All right, then. A copy of Recovery.bin and Eboot.bin are put into a hidden part of the Zune's ROM as well. That still does not change anything, since everything still needs to be signed.
It doesnt really change anything correct, but its information.
Does anybody know what gets signed exactly? The bin files or the cab file?
Last edited by Gow; 07-06-2009 at 10:15 PM.
Reason: The merge of double into one.
It doesnt really change anything correct, but its information.
Does anybody know what gets signed exactly? The bin files or the cab file?
The cab just seems to be a regular unsigned cab. The bin files are all signed, as well all of the modules inside the bin files. Anything in the bin files that is not a dll or exe is not signed, however they can not be replaced since they are in the signed bin files.
__________________
"Against logic there is no armor like ignorance." - Laurence J. Peter
The cab just seems to be a regular unsigned cab. The bin files are all signed, as well all of the modules inside the bin files. Anything in the bin files that is not a dll or exe is not signed, however they can not be replaced since they are in the signed bin files.
Interesting, Looks like all routes leave to a buffer overflow, sadly. although, a buffer overflow doesnt have to happen because of a jpeg, mp3, wmv, or any kind of file... Id really like to extract the boot process of nk.exe (inside eboot.bin) and check what happens before it checks the signature.
Can an XNA package installed on the Zune cause relevant buffer overflows? And are XNA games run in a different mode than the rest of the Zune software?
I ask thisbecause I have an easy XNA hack, in which the game doesn't handle an overflow in the vertex buffer cache.
This unhandled overflow has been an annoying source of graphics card errors on my PC, and hopefully will have likewise results on the Zune.
I am certain that many overflows can be caused within the most sensitive area of XNA: Custom-passed graphics.
Can an XNA package installed on the Zune cause relevant buffer overflows? And are XNA games run in a different mode than the rest of the Zune software?
I ask thisbecause I have an easy XNA hack, in which the game doesn't handle an overflow in the vertex buffer cache.
This unhandled overflow has been an annoying source of graphics card errors on my PC, and hopefully will have likewise results on the Zune.
I am certain that many overflows can be caused within the most sensitive area of XNA: Custom-passed graphics.
Btw, good luck with this hack!
XNA is run by C#, and C# has managed memory. That means the memory is watched carefully, so any overflows are immediately caught by an exception. In addition, XNA does not allow 'unsafe' code to be compiled, such as pointers, which makes it even more unlikely for overflows to work.
__________________
"Against logic there is no armor like ignorance." - Laurence J. Peter
On the PC - Yes. But on the Zune it is most likely recompiled as an intermediate exe. The Zune isn't capable of running raw C# code.
As for managed code, you are right. What I was experiencing could be described as more of a glitch than an overflow.
Back on topic: If not XNA, then what exploits can be made to cause overflows? I thought that any problem in the Zune software is automatically countered with a system restart.
On the PC - Yes. But on the Zune it is most likely recompiled as an intermediate exe. The Zune isn't capable of running raw C# code.
As for managed code, you are right. What I was experiencing could be described as more of a glitch than an overflow.
Back on topic: If not XNA, then what exploits can be made to cause overflows? I thought that any problem in the Zune software is automatically countered with a system restart.
It is called the Common Intermediate Language. Whether on the PC or the Zune, C# programs are compiled to the intermediate form, and is quite irrelevant.
The overflow exploit possibility is not certain because as I said, the Zune has additional security checks to attempt to stop security risks such as buffer overflows and corrupt memory. That just means it is harder to do, not necessarily impossible.
__________________
"Against logic there is no armor like ignorance." - Laurence J. Peter
Hey guys i was searching through my zune files using notepad and i came across something it was in the zune drivers folders and then in Zune setup thing with the cog it had lots of stuff but heres the thing that bugs me it says signature and then it says $WINDOWS NT$ so what does it mean by signature like the one we need for firmware mods or something else? Forgive my ignorane im 12
One way I've managed to crash it is if I do the radio (It seems as if there's no service)and there happens to be 0 service, or too much interference, it freezes.
Though we can't change the core itself, we can add to it though(I believe)
__________________
Formally SmileDog.
Note: I prefer to have conversations over Skype, not over PM.
You will be bottom priority if I happen to be talking to a friend/relative.
thx Jorvette!
Last edited by BroiledVictory; 09-03-2009 at 09:06 PM.
One way I've managed to crash it is if I do the radio (It seems as if there's no service)and there happens to be 0 service, or too much interference, it freezes.
Though we can't change the core itself, we can add to it though(I believe)
The firmware is too secure to change, but running our own native programs should be quite possible, since the Zune firmware is a modified version of Windows CE 5.0.
__________________
"Against logic there is no armor like ignorance." - Laurence J. Peter
I am not claiming to have any expertise in this, but microsoft has been putting out updates as soon as we get close to cracking the code, ie the portable HDD hack. So i propose that the device will need to be taken back to the firmware with the most holes in it. That would theroretically be the first firmware.
So has anyone tried getting some code from the original firmware to try and find a way in?
Location: somewhere between hope and insanity (its a happy place it is)
Posts: 24
If anyone has any of the dumped files Ill take a look at them. Frankly I wont have the time to perform the dump itself but I can review them at work.
Maybe im misunderstanding something but I know .cab files are Windows files (ppc windows mobile etc) but are they used on the Zune now? It doesnt help that ive been out of the Zune loop for a year lol.
If anyone has any of the dumped files Ill take a look at them. Frankly I wont have the time to perform the dump itself but I can review them at work.
Maybe im misunderstanding something but I know .cab files are Windows files (ppc windows mobile etc) but are they used on the Zune now? It doesnt help that ive been out of the Zune loop for a year lol.
That is just a container for the firmware. The Zune software extracts the firmware from the CAB then puts the .bin files onto the Zune. The Zune firmware is compiled with Platform Builder 5.0, meaning it is based off of Windows CE 5.0.
__________________
"Against logic there is no armor like ignorance." - Laurence J. Peter
My HD freezes then crashes/restarts weekly. One way to force it is, start a movie, press side button, press top button, press top button, *glitch* press back on screen w/o sliding up, bam freezes for a couple seconds freaks out and restarts.
__________________
08:13 PM <tee1000> ya
08:12 PM <Jesus> sex while stoned tee?
08:10 PM *tee1000 has an epic idea..maybe
thanks much...ill take a look at these files tomorrow
ok so the coding looks appropriate (to some degree I was expecting false coding and the like). Im working on changing some of the coding to see what happens which might take a while between the gf and work but im trying.
__________________
Failure is a four letter word.
Known alias: Weapondrift
Last edited by Sebbeh♥; 10-08-2009 at 07:21 AM.
Reason: Merge double
Another way that happens for me is if I play a lot of games and other stuff w/o turning it off, when I start a song then load an XNA game, the screen goes crazy for about a min then restarts.
__________________
08:13 PM <tee1000> ya
08:12 PM <Jesus> sex while stoned tee?
08:10 PM *tee1000 has an epic idea..maybe
