추적:

차이

문서의 선택한 두 판 사이의 차이를 보여줍니다.

차이 보기로 링크

양쪽 이전 판이전 판
다음 판		이전 판
game:the_xbox_360_reset_glitch_hack [2022/03/23 09:25] 115.93.88.195game:the_xbox_360_reset_glitch_hack [2022/03/23 09:33] (현재) 115.93.88.195
줄 1: 줄 1:
-{{tag>the xbox 360 reset glitch hack}}+{{tag>the xbox 360 reset glitch hack}} 
 ====== The Xbox 360 Reset Glitch Hack====== ====== The Xbox 360 Reset Glitch Hack======
 +
 +
 +[[http://www.logic-sunrise.com/news-341321-the-reset-glitch-hack-a-new-exploit-on-xbox-360-en.html|출처]]
 +
 <file markdown> <file markdown>
 *************************************** ***************************************
줄 9: 줄 14:
 =================================== ===================================
  
-tmbinc said it himself, software based approaches of running unsigned code on the 360 mostly don't work, it was designed to be secure from a software point of view.+tmbinc said it himself, software based approaches of running unsigned code on the 360 mostly don't work, 
 +it was designed to be secure from a software point of view.
  
-The processor starts running code from ROM (1bl) , which then starts loading a RSA signed and RC4 crypted piece of code from NAND (CB).+The processor starts running code from ROM (1bl) , which then starts loading a RSA signed and RC4 crypted 
 +piece of code from NAND (CB).
  
-CB then initialises the processor security engine, its task will be to do real time encryption and hash check of physical DRAM memory. From what we found, it's using AES128 for crypto and strong (Toeplitz ?) hashing. The crypto is different each boot because it is seeded at least from:+CB then initialises the processor security engine, its task will be to do real time encryption and  
 +hash check of physical DRAM memory. From what we found, it's using AES128 for crypto and strong (Toeplitz ?) hashing. 
 +The crypto is different each boot because it is seeded at least from:
   - A hash of the entire fuseset.   - A hash of the entire fuseset.
   - The timebase counter value.   - The timebase counter value.
-  - A truly random value that comes from the hardware random number generator the processor embeds. on fats, that RNG could be electronically deactivated, but there's a check for "apparent randomness" (merely a count of 1 bits) in CB, it just waits for a seemingly proper random number.+  - A truly random value that comes from the hardware random number generator the processor embeds. on fats,  
 +  that RNG could be electronically deactivated, but there's a check for "apparent randomness" (merely a count of 1 bits) in CB, it just waits for a seemingly proper random number.
  
 CB can then run some kind of simple bytecode based software engine whose task will mainly be to initialise DRAM, CB can then load the next bootloader (CD) from NAND into it, and run it. CB can then run some kind of simple bytecode based software engine whose task will mainly be to initialise DRAM, CB can then load the next bootloader (CD) from NAND into it, and run it.