Difference between revisions of "Xbox 360 King Kong Shader Exploit"

From ivc wiki
Jump to navigationJump to search
 
Line 34: Line 34:


You can update to 4532 using the official Xbox 360 update released for the HD-DVD drive. It's a zip file named HD_DVD_10-2006.zip and the files should be burned on a regular CD-R. The update is available publicly but make sure the md5sum is cd4db8e2c94266ab73513c361dd5b8f6, it might have been updated by Microsoft although the filename is the same.
You can update to 4532 using the official Xbox 360 update released for the HD-DVD drive. It's a zip file named HD_DVD_10-2006.zip and the files should be burned on a regular CD-R. The update is available publicly but make sure the md5sum is cd4db8e2c94266ab73513c361dd5b8f6, it might have been updated by Microsoft although the filename is the same.
After applying the update, eject the CD or you'll get an HD-DVD Installation screen.
== Executing Exploit ==

Revision as of 22:59, 10 August 2007

In early January 2007 at a the 23C3 Hacker Congress in Germany, an anonymous hacker presented a vulnerability in the Xbox 360 using the King Kong game and Macbook Pro connected via a serial cable.

Later in February the exploit was revealed on SecurityFocus with full details. The release was delay to allow Microsoft to patch the problem.

The exploit utilized a bug in the Hypervisor to allow unsigned code execution. A shader in the King Kong game was used to perform the execution of the exploit and load arbitrary code with full privileges and full hardware access.

Patch Game

Game

The King Kong game has to be a origial release, not a Classic release. King Kong was one of the launch titles and should be quite easy to get hold of.

Dump Image

To be able to patch the game, you have to dump the disc to an image file. The easiest way to do this is to get a regular Samsung SH-D162C DVD-ROM reader and flash it with a custom Kreon firmware. This enables the drive to see and read the content of Xbox 1 and Xbox 360 game discs.

Ripping the discs and be done using either Xbox Backup Creator or SchtromXtract. I prefer the former, but both work the same. Be sure to get the latest version.

In Xbox Backup Creator, make sure the Samsung drive is selected in the top dropdown menu. Select the 'Drive Tools'-tab and press 'Unlock Drive'. This unlocks the hidden partitions of the disc (the game partitions is hidden).

Go back to the 'Read'-tab and select 'Complete Backup'. Ignore the text about not a true 1 to 1 copy, it only applies to Xbox 1 games. Press 'Start'.

When the process is complete, the .iso file should be exactly 7 572 881 408 bytes.

Patch Image

Get the King_Kong_Shader_Expliot_for_XELL.rar file, it includes the shader patcher and a XeLL (Xenon Linux Loader) to boot Linux from a LiveCD.

Open a Command-prompt and execut the win_patch.exe with the King Kong image as a argument.

Burn Image

Burn the image on a DVD+R DL disc using either ImgBurn or CloneCD. I prefer the former, it's open source and free.

Make sure your burner supports booktype setting to DVD-ROM for DVD+R DL discs before you start.

Update Xbox Kernel

The Hypervisor exploit only works on Xbox Kernel version 4543 and 4548. If you have a kernel version lower than 4532 you can update using the HD-DVD update provided by Microsoft. On the other side, if you have a 4552 or later kernel version, you can not use this exploit. The exploit was fixed in 4552 and onwards.

You can update to 4532 using the official Xbox 360 update released for the HD-DVD drive. It's a zip file named HD_DVD_10-2006.zip and the files should be burned on a regular CD-R. The update is available publicly but make sure the md5sum is cd4db8e2c94266ab73513c361dd5b8f6, it might have been updated by Microsoft although the filename is the same.

After applying the update, eject the CD or you'll get an HD-DVD Installation screen.

Executing Exploit