Robin Hoods Playground

Well while i was looking on ways around unexploitable xbox 360s i stumbled upon this; http://beta.ivancover.com/wiki/index.ph ... r_Hardware Although it looks nerve wracking to do,my brother suggested a breadboard to do this. I still havent tested out if this actually works,but im guessing it does and will try it later this week. Hopefully making this, we'll be able to finally jtag updated xboxes by downgrading them. Youre already going as far as taking apart your xbox and soldering stuff on the board, might as well go the whole 49 yards. If anyone has results with this, post here.

yea keep us in the loop on how that goes

so am i right in saying it is possible to downgrade the kernal of the xbox if its had its e fuses blown or have i got the wrong end of the stick?

since the xbox im planning on using has been updated past that mark, im not exactly sure. But if it does work than that'd be pretty damn amazing!

well this is my 2 cents on this
there used to be a timing attack you could do to get in the nand
but
that was stopped with a update
then you could get in it with a jtag and dumping the nand (2 different things)
and that was stop by a update
and yes with every major update they blow a efuse and it stops any downgrading

i have not read about the thing at that link
but i do know that robinsod is one of the biggest players in the 360 hacking

Well im not exactly sure on if this will STILL work, as maybe it has been patched by an update.

"The last 2007 fall update, 6683, is still vulnerable and can be downgraded by timing attacking the HMAC-hash value. The update is still vulnerable because the CB (2BL) section of the kernel did not change after the update, only the main CE/CF sections. No other fuses than the obligatory fuseline 7 (to match the LockDownValue in CE/FE) were blown.
The latest revisions of the Xbox 360, the Falcon, has a newer basekernel and CB section, 1921, and this version is patched against the memcmp-vulnerability [8]. Making timing attack on these machines impossible until another vulnerability is found.
This might suggest that only newer machines from factory can be patched to fix the memcmp-function in CB. "

So this might mean that itd only work for zephyr and xenon. Unfortunately i have a falcon
But theres still that IF,because im not sure too many people have tried it theyve just assumed that it would not work. Idk.

well man
you sound like you know more about that than I do

For sure keep the us post on how it goes

I'm sceptical, I dont see how you can downgrade past the fall 09' kernel as it blew an efuse.

Anyhow, I'll keep checking this thread for updates, at least your trying something, i'm just sitting here being a critic. Good luck, keep us posted.

Question????when the phrase "blow the Efuse" is used ,is it phisically blown or is it in a open conductive state??

Well there' s two different things I've heard that happens. Its either that the values change,or that they actually blow the fuse.
Im thinking its moreover changing values.
Also, IF you did have the cpu key of your xbox and had the latest update, shouldn't it still work? Sure they keep you from knowing what your cpu key is but the cpu key is still required to boot your xbox.

MrMiscellaneous wrote: Im thinking its moreover changing values.

i hope your right, in that case it can be changed back,but thats were i must leave this topic for now, for my knowledge is limited,all i do is ' flash them and bag 'em' and i'm on a learning curve with a thirst to know more on whats going on inside,good luck with what you are up to and i'll read/study some more

As far as I know the fuse is literally blown. 7x dash's (or lower) can not boot after the fuse has been blown, and to repair the fuse, I believe you can just jump it, but as far as I know the fuse is part of the cpu, so you'd need to remove the cpu, repair the fuse, then reinstall the cpu.

Now your console is able to boot a 7x or lower (to whatever dash ver blew the last efuse)

So whats different from the e-fuse than all of the other fuses. Why wouldnt replacing the fuse work?

From what I know an efuse is just a fuse that gets blown by on purpose by software for security reasons. It can be repaired, but you'd need to lift the CPU, remove the die itself, and locate the fuse bridge it, and then put the cpu back together, and solder back to the motherboard.

I remember a while back people were talking about removing a specific resistor and there will no longer be any efuse power so no efuses cant be blown.

Thats about all I know on the whole thing though.

The issue with downgrading is the efuse, the fuse can be repaired but its quite a hard task to do, but can be done nonetheless. I'm pretty sure if you repaired it, you could use this method, or the timing attack or whatever to downgrade and then jtag.

Sweet! Thanks for the info haggard always great help all-around on stuff! I'll see about doing something like that.

EDIT: Also,found this thing a wikipedia article on e-fuses.
"In computing, eFUSE is a technology invented by IBM which allows for the dynamic real-time reprogramming of computer chips. Speaking abstractly, computer logic is generally 'etched' or 'hard-coded' onto a chip and cannot be changed after the chip has finished being manufactured. By utilizing an eFUSE (or more realistically, a number of individual eFUSEs), a chip manufacturer can allow for the circuits on a chip to change while it is in operation.

The primary application of this technology is to provide in-chip performance tuning. If certain sub-systems fail, or are taking too long to respond, or are consuming too much power, the chip can instantly change its behavior by 'blowing' an eFUSE."

Whether or not its true,from that statement, the values or "behavior" changes and is called 'blowing' and efuse.And the e-fuse is has 768 bits of data.