Gaming Linux on 360?

[Fudge]

In this article (http://en.wikipedia.org/wiki/Xbox_360_System_Software), it states that firmware 2.0.4552.0 fixed a Privilege escalation vulnerability in the Hypervisor that allowed non-signed code (such as Linux) to run on the Xbox 360, with direct hardware access. Was this really ever possible?

 

[JonthanD]

Yes and its still possible.

http://www.free60.org/Main_Page

 

[Fudge]

What I should have asked was what was the exploit before the JTAG hack?

 

[tk_saturn]

The King Kong Shader Hack I believe, there's plenty of technical pages on it.

 

[FAST6191]

Technically the JTAG/SMC hack and the shader memory thing are one and the same in terms of the vulnerability they exploit just activated in a different way (in this case as tk_saturn says the king kong shader hack).
If you want a nice technical writeup then
http://www.eurasia.nu/wiki/index.php/Free60JtagHack (scroll down to how does this all work)

The main notable thing that happened between it was the timing attack.

 

[Fudge]

Thanks for the info on the shader exploit. Why did it never become as big as the JTAG/SMC hack? Oh yeah, what exactly did the timing attack do? Didn't it allow you to downgrade the dashboard kernel?

 

[FAST6191]

Mainly because it was cumbersome (the JTAG hack boots into hacked mode more or less instantly with basic extras while the shader hack took older hardware (even at the time), extra hardware and a minute or two (as well as some fiddling with buttons) to get to. I suppose above all though there were no rebooters so you were stuck playing old games.

JTAG would have probably been even bigger though had it hit before MS closed the hole (although there was warning) and had the hack (plus rebooter) been around for all versions sooner (I recall several threads along the lines of "I am updating, I do not care about such things" only to be banned in a few weeks time).

Timing was a downgrade thing (no efuses were blown this time around so you could download) but most used it to get their CPU keys with which to unban themselves and do fun things like region changing (or coupling with dual nand mods to have both big regions or Japanese if necessary)..

 

[Fudge]

The timing attack allowed region changing? When was it patched?

 

[FAST6191]

I am unsure when it was patched but as it mainly revolved downgrading to earlier kernels (since blocked by efuses). Basically if you can JTAG hack it you can use the timing attack but why would you as it takes more effort and does less than JTAG. More
http://beta.ivancover.com/wiki/index.php/X...0_Timing_Attack

The region change thing is more a function of having the keyvault/CPU keys and thus being able to decrypt the NAND (there are a few people with keyvaults in newer consoles that did such a thing when they thought the JTAG hack would not amount to much). Indeed it would probably see you face the banhammer but as far as I am aware if you have the CPU key you can change region on any 360 at any version (I am not sure about some of the new region protection as seen in Quantum theory).

 

[Fudge]

Thanks for answering my questions. Do you know anything about the new AP25 anti-piracy? I heard it was even in some older games. Is this true?