I'm just wondering: you can run unsigned code on test/debug, but no lv2 dump? Why not using the hv-exploit to gain full access in gameos? The excuse to run it in linux is that retail models can run unsigned codes only in otheros. But what about the test/debug units?
If I'm not mistaken.. there is no otheros on the debug/test units.. so no exploit..
no, they have (up to fw3.20).. but that's not the interesting part. You can run unsigned (aka homebrew) codes in gameos which can include the exploit. And then if you make dump (in gameos), it should contains the uncrippled lv2.
no, they have (up to fw3.20).. but that's not the interesting part. You can run unsigned (aka homebrew) codes in gameos witch can include the exploit. And then if you make dump (in gameos), it should contains the uncrippled lv2.
I think you are exactly right. I can not imagine OtherOS being needed to exploit the "deallocation+glitching combo" vulnerability on a TEST.
On the Xbox 360 we had the same situation way back when kernel 4532/4548 first were found vulnerable i 2007. Linux was needed to run the exploit on retail boxes (to get the fuseset with the CPU key). On XDKs (devkits) it was not really needed, but many people stilled used the Linux approach since it was simple. However there are also XEXs today that exploit the same vulnerability without the need for Linux.
My explaination above is a bit oversimplified of course. For those who wonders unsigned shaders were used to write to memory in the first place on the Xbox 360. That made it possible to get control of the instruction pointer, which in turn made it possible to load Linux.
Linux was only an environment in which the fuseset reading could easily be done afterwards.
On the XDKs shaders were not needed to pull of the exploit. An XEX could do the exploit directly and read the fuseset.
Still many people used the retail tools on XDKs and used shaders to load Linux, and then used Linux as a platform to get the fuseset.
Last edited by ruger1234; 04-05-2010 at 01:02 PMReason: Automerged Doublepost