Es ist geschafft ! Eine gruppe von Hackern (überwiegend XBoxHacker-Forum) hat es geschafft XBox360 Konsolen mit dem 4552 Kernel auf eine exploitbare Kernel Version downzugraden, trotz der zerstörten e-fuse.
Die Ernüchterung kommt aber natürlich sofort: Man benötigt dafür seinen einzigartigen CPU Code aus der XBox360. Diesen bekommt man derzeit jedoch nur, wenn man bereits eine exploitbare Kernel Version hat
Passend dazu hat Robinsod eine neuer Version seines "Robinsod's 360 Flash Dump Toosl v0.6" herausgebracht, die das downgraden ermöglicht.
Es wäre jetzt zu viel das alles zu übersetzen aber den letzten satz möchte ich doch noch schreiben
"also zusammenfassend: wenn irgend jemand herausfindet, wie man aus einer aktuellen kernel-version den CPU Key der Box herausbekommet, ist endgültig "game over" für unsere Freunde von Microsoft."
ZitatAlles anzeigenOriginally downgrading kernel was possible but Microsoft blew eFuses during the upgrade from kernel 4548 to 4552 as that's where they fixed the Hypervisor Vulnerability (which only works on kernel 4532/4548 and allows to run unsigned code / linux). It was already known that by removing the r6t3 resistor from the motherboard before the upgrade you could prevent MS from blowing eFuses and thus still be able to downgrade from a 4552+ to pre-4552, but I don't know how safe this is for future kernel updates.
MS doesn't blow new eFuses (located on the CPU dye) on each upgrade because they only have a limited amount available: 768 (12 'fuselines' of 64 fuses each) in total and only a part of these (5 'fuselines'(= 320 fuses)?) can be used to prevent kernel downgrading (= 80 possible downgrade bans? - once blown it can't be undone}. The eFuses also contain other data like a unique 'CPU Key'.
According to tmbinc, this key is used for:
* Encryption of the *keyvault* (that stores: console certificate(s), per-box private keys, DVD key, however NOT any code-related encryption keys)
* Encryption of an imported console revocation table (CRLL, that stuff which recently hit 360gamesaves.com, and no, this isn't live-related),
* "Encryption" of the pairing information of the 'CB' and 'CF' (for exact details, please reverse that code, it's a bit hard to describe.)
'CB' (2nd bootloader?) and 'CF' (kernel patches) are located on the Xbox 360 on-board flash in the "CPU data" section (data which is read when the power is switched on. If invalid, console might blink red etc.).
To make sure I don't say anything silly/wrong, I'm gonna quote some of the guys themselves for the rest of the info about this hack.
Quoting tmbinc and TheSpecialist:
So the 'sad' part is that you need this CPU Key if you wanna downgrade to a pre-4552 kernel ... and on kernel 4552+ there's no known way to get this key (yet). On kernel 4532/4548 you can use the Hypervisor Exploit to retrieve this data (like the Xell Linux Loader does) - but if you have one of these kernels you can already run unsigned code. However, if you're still on 4532/4548 this new hack will allow you to retrieve your unique CPU key, upgrade to a newer kernel and you'll be able to downgrade back to a pre-4552 kernel again even if eFuses got burned.
Robinsod tested this out successfully:
Robinsod also released v0.6 of his 360 Flash Dump Tool(info) that will allow you to fix the 'version lock' in pre-4552 kernels (again - only if you have your unique CPU key) so it'll boot even on a Xbox 360 with eFuses blown by the 4552 update.
What's new/fixed:
* (v0.5) Now decrypts and extracts the Key Vault. You will need your CPU Fuses as dumped by Xell. The CxKey.txt file has changed, you need to add a ',' and your CPU Fuse data
* (v0.6) This release supports downgrading if you know your CPU key. Right click on a CF section and choose "Fix Version Lock", enter the new lock down number, click ok & then click "Patch" and choose the directory/filename for your patched flash image. The file produced is all fixed up and ready to be flashed into your 360.
So ... conclusion, if they somehow manage to find a way to get the 'CPU Key' out of your Xbox 360 - it looks like it's "game over" for our friends at Microsoft.
Quelle: xboxhacker.net / xbox-scene.com