Robinsod released the open-source schematics, sources and details to make your own PIC interface needed to perform the ‘Timing Attack’ that will allow you to boot the 1888 ‘base kernel’ on your Xbox 360 even if you have burned fuses (and don’t know your CPU Key) … once booted to that kernel you will be able to update to an exploitable kernel. If you don’t have the knowledge or tools to do this yourself, Robinsod says that Team Infectus is already hard at work designing a daughterboard for the their Infectus Modchip.
The software required for this ‘Timing Attack’ is currently in final phase of testing and will be released soon.
From Robinsod on XBH:
The timing attack is working well now, the software has been released for testing and if no major problems are found then it will be available at the end of the week. The first release will require an Infectus modchip and a “home made” PIC interface. I thought I would release the details of the PIC today to give people a chance to order parts, build and test the hardware.
Schematic (horrible, hand drawn & scanned): here
Parts List:
IC1 LM339
IC2 LM339
IC3 74HC08
IC4 PIC16F876A 20MHz
IC5 MAX232 or equivalent
1 * LED
1 * 20MHz Crystal
16 * 1K 0.25W 5%
1 * 10K 0.25W 5%
1 * 680R 0.25W 5%
1 * 330R 0.25W 5%
1 * 5K6 0.25W 5%
2 * 22pF Ceramic Cap
9 * 100nF Ceramic Cap
Please note, 100nF decoupling caps across every ICs power supply pins seems to reduce the noise on the power supply and VRef lines. Reduced noise = Less jitter in the timing measurements which is a good thing
PIC Boot Loader, got this from Microchip site, repeated here for you convenience: here
PIC Source (build with CCSC PCW) & Precompiled Binary: here (update: fixed version)
Document: here
Tomorrow I will release the tool that will build downgradable flash images. Hopefully by then the 2.0.1888 file set will be available in “the usual places”.
