[X360] The Reset Glitch Hack

Discussion in 'User Submitted News' started by Aurora Wright, Aug 28, 2011.

Aug 28, 2011
  1. Aurora Wright
    OP

    Member Aurora Wright GBAtemp Maniac

    Joined:
    Aug 13, 2006
    Messages:
    1,386
    Country:
    Italy
    [youtube]http://www.youtube.com/watch?v=JyYdL4L6vwE[/youtube]​
    We all know that the Xbox 360 is a masterpiece as far as software security is concerned, hackers such as tmbinc and marcan said so too.
    Since software was so secure, some hackers found an hardware glitch, which works by using a chip to destabilyze the processor, while it checks the signature of one of the bootloaders.
    This glitch hack works on both FAT and SLIM models, allowing them to run unsigned code [​IMG]
    Details about how it works:
    Warning: Spoilers inside!
    Tutorial (it requires hardware soldering skills)
     


  2. TLSS_N

    Member TLSS_N Who is John Galt?

    Joined:
    Aug 16, 2010
    Messages:
    547
    Location:
    Back in the south~
    Country:
    United States
    Hell yea, NOW were talking!
     
  3. Devin

    Member Devin "Local Hardware Wizard"

    Joined:
    Aug 17, 2009
    Messages:
    5,701
    Location:
    The Nexus
    Country:
    United States
    You said it. Just ended my search for a JTAG 360, might do it to this Jasper I have.
     
  4. TLSS_N

    Member TLSS_N Who is John Galt?

    Joined:
    Aug 16, 2010
    Messages:
    547
    Location:
    Back in the south~
    Country:
    United States
    I wonder if this group let Microsoft know about this before they released it, since that's what happened with j-tag, it makes me wonder.
     
  5. Devin

    Member Devin "Local Hardware Wizard"

    Joined:
    Aug 17, 2009
    Messages:
    5,701
    Location:
    The Nexus
    Country:
    United States
    I'm also curious about that, but if it works on any Dash. Don't update.
     
  6. FAST6191

    Reporter FAST6191 Techromancer

    pip
    Joined:
    Nov 21, 2005
    Messages:
    21,700
    Country:
    United Kingdom
    Wow a good read. I shall have to see how this all plays out and if it turns out it can be done on some more commodity hardware (thinking some of the more common development boards although a quick scan says the current setup is nothing major) I sense I shall be doing a few as this looks like it will work on banned hardware too.
     
  7. TLSS_N

    Member TLSS_N Who is John Galt?

    Joined:
    Aug 16, 2010
    Messages:
    547
    Location:
    Back in the south~
    Country:
    United States
    Well, if anyone needs a box, I suggest waiting a bit to find out if microsoft has patched it, just keep an eye on xbox-scene forums for a heads up. I know I am going to get a new box either way, I need it. and let's hope someone grabs the keys!!
     
  8. Devin

    Member Devin "Local Hardware Wizard"

    Joined:
    Aug 17, 2009
    Messages:
    5,701
    Location:
    The Nexus
    Country:
    United States
    Yup. If it hasn't been patched yet great. Until I get it done, my 360 stays offline. Just bought a 360 from a friend, so I'll have two to screw around with.

    (So that means the 360's can run games, and still play on Live? Amazing.
     
  9. Fudge

    Banned Fudge Remember that death is not the end, but only a tra

    Joined:
    Aug 26, 2009
    Messages:
    2,655
    Location:
    New York
    Country:
    United States
    Awesome!!! Unsigned code is possible once more! [​IMG]
     
  10. raulpica

    Supervisor raulpica With your drill, thrust to the sky!

    Joined:
    Oct 23, 2007
    Messages:
    10,656
    Location:
    _____________ PowerLevel: 9001
    Country:
    Italy
    Hm, this will probably have a nice huge drop of JTAG'd 360s prices. Good.

    I wonder if MS will still ban you if you use this hack... Hopefully it'll be less detectable.
     
  11. machomuu

    Member machomuu Drops by occasionally

    Joined:
    Sep 4, 2009
    Messages:
    8,437
    Location:
    The Courtroom
    Country:
    United States
    Sounds awesome, but I can't solder so [​IMG]

    I might buy another 360 just to do this.
     
  12. chartube12

    Member chartube12 GBAtemp Addict

    Joined:
    Mar 3, 2010
    Messages:
    2,725
    Country:
    United States
    So much for the secret of how the xode was gonna work!
     
  13. hunter291

    Member hunter291 GBAtemp Advanced Fan

    Joined:
    May 14, 2007
    Messages:
    780
    Country:
    Germany
    So in noob language... could we describe it as "JTAG" for newer models ? I mean can this lead to the same stuff ? Freestyledash, xellous, freeboot and stuff ?
     
  14. 431unknown

    Member 431unknown Greatness Awaits

    Joined:
    Sep 29, 2008
    Messages:
    2,055
    Country:
    United States
    lol, Nice! I knew somebody would find something new eventually.
     
  15. gregor1997

    Newcomer gregor1997 Member

    Joined:
    Sep 12, 2009
    Messages:
    34
    Location:
    Maribor
    Country:
    Slovenia
    This is awesome!
     
  16. shakirmoledina

    Member shakirmoledina Legend

    Joined:
    Oct 23, 2004
    Messages:
    6,611
    Location:
    Dar es Salaam
    Country:
    Tanzania
    i wonder if 3ds at the end will require an advance hack like this
    i do also remember fast talked about messing around with the clocks to get some strange results. this is a rare hack i have read about.
    if i am not mistaken, its all about making a false hash (SHA) to think it is the correct hash value right?

    A little info i know about SHA from a book
    Similar to MD5, the message digest is 160 bits instead of 128 bits.This algorithm provides the hash function for the DSA algorithm specified within the DSS.
     
  17. FAST6191

    Reporter FAST6191 Techromancer

    pip
    Joined:
    Nov 21, 2005
    Messages:
    21,700
    Country:
    United Kingdom
    If you are referring to that hacking concepts thread in the 3ds section clock hacks there were more about superclocking or underclocking to cause commands to be missed, interpreted badly or a race condition which is a similar class of attack the eventual one here. However from reading the above it seems as though the clocks were slowed to allow things to work on simpler hardware- trying to get things to mesh at 200MHz or higher (the post said the point viewed was a fraction of the actual speed) is a nightmare (pretty much university or corporate level) but at the sort of speeds they are mentioning when the CPU gets slowed down is far easier to work with.

    Once this is done the CPU reset function seems to get abused- I am guessing it resets any flags in the CPU that get returned on the compare check as "not a match" just in time for the next part of the routine to think it is in fact correct and carry on booting. It being that early in the boot process means you can tell it whatever you like and that includes getting it to give you the keys to the kingdom.
     
  18. Armadillo

    Member Armadillo GBAtemp Psycho!

    Joined:
    Aug 28, 2003
    Messages:
    3,101
    Country:
    United Kingdom
    Nice, might have to grab a slim when funds allow it, already got a jtag, but with fans at 80% it's pretty loud.

    This line from the readme

    "Now, maybe you haven't realised yet, but CB_A contains no checks on revocation fuses, so it's an unpatchable hack !"

    So does that mean unpatchable by software? or just unpatchable forever [​IMG]. It's a glitch on the cpu, so I'd assume any fix would have to be a hardware one, but I'm just wondering if the attack is at such a level, would the console need a complete redesign to fix it.

    I see a wave of 360 modchips coming now.
     
  19. dilav

    Member dilav GBAtemp Maniac

    Joined:
    Nov 22, 2006
    Messages:
    1,225
    Country:
    United States
    Great news, but debating on if I should pick one up. 25% boot rate isn't too bad either.
     
  20. shakirmoledina

    Member shakirmoledina Legend

    Joined:
    Oct 23, 2004
    Messages:
    6,611
    Location:
    Dar es Salaam
    Country:
    Tanzania
    so speed is such a strange thing in processing that even a computer/machine can misinterpret a situation

    then again, i dont understand how they figure it out to try this... is there a clue or have they searched through the codes? or is it a guess/chance based on some info?

    PS - Fast, i had to read yer post at least 4 times to try to understand what u said and hopefully i get u
     

Share This Page