# is it possible to create a softmod for the xbox 360?



## Daniels_-_ (Jan 9, 2022)

More than 15 years have passed, in which experiences from this console should have been collected.  From what I see, no one is interested in making a soft mod for Xbox 360, so they asked me what should I learn to know how to make a softmod? Why not try?  because those who do know about this do not join and succeed?  I think I may be able, just like other people did with different consoles.  I think that the last thing that was discovered so far the rgh 3.0 in my opinion a discovery that was made very late, which could be squeezed a lot in its time.  put love to your answers I read them.


----------



## Milenko (Jan 9, 2022)

Don't know what that says, but you can't just create a soft mod out of nothing


----------



## Daniels_-_ (Jan 9, 2022)

Milenko said:


> Don't know what that says, but you can't just create a soft mod out of nothing


I corrected the message, I'm sorry, I'm Spanish. you can read and comment.


----------



## FAST6191 (Jan 9, 2022)

Interested? If it was possible then people would jump all over it.

Trouble is it seems to not be possible short of someone figuring out the signing keys (leaking, luck, maybe a list of primes one day or quantum computers being the main deal) so we are instead compelled to look at hardware.


That is an older video, and the part about "nothing interesting there" was quite famously subsequently used for RGH (and I guess this new one as well). However it does serve as a very nice overview of the security setup and why something like the original xbox or a simple save exploit like we are commonly used to seeing for older stuff is not really going to happen.
The hardware methods are usually simple enough as well, the latest round being very reliable and also being able to be done with common components you can buy from a vaguely well stocked vendor (assuming you care to dump your NAND with more annoying methods).
https://gbatemp.net/threads/rgh3-chipless-glitching.602237/


----------



## Daniels_-_ (Jan 9, 2022)

Well, I mean that the main problem that there is no softmod is because nobody has those Xbox 360 signature keys? Being more españo is not enough to download the console software on the PC and decrypt it or do something like that? I really have no idea of the topics, I would appreciate the one who knows about Softmod to explain to me.


----------



## DinohScene (Jan 9, 2022)

To keep it short, there's a "softmod" for the 360, only prerequisite the flashed drive.
If your 360 is at kernel 4532 or 4548, you could use the King Kong Exploit.

Kernel 4532 and 4548 contain a hypervisor bug which doesn't check for shader signatures.
Any hardware hack not counting flashed drives rely on those kernels to load it into a hacked environment.
JTAG and all RGH versions patch the bootloaders to load into this kernel.

Since RGH doesn't care about dash/kernel version, there's little interest for a softmod.
Not to mention the fact that every bit of code on the 360 goes through the hypervisor which isn't helping with a potential other softmod.
Besides, MS would simply push an update that blows a efuse if a vulnerability is found by them, reported or released by people.
Efuses make downgrading impossible which is another hinder to the traditional "softmod" so to say ;p

If you're interested in hacking the 360, I suggest learning about PowerPC code, it would help a lot.


----------



## Daniels_-_ (Jan 9, 2022)

if the great advantage of the rgh and the lack of desire to create a softmod have coherence, I understand what you are trying to say perfectly.  but it must be said simply with the use of a USB and a few simple steps people will always find it easier to opt for such a method.


----------



## Daniels_-_ (Jan 9, 2022)

by the way I think you are the oldest in the forum you must have valuable information that you have been able to collect over time. I suppose jeje


----------



## DinohScene (Jan 9, 2022)

I don't know if you know how RGH works but the earlier access you have in the boot chain, the better the results.
For such a softmod, you've have to reboot the machine and apply patches somehow to load into a hacked environment without the hypervisor rejecting it.
Hypothetically speaking that is.


----------



## Daniels_-_ (Jan 9, 2022)

DinohScene said:


> No sé si sabe cómo funciona RGH, pero cuanto antes acceda a la cadena de arranque, mejores serán los resultados.
> Para un softmod de este tipo, debe reiniciar la máquina y aplicar parches de alguna manera para cargar en un entorno pirateado sin que el hipervisor lo rechace.
> Hipotéticamente hablando, eso es.


If I understand it, as I say I would opt for rgh if I had the capicity and I would not be afraid to do it, but I do not think I will. What I am trying to say is that he imagines being a common teenager and without knowing about electronics with a simple USB hacked into the Xbox, he would get several smiles from quite a few people the truth. I will keep waiting and orita I will read the link that you let me see that I learn about softmod for Xbox 360, you are a nice person. thanks for answering my question. I wish you the best. I hope you are here in 10 more years: D


----------



## Armadillo (Jan 9, 2022)

Waste of time, can learn to solder quicker than you can learn about the 360 and hope you find something that every one else than has worked on it overlooked.


----------



## Jokey_Carrot (Jan 9, 2022)

RGH 3 dropped recently I'd suggest you have a look at that.


----------



## FAST6191 (Jan 9, 2022)

Daniels_-_ said:


> imagines being a common teenager and without knowing about electronics with a simple USB hacked into the Xbox, he would get several smiles from quite a few people


No doubt. However how do you think most of us learned to do anything? (any "I learned on the Amiga" replies will be put on my list)

As far as signing keys* then for the most part nobody gets those -- the PS3 (which in turn gave us the PSP) was so far the only exception we have ever seen, everything else being a workaround. I imagine the sorts of people that can make a presentation like linked earlier (or the various ones you might see for the 3ds, Wii, PS3) will have checked to see if MS screwed up hard enough to give us those. This then leaves brute force (not going to happen), MS leaking them somehow (can happen -- MS source code leaks often enough, Nintendo saw that whole gigaleak), someone tricking MS into releasing them (I imagine they have protections for that, and they are probably not accepting new third party code at this point anyway), MS screwing up a dashboard update (we did see an update recently, and various countries often have laws added on that need you to say OK, unlikely to include a bug that breaks security but who knows), MS releasing them of their own good will (unlikely, or at least unlikely before about 20 years from now), someone making a suitable list of prime numbers available (various security services have them/use them in the hope that something works).

*if you want a term to search for see asymmetric encryption. You have one key to sign, another key to decode. The signing key gets kept locked up tight inside MS' secure servers (or if you are Sony with the PSP then included in every PS3) as it quite literally is the key to everything.


----------



## Daniels_-_ (Jan 9, 2022)

Armadillo said:


> Armadillo said:
> 
> 
> > Waste of time, can learn to solder quicker than you can learn about the 360 and hope you find something that every one else than has worked on it overlooked.
> ...


----------



## Daniels_-_ (Jan 9, 2022)

Jokey_Carrot said:


> RGH 3 dropped recently I'd suggest you have a look at that.


I really liked it, but as I said earlier a discovery a little late due to the lack of interest of hackers in the Xbox 360. I do not criticize it, since thanks to it everyone will save money on chips


----------



## Daniels_-_ (Jan 9, 2022)

FAST6191 said:


> No doubt. However how do you think most of us learned to do anything? (any "I learned on the Amiga" replies will be put on my list)
> 
> As far as signing keys* then for the most part nobody gets those -- the PS3 (which in turn gave us the PSP) was so far the only exception we have ever seen, everything else being a workaround. I imagine the sorts of people that can make a presentation like linked earlier (or the various ones you might see for the 3ds, Wii, PS3) will have checked to see if MS screwed up hard enough to give us those. This then leaves brute force (not going to happen), MS leaking them somehow (can happen -- MS source code leaks often enough, Nintendo saw that whole gigaleak), someone tricking MS into releasing them (I imagine they have protections for that, and they are probably not accepting new third party code at this point anyway), MS screwing up a dashboard update (we did see an update recently, and various countries often have laws added on that need you to say OK, unlikely to include a bug that breaks security but who knows), MS releasing them of their own good will (unlikely, or at least unlikely before about 20 years from now), someone making a suitable list of prime numbers available (various security services have them/use them in the hope that something works).
> 
> *if you want a term to search for see asymmetric encryption. You have one key to sign, another key to decode. The signing key gets kept locked up tight inside MS' secure servers (or if you are Sony with the PSP then included in every PS3) as it quite literally is the key to everything.


I feel noob with your explanation hehe, but recently I got a file of about 300gb which they say contains several files from the Xbox 360 and one and the signature codes of this.  who else has seen it?  will be real?


----------



## godreborn (Jan 9, 2022)

sounds like an sdk collection.  I know of one torrent that has several, and it's around 80-something GBs.


----------



## Daniels_-_ (Jan 9, 2022)

godreborn said:


> Suena como una colección SDK. Conozco un torrent que tiene varios, y ronda los 80 GB.


and have you taken a look at the file? If what I say has any truth?


----------



## godreborn (Jan 9, 2022)

I don't know what file that is, but I doubt it's the signature key.  that wouldn't be supplied with an sdk.  it's known only to microsoft.


----------



## tech3475 (Jan 9, 2022)

There were key leaks a while ago, however AFAIK these were for XBL and Xbone.


----------



## Daniels_-_ (Jan 9, 2022)

tech3475 said:


> There were key leaks a while ago, however AFAIK these were for XBL and Xbone.


interesting.


----------



## zacmeyers1229 (May 29, 2022)

Here's how I would softmod a 360.
Please note I don't know how to softmod a 360.

So first I would find a really buggy game that was officially released. Maybe a sports game or a Kinect Game. Then I would figure out how to spoof a save file, without pissing off the hypervisor. Then use the hacked save to load a jailbreak software off a local server or something. The likelyhood of Microsoft or the dev patching the game is low and an update isn't impossible but unlikely


----------



## DinohScene (May 29, 2022)

zacmeyers1229 said:


> Here's how I would softmod a 360.
> Please note I don't know how to softmod a 360.
> 
> So first I would find a really buggy game that was officially released. Maybe a sports game or a Kinect Game. Then I would figure out how to spoof a save file, without pissing off the hypervisor. Then use the hacked save to load a jailbreak software off a local server or something. The likelyhood of Microsoft or the dev patching the game is low and an update isn't impossible but unlikely



There's already one game that does something similar to that and that's the King Kong game from 2005 or 2006 (the one from the film) and requires your 360 to be on 4548 or lower.
To date we haven't been able to replicate such a thing and likely won't be, the 360 is pretty secure from a software point of view.


----------



## ISO-Man (Jun 10, 2022)

I know the advancement of the internet, hacking/cracking has become much more complex and involved.  Chips use to hold the security card on devices (like arcade PCB's) , With the internet, devices now verifies security from a server making it harder to spoof the device.  I use to enjoy the challenge of retrieving keys from chips and finding the security sectors in games, but the remote key/validation servers killed the fun (not to mention I'm outdated too).  Not sure about the modern fuses, but older chips had 'fuses' that you had to peel layers to get pass the 'fuse' to get the key.

Exploits I have very limited knowledge to, but for a Softmod... that would be the answer.  As others stated, it's been researched for over a decade and with interest moving on to new adventures, the likelihood would be slim in finding one now.  I applaud anyone who still tries though.

Thanks,
ISO-Man


----------



## trimesh (Jun 10, 2022)

ISO-Man said:


> I know the advancement of the internet, hacking/cracking has become much more complex and involved.  Chips use to hold the security card on devices (like arcade PCB's) , With the internet, devices now verifies security from a server making it harder to spoof the device.  I use to enjoy the challenge of retrieving keys from chips and finding the security sectors in games, but the remote key/validation servers killed the fun (not to mention I'm outdated too).  Not sure about the modern fuses, but older chips had 'fuses' that you had to peel layers to get pass the 'fuse' to get the key.
> 
> Exploits I have very limited knowledge to, but for a Softmod... that would be the answer.  As others stated, it's been researched for over a decade and with interest moving on to new adventures, the likelihood would be slim in finding one now.  I applaud anyone who still tries though.
> 
> ...



The biggest problem with hacking the 360 is that it uses a hypervisor and to date there has only been a single exploitable error detected in it, which was only present in two very early builds (introduced in build #4532, still present in build #4548 and fixed in build #4552) - which is why every subsequent 360 hack basically comes down to a method of tricking the console into running one of these (officially revoked) versions.

If you have a later version with a fixed hypervisor then userland exploits don't help very much because even if you manage to get complete control of the user CPU you still can't run unsigned code because the hypervisor prohibits it.  Effectively you have to break the chain of trust before the hypervisor gets control because one it does it prevents you from doing anything interesting.


----------



## Daniels_-_ (Jul 23, 2022)

there are many kinect games, or 360 indie games that can be tested, and some information can be extracted from them and some kind of bug can be found in order to hack the console through a game error, and also implement a hack. hopefully get over doing it. gentlemen who knows try. it costs them nothing. just take off the laziness.


----------



## Daniels_-_ (Jul 23, 2022)

Notice that this topic that I opened.  it is the most viewed, almost 10k people interested in seeing if it can be done or not in the middle of 2022, imagine now if this comes out on yt.  Gentlemen, there are still people who want and need it.  xbox 360 is not dead.  still alive!


----------



## godreborn (Jul 23, 2022)

Daniels_-_ said:


> Notice that this topic that I opened.  it is the most viewed, almost 10k people interested in seeing if it can be done or not in the middle of 2022, imagine now if this comes out on yt.  Gentlemen, there are still people who want and need it.  xbox 360 is not dead.  still alive!


There's already a hack, quit being lazy.


----------



## Daniels_-_ (Jul 24, 2022)

friend, who said laziness?  Do you think that a 9-year-old boy will disassemble his Xbox solder and see 30m of pure steps?  no friend, what a weird mind of yours hahahaha.  what I say is you have to look for something simple not everyone is like you understand it


godreborn said:


> There's already a hack, quit being lazy.


----------



## Daniels_-_ (Jul 24, 2022)

godreborn said:


> There's already a hack, quit being lazy.


If you don't have anything good to contribute, don't answer this thread for real.


----------



## rantex92 (Jul 24, 2022)

Daniels_-_ said:


> friend, who said laziness?  Do you think that a 9-year-old boy will disassemble his Xbox solder and see 30m of pure steps?  no friend, what a weird mind of yours hahahaha.  what I say is you have to look for something simple not everyone is like you understand it


you want something simple??  then modding your console isnt for you PERIOD!


----------



## Marc_LFD (Jul 24, 2022)

godreborn said:


> There's already a hack, quit being lazy.


Hacking an Xbox 360 purely for piracy doesn't seem to offer much of an advantage, especially when the games digitally and physically are so cheap.

Xbox used DVDs so even for backing up movies, it's not of much use. PS3 was/is for backing up Blu-rays (I never bothered buying a Blu-ray Reader for PC as I ever hardly had any BDs to make it worth it).



rantex92 said:


> you want something simple??  then modding your console isnt for you PERIOD!



If he wants simple, grab a PS3 40GB/60GB/80GB and he can have a CFW installed in a matter of a few minutes.


----------



## flo (Jul 24, 2022)

There isn't a full softmod solution out there , maybe some tricks with digital games or XBLA . Like any console , there is public info and private info . Even for public info no one will explain to you how to link information A with information B . So , it's an equation that can not be solved at this moment .


----------



## DinohScene (Jul 24, 2022)

I think we've established the fact that creating a softmod for the 360 isn't as easy as people think it is.

As of the time of writing, there's no softmod for the 360 aside from drive flashing.
Locked.


----------

