Difference between revisions of "Xbox 360 Kernel Downgrading"
(3 intermediate revisions by the same user not shown) | |||
Line 17: | Line 17: | ||
== Upgrade Kernel == | == Upgrade Kernel == | ||
If you have kernel version 188, 2241, 2255, 2258, or 2858 you can upgrade to | If you have kernel version 188, 2241, 2255, 2258, or 2858 you can upgrade to 4532 using the HD_DVD-2006-10.zip which is publicly availble. Just burn a CD-R with the content of the zip-file and insert the disc into the Xbox 360. | ||
* [[King Kong Shader Exploit]] | * [[King Kong Shader Exploit]] | ||
Line 24: | Line 24: | ||
Xbox Live or games released after January 2007 will require you to update to kernel version 4552, 5759, or 5766 [http://wiki.free60.org/XboxKernel]. | Xbox Live or games released after January 2007 will require you to update to kernel version 4552, 5759, or 5766 [http://wiki.free60.org/XboxKernel]. | ||
In August 2007 a new timing attack was found and makes it possible to downgrade to kernel and then find the CPU Key. | |||
The CPU Key is used to sign the Key Vault and by increasing the Lockdown Counter in the CF section to something higher than the number of blown fuses in fuseset 7, it's possible to boot in kernel 1888 and bypass the blown fuse lock [http://www.xboxhacker.net/index.php?topic=8319.msg52753#msg52753]. Once you have 1888 running you will be able to upgrade to one of the vulnerable kernels, as mentioned above. | |||
* [[Timing Attack]] | * [[Xbox 360 Timing Attack]] |
Latest revision as of 10:56, 14 October 2007
Currently the only way to run unsigned code is to exploit a Hypervisor vulnerability in kernel/dashboard versions 4532 and 4548. You need to upgrade or downgrade to one of the the vulnerable kernels and patch the King Kong game to load the exploit.
Purpose
A good explanation by arnezami [1]:
[With the CPU key] can we not resign the essential parts of the HV, or anything else, with a modified bootloader? All executable code on the xbox is (one way or another) signed by a RSA key. MS has the private RSA key and thats why we will never be able to sign our own executable code. This is what prevents us from running anything different than what MS has build (like the kernel and bootloaders). This has nothing to do with the cpu key. The only thing we can do with the cpu key is choose which version of the kernel/bootloader we want to run. But we cannot make changes to any of these versions themselves. Then why downgrade? Because two kernel versions MS build (4532,4548) have a tiny flaw. And when we have our cpu key we can choose to run these (old) kernels and exploit them by running a patched KK game. After running the exploit we have complete control over the xbox (but not before that). This means to be able to run homebrew or linux we now have to start the game, press ok, insert a disc etc. More
Upgrade Kernel
If you have kernel version 188, 2241, 2255, 2258, or 2858 you can upgrade to 4532 using the HD_DVD-2006-10.zip which is publicly availble. Just burn a CD-R with the content of the zip-file and insert the disc into the Xbox 360.
Downgrade Kernel
Xbox Live or games released after January 2007 will require you to update to kernel version 4552, 5759, or 5766 [2].
In August 2007 a new timing attack was found and makes it possible to downgrade to kernel and then find the CPU Key.
The CPU Key is used to sign the Key Vault and by increasing the Lockdown Counter in the CF section to something higher than the number of blown fuses in fuseset 7, it's possible to boot in kernel 1888 and bypass the blown fuse lock [3]. Once you have 1888 running you will be able to upgrade to one of the vulnerable kernels, as mentioned above.