Can a 360 kernel be "downgraded"

TouchingVirus

No, is the basic answer.

However there is the Cygnos360, which I've just bothered my ass to research, and that appears to have the ability to load alternative kernels/dashboards to the one that's physically installed on the 360 (i.e. it could load a lower kernel so you could possibly run the JTAG exploit).

I'm curious as to how this can work and what you other folks think about it. I'd be interested in turning a few 9199/8955 banned consoles into JTAGs if it actually works

Reamer Fanny

Just on a unrelated note have you seen the new utility that can dump the Slim's firmware? I made a thread in this forum but you guys haven't caught on yet

TouchingVirus

justryan wrote: »

Just on a unrelated note have you seen the new utility that can dump the Slim's firmware? I made a thread in this forum but you guys haven't caught on yet

First off, I've read the thread and the one over on XBH. Geremia did some work but it's still incomplete. It doesn't seem to work on certain drives/setups and it seems he's abandoned the cause for the time being. It was a stepping stone but I'll prefer to leave my comments until we've got a something a little more solid

Back to my own topic, I should add that the CygnosV2 seemingly doesn't care about what efuses are blown or what dash you're currently running. It only cares that you have a particular type of motherboard.

Once the Efuse (8955 update)is blown in the CPU there is no way the current exploit work.

even if the dash was downgraded the exploit would still be unusable.

TouchingVirus

cisk wrote: »

Once the Efuse (8955 update)is blown in the CPU there is no way the current exploit work.

even if the dash was downgraded the exploit would still be unusable.

Were efuses not blown several updates before 8955? As far as I remember 8955 wasn't the first one to blow an efuse.

If not then my bad, stupid thread :P It did seem to go against everything I know about the 360, but I thought I'd open it up to the wider forum - cisk's there with the reality check

Reamer Fanny

TouchingVirus wrote: »

First off, I've read the thread and the one over on XBH. Geremia did some work but it's still incomplete. It doesn't seem to work on certain drives/setups and it seems he's abandoned the cause for the time being. It was a stepping stone but I'll prefer to leave my comments until we've got a something a little more solid

Back to my own topic, I should add that the CygnosV2 seemingly doesn't care about what efuses are blown or what dash you're currently running. It only cares that you have a particular type of motherboard.

Just keeping you on your toes, it's exciting news and interesting to see some work finally published on the Slim

TouchingVirus

justryan wrote: »

Just keeping you on your toes, it's exciting news and interesting to see some work finally published on the Slim

I actually don't find it exciting, it was inevitable that work would begin on the Slim. In fact I'd say most of the research work on the Xbox 360 is now begin done on the Slim - is the new console open to a JTAG or other vulnerabilities, is the new console open for firmware modding? etc etc It's all fresh and new and definitely active enough in my opinion.

Much more exciting is the PS3 stuff and I don't even own a PS3

docentore

there are hundreds of efuses in CPU to be blown.
each update blows some particular ones which block running lower kernel.

only way of getting an xbox with dash 8955 and up jtagged is swap CPU with exploitable one.

TouchingVirus

Let's face it, it's a rather uneconomical thing to do. You'd need the CPU key of the victim motherboard too to decrypt the keyvault, or the nand-dump of the donor board so you could use it's KV

I've got a few broken vulnerable boards, I do wonder how much it'd cost for a lift and replace Would it be worth investing if I were to sell it off ..Hmm

Yep im pretty sure it was the 8955 summer 09 update which blew the Efuses blocking the exploit.

Yep the whole swapping the CPU thing is pretty hardcore, would really need a rework station.

Yep unfortunatly i see the 360 jtag scene slowing down, the PS3 exploit is just so much easier, exploitable PS3`s availible and fully open.

Theirs a guy called marcan42 (http://twitter.com/marcan42) coding a pretty awesome custom linux platform.

TouchingVirus

Yeah. There are not so many limits with the PS3 as with the Xbox. It's a shame really, the JTAG scene was thriving there for a while. Now most people just want it for the piracy-related things.

Reamer Fanny

TouchingVirus wrote: »

I actually don't find it exciting, it was inevitable that work would begin on the Slim. In fact I'd say most of the research work on the Xbox 360 is now begin done on the Slim - is the new console open to a JTAG or other vulnerabilities, is the new console open for firmware modding? etc etc It's all fresh and new and definitely active enough in my opinion.

Much more exciting is the PS3 stuff and I don't even own a PS3

How likely are we to see a Jtaggable Xbox 360 Slim? Surely Microsoft have learned from their mistakes and made it impossible? or maybe it's just a matter of time before someone finds an exploit.

Myrddin

justryan wrote: »

How likely are we to see a Jtaggable Xbox 360 Slim? Surely Microsoft have learned from their mistakes and made it impossible? or maybe it's just a matter of time before someone finds an exploit.

I'd think that every new dash, brings 'possible' new vulnerabilities. It's not likely, but a newer dash could have something exploitable that an older one didn't, so there's always hope in some form. Drive flashing a slim 360 holds no interest for me personally, for me it has one purpose & one purpose only. A Jtag, while similar, at least has key learning differences & functions.

Even though the jtag hack is long known, aside from custom kernels, a few emulators & browsers etc there's not really anything amazing to do on one, given that the console is now fully open. Is this because of the legalities of developing programes on leaked SDK's etc? Or is it just down to piracy is King & there's no desire for much else?

Wez

EnterNow wrote: »

I'd think that every new dash, brings 'possible' new vulnerabilities.

That's been ringing in my head the past few days..

I reckon having a 9199 slim could be handy down the road. Things like the leaked kinect dash must have been slapped together (compared to a finalized release) so I think it'd be a perfect candidate for looking at exploiting (if only I knew what to look for) although I'm sure someones tried.

Also, on that note (presuming it was exploitable) since most people would be updating to an exploitable dash, burned fuses wouldn't matter since all they do is stop older dashboards being run (hence wanting 9199).

I'd be tempted to get a rrod going and update to the leaked dash, then dump the nand.. Even just go get a copy out there for people to look at.

Although there's always hope that after the next official update, more things will be released (like slim DVD drive flashing) since they'll have more time with it.

Just spilling my brain..

TouchingVirus

It's not the dash that's exploitable, is the CB/Bootloader

Quite right TV.

And Slim Drive Firmware/Key/Erase Via Sata is already possible using Geremia`s tarablinda.

Just waiting on hacked firmware for the slim lite-on. You can however spoof the key to another drive, but that requires custom fabricating them them to fit in the slim.

Myrddin

So the original exploit would have been valid for any dash had they not patched it? And now that it's patched, there's literally no hope of a new one? Aw TV such a killjoy man

Yup thats why some June 7Xxx Dashes couldnt be Jtaged, this is when MS put the new CB during manufacturing and 360s sent for repair around the same time.

Reamer Fanny

Wez wrote: »

I'd be tempted to get a rrod going and update to the leaked dash, then dump the nand.. Even just go get a copy out there for people to look at.

Would the LPT connections be the same with the new Slim motherboard?

TouchingVirus

EnterNow wrote: »

So the original exploit would have been valid for any dash had they not patched it? And now that it's patched, there's literally no hope of a new one? Aw TV such a killjoy man

Yup, exactly. As cisk said, that's why the June-August 2009 consoles are dodgy to get, you might end up with the updated bootloader that killed the attack vector.

I'm not saying the new bootloader is flawless, but it did take them 4 years to find the first attack vector, so the hope is (puntasticly) slim indeed.

Myrddin

So it turns out then that the 360 is actually quite secure against hacks, with only one in 4 years (discounting drive flashing, I mean near kernel access). Same as the PS3 statistically speaking...

If an exploit for newer PS3 firmware arrives, then for all intents & purposes the 360 will be a more secure console :rolleyes:

TouchingVirus

Well, a mass hack anyways. Before now you've needed Cygnos and that to get alternative kernels up and running or the King Kong hack (very specific game version, DVD drive and Kernel).

Yep, they leaned alot form the xbox 1.

The King kong exploit was around a number of years ago and the information learned from that pretty much led to the Jtag hack.