xbox-scene.com archived forum

Please login or register.

Login with username, password and session length
Advanced search  

News:

xbox-scene.com forum restored.  registration disabled.  thanks to xboxexpert for the db dump and netham45 for cleaning it up!

Author Topic: Wanted... "rmenhal-like" Skills For Development Of  (Read 574 times)

Ndure protagonist

  • Guest
Wanted... "rmenhal-like" Skills For Development Of
« on: September 23, 2005, 08:07:01 AM »


Ndure's fonts and retail Uber Double Dash setups seem to provide a unique Audio Exploit opportunity, that could enable a 'purely MS dash' way back to the softmod from the "full retail" (Live console compliant) dashboard!

On 5713 & 5838 kernels, that's currently only possible using SCEEE and MAEEE, which is far from ideal.  Additionally, UDDAE wouldn't suffer from reset-on-eject...

It requires a suitably exploited ST.DB file plus the xboxdash.xbe and six XIP* files from the UberDash (or SlaYers 2.5's 4920, the XBE via a patch**).

The ST.DB's the challenge... since UDDAE's triggered first by easter-egging the xboxdash.xbe (as settings_adoc.xip in the 5960 dash) then triggering the audio exploit (via the Uber4920 dash) the memory layout isn't what the existing ST.DB was coded for,I presume, as the Xbox reboots.

Anyone interested in attempting to get it working (maybe by re-coding rmenhal's hulkstdb.asm***) and/or have any questions/comments?


* default, keyboard, mainmenu5, music_copy3, music_playedit2 and music2 (place in xboxdashdata.17cdc100).

** http://forums.xbox-s...dpost&p=2351379 (place in xboxdashdata.185ead00).

*** http://forums.xbox-s...dpost&p=1849661 (HULK audio exploit; suitable baseline?)

Edit: This pertains to the Ndure fonts setup too...




Edited by Ndure protagonist, 23 September 2005 - 04:15 PM.


Logged

Textbook

  • Guest
Wanted... "rmenhal-like" Skills For Development Of
« Reply #1 on: September 23, 2005, 08:14:09 AM »


If this happens, which it probably will, will you have to change your name to UDDAE protagonist?  I don't know anything about the whole development side of anything, I just know how to use the softmods, but this sounds like great news as I was a fan of SCEEE and even wrote a tutorial on it.  Good luck with your next project, mr. UDDAE protagonist.




Logged

Ndure protagonist

  • Guest
Wanted... "rmenhal-like" Skills For Development Of
« Reply #2 on: September 23, 2005, 08:56:54 AM »


Addendum:

Re. the xboxdash.xbe being placed in xboxdashdata.185ead00: it needs to be named as settings_adoc.xip in there.

Re. the .xip's being placed in xboxdashdata.17cdc100: there will consequently be two xboxdashdata.{version#} directories; my tests found this one isn't affected by dashupdate.xbe runs.


{: Textbook, in not so many words (tee-hee) it was previously introduced re. "UD-eh!" :}




Logged

kingroach

  • Guest
Wanted... "rmenhal-like" Skills For Development Of
« Reply #3 on: September 23, 2005, 09:11:54 AM »


I never did any audio things.. whats the button sequence for activating settings_adoc..




Logged

krayzie

  • Guest
Wanted... "rmenhal-like" Skills For Development Of
« Reply #4 on: September 23, 2005, 09:20:40 AM »


to trigger the easter egg (settings_adoc.xip):
QUOTE
This works best when you already have a soundtrack copied to your HD using the msdash.
Select music, the soundtrack you copied over, copy, copy, new soundtrack, and put in the following as name. This must be
exactly like this: <<Eggs�ox>> ,Done (the <<>> are under symbols and the � is under accents. Also note the capital E)





Logged

xman954

  • Guest
Wanted... "rmenhal-like" Skills For Development Of
« Reply #5 on: September 24, 2005, 11:27:50 AM »


QUOTE
since UDDAE's triggered first by easter-egging the xboxdash.xbe
(as settings_adoc.xip in the 5960 dash)

this xboxdash.xbe is from the uber4920 dash (17cdc100) ???
QUOTE
then triggering the audio exploit (via the Uber4920 dash)

how is it triggered ?
how many dirrerent types of exploited ST.DB are there ?

so what will happen:
5960 dash > st.db > (<<Eggs�ox>>)  > uber4920  > trigger? > st.db > habibi signed code

the 5960 dash must also see this st.db as valid ?
at what point does it reboot ?




Logged

Ndure protagonist

  • Guest
Wanted... "rmenhal-like" Skills For Development Of
« Reply #6 on: September 24, 2005, 05:45:02 PM »


QUOTE
this xboxdash.xbe is from the uber4920 dash (17cdc100) ???
Yes (which can also be made from 1012a700's with the patch)

QUOTE
how is it triggered ?
how many dirrerent types of exploited ST.DB are there ?
The audio exploit is triggered by pressing the button sequence below.
I know of only two "types" of exploited ST.DB; the 4920 dash (I've tried catfish's) and the HULK movie disc (rmenhal's).

QUOTE
so what will happen:
5960 dash > st.db > (<<Eggs�ox>>) > uber4920 > trigger? > st.db > habibi signed code
Yes (the st.db being in E:\TDATA\fffe0000\music and "trigger?" as below)

QUOTE
the 5960 dash must also see this st.db as valid ?
at what point does it reboot ?
It will (the 5960 dash's easter-egg doesn't validate the st.db).
With the st.db's I've tried, the reboot occurs as soon as you press the last button:
CODE
A(MUSIC)
Down
A(blank)
Down
A(COPY)
Right
Right
A(COPY)
A(NEW SOUNDTRACK)
A(DONE)





Logged

xman954

  • Guest
Wanted... "rmenhal-like" Skills For Development Of
« Reply #7 on: September 25, 2005, 12:29:14 PM »


what makes the code start running from address 0 in the "hulk" st.db
from looking at it, that is what happens....

if codes is running the thing that is not known is where the Kernal table is ?

if so do you think it is possible to search for the "XePublicKeyData" the MS Key
using: [address] that has 31415352h for data, and [address+10h] must have 10001h for data...(maybe 1st, 2nd, 3rd or last instants of it)
start search at 80000000h ? (the lowest address it could be)

then calculate all the other Kernal table entrees on the fly from there ?




Logged

Ndure protagonist

  • Guest
Wanted... "rmenhal-like" Skills For Development Of
« Reply #8 on: September 25, 2005, 06:44:08 PM »


xman954, to be honest I have hardly any understanding of that ... wish I did!

I don't even know whether a 4920 dash audio exploit source might be a better baseline (than HULK's)?

It sure would be great if a generic ST.DB (which I think you're suggesting) is a possibility for Ndure though.





Logged

dus

  • Guest
Wanted... "rmenhal-like" Skills For Development Of
« Reply #9 on: September 26, 2005, 12:09:57 AM »


QUOTE(xman954 @ Sep 25 2005, 09:40 PM)
what makes the code start running from address 0 in the "hulk" st.db
from looking at it, that is what happens....


It doesn't start at 0. The three dd:s (HEAD012) are actually very important...
I don't know much, but I believe they are used to corrupt the stack when st.db is read.

Good luck!




Logged

PedrosPad

  • Guest
Wanted... "rmenhal-like" Skills For Development Of
« Reply #10 on: September 26, 2005, 07:37:48 AM »


QUOTE(Ndure protagonist @ Sep 25 2005, 02:56 AM)
It will (the 5960 dash's easter-egg doesn't validate the st.db).

View Post






A quote from rmenhal:

QUOTE(rmenhal @ May 24 2004, 04:51 AM)
You forgot that audio exploits don't work with post-4920 dashes

View Post




sad.gif




Edited by PedrosPad, 26 September 2005 - 04:01 PM.


Logged

Ndure protagonist

  • Guest
Wanted... "rmenhal-like" Skills For Development Of
« Reply #11 on: September 26, 2005, 08:01:20 AM »


PedrosPad, your pre-edit info. was correct, which is why UDDAE needs 5960's easter-egg capability to launch the Uber4920's skeleton, which is then audio exploited...

(Hopefully this clarifies your post-edit too.)




Edited by Ndure protagonist, 26 September 2005 - 04:03 PM.


Logged

PedrosPad

  • Guest
Wanted... "rmenhal-like" Skills For Development Of
« Reply #12 on: September 26, 2005, 08:06:17 AM »


QUOTE(Ndure protagonist @ Sep 26 2005, 05:12 PM)
PedrosPad, your pre-edit info. was correct, which is why UDDAE needs 5960's easter-egg capability to launch the Uber4920's skeleton, which is then audio exploited...



(Hopefully this clarifies your post-edit too.)

View Post






5960 dash > (<<Eggs�ox>>) > Uber4920 > trigger > audio exploit(st.db) > habibi signed code.

(correction to post #7! -  tongue.gif )




Edited by PedrosPad, 26 September 2005 - 04:18 PM.


Logged

Ndure protagonist

  • Guest
Wanted... "rmenhal-like" Skills For Development Of
« Reply #13 on: September 26, 2005, 08:07:58 AM »


{: Yes, as per Post#7... :}




Logged

DaBiscuit

  • Guest
Wanted... "rmenhal-like" Skills For Development Of
« Reply #14 on: September 26, 2005, 08:19:26 AM »


QUOTE(Ndure protagonist @ Sep 23 2005, 04:18 PM)
Ndure's fonts and retail Uber Double Dash setups seem to provide a unique Audio Exploit opportunity, that could enable a 'purely MS dash' way back to the softmod from the "full retail" (Live console compliant) dashboard!

View Post






Would you mind clarifying for me what exactly you wish to achieve? I don't entirely understand. NDURE allows a user to boot either a shadow C with retail MS dash, or a modded dash with a homebrew dash. Both work well, so what is it that this new exploit would add?



I'm not trying to be rude, I would like to understand.




Edited by DaBiscuit, 26 September 2005 - 04:19 PM.


Logged
 

Page created in 0.151 seconds with 15 queries.