Video & claims of XDK running RGloader 17526 without Shadowboot

Discussion in 'Xbox 360 Development' started by im twizt3d 24 7, Oct 23, 2018.

  1. im twizt3d 24 7

    im twizt3d 24 7 Active Member

    Joined:
    Jun 20, 2017
    Messages:
    36
    Likes Received:
    14


    It looks as though Gonzo and others have figured out a way to run RGLoader 17526 on a real XDK. Without the need for a Shadowboot rom. That’s news to me that it can be done. Plus it goes online So my question would be “ is this possible and if so how?” I don’t care about the online stuff as I have Shadowboot 17526 for XDK and I have a unofficial rgloader 17526 source that builds nands fine for RGH’s Both go online. My need to know is just plain curiosity. What do you guys think? is it legit and if so your best guess on how they did it?
     
    Blob likes this.
  2. Stipo360

    Stipo360 "That Dead Rising Guy"

    Joined:
    Feb 11, 2014
    Messages:
    1,078
    Likes Received:
    442
    Good thing he blurred his LAN IP

    /s
     
  3. Gamecheat

    Gamecheat Spirited Member

    Joined:
    Jun 14, 2012
    Messages:
    175
    Likes Received:
    165
    Who cares. Stay off XBL dipshit.
     
  4. im twizt3d 24 7

    im twizt3d 24 7 Active Member

    Joined:
    Jun 20, 2017
    Messages:
    36
    Likes Received:
    14
    Buddy I didn't start this thread to lipbox with you or anyone else. You must of not read where I said "I am not interested in the online shit." Because I have that if I want it already. I just wanted to know if it was fake or if it was possible to do it.
     
  5. ddxcb

    ddxcb Gota J.T.A.G. That Xbone Yo.

    Joined:
    Apr 17, 2008
    Messages:
    380
    Likes Received:
    38
    Loved he did that, but not blurred his GT. GG idiot scrub lol
     
  6. peekpoke

    peekpoke Member

    Joined:
    Jun 26, 2017
    Messages:
    11
    Likes Received:
    10

    Kind of possible. Somebody has reverse engineered all RGL patches and reapplied them in correctly to the XDK Filesystem on the NAND. With the correct keys of course.

    We might need to just get a NAND image of that xdk, extract the whole filesystems, and recreate a modified 21256.18 iso recovery for everybody to use.
     
    im twizt3d 24 7 likes this.
  7. just1n

    just1n Member

    Joined:
    Oct 18, 2017
    Messages:
    8
    Likes Received:
    4
    Umm did they just flash the nand with rgloader patches? I’m confused
     
  8. benny679

    benny679 Member

    Joined:
    Jul 14, 2013
    Messages:
    18
    Likes Received:
    0
    The RSA key for SB is floating around, maybe he signed it and replaced the entire filesystem with that of a retail RGLoader setup?
     
  9. just1n

    just1n Member

    Joined:
    Oct 18, 2017
    Messages:
    8
    Likes Received:
    4
    Even if the SB private key is floating around, it wouldn’t really be worth changing anything. Besides patching the SD signature check. But you’re right about the filesystem. Too easy to add/remove/replace any file within the filesystem
     
  10. ddxcb

    ddxcb Gota J.T.A.G. That Xbone Yo.

    Joined:
    Apr 17, 2008
    Messages:
    380
    Likes Received:
    38
    I say they glitch chip the dev kit, idk lol.
     
  11. stoker25

    stoker25 github.com/emoose

    Joined:
    Dec 20, 2009
    Messages:
    14
    Likes Received:
    11
    IIRC shadowboot images are pretty much the same as the bootloader sections of the NAND, and the ones going around already use resigned bootloaders etc, so with some slight changes it should be possible to flash the shadowboot straight to your box (I remember doing something similar back in 2012 at least...), I'd guess that's probably what they did here.

    There was also a time where I had RGBuild working to create RGL devkit images, none of that was ever released though afaik so I don't think that's what they used.
    XeBuild also supports making devkit images too, and it probably wouldn't be hard to add the RGL patchset etc to it..
    I think they probably just flashed a shadowboot though, a lot easier than getting RGL stuff working with XeBuild :p
     
    acabey, Blob and TheNew like this.
  12. TheNew

    TheNew RIP

    Joined:
    Jun 27, 2010
    Messages:
    418
    Likes Received:
    124

    your still alive? i thought you where looong gone stoker its been almost 6 years!
     
  13. benny679

    benny679 Member

    Joined:
    Jul 14, 2013
    Messages:
    18
    Likes Received:
    0
    Exactly, allowing you to boot a modified kernel.

    That actually is more likely
     
  14. just1n

    just1n Member

    Joined:
    Oct 18, 2017
    Messages:
    8
    Likes Received:
    4
    Completely unnecessary! Would they have glitched the retail consoles if we had the private key to resign CB? I don’t exactly remember which bootloader is signed but I thinks it’s 2BL.

    If you can resign the SD bootloader, why would they need to glitch the devkit?
     
    Blob and stoker25 like this.
  15. benny679

    benny679 Member

    Joined:
    Jul 14, 2013
    Messages:
    18
    Likes Received:
    0
    Oh boy...
    We don't have the key for CB. Some people have the key for SB and that's just a rumor. Also, the retail bootloaders are verified by hash checks, devkits just have the signature check.
    I don't know why SD is even relevant for this discussion? The goal is to assert control of the second bootloader so that the rest can be modified. Preferably CB_A on retails since all is does is load CB_B, not sure if devkits have them split like retails now.
     
  16. just1n

    just1n Member

    Joined:
    Oct 18, 2017
    Messages:
    8
    Likes Received:
    4
    Your information is pretty spot on for retails. Yes, we don’t have the CB private key (at least I don’t lol); hence why we have jtag/glitched consoles. Otherwise we would just ignore the hash check for the split bl or CD.

    You’re overthinking this bud and now I think this discussion has turned more into the outfit of the boot chain than anything else. Nevertheless, SD is relevant because if you take a look at any shadowboot images, you will find the hv/kernel patches added to the end of it. The SD key is not “everywhere” but it is out there. And that’s what everyone is using to create these images. Also out of the dev nands I’ve seen, I haven’t seen any split bl’s
     
  17. spoofay

    spoofay Newly Registered

    Joined:
    Nov 8, 2015
    Messages:
    1
    Likes Received:
    0
    idk i asked him a few things about it and he said that it was a image built with rgloader in it so whoever stated the bootchain is probs right on that point of view
     

Share This Page