Xbox 360 firmware update hack

You will often find people referring at custom firmware as CFW. Look into the xkey and the wasabi Click to expand. Softmod is the dvd firmware hack. Hardmod is anything that you need to solder onto the board. Margen67 likes this. Although Microsoft has promoted its new Xbox console as being much safer than its predecessor, it appears that some hackers have done the 'unthinkable' and proved once again that every device can be hacked.

According to Daily Tech, a hacker who calls himself 'TheSpecialist' stated that he has installed his own custom firmware into the Xbox He claims that with the custom firmware, he is able to create directly bootable backups of original DVD games.

The firmware, claims TheSpecialist, circumvents the Xbox 's content checking by ignoring the required disc signatures that are present on retail games. However, the hacker states that he will not release his firmware due to obvious piracy concerns.

TheSpecialist says that this performance was possible due to Microsoft's negligence to remove the debug routines from the firmware. Microsoft should be happy for this. Microsoft really screwed up on this one. Microsoft along with most companies in the console game lose money on each Xbox sold. They get that money back in licensing every time you buy a game. If someone buys an xbox just for modding, then MS are losing money.

Well, i now know what im spending my income tax on. They had hacked the original Xbox dvd firmware in the exact way, that might of been the video you saw before. They still havent released the hack for the original, so I wouldnt plan on them releasing their hack for the anytime soon. Lets just hope for someone to leak the modified dvd firmware. There is one fact — before Xbox microsoft was a non-existant player into the home gaming market. People use their xboxes not only as a gaming device, but also as a video player, dvd player, mp3 player, internet access device, linux console and so on.

It gives microsoft a huge lead on this field, so if they loose money selling xboxes below cost, it comes back as being the 1 in the home entertainment area. The guy who posted the technical info on memory addressing and injection is well known as being a perp on those forums.

Ok, no, the guy who originally announced the hack on xboxhacker. Ya just cant please some people. If you read past the first page of posts you get to see where other users discover the method is incomplete,and begin to question the author of that thread. CB then initialises the processor security engine, its task will be to do real time encryption and hash check of physical DRAM memory.

From what we found, it's using AES for crypto and strong Toeplitz? The crypto is different each boot because it is seeded at least from:. That kernel contains a small privileged piece of code hypervisor , when the console runs, this is the only code that would have enough rights to run unsigned code. On current s, CD contains a hash of those 2 kernels and will stop the boot process if you try to load them.

The hypervisor is a relatively small piece of code to check for flaws and apparently no newer ones has any flaws that could allow running unsigned code. On the other hand, tmbinc said the wasn't designed to withstand certain hardware attacks such as the timing attack and "glitching". We found that by sending a tiny reset pulse to the processor while it is slowed down does not reset it but instead changes the way the code runs, it seems it's very efficient at making bootloaders memcmp functions always return "no differences".

So we can put a bootloader that would fail hash check in NAND, glitch the previous one and that bootloader will run, allowing almost any code to run.

A glitch being unreliable by nature, we use a modified SMC image that reboots infinitely ie stock images reboot 5 times and then go RROD until the console has booted properly. In most cases, the glitch succeeds in less than 30 seconds from power on that way. Our first idea was to remove the 27Mhz master crystal and generate our own clock instead but it was a difficult modification and it didn't yield good results.

I2C bus can be freely accessed, it's even available on a header J2C3. So the HANA chip will now become our weapon of choice to slow the CPU down sorry tmbinc, you can't always be right, it isn't boring and it does sit on an interesting bus ;. RC4 is basically:. So if we know plaintext and crypted, we can get the keystream, and with the keystream, we can encrypt our own code. It goes like that:. You could think there's a chicken and egg problem, how did we get plaintext in the first place?

The SMC image is modified to have infinite reboot, and to prevent it from periodically sending I2C commands while we send ours.