Xbox 360 downgrading from any kernel without CPU-Key now possible
Downgrading your Xbox 360 firmware from any Kernel without using your CPU key used to be just a legend. However, some enterprising hackers on the xboxhacker.net had plans on doing just that.
After much thought they were able to successfully do so using a method that has been dubbed a “timing attack”. A hacker by the handle Robinsod managed to successfully boot his Xbox360 using a flashed eFuse with kernel 1888.
While less experienced (and less daring) individuals might not be able to do this for now, the hackers are currently working on a way to simplify the process.
Here’s a little quote from Robinsod explaining how the process works:
The timing attack does not try to “bruteforce” the cpu key itself. It tries to find/bruteforce a hash value which is a result of the usage of the cpu key (so even if you have that hash you still cannot backwards compute the cpu key). But finding this hash value (I usually refer to it as the CB-auth value) will enable the xbox to boot the original kernel (v 1888).
This then allows you to upgrade to a vulnerable kernel (eg 4532) and THEN you can extract the cpu key using the kk exploit. Since -on average- you will find the correct value at roughly half of the possible byte values you only need to try (approx) 128 values for each of the 16 bytes.
Thats why vax is talking about 16 * 128 total number if byte changes… There is a theoretical minimum to the reboot time of about 1 second. So in theory you could find the 16 bytes in 34 minutes. Thats probably not gonna happen. Grin And installing the hardware will probably take even more time so its not a really big issue. But this is basically where the time speculations are based on.
This could be good news for the hacking community considering that further refinements on this technique will eventually lead to homebrew, Linux, and possibly even custom firmware for the Xbox 360. For more details on this, feel free to click on our read link which will send you to the forums where this was announced.
Downgrading your Xbox 360 firmware from any Kernel without using your CPU key used to be just a legend. However, some enterprising hackers on the xboxhacker.net had plans on doing just that.
After much thought they were able to successfully do so using a method that has been dubbed a “timing attack”. A hacker by the handle Robinsod managed to successfully boot his Xbox360 using a flashed eFuse with kernel 1888.
While less experienced (and less daring) individuals might not be able to do this for now, the hackers are currently working on a way to simplify the process.
Here’s a little quote from Robinsod explaining how the process works:
The timing attack does not try to “bruteforce” the cpu key itself. It tries to find/bruteforce a hash value which is a result of the usage of the cpu key (so even if you have that hash you still cannot backwards compute the cpu key). But finding this hash value (I usually refer to it as the CB-auth value) will enable the xbox to boot the original kernel (v 1888).
This then allows you to upgrade to a vulnerable kernel (eg 4532) and THEN you can extract the cpu key using the kk exploit. Since -on average- you will find the correct value at roughly half of the possible byte values you only need to try (approx) 128 values for each of the 16 bytes.
Thats why vax is talking about 16 * 128 total number if byte changes… There is a theoretical minimum to the reboot time of about 1 second. So in theory you could find the 16 bytes in 34 minutes. Thats probably not gonna happen. Grin And installing the hardware will probably take even more time so its not a really big issue. But this is basically where the time speculations are based on.
This could be good news for the hacking community considering that further refinements on this technique will eventually lead to homebrew, Linux, and possibly even custom firmware for the Xbox 360. For more details on this, feel free to click on our read link which will send you to the forums where this was announced.
About The Author
