Quick question, if I were to buy a new xcgpu with fully intact efuses, and swap it with the one with burnt fuses, one should be able to set the fuse data (ldv would be 0) to allow booting into 1888 and update to 4532 (ldv 1) or is the revocation hardcoded in the cpu?
Hacking Downgrade slim by cpu swap?
- Thread starter ClancyDaEnlightened
- Start date
- Views 2,956
- Replies 15
CPU has to match key on the motherboard
Christmas lights if you have a non matching key - that is flashing two green/red, on a slim I have no clue but basically no.
Also, assuming you did swap the CPU and it didn't care about the key, the minimum LDV for a slim is going to be 8955 anyway, not to mention the KK exploit likely wouldn't work due to having builds for Samsung or Hitachi meaning it would need to be recompiled to recognize any other newer drive, however I've not tested this myself on a console that can run said exploit.
Christmas lights if you have a non matching key - that is flashing two green/red, on a slim I have no clue but basically no.
Also, assuming you did swap the CPU and it didn't care about the key, the minimum LDV for a slim is going to be 8955 anyway, not to mention the KK exploit likely wouldn't work due to having builds for Samsung or Hitachi meaning it would need to be recompiled to recognize any other newer drive, however I've not tested this myself on a console that can run said exploit.
Well you'd use the rgh to obtain the key, well it'd be only useful to swap the cpu, and set it to xdk mode, since it would be hardcoded at 8955, which would allow dev (un)signed code (well null signed) to still run, plus I do have a Hitachi drive which again just flash the DVD key over, thing is if 1888 is the backup kernel which was intended to able to downgrade to (like windows safe mode) even if one knows the cpu key I should still be able to revert? Unless they changed the code or updated 1bl to to check if the version is 8955+?
Last edited by ClancyDaEnlightened,
I guess you "could" but the difficulty of actually replacing the SOC and have it booting is harder than any RGH or JTAG
And, again, you "could" set it to flag as XDK though... it's in practice pointless, I suppose you could say you have a absolute frankenstein 360, I guess. And this is assuming the CPU you swap also happens to be from a launch model slim that has never been updated. LDV burns on present regardless if you swap, so this sounds like a pretty terrible idea unless you're seriously into just pure hacking for fun, which is fun, but also have some money to spend.
And, again, you "could" set it to flag as XDK though... it's in practice pointless, I suppose you could say you have a absolute frankenstein 360, I guess. And this is assuming the CPU you swap also happens to be from a launch model slim that has never been updated. LDV burns on present regardless if you swap, so this sounds like a pretty terrible idea unless you're seriously into just pure hacking for fun, which is fun, but also have some money to spend.
Well yeah it's more for proof of concept, curiosity, and shits and giggles, swapping the cpu is no more tedious then havung reball done (whether you can diy or have a reballer do it) you'd rgh the original Chip, swap , then you can set cpu key to Mobo (retail or xdk), then use the key to match ldv to 1888 kernal, update to 4532 with flashed Hitachi drive, it'd really only be useful tbh if you could jtag it but again you'd have to build/port a custom smc, let alone even having the connections there to solder...more or less could be possible, at least you can say your slim is the only one that can run kk exploit/blades
Last edited by ClancyDaEnlightened,
one curiosity is the brand new xcgpu (https://bit.ly/2WmiqwV) don't have the microsoft branding ontop, they look legit (could be simply be unused NOS) , but you'd have to swap one in and run xell as you can run libxenon (but the only thing the cpu will run until you set fuses) and see what the fuse sets look like
It's quite normal to for Chinese sellers to censor out the branding in images. Not sure why, but I guess it helps them avoid law enforcement.
Sometimes they even rub off the branding on the actual product, as there have been cases where customs stops parts with branding on them claiming they are counterfeit. You can thank Apple for that.
Why does Louis rossmann come to mind, makes sense btw lmao,
Thing is do those have all fuses or enough intact, if so the ldv can be set to any value, these are still in the bubble tray, is the ldv set in the silicon or by burning it when setting fuses? Either way you have a fuse set dump from the "old" cpu use that to spoof down to 1888 then run 4532 update and see what happens...
Last edited by ClancyDaEnlightened,
I'd be convinced you could pull it off with a phat CPU, I guess there's a chance though I imagine LDV aside, there's also motherboard detection for things like onboard wifi, 4gb NAND - no clue if that might prevent the dash working but if you end up doing it, please make a video or something. The amount of stuff that might work or might break is just too interesting.
It will work on a phat if you can find a nos cpu for your Mobo,
This is what the fuse set looks like on a swapped slim with fully intact fuseset, so from the looks of it if you set the fuses be to valid for a stock 1888 filesystem
you should be able to update to 4532, but again really you would only be able to do the kk exploit if you swap with xenon or zephyr DVD drive ( note they are old drives and can be crazy loud and vibrate like mad compared to new drives which is a big a con, this could be another cause of rrod) ,
jtag could be feasible but more than likely need something like dvd_tray or aud_clamp style wiring, let alone you need a custom SMC ported and this pic was pulled from the internet
plus 4532 may boot but just will not detect onboard memory, wifi may work since phats did have wifi via the USB dongle and idk if they had wifi support in 4532
Last edited by ClancyDaEnlightened,
Technically rgh is in a sense downgrading,
since iirc it boots into 4532 CB (afaik a modified version) it still uses the hypervisor exploit in 4532 but achieves this by essentially bypassing efuses and CB ldv check, so iirc it runs the 4532 cb with a pre-patched hypervisor for unsigned execution, so if you can have an intact cpu as this shows, just flash a 1888 compatible fuseset , boot into 1888 then just update the console to 4532, msb of fuseset 1 is set to C but all fuses remain intact, and unset, unless 1bl was updated to blacklist it
since iirc it boots into 4532 CB (afaik a modified version) it still uses the hypervisor exploit in 4532 but achieves this by essentially bypassing efuses and CB ldv check, so iirc it runs the 4532 cb with a pre-patched hypervisor for unsigned execution, so if you can have an intact cpu as this shows, just flash a 1888 compatible fuseset , boot into 1888 then just update the console to 4532, msb of fuseset 1 is set to C but all fuses remain intact, and unset, unless 1bl was updated to blacklist it
Last edited by ClancyDaEnlightened,
Found cpu for japser Mobo
https://bit.ly/2H775dL
If anyone is interested just find out the part number of the cpu (look at your chip markings) to match up the Mobo, Im going to buy the jasper and slim chips, since I have a 512mb jasper and i can downgrade that to jtag it, and to eventually test the slim downgrade...
https://bit.ly/2H775dL
If anyone is interested just find out the part number of the cpu (look at your chip markings) to match up the Mobo, Im going to buy the jasper and slim chips, since I have a 512mb jasper and i can downgrade that to jtag it, and to eventually test the slim downgrade...
The only console I still got at the moment is my flashed Jasper - that I use online at least every week.
Even if I had a spare, I can't replace that CPU to save my life, but really neat anyway.
Yeah only problem is that the jasper rrod on me (I was distracted and let it overheat trying to rgh) it had 7363 but was patched for jtag, It didn't want to Rgh though i only updated to 8498, but I'd have to get it reballed then get successfully get a fuse dump, then swap the cpu and burn a modified version of said fuse dump (reverting the console to launch day 1888 ldv 0) then update to 4532, this has been done already for phats, so it'd only be useful if you have a console and have a copy of its fuseset then if it rrod then when you send it off for reball you can always just simply put the intact cpu in place of the original when resoldering, plus really id probably invest in a bga rework kit since they have come down in cost somewhat
Last edited by ClancyDaEnlightened,
So you can boot a dev kernel on a cpu swapped console (using Rgh ) using fusion and then run a recovery which will allow you to set fuses, but the issues is that it will use the version of the base kernel being used to set the ldv count (fusion uses a newer bootloader and will have a ldv value of 8 thus pre patching the cpu) I would try to write hombrew but can't find info about the how the fuse burn function works (how it's params/args are fed/passed) to set fuses, which I can just write hombrew code that can just parse a file for a cpu key, and have it set retail fuses leaving cb/cf ldv intact and copying the cpu key (which is known to be valid)
Last edited by ClancyDaEnlightened,
- No one is chatting at the moment.
-
-
-
@
Veho:
Once again I fell down the martial arts rabbit hole and am plumbing the murky depths of the internet's various martial arts and fighting crafts echo chambers. -
@
Veho:
I like to get up to speed on that every now and then, see what the newest high wisdom everyone is spouting nowadays.
-
@
Veho:
If you're not actively involved and only get up to speed every few years or so, you can see the tide of public opinion flapping worse than my dong while I'm skipping naked down a hallway.
-
-
-
-
@
Veho:
Like most forced updates, this one has terrible support and was very poorly received by the userbase.
-
-
-
-
-
-
@
FAST6191:
How do you know the giant wasn't on walkabout https://c8.alamy.com/comp/ADKT2C/ce...carving-in-dorset-uk-thought-to-be-ADKT2C.jpg -
@
Veho:
That's what I said, maybe they were just doing a recreation of the Cerne Abbas giant but didn't finish it in time.
-
-
-
-
-
-
-
@
Psionic Roshambo:
https://imgur.com/gallery/ZfBfPgk 100 million... Can think of better uses but OK lol -
-
