Tag Archives: xbox 360

3 xbox slim consoles - a 4GB console with Kinect, a 250GB console on it's own and 1 250GB Xbox Slim with Kinect

$99 Xbox Slim offer extends to Walmart, Toys R Us and all Gamestops
HOT!

Comments

Get an Xbox Slim 4GB + Kinect for $99, an Xbox Slim 250GB also for $99 or an Slim 250GB with Kinect for £149.

An Xbox 360 Slim 250GB console with Kinect and a controller - black

Kinect sensor and Xbox 360 as shown at the 2010 Electronic Entertainment Expo (Photo credit: Wikipedia)

Back in May Microsoft announced that they would be offering pay-as-you-go (or pay-as-you-play as I find that more fitting) Xbox Slim 4GB consoles at the massively reduced price of $99 from their stores – they then offered it in selected Best Buys and Gamestops. There’s only one catch – you have to pay for an Xbox Live subscription for 2 years priced at $14.99 a month. That’s higher than the ordinary month price, which I believe is $9.99.
Continue reading

Halo 4 box cover xbox 360

Halo 4 Multiplayer Pics
HOT!

Comments

Halo 4 is the upcoming shooter (FPS) game from 343i. They have recently taken sole control over the game from Bungie and are making some revolutionary changes. They are bringing back Master chief and some weapons. You face a new greater thread than before and there is a reason for why the Red guys are fighting the Blues guys!

Ok so I just post some multiplayer pics but what I noticed when I viewed them full screen a moment ago after uploading was that the set I had were pretty pixellated when I looked at them so I’ll get some more of them tomorrow for you. Here’s a few Halo 4 pics to keep you happy till I sort the multiplayer ones.

Call_Of_Duty_4_Wallpaper

Bowling Wants to Give You MW3 Classic Maps for Free
HOT!

Comments

Infinity Ward Creative Strategist, Robert Bowling, commented on the design philosophy of the recently released content drop, Overwatch, and gave fans a glimpse into what direction the team is headed when it comes to future MW3 DLC. It’s safe to say many will love what Bowling has to say on the subject of free content. Click here to read the article

Also: click the images above and below for some pretty awsome COD related surprises :D

.

Silver Skyrim Dragon Logo custom cut xbox case and controller. Almost finished, needs a few final coats of paint

Custom Skyrim Xbox – modded case.

Comments

Custom Skyrim dragon logo Xbox 360

skyrim dragon logo xbox 360 1

The other day I found a Skyrim wallpaper for my desktop. Simple black background, says “Elder Scrolls V: Skyrim” on it and has the Skyrim dragon logo. I decided to crop the logo out and set it as my Facebook profile picture. A friend or 2 liked it and another commented on the picture. In response I said that “I’m making one of those” and at the point I didn’t know how or what I was going to make it from.

I woke up a day or so ago and almost as soon as I got up I was like “I’m making that Skyrim Dragon today.”. Still not knowing how I soon came to the idea of cutting an old computer case and making it from the metal… and then it dawned on me: I’m making a Skyrim Xbox. I’m cutting the dragon into the case. And that’s just what I done. I got a spare case and a pencil and sketched the dragon logo onto the case. I made it big enough to cut out the entire XBOX 360 stamp on the side (No point in cutting through some of the XBOX 360 and leaving a few letters still in place).

Continue reading

Microsoft have silently updated dae.bin – AP2.5 challenge table updated.
HOT!

Comments

Update: I have found a way around the new dae.bin file! info at the bottom of the Page

Silent Update for Xbox 360 issued by Microsoft. dae.bin changed

Image representing Xbox as depicted in CrunchBase

The pirates thought they had beat Microsoft. Microsoft decided to put more information on the disk. More information that a normal burner could burn to the disk, but pirates weren’t beat. They made burning firmware capable of burning the extra information to the disk and all looked smooth.

The new anti-piracy XGD3 format had failed. A while ago Microsoft had tried a different trick to stop the pirates. AP2.5 added new challenges to the boot sequence, challenges read from disks and compared against dae.bin. If you fail a challenge you get an offline ban flag and will be presented with the ban screen at some point when you next connect to Xbox Live. The AP2.5 challenge was quickly overcome with patching offered by abgx360, only problems with it is a reburn is required every time the dae.bin file was updated. The dae.bin file has never been updated outside of a dashboard update. It was not updated every dashboard and there have only ever been a handful of changes.

The dae.bin file had never been changed outside of an update but in theory it could be changed by Microsoft at any time. And it has been! I said it away back last year when AP2.5 hit that the challenge table could be changed up on the fly when Microsoft chooses.

In the past 24 hours your Xbox might have had this on-the-fly dae.bin update. If you have original games you are fine. If you have back-ups you will have been flagged if you played any XGD3 games you will have failed the new challenges and already been flagged. This update is completely silent. It does not give you a prompt or any information about its arrival. It’s a silent update on-the-fly. What’s more is that a second challenge table is now present, not just the one table of challenges but 2. To make matters worse the new table also appears console specific. The new console specific issue is being investigated now but as of yet there is no way to play XGD3 games on a console that has had the on the fly update. The new challenge table appears console specific so be careful sharing it with others may be risky – it is likely traceable and could result in a ban.

What we already knew.

The Xbox Live Dashboard Preview Program kicked off a few days ago, from the update it was known that the dae.bin was updated to now include 2 tables of challenges. It was known that the beta update does not re-flash your console back to stock firmware. The stock firmware (updated a few dashboard updates ago to allow for the read of XGD3 game disks) was also unmodified. There was little challenge to piracy. But then in the middle of the night Microsoft changed the dae.bin on the fly. Previously it was a feature of the LT+ firmware to prevent boot of failed AP2.5 challenge games and stop an offline ban flag. Microsoft issued random AP2.5 challenges (dubbed AP2.6) to combat this safeguard and it had to be removed – all random challenges resulted in safeguard preventing boot so no AP2.5 games were playing at all.

What’s new?

Now it’s Microsofts turn to stop these failed challenge disks booting. The error presented to users is “unsupported disk” and prevents the game from starting at all. If you receive this error you can be almost 100% sure that you are flagged for ban.

Unsupported Disk

NORTH LAS VEGAS, NV - NOVEMBER 08: GameStop e...

There is speculation about this updates initial inception (the very first issue of the update) was with a Modern Warfare 3 title update. There were reports yesterday of “unsupported disk” errors related to MW3. This looks like it was the beginning of the update. This i the error that you will be presented with if you try to play any XGD3 back-up game. All AP2.5 games are likely to throw the same error out if you try to play them. Here’s what is posted over at abgx360.net:

Update 2011/11/16:

DAE.bin is being silently updated through Xbox Live with an additional challenge table! This happens on the current public dashboard version 2.0.13604.0 and there is no confirmation dialog or any known means to prevent it besides disconnecting your console from the internet.

If your DAE.bin has already been silently updated, AP25 backups that are patched with current AP25 replay data will fail the normal AP25 challenges outright! Note that all XGD3 games use AP25.

Use your originals if you want to play on Xbox Live.

There’s even a little bit more information on offer over at c4evaspeaks.com. There is information posted about the dashboard preview program, followed by information about the on the fly update and then a further comments from c4eva himself stating that systems affected by the changes have been both modified and completely in-modified consoles. He is waiting to see if a fallback occurs. there was also a simple, firm, “no” to a user who posed him the question “Is this the end for modders?”. Here’s what’s at c4evaspeaks about the new issues:

Posted on 2011-11-10 by

We’ve confirmed that the dae.bin has changed in the new Xbox 360 Fall 2011 Preview Dash (2.0.14686.0). c4eva has reported to the team that XGD2 and XGD3 backups are still booting under LT+ v2.0/2.01 (from team channel: [2011-11-10 08:58PM UTC]backups,xgd3 still booting). However, do not take this as a sign that everything is fine. Booting backups with older AP25 replay sectors on 14686 may get you flagged. Don’t say we didn’t warn you! We can confirm though that these changes will indeed necessitate new versions of and/or changes to Xbox Backup Creator, abgx360, and several other associated tools. It has also been confirmed by the team that drive fw’s are not affected. All the changes are currently being analyzed, and we’ll continue to update this post when further details become available.

*UPDATE* [2011-11-14 04:12PM UTC]
There is still a lot of analysis to do. Unlike the changes to the dae.bin in the previous updates, this time around the changes aren’t so simple. In addition to possibly having to re-burn/re-press, accommodating the changes has a ripple effect across XBC, abgx360, other associated/internal tools, as well as potentially the fw itself. Right now it’s too early to make any definitive statements. It should be clarified in the original post where mention was made that “the drive fw’s are not affected” — this was not in reference to c4eva’s fw, but rather to the ofw re-flashing of non-updated drives. The fw versions those drives get updated to has not changed in this update (e.g. Lite-On phats to 02510C, and Lite-On slim 9504 to 0272). The team appreciates your patience. More concrete info about what these changes entail will be posted in the days ahead as analysis progresses.

 

Posted on 2011-11-17

First and foremost, a warning — at this current time it is advised that you stay offline and avoid playing any AP2.5/XGD3 backups. It has been confirmed by the team that the dae.bin is now being silently updated on all LIVE-connected boxes.

This update is not being deployed via a SystemUpdate or TitleUpdate, but rather occurs in the background without any visual indication or prompt to the user. As such, there is no means by which it can be cancelled or avoided, other than not connecting to LIVE. If you’ve connected to LIVE in the past 24 hours, your system has likely already been updated with a changed dae.bin.

All AP2.5/XGD3 backups that contain the now older AP25 replay data will fail the system’s AP2.5 challenges and indeed flag your system (the flagging has also been confirmed by the team).

Like our news a few days ago, the dae.bin is now being changed by way of an appended challenge table in the same manner on current retail dashes (13604) as it is on the preview dash (14686), however the content of the challenge tables differ. The team has determined that the appended challenge table appears to be unique per console and contains indentifying information. This means that everyone’s dae.bin is different, and can potentially be traced back to your specific console. Therefore, sharing your dae.bin with others is not advisable.

More info to come

 

Posted on 2011-11-17

[2011-11-17 07:44AM UTC] #c4e hello
[2011-11-17 07:53AM UTC] #c4e a solution to the per console ap25 is being worked on, as un-modded boxes are affected, will monitor the situation to see if there is a rollback

 

Posted on 2011-11-17

[2011-11-17 07:44AM UTC] #fw <c4eva> hello
[2011-11-17 07:52AM UTC] #fw <skynets> c4eva if ms can update dae anytime it wants does that mean it’s over for modders?

[2011-11-17 07:54AM UTC] #fw <c4eva> skynets:no :)

New Xbox 360 Slim Motherboard Revision: “Corona” – HANA chip gone?!?
HOT!

Comments

Habemus Xbox Slim

Image by ீ ๑ Adam via Flickr

2BW6H9K977A2

This new motherboard revision was found in a Forza 4 250GB Go Pack with a matte black finish.

Specs:

  • New “Corona” type motherboard
  • 1071 Disk Drive
  • MFR Date of: 17/08/2011
  • The PSU goes from 10.83A (for the Trinity style motherboards of original 360S consoles) to 9.86A.

The most noticable visual difference between the boards is that the HANA chip appears to be missing. There is a suggestion that the HANA and SouthBridge have been put together into 1 chip on this new motherboard. The fact that the HANA has been integrated with the SouthBridge may have serious implications for the new Reset Glitch Hack. It has been suggested that the new mobo revision has been designed to combat the RGH but if you look at the MFR date it was manufactured back in August, before the RGH was discovered/made public – so unless Microsoft knew about this exploit before it was public this mobo was not designed specifically to stop it and even then it takes months to design and make a motherboard. That being said there may prove to be a problem for the hack and work in MS benefit even if it wasn’t intended too! There may be alternatives to using the HANA chip for timing of the hack but… moving the HANA chip may not even cause any problems with the hack, it’s all just speculation at the moment. Only time will tell if this is good for Microsoft or good for the Pirates.

Related articles
  • Reset Glitch Hack on Slim By GliGli (gamingnow.info)

Batman: Arkham City Leaked!
HOT!

Comments

IMG_3317 - Harley Quinn

Image by Anime Nut via Flickr

I have been sent multiple sets of links from various different file hosts containing a retail rip of Batman: Arkham City. It is an XGD3 game so LT+2.0 is required for play. If you are on the latest firmware then you can download and play it now. The game is not due for release untill the 18th of October.

The process of burning an XD3 game is pretty different than burning older Xbox 360 games. It’s so different in fact that I have uploaded a video to youtube on how to do it and it’s been pretty damn popular so I’m going to write an article on how to do it and I’ll link it to burning an XGD3 game.

I won’t be providing these download links to the general public but if you want to find out where I got then then leave a comment below using an e-mail address you check often and I will forward you the mail from the person who informed me about the leak and provided me with the mutiple download servers as proofs of the leak.

Expect a review of sorts to be posted here in the coming days once the leak gets played by some people.

TX Coolrunner V3 glitch chip

Xecuter Coolrunner Demo Video Surfaces
HOT!

Comments

Demos of new Reset Glitch Hack (RGH) chips have surfaced since the implementation of the hack. We have seen numerous different teams take the idea and build replicas on what GliGli had created. Other teams started to modify the design slightly to tweak boot speed. It would only take a few seconds to find a video of the “Matrix Glitcher”, said to be the fastest chip on the market. What a lot of companies have done is created a glitch chip and a NAND reader/writer that works well together but practically any Xbox 360 NAND reader/writer will be compatible with most, if not all of the chips available.

With all the demo videos from these chips providing practically free advertising through the wonderful medium of Social Media I had to wonder “Why is Team Xecuter, the biggest name in the 360 modders scene, not showing off their new TX Coolrunner glitch chip?”.

Well I looked and I found out that a brand new video has indeed surfaced and it is super fast. From what I see it boots just as fast as my 360 anyhow. If there is a difference it’s only slight… and getting on Xbox Live eats up more precious gaming seconds that booting with this does anyway.

I have seen many demonstrations of different chips this last month from everyone who is trying to push their product out quickly. Untill now we hadn’t seen any working models of Coolrunner, and we are yet too! But what we have seen is a new video demoing the Collrunner in action. Here’s the video:

Along with the video TX have also dropped some new info on the product including an expected final production date of this weekend and that no expensive Actel IC is needed to establish a fast stable boot. That is good news for the price and the release date but there’s more good news. Slim boot times are just about the same as the boot time shown in the video, Falcon and Zephyr boards compatibility has been added and is now being optimized and a debug LED has been added in line with GliGli’s new Reset Glitch Hack v1.1

Enhanced by Zemanta

Gboot for Reset Glitch – The Russians are hard at work
HOT!

Comments

The Russians hackers have stuck again with this one. First with the MXIC versions of the spi locked Xbox 360 Slim drives to enable flashing. A resister method they created has now been turned into an unlock board or and unlock probe by Team Xecuter dubbed “Sputnik360″. Now they are working on a rebooter of sorts for the new Reset Glitch Hack (RGH). Named “Gboot” it currently only supports the loading of 1 game from a hard coded location (hopefully you can just rename the directory to something else and name a different game folder to that which coincides with that hard coded location every time you want to play a different game). Currently only a developer version we could expect public release in a couple of weeks. Here’s what was said over at Hackfaq.

Gboot is working

Today it’s not a great day, for the J-Tag owners. After some weeks with a lot of work, it is real.

Gboot is running. Gboot is the first kind of rebooter for the Glitch Hack.

Gboot ist no rebooter, like Freeboot. It can actual only boot one game at the time. Now it is a developer version, but there come a ready complete rebooter.

Ok what must you do, to play a game? You need a working Glitch Hack and a dump of the nand.

So why a dump of the nand? We create a nand image with a hacked 13599 Kernel and hardcoded gamepath.

Ok now lets go to Xell Reloaded, we put our fresh generated xenon.elf to a USB drive and plug in into the xbox.

Power on your xbox and enjoy the show.

Yes it works the first game, with a Glitch Hack.

We work hard, that you can enjoy a dashboard like the original, but actual it can only boot a default.xex an nothing other.

And now we feel sorry, for all the J-Tag owners. But guys you are out.

This is a developer version, be patience a public tool comes in a few weeks.

f9ba3266-dc4d-4ebd-bed3-0fa0b7171942

Xbox Dashboard Update – Fall 2011
HOT!

Comments

This years Fall update boasts a new user interface, much better Kinnect integration, a host of new content providers and Bing to search it all.

Metro UI

The new interface’s navigation moves things away from the channel system of the NXE (New Xbox Experience) and back slightly more towards the blades style. Navigation is on the top, you move left and right between the panes to find what your looking for.

New Xbox Social Tab

Meet the New Xbox Social Tab

Each pane hosts a variety of individual live tiles. Each tile serves a different piece of dynamic content: for example the home pane shows the disk in the drive, latest apps, last live tv channel watched and what appear to be a large and a small advert, although the large pane in the middle is likely to be something along the lines of the last movie watched or a movie you have downloaded and yet to watch.

The new interface has been built to be fully functional with either a controller or Kinect. There is no longer an NXE dash and the Kinect dash, they are now both one and the same. Kinect’s control is not limited to motion or voice but almost every action can be done with either voice or motion, including the new search!

The Metro UI is something Microsoft are investing quite a bit of time in. Windows 8 tablet runs with it, it’s used on Windows Phone 7 and now something very similar is coming to

Xbox 360. Microsoft appear to be making this the look of their brand.

Bing

New Xbox Bing search johnny depp

Bing, Search, Johnny Depp

Microsoft’s decision engine is quickly working it’s way into everyday life for some. Now it will be working it’s way into more of the everyday life of your average 360 user. Full Bing integration into the Xbox console will make searching the already (with more to come with this dash update) large choice of content from the multiple content providers a piece of cake. Simply type what you want into Bing and it will search all content available matching your keywords and allow you to scroll through it to find what your looking for, or even discover something new!

Bing works with the virtual keyboard accepting input from either a controller or Kinect but the real beauty is the voice recognition. Issue the commands “Xbox, Bing, …” and it will find what you want. If it’s a game on your hard drive, in the marketplace, a film or song, and even DLC, it finds it all. From what I’ve seen so far it looks seamless and responsive.

Video Services

Shot of the new dashboard and a jiant youtube logo

Finaly Youtube on your Xbox 360

Microsoft has already partnered with some big names when it comes to video streaming. In the UK they have Sky TV, in Australia they have FoxTel and in France they have Canal +. They have now managed to strike a deal with one of the biggest names in the world to bring us content from the worlds biggest video streaming servive. That’s right: a deal has been struck with Google to bring YouTube to the console. This is something desperately wanted by some people, and will be a more than welcome addition for all the rest. This means HD video streaming right on your TV is possible! YouTube has to offer the largest collection of videos in the world. There is barely anything you can’t find on YouTube.

Graffiti XGD3 logo

XGD3 Facts
HOT!

Comments

DVD-ROM for Xbox 360 (Sample: THE IDOLM@STER)

Image via Wikipedia

Xbox Game Disk v. 3

Microsoft has unleashed XGD3 on the pirates! It is a new form of copy protection and has yet to be cracked. Prior to XGD3 the main points of making back-ups of 360 games was to use good quality DVD+R DL disks – most preferring to use Verbatim disks – and the correct layerbreak of 1913760.. It used to also be necessary to booktype the disk to DVD-ROM but that is not needed any more.

Now the pirated scene is on hold as all new Xbox games will come on XGD3 disks. These new disks pose 3 major problems: Ripping the disk, burning the disk and running the disk on the 360.

Ripping the disk will need a new algorithm for reading the disk. XGD2 disks contain a partition roughly 1GB in size. This partition has the video that you see if you put the disk into a DVD player, a dashboard update and various anti-piracy measures. XGD3 disks have tweaked this partition to make it much smaller, or possibly removed it entirely, because Microsoft have told publishers that they will now be able to make use of an extra Gigabyte of space previously reserved for this partition. Another speculated issue is that the layerbreak might have been changed and that will need a little investigating to find out if that is true or not. Removing the 1GB partition would allow developers to use 1GB more space on the disk and does not mean that the disk will be 1GB bigger as a lot of people are thinking. The hardware in Xbox 360s is not capable of reading HD DVD or Blu-Ray or any other type of new disk so the games will still be on dual layer DVDs. This is 100% certain. The last part of this problem is that the files extracted from the disk will need converted into a conventional ISO file with the correct security sectors, DMI and PFI for it to work on your flashed console. There is currently no way of ripping a direct ISO of the disk but you can extract the files if you have a Kreon drive or an 0800 drive attached to your PC and the right software. There is now a way to rip the disk to an ISO file. The Lite-on 0800 firmware is in testing, the Ben-Q 0800 firmware is complete. These firmwares allow you to connect an Xbox 360 disk drive to your PC and rip the disk to your hard drive. We are still awaiting the supporting software for this firmware to be completed (ABGX and Xbox Backup Creator)

Burning the disk will be the next problem. On cheaper disks overburn often ruins the disk. That will be a problem for a lot of people, even higher quality disks have issues with overburn sometimes. All XGD3 games are overburned so people will need to find the correct disks to use with a decent success rate (over 50% sounds like a reasonable success rate). You will also need to know the correct layerbreak, but I believe that existing software is capable of finding the layerbreak easily.

Running the back-up is the last problem (other than playing it without getting a console ban for piracy but that isn’t really relevant until the disks can be created and played). This is possibly not the hardest part to complete although very few people know what is going on with the firmware on the DVD drive – a few people do know very well and are working on a way to get XGD back-ups to work with custom firmware. Original XGD3 disks already work with the latest CFW on consoles (added in LT+ v1.9). The man behind the 360′s CFW is C4Eva. It is his firmware that makes playing back-ups possible and he is already working on a way to play the back-ups.

C4Eva is the man who made it possible to connect a 360 disk drive to your PC and rip games to your PC’s hard drive in ISO format. This is possible with a special firmware know as 0800 ripping firmware. He has completed 1 version that is not released yet that can rip the AP2.5 anti-piracy measures from an AP2.5 game using a 360 drive. He is now working on a new 0800 with XGD3 support.

Currently there is no ETA for the 0800 firmware or the LT+ v2.0 firmware that can play XGD3 back-ups.

Here’s a run down of the current facts surrounding XGD3, all the information below was compiled and written by the user “hancock13″ from xbox360iso:

**NEWS**
9/28/2011- BenQ VAD6038 LT+ 2.0 and Lite-On DG-16D2S in testing!
9/26/2011- Video proof of booting XGD3 games and installing them to HDD has been posted by C4EVA!
9/25/2011- XGD3 has been defeated. LT+ 2.0 with new LT-MAX feature for DVD DL. XGD3 .iso’s playing/installing fine from DVD DL disc!
9/21/2011- BenQ 0800 VAD6038 v3.0 and Lite-On 0800 DG-16D2S v3.0 are completed (testing in progress!)
9/16/2011- XGD3 games have been successfully ripped! Available to public!
9/07/2011- XGD3 games confirmed working on ODE!
8/31/2011- First XGD3 released-Driver SF

**FAQ**

What does XGD3 stands for?
Xbox Game Disc 3.

What is XGD3?
XGD3 is new disc format developed by Microsoft. Basically it adds more AP (Anti Piracy) and CVI (content integerity) checks. Microsoft’s current format structure creates a partition weighing in at around 1GB, filled with anti-piracy sectors. This update tweaks the approach to significantly save on space, or omits the partition altogether. The most notable perk is an extra 1 GB of storage space on the new format for developers to utilize.The XGD3 format will write to an extra “layer” on the disc. Not to be confused for a physical layer, the discs are still nothing more than Dual-Layer DVDs. However, the discs do read in at a larger capacity.

Will disc type change?
No! Even with XGD3 XBOX360 games will stay on DVD, dual-layer at 8.5GB! Physical space available on an XGD3 disc is just resized partitions. No need for overburning!

Will all consoles support XGD3?
According to Microsoft, XGD3 discs will work with all previously released (and future) models of the Xbox 360. If they don’t you can ask for replacement!

Is AP2.5 and XGD3 same thing?
No! This should not be confused with AP2.5 or wave…This is a completely new type/format of game disc and it actually needs new FW to read game discs, even legit XGD3 game won’t boot unless you don’t have latest STOCK or CUSTOM FIRMWARE!

What do I need to play legit XGD3 games?
You need to update console to latest dashboard. Dashboard 2.0.13146 and newer adds support for XGD3 format. You can play legit XGD3 games either on OFW (Official Firmware) or on CFW (Custom Firmware), since C4eva added XGD3 support to his CFW (LT+ v1.9 and newer!)

What do I need to play backup XGD3 games?
You either need JTAG or ODE…Those are only way ATM. But XGD3 games have been successfully ripped to standard .iso. We now only need new FW and burning method, which are almost completed.

How can I burn XGD3?
You can’t at the moment. But C4eva and his team managed to burn XGD3 game and play/install it normally, so it’s only matter of time.

When will LT+ X.XX be released that supports XGD3?
C4eva announced that LT+ 2.0 is planned for eventual XGD3 backup support. LT+ 2.0 is in testing and should be released soon (This can be a time period from few days to few months!)!

When will new FW be released?
Soon. This can be a time period from few days to few months!

When will XGD3 ripping FW be released?
BenQ 0800 (VAD6038) is completed but not yet released. Lite-On 0800 (DG-16D2S) is in testing. There is no ETA on release!

What’s the reason behind releasing XGD3?
Even tho Microsoft never confirmed it, it’s obvious that their goal is to prevent piracy! Microsoft and Xbox scene have been playing a cat-and-mouse game for a long time. MS introduced quicker dashboard updates, AP 2.5 check, AP 2.6 check…All of those have been “defeated”. XGD3 just continues the cat-and-mouse game…Hopefully it won’t end it.

Will all games be released on XGD3 now?
Not necessarily! Game publishers have control over this.

What is ODE?
ODE is Optical Drive Emulator. Xkey, x360key xk3y or what ever it’s called is ODE!

What is LT-MAX?
LT-MAX is a feature of the fw itself. It’s one of the reason why XGD3 games can be burned and played on LT2.0.

Who are guys mentioned in your thread?
Commodore4eva or shorter c4eva is probably the most famous guy on xbox scene. He’s famous for his firmware hacks (eg. LT+) which allows us to play backup games!
COMPLEX and XB3 are a group of people who rips and/or release-upload games on internet!

List of XGD3 games:

-Driver San Francisco -playable on JTAG & ODE-
-Dead Island -playable on any console-
-Warhammer 40000 Space Marine -playable on JTAG & ODE-
-Rise of Nightmares -playable on JTAG-
-Gears of War 3 -playable on JTAG & ODE-
-X-Men Destiny -playable on JTAG-

NOTES:
*For some odd reason it seems not all copies of Dead Island have XGD3 depending on where you buy it
*All games listed above have been confirmed having XGD3 by COMPLEX and XB3!
*Only games that are released to public and cofirmed having XGD3 by a reliable source (i.e. xbox scene) will be listed above. No speculations or rumors!

XGD3 process…

C4E LT 2.0 FW WITH LT-MAX

LT+ 2.0/v3.0 FIRMWARE DEVELOPMENT

LT+2.0
Hitachi 78/79 IN PROGRESS
Samsung TS-H943 IN PROGRESS
BenQ VAD6038 IN TESTING
Lite-On DG-16D2S IN TESTING
Lite-On 9504 DG-16D4S IN PROGRESS
Lite-On 0225 IN PROGRESS
Lite-On 0401 IN PROGRESS
Lite-On 1071 IN PROGRESS
v3.0
BenQ 0800 VAD6038 v3.0 COMPLETED – NOT YET RELEASED
Lite-On 0800 DG-16D2S v3.0 IN TESTING

GAME BURNING
The team successfully burned XGD3 games on normal DVDR DL disc. Game partition was expanded on backup to use all available space, this way games load and install to hdd fine!

It’s finally happened: New JTAG like Exploit for Slim and Phat 360s
HOT!

Comments

**********************************
* The Xbox 360 reset glitch hack *
**********************************

Introduction / some important facts
===================================

tmbinc said it himself, software based approaches of running unsigned code on the 360 mostly don’t work, it was designed to be secure from a software point of view.

The processor starts running code from ROM (1bl) , which then starts loading a RSA signed and RC4 crypted piece of code from NAND (CB).

CB then initialises the processor security engine, its task will be to do real time encryption and hash check of physical DRAM memory. From what we found, it’s using AES128 for crypto and strong (Toeplitz ?) hashing. The crypto is different each boot because it is seeded at least from:
- A hash of the entire fuseset.
- The timebase counter value.
- A truly random value that comes from the hardware random number generator the processor embeds. on fats, that RNG could be electronically deactivated, but there’s a check for “apparent randomness” (merely a count of 1 bits) in CB, it just waits for a seemingly proper random number.

CB can then run some kind of simple bytecode based software engine whose task will mainly be to initialise DRAM, CB can then load the next bootloader (CD) from NAND into it, and run it.

Basically, CD will load a base kernel from NAND, patch it and run it.

That kernel contains a small privileged piece of code (hypervisor), when the console runs, this is the only code that would have enough rights to run unsigned code.
In kernel versions 4532/4548, a critical flaw in it appeared, and all known 360 hacks needed to run one of those kernels and exploit that flaw to run unsigned code.
On current 360s, CD contains a hash of those 2 kernels and will stop the boot process if you try to load them.
The hypervisor is a relatively small piece of code to check for flaws and apparently no newer ones has any flaws that could allow running unsigned code.

On the other hand, tmbinc said the 360 wasn’t designed to withstand certain hardware attacks such as the timing attack and “glitching”.

Glitching here is basically the process of triggering processor bugs by electronical means.

This is the way we used to be able to run unsigned code.

The reset glitch in a few words
===============================

We found that by sending a tiny reset pulse to the processor while it is slowed down does not reset it but instead changes the way the code runs, it seems it’s very efficient at making bootloaders memcmp functions always return “no differences”. memcmp is often used to check the next bootloader SHA hash against a stored one, allowing it to run if they are the same. So we can put a bootloader that would fail hash check in NAND, glitch the previous one and that bootloader will run, allowing almost any code to run.

Details for the fat hack
========================

On fats, the bootloader we glitch is CB, so we can run the CD we want.

cjak found that by asserting the CPU_PLL_BYPASS signal, the CPU clock is slowed down a lot, there’s a test point on the motherboard that’s a fraction of CPU speed, it’s 200Mhz when the dash runs, 66.6Mhz when the console boots, and 520Khz when that signal is asserted.

So it goes like that:
- We assert CPU_PLL_BYPASS around POST code 36 (hex).
- We wait for POST 39 start (POST 39 is the memcmp between stored hash and image hash), and start a counter.
- When that counter has reached a precise value (it’s often around 62% of entire POST 39 length), we send a 100ns pulse on CPU_RESET.
- We wait some time and then we deassert CPU_PLL_BYPASS.
- The cpu speed goes back to normal, and with a bit of luck, instead of getting POST error AD, the boot process continues and CB runs our custom CD.

The NAND contains a zero-paired CB, our payload in a custom CD, and a modified SMC image.
A glitch being unreliable by nature, we use a modified SMC image that reboots infinitely (ie stock images reboot 5 times and then go RROD) until the console has booted properly.
In most cases, the glitch succeeds in less than 30 seconds from power on that way.

Details for the slim hack
=========================

The bootloader we glitch is CB_A, so we can run the CB_B we want.

On slims, we weren’t able to find a motherboard track for CPU_PLL_BYPASS.
Our first idea was to remove the 27Mhz master 360 crystal and generate our own clock instead but it was a difficult modification and it didn’t yield good results.
We then looked for other ways to slow the CPU clock down and found that the HANA chip had configurable PLL registers for the 100Mhz clock that feeds CPU and GPU differential pairs.
Apparently those registers are written by the SMC through an I2C bus.
I2C bus can be freely accessed, it’s even available on a header (J2C3).
So the HANA chip will now become our weapon of choice to slow the CPU down (sorry tmbinc, you can’t always be right, it isn’t boring and it does sit on an interesting bus ;)

So it goes like that:
- We send an i2c command to the HANA to slow down the CPU at POST code D8 .
- We wait for POST DA start (POST DA is the memcmp between stored hash and image hash), and start a counter.
- When that counter has reached a precise value, we send a 20ns pulse on CPU_RESET.
- We wait some time and then we send an i2c command to the HANA to restore regular CPU clock.
- The cpu speed goes back to normal, and with a bit of luck, instead of getting POST error F2, the boot process continues and CB_A runs our custom CB_B.

When CB_B starts, DRAM isn’t initialised so we chose to only apply a few patches to it so that it can run any CD, the patches are:
- Always activate zero-paired mode, so that we can use a modified SMC image.
- Don’t decrypt CD, instead expect a plaintext CD in NAND.
- Don’t stop the boot process if CD hash isn’t good.

CB_B is RC4 crypted, the key comes from the CPU key, so how do we patch CB_B without knowing the CPU key?
RC4 is basically:
crypted = plaintext xor pseudo-random-keystream
So if we know plaintext and crypted, we can get the keystream, and with the keystream, we can encrypt our own code. It goes like that:
guessed-pseudo-random-keystream = crypted xor plaintext
new-crypted = guessed-pseudo-random-keystream xor plaintext-patch
You could think there’s a chicken and egg problem, how did we get plaintext in the first place?
Easy: we had plaintext CBs from fat consoles, and we thought the first few bytes of code would be the same as the new CB_B, so we could encrypt a tiny piece of code to dump the CPU key and decrypt CB_B!

The NAND contains CB_A, a patched CB_B, our payload in a custom plaintext CD, and a modified SMC image.
The SMC image is modified to have infinite reboot, and to prevent it from periodically sending I2C commands while we send ours.

Now, maybe you haven’t realised yet, but CB_A contains no checks on revocation fuses, so it’s an unpatchable hack !

Caveats
=======

Nothing is ever perfect, so there are a few caveats to that hack:
- Even in the glitch we found is pretty reliable (25% success rate per try on average), it can take up to a few minutes to boot to unsigned code.
- That success rate seems to depend on something like the hash of the modified bootloader we want to run (CD for fats and CB_B for slims).
- It requires precise and fast hardware to be able to send the reset pulse.

Our current implementation
==========================

We used a Xilinx CoolRunner II CPLD (xc2c64a) board, because it’s fast, precise, updatable, cheap and can work with 2 different voltage levels at the same time.
We use the 48Mhz standby clock from the 360 for the glitch counter. For the slim hack, the counter even runs at 96Mhz (incremented on rising and falling edges of clock)
The cpld code is written in VHDL.
We need it to be aware of the current POST code, our first implementations used the whole 8 bits POST port for this, but we are now able to detect the changes of only 1 POST bit, making wiring easier.

Conclusion
==========

We tried not to include any MS copyrighted code in the released hack tools.
The purpose of this hack is to run Xell and other free software, I (GliGli) did NOT do it to promote piracy or anything related, I just want to be able to do whatever I want with the hardware I bought, including running my own native code on it.

Credits
=======

GliGli, Tiros: Reverse engineering and hack development.
cOz: Reverse engineering, beta testing.
Razkar, tuxuser: beta testing.
cjak, Redline99, SeventhSon, tmbinc, anyone I forgot… : Prior reverse engineering and/or hacking work on the 360.

Download Link:[download id="1"]