Kernel/dash Versions For Reference, Since Live Automatically Updates Options

[ryan_the_leach]

but if this "switching" was done by external hardware?

[Monoxboogie]

but if this "switching" was done by external hardware?

It doesn't matter. ARP packets are broadcast across the network, and as such, it creates a race condition if a program is able to spoof a header. Google for ARP Poisoning if you wish to understand the underlying workings of it (good), or take a cisco course (better).

[Grim187]

note acople intresting line in a games xex file

W@.XBOXKRNL

^Decrypted with hex editor

°  xam.xex
xboxkrnl.exe

^found befor a big chunck of encrypted txt

This post has been edited by Grim187: Dec 13 2005, 11:43 AM

[defnator]

and what can we do with this insteresting line?

[BCfosheezy]

and what can we do with this insteresting line?

Well basically nothing at all. There's nothing wrong with finding and sharing information though because the #1 key to manipulating anything is first knowing how it works. We really don't know very much about the 360 so any gathering of information about it brings us a step closer.... albeit much smaller than a baby step but it still brings us closer.

[PS2MXBOX]

yeah i also found that .exe "executable" line in a xex.
P.s. ive found it in multiple xex's now


now let me ask this, how did that xbox->pc->internet tunneling thing work? did you have to have a modded xbox? if not, is it possible to connect to xbox live via that process and extract incoming data and packets to your pc that way? just a thought


also, i recommend that if you have a pc and can use the iso xtracter (there is no extracter for the mac yet) to extract the xex and look at them with a hex editor. this is what ive found in some xex's

d:\xenonfre\main\core\private\tools\cert\demofixer\obj\xbox\demofixer.pdb

J:\defualt.xex\Device\CdRom0..XLNI_DASH_ARCADE…XLNI_DET_MEDIA…..OK ….OK……OK……OK…..OK…U.x….OK….Aceptar [This game does not support pal 50 please change your display setting to pal 60. To change your setting in System select Console Settings Display

MS XBOX MEDIA_DVD_LAYOUT_TOOL_SIG


This post has been edited by PS2MXBOX: Dec 14 2005, 12:47 AM

[InterestedHacker]

yeah i also found that .exe "executable" line in a xex.
P.s. ive found it in multiple xex's now
now let me ask this, how did that xbox->pc->internet tunneling thing work? did you have to have a modded xbox? if not, is it possible to connect to xbox live via that process and extract incoming data and packets to your pc that way? just a thought
also, i recommend that if you have a pc and can use the iso xtracter (there is no extracter for the mac yet) to extract the xex and look at them with a hex editor. this is what ive found in some xex's

d:\xenonfre\main\core\private\tools\cert\demofixer\obj\xbox\demofixer.pdb

J:\defualt.xex\Device\CdRom0..XLNI_DASH_ARCADE…XLNI_DET_MEDIA…..OK ….OK……OK……OK…..OK…U.x….OK….Aceptar [This game does not support pal 50 please change your display setting to pal 60. To change your setting in System select Console Settings Display

MS XBOX MEDIA_DVD_LAYOUT_TOOL_SIG

This line is particularly interesting:-

d:\xenonfre\main\core\private\tools\cert\demofixer\obj\xbox\demofixer.pdb

Now, assuming that's on the DVD Drive (D: ?) then, it looks to be refering to a certificate / certification process? Maybe someone should take a look at demofixer.pdb if they can. I wonder if it's process that adds a certificate into the system to allow the demo to run?

[Darren101]

About that live update thing.

Isn't there some sort of program, that can dump all of the data that is sent through the crossover cable?

If we could get something like that, we might be able to get a signed bios updater .xex and make our own custom bios.

From what I hear, the xbox360 can run signed .xex files from a burned cd.....

[lordvader129]

From what I hear, the xbox360 can run signed .xex files from a burned cd.....

so can xbox1, thats nothing new

the problem is the flash updater will likely fail a media check from a cd-r (it would probably be signed to run off HD only)

also the bios would likely fail a signature check, or a hash check/checksum



i seriously doubt we are gonna make a cd-r that you just pop in and it mods your 360

[Darren101]

Still, if we could get the bios/kernel, it could help us with hacking the xbox360.....


Edit: Spelling Mistakes

This post has been edited by Darren101: Dec 14 2005, 05:49 PM

[lordvader129]

Still, if we could get the bios/kernel, it could help us with hacking the xbox360.....
Edit: Spelling Mistakes

yes it would, the trouble is finding a way to load the hacked/modifed kernel, but thats why we're here, lol

[ssj4android]

About that "d:\xenonfre\main\core\private\tools\cert\demofixer\obj\xbox\demofixer.pdb":
Well, does it exist on the dvd? Also, I'm just beginning to learn how to program, and hardly know anything about compiling, but I've seen paths to source code files in compiled executables before. Why? And do you think maybe this is something like that?

[enixn]

hey i gotta question, when .xex's are signed with the private key, it only references the integrity of the .xex itself, right?...or does it also hash all the content files (that the .xex would load) too?....I dont think this would be the case though because then you have a 4+ gig game and its not gonna hash all of it. So all this means is that we cant modify the .xex without breaking the checksum.....but on the emulation profile update, there is no media check (rather its lenient) But there is only 1 file (the xex)...M$ prolly knew this so included all content into the xex itself so that it would all be checksummed. So, if we could find a signed xex that references some external file, and is signed for lenient media checks, it might be possible to get the xex to load something user created...But then they probably havent made such an xex yet. Bah, wtf i cant sleep right now and i have no idea what i'm talking about

This post has been edited by enixn: Dec 23 2005, 08:44 AM

[shakaru]

hey i gotta question, when .xex's are signed with the private key, it only references the integrity of the .xex itself, right?...or does it also hash all the content files (that the .xex would load) too?....I dont think this would be the case though because then you have a 4+ gig game and its not gonna hash all of it. So all this means is that we cant modify the .xex without breaking the checksum.....but on the emulation profile update, there is no media check (rather its lenient) But there is only 1 file (the xex)...M$ prolly knew this so included all content into the xex itself so that it would all be checksummed. So, if we could find a signed xex that references some external file, and is signed for lenient media checks, it might be possible to get the xex to load something user created...But then they probably havent made such an xex yet. Bah, wtf i cant sleep right now and i have no idea what i'm talking about

Well, (depending on what encryption is used) it should be done in two parts. Digital Signiture, and hashing. Xbox used a combination of SHA1 for hashing and RSA1024 for its digital signiture. If the contents of a file have been altered, the SHA1 check fails. The RSA check is to make sure its real aproved code its self.

[lordvader129]

hey i gotta question, when .xex's are signed with the private key, it only references the integrity of the .xex itself, right?...or does it also hash all the content files (that the .xex would load) too?....I dont think this would be the case though because then you have a 4+ gig game and its not gonna hash all of it. So all this means is that we cant modify the .xex without breaking the checksum.....but on the emulation profile update, there is no media check (rather its lenient) But there is only 1 file (the xex)...M$ prolly knew this so included all content into the xex itself so that it would all be checksummed. So, if we could find a signed xex that references some external file, and is signed for lenient media checks, it might be possible to get the xex to load something user created...But then they probably havent made such an xex yet. Bah, wtf i cant sleep right now and i have no idea what i'm talking about

well think about it, as you said MS was very careful to make sure the emualtor update was entirely within one xex, so we cant use it for hacking, you think they are just gonna give us another xex that we can use?

but yeah, if they did we might be able to use it, however MS has been uber-careful when letting xbes out without media checks (xbox Live arcade didnt help us any either)