- 精华
- 1
- 帖子
- 2086
- 威望
- 1 点
- 积分
- 2252 点
- 种子
- 0 点
- 注册时间
- 2005-10-9
- 最后登录
- 2013-6-23
|
Robinsod, in cooperation with Team Infectus and others from the Xboxhacker forums have a "proof of concept" in regards to downgrading an Xbox 360 kernel. Some modding enthusiasts will remember that on January 9th, 2007 an unexpected Xbox Live Dashboard update was released. Xbox Live director, Major Nelson had this to say about the update:
Quote:
Earlier today the team pushed out a dashboard update over Xbox Live. There is nothing major in this one, it just addresses a few performance and stability issues.
In truth, it turned out that this update, which is Kernel and Dashboard version 4552, fixed what we call the "hypervisor exploit." This exploit allowed modders to create a modified King Kong game disc, and booting this would let the modder run the machine in hypervisor mode, allowing unsigned code. In layman's terms that means that with the Xbox 360 kernel version 4532 (Fall 2006) and kernel version 4548, the system was capable of running Linux or other unsigned code. An additional bonus was that the 4552 update prevented downgrading the Xbox 360 kernel. Before this update, it was possible to change kernel versions freely.
Since this time, a lot of research and work has been into finding a way to downgrade an Xbox 360 kernel. The next step they found was that if you have your console-specific, individual CPU key, you could downgrade the kernel. Meaning, that if somebody had taken the time to run Linux when they had kernel version 4532, and use Linux to get their CPU key, they could upgrade to version 4552 or newer, and still be able to downgrade at a later time. This was a huge breakthrough, because it was like a shimmer of hope. Before this, it was thought that if you didn't take precautions before the 4552 update, there was never a chance of downgrading. Now, if a person could somehow find their CPU key, they could downgrade their Xbox 360. The problem shifted from finding a way to downgrade, to finding the CPU key.
Fast forward to about a month ago. A theory was posted by Xboxhacker member arnezami. Instead of trying to find the CPU key, why not find the hash instead? The theory was that, in order for a hash to work, it has to check the kernel against a stored hash, and it does this on a byte-by-byte basis. They needed to find two hashes, one for the CB section and one for the CF section, both hashes are 16 bytes long. Essentially, one would go through every possible value for a single byte, recording the time it takes for the Xbox 360 to fail. When the first byte fails, the Xbox 360 fails right then. When the first byte is correct, the Xbox 360 then proceeds to check the second byte. This small difference in time must be large enough to be able to clearly identify. Using an Infectus modchip, Robinsod went through every possible value for the first byte, recording the time. One attempt was longer than all the others. He had found the first byte. This was repeated until every byte from both hashes was found. And, in the end, over a span of three nights, Robinsod had succeeded in downgrading an Xbox 360 without knowing the CPU key.
This was purely a proof of concept at this point. Much more work needs to be done - like limiting the hardware needed to replicate this, fixing some minor bugs, and trying to automate the process. At this time, it is a very long and diffi*** process. Here's hoping that it will get faster, easier, and cheaper. Right now it looks like folks interested might want to purchase an Infectus modchip.
This process would downgrade the kernel to version 1888, the original version when you first powered on the system. This can then be upgraded to kernel 4532. Then you can run Linux to find your CPU key and fuseset values. You can also use an xD memory card and installed reader to boot a different kernel just by inserting the xD memory card you want. Imagine a card for kernel 4532 to use Linux and run homebrew, a card with the latest kernel to use on Xbox Live, and even cards for different regions (you could switch between NTSC and PAL).
Hopefully this will push homebrew development for the Xbox 360, which right now is nonexistant. The only homebrew making use of the hypervisor exploit right now, is Free60 Linux. With everybody having the ability to downgrade their kernel and use the hypervisor exploit, it would be nice to be able to run programs like Xbox Media Center, classic system emulators, and alternate dashboards.
For all of you people who just care about playing backups and using modified firmware, this has nothing to do with you at all. But I promise the next news update will be DVD firmware related. . |
|
[复制链接]
川公网安备 51019002005286号
楼主
发表于 2007-8-25 19:34 · 江苏
