Xbox 360 Kernel Downgrading - Revision history

Ivc at 09:56, 14 October 2007

2007-10-14T09:56:27Z

← Older revision		Revision as of 09:56, 14 October 2007
Line 17:		Line 17:

	== Upgrade Kernel ==		== Upgrade Kernel ==
	If you have kernel version 188, 2241, 2255, 2258, or 2858 you can upgrade to ~~4543~~ using the HD_DVD-2006-10.zip which is publicly availble. Just burn a CD-R with the content of the zip-file and insert the disc into the Xbox 360.		If you have kernel version 188, 2241, 2255, 2258, or 2858 you can upgrade to 4532 using the HD_DVD-2006-10.zip which is publicly availble. Just burn a CD-R with the content of the zip-file and insert the disc into the Xbox 360.

	* [[King Kong Shader Exploit]]		* [[King Kong Shader Exploit]]

Ivc at 22:24, 27 August 2007

2007-08-27T22:24:42Z

← Older revision		Revision as of 22:24, 27 August 2007
Line 24:		Line 24:
	Xbox Live or games released after January 2007 will require you to update to kernel version 4552, 5759, or 5766 [http://wiki.free60.org/XboxKernel].		Xbox Live or games released after January 2007 will require you to update to kernel version 4552, 5759, or 5766 [http://wiki.free60.org/XboxKernel].

	~~To be able~~ to downgrade~~, you need~~ to ~~aquire~~ the CPU Key of the Xbox 360. This was previously (before august 2007) not feasible after upgrading to 4552 or later, but thanks to everybody at XBH this is now possible via a time attack on the CB-auth hash values.		In August 2007 a new timing attack was found and makes it possible to downgrade to kernel and then find the CPU Key.

	~~When you have the~~ CPU Key~~, this allows us~~ to ~~increase~~ the Lockdown Counter to something ~~high (99)~~ in kernel 1888 ~~to allow it to~~ bypass the blown fuse lock ~~and then creating a new signature using the CPU Key~~ [http://www.xboxhacker.net/index.php?topic=8319.msg52753#msg52753]. Once you have 1888 running you will be able to upgrade to one of the vulnerable kernels, as mentioned above.		The CPU Key is used to sign the Key Vault and by increasing the Lockdown Counter in the CF section to something higher than the number of blown fuses in fuseset 7, it's possible to boot in kernel 1888 and bypass the blown fuse lock [http://www.xboxhacker.net/index.php?topic=8319.msg52753#msg52753]. Once you have 1888 running you will be able to upgrade to one of the vulnerable kernels, as mentioned above.

	* [[Timing Attack]]		* [[Xbox 360 Timing Attack]]

Ivc at 11:08, 21 August 2007

2007-08-21T11:08:01Z

← Older revision		Revision as of 11:08, 21 August 2007
Line 26:		Line 26:
	To be able to downgrade, you need to aquire the CPU Key of the Xbox 360. This was previously (before august 2007) not feasible after upgrading to 4552 or later, but thanks to everybody at XBH this is now possible via a time attack on the CB-auth hash values.		To be able to downgrade, you need to aquire the CPU Key of the Xbox 360. This was previously (before august 2007) not feasible after upgrading to 4552 or later, but thanks to everybody at XBH this is now possible via a time attack on the CB-auth hash values.

	When you have the CPU Key, this allows us to increase the Lockdown Counter to something high (99) in kernel 1888 to allow it to bypass the blown fuse lock and then creating a new signature using the CPU Key. Once you have 1888 running you will be able to upgrade to one of the vulnerable kernels, as mentioned above.		When you have the CPU Key, this allows us to increase the Lockdown Counter to something high (99) in kernel 1888 to allow it to bypass the blown fuse lock and then creating a new signature using the CPU Key [http://www.xboxhacker.net/index.php?topic=8319.msg52753#msg52753]. Once you have 1888 running you will be able to upgrade to one of the vulnerable kernels, as mentioned above.

	* [[Timing Attack]]		* [[Timing Attack]]

Ivc at 11:07, 21 August 2007

2007-08-21T11:07:36Z

← Older revision		Revision as of 11:07, 21 August 2007
Line 26:		Line 26:
	To be able to downgrade, you need to aquire the CPU Key of the Xbox 360. This was previously (before august 2007) not feasible after upgrading to 4552 or later, but thanks to everybody at XBH this is now possible via a time attack on the CB-auth hash values.		To be able to downgrade, you need to aquire the CPU Key of the Xbox 360. This was previously (before august 2007) not feasible after upgrading to 4552 or later, but thanks to everybody at XBH this is now possible via a time attack on the CB-auth hash values.

	When you have the CPU Key, ~~it can be used~~ to increase the Lockdown Counter to something high (99) in kernel 1888 to allow it to bypass the blown fuse lock. Once you have 1888 running you ~~should~~ be able to upgrade to a vulnerable ~~kernel~~, as mentioned above.		When you have the CPU Key, this allows us to increase the Lockdown Counter to something high (99) in kernel 1888 to allow it to bypass the blown fuse lock and then creating a new signature using the CPU Key. Once you have 1888 running you will be able to upgrade to one of the vulnerable kernels, as mentioned above.

	* [[Timing Attack]]		* [[Timing Attack]]

Ivc at 10:56, 21 August 2007

2007-08-21T10:56:36Z

New page

Currently the only way to run unsigned code is to exploit a Hypervisor vulnerability in kernel/dashboard versions 4532 and 4548. You need to upgrade or downgrade to one of the the vulnerable kernels and patch the King Kong game to load the exploit.

== Purpose ==
A good explanation by arnezami [http://www.xboxhacker.net/index.php?topic=8319.msg52847#msg52847]:
[With the CPU key] can we not resign the essential parts of the HV, or anything else, with a modified bootloader?
All executable code on the xbox is (one way or another) signed by a RSA key. MS has the private RSA key and thats
why we will never be able to sign our own executable code. This is what prevents us from running anything different
than what MS has build (like the kernel and bootloaders). This has nothing to do with the cpu key. The only thing we
can do with the cpu key is choose which version of the kernel/bootloader we want to run. But we cannot make changes
to any of these versions themselves.

Then why downgrade?
Because two kernel versions MS build (4532,4548) have a tiny flaw. And when we have our cpu key we can choose to
run these (old) kernels and exploit them by running a patched KK game. After running the exploit we have complete
control over the xbox (but not before that). This means to be able to run homebrew or linux we now have to start the
game, press ok, insert a disc etc. [http://www.xboxhacker.net/index.php?topic=8319.msg52847#msg52847 More]

== Upgrade Kernel ==
If you have kernel version 188, 2241, 2255, 2258, or 2858 you can upgrade to 4543 using the HD_DVD-2006-10.zip which is publicly availble. Just burn a CD-R with the content of the zip-file and insert the disc into the Xbox 360.

* [[King Kong Shader Exploit]]

== Downgrade Kernel ==
Xbox Live or games released after January 2007 will require you to update to kernel version 4552, 5759, or 5766 [http://wiki.free60.org/XboxKernel].

To be able to downgrade, you need to aquire the CPU Key of the Xbox 360. This was previously (before august 2007) not feasible after upgrading to 4552 or later, but thanks to everybody at XBH this is now possible via a time attack on the CB-auth hash values.

When you have the CPU Key, it can be used to increase the Lockdown Counter to something high (99) in kernel 1888 to allow it to bypass the blown fuse lock. Once you have 1888 running you should be able to upgrade to a vulnerable kernel, as mentioned above.

* [[Timing Attack]]