Wanted... "rmenhal-like" Skills For Development Of, UDDAE (Uber Double Dash Audio Exploit) Options

[Ndure protagonist]

Ndure's fonts and retail Uber Double Dash setups seem to provide a unique Audio Exploit opportunity, that could enable a 'purely MS dash' way back to the softmod from the "full retail" (Live console compliant) dashboard!

On 5713 & 5838 kernels, that's currently only possible using SCEEE and MAEEE, which is far from ideal. Additionally, UDDAE wouldn't suffer from reset-on-eject...

It requires a suitably exploited ST.DB file plus the xboxdash.xbe and six XIP* files from the UberDash (or SlaYers 2.5's 4920, the XBE via a patch**).

The ST.DB's the challenge... since UDDAE's triggered first by easter-egging the xboxdash.xbe (as settings_adoc.xip in the 5960 dash) then triggering the audio exploit (via the Uber4920 dash) the memory layout isn't what the existing ST.DB was coded for,I presume, as the Xbox reboots.

Anyone interested in attempting to get it working (maybe by re-coding rmenhal's hulkstdb.asm***) and/or have any questions/comments?


* default, keyboard, mainmenu5, music_copy3, music_playedit2 and music2 (place in xboxdashdata.17cdc100).

** http://forums.xbox-scene.com/index.php?act...dpost&p=2351379 (place in xboxdashdata.185ead00).

*** http://forums.xbox-scene.com/index.php?act...dpost&p=1849661 (HULK audio exploit; suitable baseline?)

Edit: This pertains to the Ndure fonts setup too...

This post has been edited by Ndure protagonist: Sep 23 2005, 04:15 PM

[Textbook]

If this happens, which it probably will, will you have to change your name to UDDAE protagonist? I don't know anything about the whole development side of anything, I just know how to use the softmods, but this sounds like great news as I was a fan of SCEEE and even wrote a tutorial on it. Good luck with your next project, mr. UDDAE protagonist.

[Ndure protagonist]

Addendum:

Re. the xboxdash.xbe being placed in xboxdashdata.185ead00: it needs to be named as settings_adoc.xip in there.

Re. the .xip's being placed in xboxdashdata.17cdc100: there will consequently be two xboxdashdata.{version#} directories; my tests found this one isn't affected by dashupdate.xbe runs.


{: Textbook, in not so many words (tee-hee) it was previously introduced re. "UD-eh!" :}

[kingroach]

I never did any audio things.. whats the button sequence for activating settings_adoc..

[krayzie]

to trigger the easter egg (settings_adoc.xip):

This works best when you already have a soundtrack copied to your HD using the msdash.
Select music, the soundtrack you copied over, copy, copy, new soundtrack, and put in the following as name. This must be
exactly like this: <<Eggsßox>> ,Done (the <<>> are under symbols and the ß is under accents. Also note the capital E)

[xman954]

since UDDAE's triggered first by easter-egging the xboxdash.xbe
(as settings_adoc.xip in the 5960 dash)

this xboxdash.xbe is from the uber4920 dash (17cdc100) ???

then triggering the audio exploit (via the Uber4920 dash)

how is it triggered ?
how many dirrerent types of exploited ST.DB are there ?

so what will happen:
5960 dash > st.db > (<<Eggsßox>>) > uber4920 > trigger? > st.db > habibi signed code

the 5960 dash must also see this st.db as valid ?
at what point does it reboot ?

[Ndure protagonist]

this xboxdash.xbe is from the uber4920 dash (17cdc100) ???

Yes (which can also be made from 1012a700's with the patch)

how is it triggered ?
how many dirrerent types of exploited ST.DB are there ?

The audio exploit is triggered by pressing the button sequence below.
I know of only two "types" of exploited ST.DB; the 4920 dash (I've tried catfish's) and the HULK movie disc (rmenhal's).

so what will happen:
5960 dash > st.db > (<<Eggsßox>>) > uber4920 > trigger? > st.db > habibi signed code

Yes (the st.db being in E:\TDATA\fffe0000\music and "trigger?" as below)

the 5960 dash must also see this st.db as valid ?
at what point does it reboot ?

It will (the 5960 dash's easter-egg doesn't validate the st.db).
With the st.db's I've tried, the reboot occurs as soon as you press the last button:

CODE

A (MUSIC)
Down
A (blank)
Down
A (COPY)
Right
Right
A (COPY)
A (NEW SOUNDTRACK)
A (DONE)

[xman954]

what makes the code start running from address 0 in the "hulk" st.db
from looking at it, that is what happens....

if codes is running the thing that is not known is where the Kernal table is ?

if so do you think it is possible to search for the "XePublicKeyData" the MS Key
using: [address] that has 31415352h for data, and [address+10h] must have 10001h for data...(maybe 1st, 2nd, 3rd or last instants of it)
start search at 80000000h ? (the lowest address it could be)

then calculate all the other Kernal table entrees on the fly from there ?

[Ndure protagonist]

xman954, to be honest I have hardly any understanding of that ... wish I did!

I don't even know whether a 4920 dash audio exploit source might be a better baseline (than HULK's)?

It sure would be great if a generic ST.DB (which I think you're suggesting) is a possibility for Ndure though.

[dus]

what makes the code start running from address 0 in the "hulk" st.db
from looking at it, that is what happens....

It doesn't start at 0. The three dd:s (HEAD012) are actually very important...
I don't know much, but I believe they are used to corrupt the stack when st.db is read.

Good luck!

[PedrosPad]

It will (the 5960 dash's easter-egg doesn't validate the st.db).

A quote from rmenhal:

You forgot that audio exploits don't work with post-4920 dashes

This post has been edited by PedrosPad: Sep 26 2005, 04:01 PM

[Ndure protagonist]

PedrosPad, your pre-edit info. was correct, which is why UDDAE needs 5960's easter-egg capability to launch the Uber4920's skeleton, which is then audio exploited...

(Hopefully this clarifies your post-edit too.)

This post has been edited by Ndure protagonist: Sep 26 2005, 04:03 PM

[PedrosPad]

PedrosPad, your pre-edit info. was correct, which is why UDDAE needs 5960's easter-egg capability to launch the Uber4920's skeleton, which is then audio exploited...

(Hopefully this clarifies your post-edit too.)

5960 dash > (<<Eggsßox>>) > Uber4920 > trigger > audio exploit(st.db) > habibi signed code.
(correction to post #7! - )

This post has been edited by PedrosPad: Sep 26 2005, 04:18 PM

[Ndure protagonist]

{: Yes, as per Post#7... :}

[DaBiscuit]

Ndure's fonts and retail Uber Double Dash setups seem to provide a unique Audio Exploit opportunity, that could enable a 'purely MS dash' way back to the softmod from the "full retail" (Live console compliant) dashboard!

Would you mind clarifying for me what exactly you wish to achieve? I don't entirely understand. NDURE allows a user to boot either a shadow C with retail MS dash, or a modded dash with a homebrew dash. Both work well, so what is it that this new exploit would add?

I'm not trying to be rude, I would like to understand.

This post has been edited by DaBiscuit: Sep 26 2005, 04:19 PM