly exploit these two files..

This post has been edited by kingroach: Jan 5 2006, 01:00 AM