Bootable unsigned HV/kernel in the works…

source: arnezami @ xboxhacker.net

For the last 4-5 weeks I have been working very hard to reboot the xbox into an unsigned kernel/hv. And I’ve been making quite some progress. I am now capable (using the KK exploit as starting point) to reboot from the moment the CB section starts the CD section up to POST 0×6C (!) in the boot process. Meaning that all three cores are running in an unsigned kernel/hv at that point. What I’m doing is loading the CD section back into memory (where it would normally be during boot) and restart it. This CD section is changed to contain a kernel/hv patcher (which I now use to debug the kernel startup). So in fact I can already change the kernel/hv at will.

The difficulty has been (and still is) to restore the xbox into a state it was during boot. Most of the cpu/mmu related stuff have been restored now and thats why it already goes that deeply into the boot process. But some problems still remain (possibly interrupt/southbridge related). I’m still working on those. I’m also thinking of modifying what I’ve created into a more replicatable and managable form so others can take a look at some these issues too (to speed up the progress).

Anyway; If we are successful in re-booting into a (patched) kernel it should also be possible to re-boot into any kernel (including the new ones). If we can do that we can (for example) avoid the whole fuse-burning dilemma (essentially by faking it). For that we would probably also need a second NAND (or some other storage device like a memory card) to store the new kernel/dash/kv/settings etc but thats something to discuss later on.

Back to work…

Regards,

arnezami