Timing Attack Tested Succesfully: Downgrade from any Kernel without CP Options

[Xbox-Scene]

Timing Attack Tested Succesfully: Downgrade from any Kernel without CPU-Key Posted by XanTium | August 23 01:40 EST | News Category: Xbox360

Robinsod managed to successfully boot his Xbox360 with one flashed eFuse with kernel 1888 using the timing attack we talked about some weeks ago. It's not something everyone out there can do yet, but as more information gets released (it's an open source project :)) and things get optimized and developed further it might open homebrew and linux for the Xbox360 on a much larger scale soon. Of course once your 360 is back to an (older) vulnerable kernel (4532,4548), you won't be able to go on LIVE anymore (it only accepts the latest kernel (5766 atm)) ... but a dual kernel system is a possibility (using a xD memory card even). From Robinsod on XBH: [QUOTE] Done it! My bricked box - one blown eFuse but no CPU key and no valid flash dump that would boot (I did have a valid 2241 dump though that would no longer boot because of the eFuse) - is now alive and well and booting 2.0.1888 with a patched CB (LD count = 1) and a "guessed" hash. Even doing it "manually" only took 3 evenings ;) Now, sleep Just to be clear, the timing attack will allow you to downgrade to 2.0.1888. You can then upgrade to 4532 & run the KK sploit and obtain your CPU keys. You should be able to replace the original CB after the upgrade (this needs to be confirmed) and then the only "clue" to what happened is that you may have 1 or 2 more burned eFuses for the HV/Kernel version you are running. It should be possible, soon, for anyone with an Infectus modchip and 20 Euros worth of homebrew hardware to downgrade. Dont forget the Kiosk disk is usable again too! [/QUOTE] Here's a bit more info about his "proof of concept" downgrader hardware: [QUOTE] I'm using the Infectus chip (with a dll interface provided by them) to rewrite one NAND block with sequential hash guesses. The process takes approx 1 second. The Hynix data sheet quotes a 100,000 read write cycles, our worst case is 4096 or 4%. Since this is a one time operation I think 4% wear is acceptable. Some PIC processors have CCP modules that allow an internal 16 bit counter to be sampled when a +ve or -ve edge is detected, the counter is claimed to have a 50nS resolution although I'm not convinced ;) Simple software in the PIC allows me to detect the end of CE and the POST port changing from 0x21 => 0xA4 (the end of hashing). The PIC also drives the JTAG reset line. A couple of cheap interface ICs and some passives complete the design - you will definitely be able to build your own hardware from easy to obtain parts, on stripboard, for around 20 Euros. Controlling all this is some PC software that can generate the required CB section patch, control the infectus and the PIC. It would seem that the "cycle" time should be less than 3 seconds. To test this I am using the 360 I "bricked" at christmas, I don't know the CPU key for this box so I cant "cheat" and test each correctly "guessed" hash byte. Once I finish testing I will post more info followed by a complete, open source package of hardware and software so you can build your own in a few hours. Now might be a good time to get that infectus chip. One final point, a lot of the people who want to downgrade will probably have recent versions of the applications (dash, media player etc etc). Some of the latest dashes definitely completely replaced the dash.xex (and possibly others) rather than write new xexp files. These newer versions of the applications definitely require newer system libs and I doubt they will boot on a 2.0.1888 machine. We will need to obtain an image of a clean 2.0.1888 file system. [/QUOTE] More useful information by Arnezami explaining the attack: [QUOTE] The timing attack does not try to "bruteforce" the cpu key itself. It tries to find/bruteforce a hash value which is a result of the usage of the cpu key (so even if you have that hash you still cannot backwards compute the cpu key). But finding this hash value (I usually refer to it as the CB-auth value) will enable the xbox to boot the original kernel (v 1888). This then allows you to upgrade to a vulnerable kernel (eg 4532) and THEN you can extract the cpu key using the kk exploit. Since -on average- you will find the correct value at roughly half of the possible byte values you only need to try (approx) 128 values for each of the 16 bytes. Thats why vax is talking about 16 * 128 total number if byte changes... There is a theoretical minimum to the reboot time of about 1 second. So in theory you could find the 16 bytes in 34 minutes. Thats probably not gonna happen. Grin And installing the hardware will probably take even more time so its not a really big issue. But this is basically where the time speculations are based on. [/QUOTE] News-Source/More Details: xboxhacker.net(1) | xboxhacker.net(2)

[Chaosplt]

wuahhaah no way..

first....

This post has been edited by Chaosplt: Aug 23 2007, 06:13 AM

[badazz74]

One step closer to homebrew, one step closer to xbmc, one step closer to giving m$ the finger

[Rustmonkey]

Sweet... this is spectacu... la... rrrrrr *D&(S^ ---can't--- 879870 ---sseee--- 899870*D(*V ---what--- (*&DDV ---I Am--- DIUFN#WY*(#W ---typing--- 98743;lfjs;ddiuier ----through--- alk;fja;aUE:L UFLKDF ---drool--- (*&DF DFDSLJE I ---on screen---





AWESOME!!!

This post has been edited by Rustmonkey: Aug 23 2007, 06:45 AM

[cmart*]

Amazing, I've been watching the progress on this and now it's actually tested succesfully!

[Takieda]

It's late, and my brain is only half working, so if this question is dumb, I apologize, but:
Does anyone know of an easy way Microsoft could update kernel to make this method not work? (granted, I know anything is possible) I'm just wondering if this means I can jump back on Live until a real solid hack is made available. I've been riding on a subscription to live without connecting ever since I heard about the Hyperviser exploit (shortly after the first dashboard update that blew an efuse), hoping that some method would be found to fix my box to an earlier kernel version.

If it's highly unlikely that MS can stop this from happening through a further kernel update, I'll get back on Live (I never did get the expansion to Oblivion), and wait for a more readily available hack and some homebrew before going the mod route (and would it be prudent to remove the resistor as well? or does this make that a null issue?)

[Lush]

congratulations to all involved.... this sounded like a lot of work...

[FoxRacR17]

FREAKING AWESOME!!!! Finally some progress other that that f'ing stupid dvd firmware hack that really only helps out the pirates! I WANT XBMC!! AND EMU!!

[t0m]

woohoo i cant wait to see linux for a 3x3ghz cores render node

[cooljerk_dv]

. . I noticed they wrote . ." you won't be able to go on LIVE anymore (it only accepts the latest kernel (5766 atm)) ... but a dual kernel system is a possibility . . ."

is this really a concerm this early in the game? .. . I could care less about Live if I can get me some XBMC lovin on the 360, and hopefully even a new version of Surreal 64 (a boy can dream can't he )

The future is looking bright . . lets keep the good work up !!

[erexx]

Ahhh... dominoes...


So who long would it take once the hardware is installed to get the CPU ID, 34+ minutes?

I dont care... cant wait until this is digested down to a hardware kit, some software and a block of instructions.

Then bring on the HomeBrew for an amazing piece of hardware!

[dvsone]

Congratulations Robinsod and all those that helped.

[manu_xl]

finally an interesting news post (development) of the 360 scene to read. best luck to the devs. homebrew FTW!!

[sheepie]

this is F***ing great news

[Iriez]

It's late, and my brain is only half working, so if this question is dumb, I apologize, but:
Does anyone know of an easy way Microsoft could update kernel to make this method not work? (granted, I know anything is possible) I'm just wondering if this means I can jump back on Live until a real solid hack is made available. I've been riding on a subscription to live without connecting ever since I heard about the Hyperviser exploit (shortly after the first dashboard update that blew an efuse), hoping that some method would be found to fix my box to an earlier kernel version.

If it's highly unlikely that MS can stop this from happening through a further kernel update, I'll get back on Live (I never did get the expansion to Oblivion), and wait for a more readily available hack and some homebrew before going the mod route (and would it be prudent to remove the resistor as well? or does this make that a null issue?)

Yes, it is possible. On a technical level all they need to do is a change to the memcmp to compare dword's instead of byte's, which would render this attack useless.

I would like to add, before any chance of blowing up, that this method is used soley for downgrading your kernel, and NOTHING else. It does not make homebrew/linux 'easier', it simply allows for current hacks to be preformed given you have a specific kernel version.

This post has been edited by Iriez: Aug 23 2007, 08:36 AM