Xbox 360 Kernel Downgrading

From ivc wiki
Revision as of 12:56, 21 August 2007 by Ivc (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

Currently the only way to run unsigned code is to exploit a Hypervisor vulnerability in kernel/dashboard versions 4532 and 4548. You need to upgrade or downgrade to one of the the vulnerable kernels and patch the King Kong game to load the exploit.

Purpose

A good explanation by arnezami [1]: 

[With the CPU key] can we not resign the essential parts of the HV, or anything else, with a modified bootloader?
All executable code on the xbox is (one way or another) signed by a RSA key. MS has the private RSA key and thats
why we will never be able to sign our own executable code. This is what prevents us from running anything different
than what MS has build (like the kernel and bootloaders). This has nothing to do with the cpu key. The only thing we
can do with the cpu key is choose which version of the kernel/bootloader we want to run. But we cannot make changes
to any of these versions themselves. 

Then why downgrade?
Because two kernel versions MS build (4532,4548) have a tiny flaw. And when we have our cpu key we can choose to
run these (old) kernels and exploit them by running a patched KK game. After running the exploit we have complete
control over the xbox (but not before that). This means to be able to run homebrew or linux we now have to start the
game, press ok, insert a disc etc. More

Upgrade Kernel

If you have kernel version 188, 2241, 2255, 2258, or 2858 you can upgrade to 4543 using the HD_DVD-2006-10.zip which is publicly availble. Just burn a CD-R with the content of the zip-file and insert the disc into the Xbox 360.

Downgrade Kernel

Xbox Live or games released after January 2007 will require you to update to kernel version 4552, 5759, or 5766 [2].

To be able to downgrade, you need to aquire the CPU Key of the Xbox 360. This was previously (before august 2007) not feasible after upgrading to 4552 or later, but thanks to everybody at XBH this is now possible via a time attack on the CB-auth hash values.

When you have the CPU Key, it can be used to increase the Lockdown Counter to something high (99) in kernel 1888 to allow it to bypass the blown fuse lock. Once you have 1888 running you should be able to upgrade to a vulnerable kernel, as mentioned above.

Retrieved from "https://beta.ivc.no/wiki/index.php?title=Xbox_360_Kernel_Downgrading&oldid=1925"