Jump to content
RealModScene
Sign in to follow this  
Followers 0
devilhunter

Why LibXenon apps (.Elf) have Xell in it?

By devilhunter, in Other topics

Recommended Posts

devilhunter    11

devilhunter
Posted

Greetings, 

 

I have been messing around with LibXenon homebrews with a hex editor, I found that they have to contain Xell code in it. Im sorry if my question is bad, If xell is in memory why the hell it has to be reloaded from usb/dvd again? 

 

Ive noticed some apps not working on certain models because of simply they are using old or updated xell.  

Its way too late to ask these questions, Im just curious. 

 

Wish I become a good coder one day. 

 

Regards. 

Share this post

Link to post
Share on other sites

Swizzy    2084

Swizzy
Posted

Wrong, they all use the same library (libxenon) which xell also uses...

They're all statically linked with the library as there is no mechanics for dynamically loading libraries as there is no kernel, libxenon homebrew rums in a mode referred to as "bare metal" meaning they run directly on the cpu, there's nothing in between such as a kernel... they have direct access to everything...

Sent from my SM-G903F

Share this post

Link to post
Share on other sites

devilhunter    11

devilhunter
Posted (edited)

 

Wrong, they all use the same library (libxenon) which xell also uses...

They're all statically linked with the library as there is no mechanics for dynamically loading libraries as there is no kernel, libxenon homebrew rums in a mode referred to as "bare metal" meaning they run directly on the cpu, there's nothing in between such as a kernel... they have direct access to everything...


Sent from my SM-G903F

Wow! Thanks for the answer, I was asking my friend (programmer) on the possiblity to make a linux district on ~4 mb, I thought Xell is an Os. 

 

Direct CPU code to get cpu keys and nand dumps, who the fuck came up with these ideas? I bet hes having a great job by now. 

 

Thanks a lot for the answers, if there is any place to donate to the site? 

Edited by devilhunter

Share this post

Link to post
Share on other sites

Atifkazia    222

Atifkazia
Posted

isnt that for the Phoenix project? Since Swizzy "liked it" I will donate anyways. 

Btw, where to learn about LibXenon? hardly little details in free60.org, damn Im 10 years late :C 

Thanks all.

Who do you want to donate to?..

I think i misread it as "this site" instead of "the site"..

Share this post

Link to post
Share on other sites

Swizzy    2084

Swizzy
Posted

Btw, where to learn about LibXenon? hardly little details in free60.org, damn Im 10 years late :C

http://free60.org/wiki/LibXenon <--- This is where you can read about what Libxenon is and a quick one for how to install it... for a more detailed description: http://free60.org/wiki/Compiling_the_Toolchain

You'll find the Libxenon code here: https://github.com/Free60Project/libxenon and various projects using it here: https://github.com/LibXenonProject Xell is available here: https://github.com/Free60Project/xell

I wrote a install script that downloads and installs Libxenon and various support libraries on debian (and possibly ubuntu, i only really tested it on debian) you can find that here: http://pastebin.com/QhMj9eXF

Share this post

Link to post
Share on other sites

devilhunter    11

devilhunter
Posted

http://free60.org/wiki/LibXenon <--- This is where you can read about what Libxenon is and a quick one for how to install it... for a more detailed description: http://free60.org/wiki/Compiling_the_Toolchain

You'll find the Libxenon code here: https://github.com/Free60Project/libxenon and various projects using it here: https://github.com/LibXenonProject Xell is available here: https://github.com/Free60Project/xell

I wrote a install script that downloads and installs Libxenon and various support libraries on debian (and possibly ubuntu, i only really tested it on debian) you can find that here: http://pastebin.com/QhMj9eXF

I was checking these two pages, and what I was looking for is function list; for example, get_controller_data(struct controller_data_s ,0 ), what I found in sample code. 

I intend to edit existing code for my personnel use. 

Share this post

Link to post
Share on other sites

Swizzy    2084

Swizzy
Posted

There isn't a function list, there isn't proper documentation of anything for it actually :(

Sent from my SM-G903F

Share this post

Link to post
Share on other sites

devilhunter    11

devilhunter
Posted

There isn't a function list, there isn't proper documentation of anything for it actually :(

Sent from my SM-G903F

Im sorry if I have bothered you, are you serious :cat:  ?

Share this post

Link to post
Share on other sites

Swizzy    2084

Swizzy
Posted

Im sorry if I have bothered you, are you serious :cat:  ?

Yes, there's been alot of people working on it, and things have changed so many times that even if you find anything, it's likely super old and obsolete

It was made by hackers for hackers, not for end-users =/

Share this post

Link to post
Share on other sites

Dr.Gonzo    392

Dr.Gonzo
Posted

Direct CPU code to get cpu keys and nand dumps, who the fuck came up with these ideas? I bet hes having a great job by now. 

 

 

Xell was made by the german Hacker Felix Domke (a.k.a tmbinc). He has worked along with other people (among others Michael Steil, he is a kernel developer), on the spotting of the Xbox 360 security system. For Felix Domke I have to say, that he is a real talent. In the past, he had  all reverse engineering & hacked, what he got into his hands (consoles, set, top boxes, car firmware, and so on. He is well established in the Scene.

  • Like 2

Share this post

Link to post
Share on other sites

devilhunter    11

devilhunter
Posted

 

Xell was made by the german Hacker Felix Domke (a.k.a tmbinc). He has worked along with other people (among others Michael Steil, he is a kernel developer), on the spotting of the Xbox 360 security system. For Felix Domke I have to say, that he is a real talent. In the past, he had  all reverse engineering & hacked, what he got into his hands (consoles, set, top boxes, car firmware, and so on. He is well established in the Scene.

 

I guess hes still active ( not in xbox scene), good for him. Still to this day, I wonder why there is an unsigned shaders in King Kong  :unsure:. As if it was intentionally left. Its always the shit game that have hacking potential, the irony. 

From whateve I understood is the SMC hack was patched by" replacing two memcmp instances with a memdiff function" my question is ( I know guys this is getting off hand and you simply close the thread) How did microsoft patch 2BL? They blew the fuse row to prevent downgrading as far as I understood. The hack appears impatchable as it requires re-coding the cpu. I know Im wrong but hope you guys can explain. 

 

Anyways, Im really sorry for bothering you guys. It really feels bad when you use other's product and you dont provide the scene on the other hand. 

Thank you all. 

  • Like 1

Share this post

Link to post
Share on other sites

gavin_darkglider    1562

gavin_darkglider
Posted

what they did was patch the kernel that allowed for the security issue, and then blew 1 efuse, that stops the console from downgrading. There are to types of fuses that can be blown, the ones that get blown with every update, and the ones that get blown when the cb(Boot loader) on the console changes. that is why if the kernel version is running the same CB as the console you can downgrade to that version, eg. current back down to 15537... so that is why you cant get the KK shader hack back. I guess you could, if your console were already JTAG/RGH, but it would be pointless at that point.

  • Like 2

Share this post

Link to post
Share on other sites

Dr.Gonzo    392

Dr.Gonzo
Posted

Still to this day, I wonder why there is an unsigned shaders in King Kong  :unsure:.

 

 

To explain it in a few words, the vulnerability (KK Hack) is a result of incomplete checking parameters passed to the syscall dispatcher. Perhaps it was simply overlooked in the design process of it, or the risk was may assessed too low. You can read more about it here. For more detailed information about the JTAG Hack watch here.

 

 

greets.

  • Like 1

Share this post

Link to post
Share on other sites

Swizzy    2084

Swizzy
Posted

RGH was also considered "unpatchable" when it first came out... it's a hardware bug... they've fixed it... then we got hold of factory bootloaders (used during the process of creating the unique per-console data) and it actually allows us to run non-encrypted bootloaders (well, the first one is still encrypted, but all the others are not - allowing us to once again replace them with patched ones and glitching the signature checks)

The only way to "fix" RGH is at this point in time to replace the CPU with a new one that doesn't have the original hardware bug, they've replaced the CPU in the new winchester board, but the bug is likely still there, it's just that we don't have data to analyze to find the correct timings for this board, and there's been some saying there's not even post_out data to be used (i've heard from other sources that it is there... just not enabled in all builds)

Share this post

Link to post
Share on other sites

devilhunter    11

devilhunter
Posted

what they did was patch the kernel that allowed for the security issue, and then blew 1 efuse, that stops the console from downgrading. There are to types of fuses that can be blown, the ones that get blown with every update, and the ones that get blown when the cb(Boot loader) on the console changes. that is why if the kernel version is running the same CB as the console you can downgrade to that version, eg. current back down to 15537... so that is why you cant get the KK shader hack back. I guess you could, if your console were already JTAG/RGH, but it would be pointless at that point.

Oh I see now, blowing complete row of Efuse set (prevent the console to downgrade to values less than the specified) and patch Syscall Dispatcher. One more thing to add. What really fucked the scene is the release of Timing Attack so early in the xbox 360 life! http://free60.org/wiki/Timing_Attack

What a bummer.

RGH was also considered "unpatchable" when it first came out... it's a hardware bug... they've fixed it... then we got hold of factory bootloaders (used during the process of creating the unique per-console data) and it actually allows us to run non-encrypted bootloaders (well, the first one is still encrypted, but all the others are not - allowing us to once again replace them with patched ones and glitching the signature checks)

The only way to "fix" RGH is at this point in time to replace the CPU with a new one that doesn't have the original hardware bug, they've replaced the CPU in the new winchester board, but the bug is likely still there, it's just that we don't have data to analyze to find the correct timings for this board, and there's been some saying there's not even post_out data to be used (i've heard from other sources that it is there... just not enabled in all builds)

Good to know, the question is why points life Post_out and CPU_PLL is on the board's surface? Why they do exist?

At this point, there is no need for microsoft to invest in 360 security, there are almost 40 millions sold word wide, no body would care about the winchester anyways.

Share this post

Link to post
Share on other sites

felida    1653

felida
Posted

Oh I see now, blowing complete row of Efuse set (prevent the console to downgrade to values less than the specified) and patch Syscall Dispatcher. One more thing to add. What really fucked the scene is the release of Timing Attack so early in the xbox 360 life! http://free60.org/wiki/Timing_Attack

What a bummer.

Good to know, the question is why points life Post_out and CPU_PLL is on the board's surface? Why they do exist?

At this point, there is no need for microsoft to invest in 360 security, there are almost 40 millions sold word wide, no body would care about the winchester anyways.

Not only that.. M$ has officially quit making new 360's.. lol.. so yeah

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
Sign in to follow this  
Followers 0
Go To Topic Listing
×
×
  • Create New...