Xbox 360 scene enthusiast "unretires" from hacking, announces Xbox 360 softmod

xbawks360.png

Earlier this year, known scene member and exploit creator "Grimdoomer" released the BadUpdate hypervisor exploit for the Xbox 360, while also revealing his retirement from console hacking. It looks like he couldn't stay away from digging into how the 360 ticks, however, because Grimdoomer is back, and has a massive announcement: there's an Xbox 360 softmod method on the horizon. In the past, Grimdoomer himself has claimed that there would never be anything more elaborate than the proof-of-concept hypervisor exploit, but he's one-upped himself, with a video that teases a 360 softmod method.

There is no ETA on any release, and Grimdoomer explains that the process will take time.

I know I said I retired from console hacking but I got one more in me. An Xbox 360 softmod is coming, no eta yet, THIS WILL TAKE TIME to finish. I still can't believe this exploit chain works, and I also can't believe I spent 20 hours a day for the last 3 weeks straight working on this. I'm so tired but seeing that coffee cup on screen was worth it

:arrow: Source
 
you know, to make them work too?

not necessarily. what if he's working on making it work on both? again, just a guess

outside of the exploit/softmod? why not?
Because he said he was working on this exploit non stop daily for hours (20 hours a day for the last 3 weeks)

If that was the case, he would not have had time to dick around with hdds if it was not directly related - and the several HDD posts immediately precede this announcement
 
I just had a thought and I have a sane theory on how this exploit might work, or at least part of it.
If you can modify the drive firmware, you can modify what data is sent to the console. Hypothetically, when a specific file read happens, you would be able to send different data on each request, so you could send one set of data on the first read which the console verifies, and a second set on the second read which actually gets executed.
If the kernel is so poorly written that it reads the data once to verify it, just to read the data again before execution, when it could be cached in memory on the first read, that is kind of impressively badly coded and I would be just as amazed as the dev that the exploit actually works. But this sort of thing has actually happened. This is how DSi flashcarts work - they send a bunch of hardcoded responses when the console queries the game info, console sees a real game and allows it to boot, but when the flashcart is booted it loads the flashcart firmware instead and the console doesn't repeat the verification process on the code that *actually* gets loaded. It only verified the first part of the ROM (which includes the header) so only that part needed to be faked to pass verification.
Or - that was how they worked, until Nintendo got smarter and implemented more checks, which flashcart makers had to work around.

Even if that theory is correct, there is almost certainly more to it than that, as the dev specifically mentioned an exploit chain. If you could just exploit one bug and have the console load your code, that wouldn't be much of a chain.
It might not be modifying code, it could be any piece of data. Whatever you need to modify in order to trigger the exploit, this could allow you to bypass checks that would prevent you from doing so. That's just the first step though, as it's missing the main exploit. But hypothetically, if you had an exploit that allowed you to bypass checks on the HDD file system and modify files you're not supposed to and still have the console accept them as valid, even if you can't directly modify code, that would blow the doors wide open allowing exploits that were previously thought impossible. And the dev might have already had some potential targets in mind for that.

I might be way off, but that very last statement sounds a lot like the kind of discovery that would have someone scrambling to find a HDD they are able to mod the firmware of.

After all, a number of Wii U exploits are only possible because someone discovered that the meta partition of titles was not validated. This sort of vulnerability greatly increases the possible attack surface.
 
Last edited by The Real Jdbye,
Same type of idea recently with the series console is cloning drives which has a 50/50 success rate all over the internet but that requires cloning probably two different operations. It's not too far stretched to believe they found a batch file that can unlock any drive for 360 and easily write new data to it with current bad files?

The drives themselves aren't encrypted or locked, the only restriction is the drive firmware.

You can read/write any 360 formatted HDD on a PC with the right software.
 
The drives themselves aren't encrypted or locked, the only restriction is the drive firmware.

You can read/write any 360 formatted HDD on a PC with the right software.
This is why I'm guessing he's trying to make a new tool that may write dash to hdd and use other files to make it boot directly into modded dash.
 
If it is dependent on an internal drive, I'm hoping it at least work with any stock HDD or at least any HDD that's compatible with the 360 drive firmware.

Right now the OG drives can be bought for peanuts.....now that I think about it, I wonder if scalpers will start buying them up given the speculation going on?
I guess a SATA to SD interface with a custom firmware could work if an HDD with a custom firmware can do it, then we could do two birds with one stone, have a better more reliable storage for the 360 and hack it to run unsigned code, heck we could even do crazy stuff like dual boot, imagine booting up to the exploit and choose which SD or partition you want to run, you could go to XELL, Linux, BSD or the 360 OS...
 
  • Like
Reactions: THYPLEX

I also can't believe I spent 20 hours a day for the last 3 weeks straight working on this. I'm so tired but seeing that coffee cup on screen was worth it
Great! That means he has 4 hours a day to work on a Switch 2 softmod!

😎
Post automatically merged:

Right now the OG drives can be bought for peanuts.....now that I think about it, I wonder if scalpers will start buying them up given the speculation going on?
You know that virtually everyone on Earth who wants a hacked 360 to play 🏴‍☠️pirated games already owns such a device, right? This softmod is just a convenience at this point. Scalpers would lose their hats if they tried to corner this market.
 
  • Like
  • Angry
Reactions: THYPLEX and akq
You know that virtually everyone on Earth who wants a hacked 360 to play 🏴‍☠️pirated games already owns such a device, right? This softmod is just a convenience at this point. Scalpers would lose their hats if they tried to corner this market.

Scalpers aren't always the smartest people though and there is likely going to be those who want a more convenient softmod who either don't have an official HDD or have/concerned about drive failures.
 
  • Like
Reactions: THYPLEX
Core FW files are on the nand, but what about other runnable/bootable files?

Like for instance, are games on the HDD able to start running code or transfer data somehow at time of boot or shortly thereafter?

Perhaps if the game files are used to either play music or show some image on the screen at time of boot (or some other function), then you have an entry there for some data - which with the help of some sort of exploit you could potentially run code

Idk I just feel it has something to do with the HDD but maybe not - we'll see
Your XBL profile loads from HDD at boot. People have modified these on retail systems in the past. That's how the classic profile glitch piracy worked back in the day. Yeah, you used to be able to pirate digital 360 games on stock retail systems back in the day.
 
  • Like
Reactions: x65943
will be interesting to see what type of softmod is produced, if you can install a frontend to install/load games from a hard drive

but most importantly to see if it works with every xbox360 revision
 
will be interesting to see what type of softmod is produced, if you can install a frontend to install/load games from a hard drive

but most importantly to see if it works with every xbox360 revision
It will be the same as BadUpdate. The kernel patches to give softmods equivalent functionality to RGH are already implemented in FreeMyXe and XeUnshackle so it's a relatively simple copy paste to make them work with the new softmod. That is to say Dashlaunch and Aurora etc will all work as expected, but there might still be certain limitations like not being able to upgrade the internal drive to unsupported capacities/models.

Not sure on the latter. BadUpdate works on all of them so I would expect this to do the same. Winchester can't be RGH'd because they fixed the glitch method in hardware, but it shouldn't affect softmods.
 
  • Like
Reactions: THYPLEX and DAZA
isn't that already possible? (could be mistaken)
Yes. With XKey, you can run games off the USB port. Game loading is redirected from the optical drive to an HDD plugged into the USB port. Your game backup will be selected from the HDD and redirected to the optical drive.

Maybe this hack will involve some method like this? It works very well and game speeds are fine from USB 2.0.
 
The 360 is one of those systems that pretty much have no exclusives anymore worth emulating, conker live and reloaded is the only one I can think of.
 
  • Like
Reactions: THYPLEX
The 360 is one of those systems that pretty much have no exclusives anymore worth emulating, conker live and reloaded is the only one I can think of.
but 80+ million of those suckers in the wild means it's a pretty readily available console - so hacking it wide open is super convenient for the large number of people who own one
 
Already been done. It's down to around 1 min with BadUpdate 1.2 (and rarely hangs anymore)


This isn't that. It very much sounds like this is a brand new exploit, from the way it's worded, and the clip. (Which might still use BadUpdate for the initial install, since it's the most accessible entry point)
Any further work on BadUpdate would be redundant after that point.

i feel this is different then BU maybe a hdd exploit? like bootup is hijacked w/o the need for solidering still rgh is slighly better due to the fact you can use a 2tb+ hdd
 
but 80+ million of those suckers in the wild means it's pretty readily available console - so hacking it wide open is super convenient for the large number of people who own one
True as well, if you have no pc I guess it's a cheap way to access a lot of games.
 
If everything works out the way it should, then the times of the Xbox 360 being an unsoftmoddable console would be over. I always wished for this console to get this treatment, especially since the 360 itself is a fantastic console, and I'd love to see the limitations get pushed. I have a small feeling that consoles like the PS3 and this one can still handle modern gaming if AAA hames were to try harder to optimize their games, but I guess not.
 
  • Like
Reactions: FFTW
Yes. With XKey, you can run games off the USB port. Game loading is redirected from the optical drive to an HDD plugged into the USB port. Your game backup will be selected from the HDD and redirected to the optical drive.

Maybe this hack will involve some method like this? It works very well and game speeds are fine from USB 2.0.
yea sure, but was talking about BadUpdate, i knew it was possible just been a while since the HV exploit first started and i could've remembered wrong, hence the parentheses :)
Post automatically merged:

The 360 is one of those systems that pretty much have no exclusives anymore worth emulating, conker live and reloaded is the only one I can think of.
There are still games that are stuck on the 360/ps3 era that weren't released on pc or elsewhere.. now i know the 360 emulation is getting better and all that, but don't think it's close to the level Pcsx2 is which has like 99%? game compatibility. So saying that is kinda incorrect.
and apart from the 360/xbla library it can also play a select og xbox titles (the ones that are compatible) with better resolution for folks who want to try revisit games from their childhood and no longer have their og Xboxes etc.
also conker live and reloaded is an og xbox game, not a 360 game. ;)
 
Last edited by CoolMe,

Site & Scene News

Popular threads in this forum