New Xbox 360 Hypervisor exploit (software based)

[BigOnYa]

I've tried using the Rock Band Blitz game as an entry point for the exploit and I'm on my 15th or so try, each lasting from 5-15 minutes (mostly 5-8 minutes). Still no luck.

I've run into the issue where I pressed the A button too soon as well, but that one's on me. 30% success rate isn't really going well for me. What could be the reason? I followed MrMario's USB setup, I highly doubt that I've made an error there. The USB drive should be fine, I've tested it with the h2testw before attempting this exploit. I get to the part when the lights start alternating diagonally and after a while the screen freezes and sometimes it it has 3/4 of the ring activated, the other times it's one of the diagonal patterns. Whenever that happens, I reboot and try again. In most of the attempts, my USB drive has been connected to the one of the ports in the back, while in the remaining few it was connected to the one of the front USB ports. As far as I can tell, no change. My controller is not connected to the console via USB just in case that might cause an interference with the exploit and the USB drive is the only USB device connected to the console.

Any suggestion what to try next?

Try waiting 20 minutes each time, like the original creator of the exploit has said. I've got it to work on my Winchester model today, but it took 4 attempts before it worked, and I waited 20 minutes each time, good luck.

 

[Blythe93]

Try waiting 20 minutes each time, like the original creator of the exploit has said. I've got it to work on my Winchester model today, but it took 4 attempts before it worked, and I waited 20 minutes each time, good luck.

Even if it freezes? If that's so, I'll do a couple of more runs to see if there's any difference. Maybe I just had to wait some more. Strangely enough, though, both Modded Warfare and MrMario suggested that once the screen freezes to reboot and try again.

 

[BigOnYa]

Even if it freezes? If that's so, I'll do a couple of more runs to see if there's any difference. Maybe I just had to wait some more. Strangely enough, though, both Modded Warfare and MrMario suggested that once the screen freezes to reboot and try again.

I don't know to be honest, I didn't sit and watch mine, i set a 20 min timer and walked away.

 

[Blythe93]

I didn't sit and watch mine, i set a 20 min timer and walked away.

Fair enough. I connected my BT earbuds to the TV and as soon as the music stopped I went back and checked what happened.

EDIT: After 17 attempts and 150 minutes later, it was finally successful. ^^

 

[duffman2k]

Snip

Are you on the latest firmware?

 

[SylverReZ]

Fair enough. I connected my BT earbuds to the TV and as soon as the music stopped I went back and checked what happened.

Is your dashboard on 17559? As this is a requirement to get the exploit working.

 

[Afeohtan]

You can also run a custom dashboard as long as you manually patch the XEX file first using the XEXTool that came with the BadPayload package. Either ran from USB or the hard drive, whichever is easy for you. Freestyle 3 works perfectly; I am able to change the themes, rip some of my Xbox 360 games, and play them straight from the USB drive.

I have used both Aurora and FSD3. I like the look of FSD more because it resembles the NXE dashboard. Sadly though it froze with me when I went to customize settings. Not to mention it increases the temps more than Aurora.

I was able to run Skyrim extracted from USB after letting Xexmenu 1.2 patch it. But when I did the title update was not running and Skyrim was back at the original version so DLC and mods were not detected.
I did on the first time I got the exploit to work (which was on the first try) be able to use some mods with Skyrim (installed normally and launched with the disc in the drive) because the creator of the Multi Utility (Selyb) made a content file with the MU mod in it and I injected some mods into it using a tool called Velocity.

 

[BigOnYa]

@_47iscool If you extract the DLC & title update to the correct game folder in Contents/0000000000000, they will always work. (Granted you unlock the dlc with XM360 first)
DLC in the "00000002" folder and Title updates in the "000B0000" folder

 

[Afeohtan]

@_47iscool If you extract the DLC & title update to the correct game folder in Contents/0000000000000, they will always work.

They are installed to the HDD (except dawnguard, but I plan on re-installing it as some mods require it) and when booted normally from HDD with the disc DLC and title updates are detected. So are you saying I need to install them all to USB?
I wonder if Xexmenu damaged the default.xex in some way.

 

[SylverReZ]

They are installed to the HDD (except dawnguard, but I plan on re-installing it as some mods require it) and when booted normally from HDD with the disc. So are you saying I need to install them all to USB?
I wonder if Xexmenu damaged the default.xex in some way.

Download XexMenu from here: https://consolemods.org/wiki/File:XeXmenu_12.7z

This version works well the best on my 360. It's unofficial but has many greater improvements.

 

[Afeohtan]

Download XexMenu from here: https://consolemods.org/wiki/File:XeXmenu_12.7z

This version works well the best on my 360. It's unofficial but has many greater improvements.

That is the exact one I use. A good program, but last time the exlpoit worked it froze on boot. Talk about frustrating. And when deleting files with it, it says something like "delete this crap?".

 

[Blythe93]

Are you on the latest firmware?

Is your dashboard on 17559? As this is a requirement to get the exploit working.

Yep, 17559 it is. In the end, I manged to get it up and running and I run the Simple 360 NAND Flasher to make NAND backup and, as expected, it was successful.

 

[BigOnYa]

They are installed to the HDD (except dawnguard, but I plan on re-installing it as some mods require it) and when booted normally from HDD with the disc DLC and title updates are detected. So are you saying I need to install them all to USB?
I wonder if Xexmenu damaged the default.xex in some way.

No you can keep it all on the USB drive or Hdd if wanted, just in FS3 or Aurora direct the scan to where you have the game folder.
Example:
"USB1/Content/0000000000000000/TITLE_ID/000B0000" is where you place the Title update files.
"USB1/Content/0000000000000000/TITLE_ID/00000002" is where you place the DLC files. -or-
"HDD1/Content/0000000000000000/TITLE_ID/000B0000" is where you place the Title update files.
"HDD1/Content/0000000000000000/TITLE_ID/00000002" is where you place the DLC files.

 

[Afeohtan]

No you can keep it all on the USB drive or Hdd if wanted, just in FS3 or Aurora direct the scan to where you have the game folder.
Example:
"USB1/Content/0000000000000000/TITLE_ID/000B0000" is where you place the Title update files.
"USB1/Content/0000000000000000/TITLE_ID/00000002" is where you place the DLC files. -or-
"HDD1/Content/0000000000000000/TITLE_ID/000B0000" is where you place the Title update files.
"HDD1/Content/0000000000000000/TITLE_ID/00000002" is where you place the DLC files.

I understand. Thank you.

 

[DarkKnight_TJ]

I've tried using the Rock Band Blitz game as an entry point for the exploit and I'm on my 15th or so try, each lasting from 5-15 minutes (mostly 5-8 minutes). Still no luck.

I've run into the issue where I pressed the A button too soon as well, but that one's on me. 30% success rate isn't really going well for me. What could be the reason? I followed MrMario's USB setup, I highly doubt that I've made an error there. The USB drive should be fine, I've tested it with the h2testw before attempting this exploit. I get to the part when the lights start alternating diagonally and after a while the screen freezes and sometimes it it has 3/4 of the ring activated, the other times it's one of the diagonal patterns. Whenever that happens, I reboot and try again. In most of the attempts, my USB drive has been connected to the one of the ports in the back, while in the remaining few it was connected to the one of the front USB ports. As far as I can tell, no change. My controller is not connected to the console via USB just in case that might cause an interference with the exploit and the USB drive is the only USB device connected to the console.

Any suggestion what to try next?

EDIT: I checked the LED patterns here and I'm not sure how these translate to the Slim consoles, so once it froze for me but the ring had 3/4 activated I waited for a while and, sadly, nothing happened.

Maybe this could help youtu.be/0yNz01fmMZc

 

[The Real Jdbye]

No, i visited my local Gamestop couple days ago and they had 9 copies week before, but was sold out of them. Employee there said store 50 miles away had 2 copies still if i wanted to put a hold on one, but didnt bother. When i looked at the online site later, those 2 were also sold. So no they not destroying them.

It wouldn't make any sense, used games are highly profitable for Gamestop and it's not their business what people do with them after they buy them. Stuff like this allows them to jack up the prices due to demand which I am sure they are very appreciative of.

 

[DarkKnight_TJ]

Are you able to extract your NAND with J-Runner?
I tried it with my Winchester dump, but it doesn't generate the FCRT.bin and C-R.bin files, which are needed for LTU2/ODE solutions.
AutoGG does support it, but the generated C-R.bin looks wrong to my eyes.

my dump also does not have fcrt.bin and c-r.bin, i'm looking what to do now but nothing clear yet. years ago did a 16d5s but a dont remember anything lol

 

[BigOnYa]

Are you able to extract your NAND with J-Runner?
I tried it with my Winchester dump, but it doesn't generate the FCRT.bin and C-R.bin files, which are needed for LTU2/ODE solutions.
AutoGG does support it, but the generated C-R.bin looks wrong to my eyes.

@DarkKnight_TJ Same with my Winchester dump also. Maybe somebody will improve the Nand dumper app to fix it. Hopefully.

 

[DarkKnight_TJ]

@DarkKnight_TJ Same with my Winchester dump also. Maybe somebody will improve the Nand dumper app to fix it. Hopefully.

well i extracted those files but i dont know if they are what are supossed to be. you need to download www.dekazeta.net/j-runner-v0-3-beta-1/ . if someone wants to try if works or not. latest versions of j-runner does not extract those files idk why.

also used lizard toolbox to generate ltu2 firmware

 

[americandadsonic]

When running games from the internal hdd can you add your games to a custom folder? Or you have to add them to a specific folder? Also for Xbox Live Arcade/Digital games how do you get them to appear on your My Games folder on the dashboard?