Leaked Microsoft internal document retail to dev

Any idea if they look like half a sidecar? like missing the top hdd bay card. There literally is no information on them

 

Watch the video with "hoodie" when he showed off his linux hack. It's the little board hanging out the side of the console.

 

I don't get this 'blowing efuse' thing.
What do you do, erase a chip and reprogram it or what?

 

Its a CPU die, once its gone its gone. Kinda like a CD-R once its written its written. no rewriting.

 

The 360's CPU has internal fuses. Once a new kernel comes out, a fuse gets blown and the older kernel cannot run on that box again.

That's the theory, anyway. There are ways around it I believe.

 

It's not theory it's been proven. Make a dump of 8955, update to 9199, flash back the 8955 dump, you get three red rings.

 

So you mean each kernel checks if a certain efuse is active, and if it isn't, it won't run?

 

It has a line of efuses iirc, it just checks each one if something does not check out out of a ton of fuses it either does not boot, or red rings.

 

Just to play devils advocate.

There are still ways around this. In no way does updating from 8955 to 9199 lockout 8955 from booting again.

You could go from 9199 to 8955 if you wanted. There are only a handful of locked-out dashes, 8955 not being one of them.

iirc 1888 can still be booted on a box that has been updated to 9199.

 

The boot loaders check the fuse values to make sure it has the exact amount of blown fuses to run that kernel version. No more, no less. You can't swap out bootloaders because CB has the sha1 hash for CD, and etc. It was possible to boot a zero paired image before, aka the timing attack.

 

I know right. You can still change the LDV of a 8955 dump to get it working on a 9199 updated box.

There is some magic involved.

btw the timing attack had nothing to do with zero paired images. :thumbsup:

 

edit.

 

That's just a LVTTL - USB board?!

 

You might want to think before you start to type as you seem to edit or delete every other post you make.

 

Yes, you were right on the timing attack part. But iirc the ldv values are guarded by the hash on the CF. From what I understand this is where the timing attack was used, you break the auth data by changing the ldv value on the kernel, and you could boot into an exploit kernel once you got the right hash.

Lamprey pics: http://www.assemblergames.com/forums/showpost.php?p=398150&postcount=6

 

edit

 

what is up with people editing their posts?

 

You mean a single person with multiple accounts!

 

Guys I know your trying to be sarcastic but please stay on topic or simply don't post.

 

...asks the guy who knows a method to unbrick a 0021 kit

give me a fking break