Tema: Re: XBOX Q2
Autorius: bigT
Data: 2011-01-24 16:07:29
  Neradau dabar kur ten ta paskaiciavima rase, bet yra va kas:

Originally {downgrading kernel was possible} but Microsoft blew eFuses 
during the upgrade from kernel 4548 to 4552 as that's where they fixed 
the {Hypervisor Vulnerability} (which only works on kernel 4532/4548 and 
allows to run unsigned code / linux). It was already known that by 
removing the {r6t3 resistor} from the motherboard before the upgrade you 
could prevent MS from blowing eFuses and thus still be able to downgrade 
from a 4552+ to pre-4552, but I don't know how safe this is for future 
kernel updates.
MS doesn't blow new eFuses (located on the CPU dye) on each upgrade 
because they only have a limited amount available: 768 (12 'fuselines' 
of 64 fuses each) in total and only a part of these (5 'fuselines'(= 320 
fuses)?) can be used to prevent kernel downgrading (= 80 possible 
downgrade bans? - once blown it can't be undone}. The eFuses also 
contain {other data} like a unique 'CPU Key'.
According to tmbinc, this key is used for:
* Encryption of the *keyvault* (that stores: console certificate(s), 
per-box private keys, DVD key, however NOT any code-related encryption keys)
* Encryption of an imported console revocation table (CRLL, that stuff 
which recently hit 360gamesaves.com, and no, this isn't live-related),
* "Encryption" of the pairing information of the 'CB' and 'CF' (for 
exact details, please reverse that code, it's a bit hard to describe.)

-------------------
In the decrypted CF there is a "version lockdown counter" at 0x21F. 
Every time an update is applied (since version 4532) an eFuse is blown 
and the counter is incremented by 1 before it is written into the new 
CF. When booting, a check is made to ensure that the lockdown counter in 
the selected CF >= number of blown eFuses.
The good news is that we can modify the lockdown counter byte and 
re-encrypt the CF section. The bad news is that a hash of the first 
0x220 bytes requires the CPU Key. So as long as we know our CPU Key we 
can downgrade to a vulnerable kernel.

1) Brand new XBox with 1888 & 2241
The Version Lockdown Counter in my 2241 CF is 0
2) Applied 4532
The Version Lockdown Counter in my 4532 CF is 1
Also fuseset 07: f000000000000000
3) Applied 4552
The Version Lockdown Counter in my 4552 CF is 2. Confirmed that I cant 
downgrade to unpatched 4532 dump
4) Fixed up a dump of 4532 with CF Lockdown Counter = 2. Boots!
Now when I dump my fuse data
fuseset 07: ff00000000000000
A second fuse was blown by 4552




On 2011.01.24 14:10, bullka wrote:
>
>> paskui http://www.xboxhacker.org/index.php?topic=7241.0  ir kituose 
>> threaduose.
>
> Imesk ka ten raso. Nes praso registruotis. Nelabai norisi.
+Na ka...@Toxis@ze_yval_place2011-01-26 12:49
+Q: HOI3John Smith2011-01-26 11:38
+Išbandžiau RIFT'ąExo2011-01-26 01:44
+sony atsakas?Toxis@ze_yval_place2011-01-25 15:03
+A long time ago, in a galaxy far far awayToxis@ze_yval_place2011-01-25 14:58
half life@Dedmytas2011-01-24 23:21
-XBOX Q2bigT2011-01-24 12:03
Re: XBOX Q2Eex2011-01-25 08:59
Re: XBOX Q2bigT2011-01-25 10:22
Re: XBOX Q2Eex2011-01-26 15:27
Re: XBOX Q2Toxis@ze_yval_place2011-01-25 09:08
Re: XBOX Q2McAve2011-01-24 13:32
Re: XBOX Q2Toxis@ze_yval_place2011-01-24 12:49
Re: XBOX Q2Toxis@ze_yval_place2011-01-24 12:56
Re: XBOX Q2bullka2011-01-24 12:59
Re: XBOX Q2bullka2011-01-24 12:47
Re: XBOX Q2bigT2011-01-24 13:32
Re: XBOX Q2bullka2011-01-24 14:10
Re: XBOX Q2bigT2011-01-24 16:07
Re: XBOX Q2bullka2011-01-24 16:25
Re: XBOX Q2bigT2011-01-24 23:00
Re: XBOX Q2bullka2011-01-25 08:59
Re: XBOX Q2bigT2011-01-25 10:20
Re: XBOX Q2bullka2011-01-25 10:24
Re: XBOX Q2bigT2011-01-25 10:26
Re: XBOX Q2bullka2011-01-25 10:41
Re: XBOX Q2bigT2011-01-25 12:12
Re: XBOX Q2bigT2011-01-25 12:20
Re: XBOX Q2bullka2011-01-25 13:26
Re: XBOX Q2bullka2011-01-24 14:03
+Amazon.co.uk Super Saver Delivery ir LTbullka2011-01-24 11:17
+Two Worlds pora QPxYra2011-01-24 02:23
+Bioshock: Infinite gameplay[nemielas]2011-01-23 16:03
+why (+12kb)@Fla2011-01-22 12:09
+naujas DNF trailerisSimsas2011-01-21 20:07
+Q: ps3 demo zaidimuArunas-X2011-01-21 18:06
+Dead.Space.2.XBOX360-COMPLEX out!ZeaLot@work2011-01-21 15:22
+Dragon age vs Cristopher PaoliniExo2011-01-21 01:54
+DO NOT UPDATE YOUR XBOX LIVE!ZeaLot@work2011-01-20 15:20
+xbox360 zaidimu versijosmariuss2011-01-20 10:59
Del PS2 zaidimo is hardoArne2011-01-19 10:10
+xbox+kinect vs. elipsinis treniruoklisdfdf2011-01-19 09:03
+Q: LAN party gamesKarolis POLIKŠA2011-01-18 15:48
+Kinect ispudzhiaiToxis@ze_yval_place2011-01-18 14:53
+Q: XBOX racing wheelMcAve2011-01-18 14:53
+Q: XBOXbigT2011-01-18 10:30
oh, gawd! so true!Toxis@ze_yval_place2011-01-17 13:30
+Juzefo Naujasis Simuliatorius :DHammer2011-01-16 17:55
+linksmakotisLordV2011-01-16 16:13
+Kazkada kalbeta tema del klaviaturosHammer2011-01-15 20:55
+YZF, atrodo ne tą "py-py"platformą būsi pasirinkęs :-)Icetom2011-01-14 20:59
+Kokių tik dabar žaidimų pakuočių neprigalvoja :DIcetom2011-01-14 20:54
+doom 3 alpha gameplay'usDedmytas2011-01-14 18:12
+2 player on 1 pculrich2011-01-13 15:56
time waster:)Toxis@ze_yval_place2011-01-13 10:36
+game boosterLordV2011-01-12 23:18
+PC gamer'ių vairasbullka2011-01-12 11:18
Logitech G35zZz2011-01-12 10:49
+O cia skaitosi simulEtorius ar arkEda?digizitor2011-01-11 20:52
+Kinect dlia PC !PxYra2011-01-11 13:29
+comm. Xbox GTAIVTomas2011-01-11 12:26
+Pingvinai kitaip :)amenox2011-01-11 09:57
Stalo zaidimas "operacija" :)Hammer2011-01-11 04:44
+Angry Birds on PC[nemielas]2011-01-10 00:46
+Rekomenduokit geimąMartozo2011-01-09 18:22
VGA spartos/kainos santykis 2011 Sausio 09@Unicorn2011-01-09 14:21
+PS3 konsultacijosArunas-X2011-01-08 21:33