Timing Attack

[gigabite]

god dam good work ChipD (I wish I had the tools to etch my own PCB's), that is great really !!

gigabite

[robinsod]

Geremia, that piece of "spaghetti" works better than my "hand crafted jewel of technology"? I just can't believe that.... The LEDs are all in a line look !

[Surrido]

ok, cool.

now what is the level shifter for??? i missed out on that one

[robinsod]

It converts the 0 & 1V signals from the POST port to 0 & 3.3V or 5V the Infectus can "see"

[Geremia]

hehehe, spaghetti is indeed the right word for it

I love when things magically works

Oh, you should add some code in the pic to make a stylish "michael night - supercar" effect to that raw of leds 

[ivc]

The timing attack works on the fall update!

I just downgraded a machine with the latest 6683 kernel to 1888 using the PIC timing attack. The CB/CD sections didn't change after the update and is still 1920 after the update. This might suggest CB 1888/1903/1920 on current machines can't be changed/updated, and a newer CB can only be applied to newer machines.

Code:

H[15 1177C32E3A0F3D7638B3AF3D27D14FBA] M 17985 A 17986 D -1 : 0 NEXT
H[15 1177C32E3A0F3D7638B3AF3D27D14FBB] M 17983 A 17986 D -3 : 0 NEXT
H[15 1177C32E3A0F3D7638B3AF3D27D14FBC] M 17983 A 17986 D -3 : 0 BOOT!

Xbox Live system update to put on the 360 hdd using xplorer (partition 3):
http://rapidshare.com/files/74216557/UPDATE-2.0.6683.0-HDD.rar

 

[Surrido]

Sweet! now someone needs to test this on a falcon...

[ivc]

To verify that machines with CB/CD 1888 and CE/CF 6683 could be downgraded, I ran a timing attack on another machine I had and it booted 1888 after timing attacking it for an hour. Both runs was done on Xenon (initial) motherboards.

Btw, if you're going to do do the timing attack, I found I had to disconnect the downgrader hardware from the 360 to make it boot after it has finished (else 3 RRoD).

Code:

H[15 6309F5317E0A78E8A91E01BE032B64A6] M 17986 A 17985 D 1 : 0 NEXT
H[15 6309F5317E0A78E8A91E01BE032B64A7] M 17988 A 17985 D 3 : 0 NEXT
H[15 6309F5317E0A78E8A91E01BE032B64A8] M 17988 A 17985 D 3 : 0 BOOT!

Surrido: By newer I mean new machines from the factory/rma. It's possible the CB/CD version can't be updated once it leaves the factory. But that's just speculation from my side.

[arnezami]

Great! Is that a machine with its "fuse burning" resistor removed or still in place?

[MoDInside]

Great! Is that a machine with its "fuse burning" resistor removed or still in place?

I want to know that too.

[Geremia]

On my early 2006 console, with R6T3 resistor removed, i see only changes in the kernel+filesystem (as usual) and probably an updated consoleravocationlist, and a few bytes increased at quite end of nand @0xFF3C00, don't know, probably some settings, don't know.
No changes in KV and in CB,CD,CE (still 1888), so games are still open

[robinsod]

Since IVC hasn't answered yet, I just took a look at his dump and it contains 5787 (LDV=3) 6683 (LDV=4). So yes, the resistor is still in place and the vulnerable 2BL is still there

[ivc]

Yes, the fuse resistor is in place on both machines. No major problems encountered on either machines after the update and downgrade.

I could test downgrading a machine with the resistor removed, but I don't see the need, as Geremia said, the only changes is to the filesystem+kernel.

Btw, if someone wants to play with the DivX codec functionality without needing the whole Xbox Live sign-in shebang to get the media addon (it's seperate from the fall update), I've put up the required media addon file: http://rapidshare.com/files/74293128/Xbox360_Fall_Update_DivX_Media_Addon.rar.html

[angerwound]

ivc: Actually, not sure that file will work properly on other consoles but yours. It's LIVE package and appears to have license masks locking it to your console. "F000000C0551DAB9" - That last bit happen to be your consoleid?

Check the xex's within's media flags. If they have execut from locally signed package enabled we could toss them into a CON Package without license masks for the banned/no live fellows.

[ben_stringer]

mine thanks to SOWA's

[robinsod]

Divx/Xvid Codec pack for banned hardware discussion split off to a new thread

http://www.xboxhacker.net/index.php?topic=9062.msg57910;boardseen#new

[SOWA_PL]

If someone like Surrido or me need PIC programmer here is very cheap and easy to bulid solution:

http://www.xrebelia.pl/images/index.php?path=PIC/

It's compatible with PIC16F84 /873 /874 /876 /877. You can bulid it only with socekt for our PIC. My PIC PCB is ready. Now this programmer 

BTW Thanks for using my PCB project 

Regards, Sowa.

[ChipD]

So i just realized that after downgrading to 4532, you cant load linux if your using a benq drive.I read theres some kinda serial device that can load Xell, but im unsure if after you load the Xell if the benq will run the gentoo live cd?Anyone know for sure, and what exactly needs to be done?
I have two 360's, the one 360's sammy drive is dead, but i have the dvdkey so i spoofed the other 360's benq to a ms25.

I originally patched KK to eject and load linux from cd, but it only ejects and doesnt boot linux, so i read theres another patch to load via some serial device, thatsd about all i know and understand at this point.

[Spider85]

First of all I don’t know if a must ask these question in the “Stupid question form” if so please remove these than!

Alright, I have been building a infectus add-on board last couple of days, now that it was finished I’d like to test it but I encountered some problems here’s what id did hope someone could tell me what I did wrong:

1.   First I made a 3 NAND dump with the help of the infectus chip, looked if they where the same (they where) and erased the NAND Chip and after that I flashed it with the dump I made and let the xbox boot (Did fine)
2.   After that I made a downgrade image using the 1888 files, The NAND Dump and Degraded.
3.   After I had the downgrade image I flashed it to the NAND chip of the xbox360
4.   Connected the downgrade Add-on to the infectus and flashed the infectus with the post.dat file (went fine)
5.   And after that the problem came, when I open a CMD window and type “IDGtool d1.bin”, where d1.bin is the downgrade image I made with degraded after that the CMD window came with a error screen “A error has acourd”

Can somebody tell me if I missed a step, or is there a way to test if the dongrade board is built in the good way, I saw you can see the POST sequence with the PIC board is this also possible with the addon board?

Thanks in advanced!

[Spider85]

Alright forget my problem, its working now!, i had to put idgtool in the infectus map

Thnx all!