Driveimage Utilities is a pack of utilities that are to be used in connection with nkpatcher v8+:
* ISO image ripper / CD&DVD ripper
Insert a game disc into the drive and run the utility. There's no display output or sound or anything, but just wait. For example, ripping a 6.7 GB game will take about 40 minutes on my Xbox. After ripping, the utility returns to the dashboard and you should be able to see the game in your games list. The ISO image will be ripped to f:\games or g:\games depending on free space. These directories can be changed by editing backup.cfg. In addition to the .iso files, a default.xbe will also be created. This is the virtual disc attacher utility. The title name is automatically copied from the game d:\default.xbe. The same attacher file is included in the component directory of this package.
* Shadow C drive maker
This will create a one-to-one image of your current C drive to the file e:\shadowc\shadowc.img. Nkpatcher will automatically mount this image instead of the usual C drive. You can then install and update MS dashboard without modifications to the retail booting C drive. You should make sure that the shadow drive is actually mounted before deleting or modifying key files. To test, create a file, say test.bin, to the root of the supposed shadow drive. Then, using PBL, boot a bios without shadow drive support (there are no released bioses with this feature :) ). Is the test file there? No? Good. Then reboot the Xbox so that you get nkpatcher version 8 patches. Is the file there now? Yes. Good. The shadow drive is working. Now you can let games update your MS dashboard as they please.
* Virtual disc attacher
This is the file automatically created by the ISO backup utility and is also contained in component\attach.xbe. When this xbe is run it will attach all files with .iso extension in the same directory in alphabetical order using an nkpatcher system call. In case there are several .iso files in the directory, these are assumed to be parts of the same big ISO file. Since Xbox FATX file system has a file size limitation of 4 GB, big ISO files need to be sliced into smaller parts. The ISO backup utility will do this automatically. After attachement, this program will quick reboot the system. If the attached ISO image contains a default.xbe in it's root directory, the kernel will execute it as is usual. Running the attacher on game ISO images will therefore launch the game.
* Virtual disc detacher
This will detach a previously attached set of sliced .iso files. If you for example do IGR (In-Game Reset) and get back to dashboard, the game disc will still be attached. You can browse it using e.g. boxplorer. You can run detacher to be able to use your DVD drive again. Of course, doing a full reboot will achieve this aswell (a dashboard option or nkpatcher with Full reboot -mode IGR.) None of these have any kind of a user interface; they work silently. So wait while the software does it's work. :) Nkpatcher is included in the nkpatcher.zip file of this package. It is considered a separate program from this package. However, you should install it before using these utilities.
Frosted BIOS Loader (FBL) is based off of Yoshihiro's PBL 1.4.1 source. The video "drivers" are, however, from PBL 1.3. FBL should be just as compatible as PBL-lite (by ldots), only with integrated Nkpatcher (by rmenhal), it works with kernels above 5530 (though it's not able to load a BIOS for these kernels.) Whereas the object of PBL-lite was to remove features, FBL's object was to add more. Compatibility, however, was the biggest issue, so in the process some features had to be scrapped. There should be enough options to satisfy a newbie or an expert - and this is the first derivative of PBL to not require a boot.cfg! (It will work similarly to Nkpatcher without one.) Still, if these features don't impress you - go with PBL-lite, as it is better than PBL 1.4.1 by far (compatibility-wise.)
NO, REALLY, WHAT IS IT?
FBL is half BIOS-loader, half kernel patcher (Nkpatcher by rmenhal) making the name misleading. For users of Nkpatcher, it adds new features, such as fan speed and LED control. For old PBL users, it adds compatibility and extra features to reduce screen corruption, etc.
NDURE (Next dimension uber rmenhal exploit) Ndure is derived from UEEE. It uses xonlinedash.xbe from special 4920 MS dash. Instead of looking for fonts in C:/fonts folder, It looks for fonts in C:/xodash folder. This feature enables you to have a unmodified retail MS dash in C drive. It uses more stable fonts than UXE/UDE2. It allows you to run a alternative tray state modded-unmodded setup just like modchips, in unmodded state it has the ability to launch MS dash which will allow easier acces to XBL system. It does not mean that Ndure is safe from XBL banning. If MS checks you HD and finds modified files, they can still ban you.
Replacing the running kernel on Xboxes with kernel 5530 or higher doesn't work through the regular Phoenix BIOS Loader (PBL) and Bootable From Media (BFM) BIOS images - a fact of which owners of such boxes are painfully aware. Nkpatcher is proposed as a simple and temporary solution to the problem. Nkpatcher should now behave similarly with all kernels (3944, 4034, 4627, 4817, 5101, 5530, 5713, 5838).
Currently nkpatcher has the following features:
+ Runs unsigned code - no more signing everything with xbedump
+ Runs debug xbes
+ Mediaflag patching
+ Support for F drive (hard disk size limited to about 137 GB = 2^37 bytes)
+ Boots evoxdash.xbe first by default then xboxdash.xbe (can be set to D:\default.xbe first then the dash by recompiling sources)
+ Eject fix
+ Live blocking
+ Virtual/shadow C drive. No hassle with fonts or trouble with dashboard updates as long as you loaded nkpatcher.
+ Virtual CD/DVD drive. You can attach .iso files on the hard drive as game discs.
+ oz_paulb LBA48 and partition table support
+ Virtual EEPROM feature.
A modified Phoenix Bios Loader that works with all xbox kernels (also 5530+).
The problem that's fixed now is that the newer kernels set the code segment size to something too small for the bootloader (2bl) to be accessible.
In this package you will find a stripped down version of PBL based on the official 1.3 version. This is not an official Team Phoenix release! I just borrowed the code from PBL and modified it slightly to my needs. Hope Team Phoenix doesn't mind.
What and Why?
I wanted a PBL version that did nothing but load a bios. No animations, no multi-bios selection menu etc. Reason was that I would gladly give up these features to speed up boot-time.
To sum it up the features are :
* No problems using severel controllers. No USB initialization.
* No Focus chip screen flicker. Screen stays black.
* No S-Video screen flicker. Screen stays black. All AV cable should be supported.
* As fast booting as possible. No animations or text.
* No animations or text. Some people might like that :-)
* No multi-bios setup. To change bios you need to replace xboxrom.bin or edit the boot.cfg
For the first time ever, we have made it possible to boot a completely new rom from the hard drive, when booting from ANY kernel. Microsoft provided the ability for debug bioses to be booted from the hard drive or cdrom, but we do not require you to be running a debug bios to utilize this feature.
The advantage of this method over others recently released (by ourselves and others), is that this application will work on ALL bios versions. Previously, the most compatible version was Complex's (great job with the loader pluging architecture guys), but it did not work on the new 5010 and 5101 retail bios revisions. Even though more compatibility is added with each version they still will not work on any new bios revisions to come, without a new release being required for each one. Additionally you are now able to take advantage of newer features being provided by kernel hackers which are outside the scope of simple runtime patching.
Our loader also lets you switch between many many more bioses than any modchip on the market. Most modchip makers brag about their 1MB rom space. We find it fun to brag about our many gigs of rom space :)
The creator of the original UDE (PedrosPad) has done it once again! With the über xbe exploit region changing no longer needs to be performed. This exploit, like UDE will work on all region xbox consoles (including japan). What makes it so "über" and better than the original UDE is the K:5713 & K:5838 support. Enjoy PAL users, a fellow PAL-er was looking out for you ;).
First software exploit released on Xbox by habibi. Patches public key so xbe's signed with habibi's key can be launched.
Exploit in the MechAssault savedgame released by Free-x. Patches public key so xbe's signed with free-x' key can be launched.
Using the dashboard, people can rip audio tracks from their favorite CDs and put them on the XBOX HD. They can then listen to their favorite tracks while playing some games. The dashboard stores a database of the songs in a file named "ST.DB". There are serious bugs when handling this file, that can be used to run unsigned code on the XBOX.
When handling this file, an "array[index] = value" instruction is executed, with both "index" and "value" beeing 32 bits values taken from the ST.DB file. There is no boundaries check on "index" and this is the bug exploited here. The included ZIP file contains a proof of concept. It was tested on two different unmodded XBOXes (using 3944 and 4034 bios) running dashboard 4920. Note that for this proof of concept, only the dashboard 4920 is supported. It's the one that is installed by games using XBOX Live (it has the "XBOX LIVE" option). As for supported bioses, all ORIGINAL bioses *should* work, but the trick doesn't work if you're using a modified bios.
New version of the Audio Exploit that doesn't need any swap trick with an audio CD, but still needs a key combo.
Current Status:: v1.0 //
New version of the Audio Exploit that doesn't need any swap trick with an audio CD, but still needs a key combo.
This version will not just boot the linux bootloader, but any xbe signed with xbedump -audio
Current Status:: v1.0 //
Based on the original free-x release this version patches already more stuff in the kernel (directly in the xtf files): runs any unsigned code, F-drive support , mediaflag fix (nopatch hack1) and ejectfix. This release for now ONLY works on xboxes with kernel 4043.
The default.xbe (evo-x) is removed from the download for legal reasons.
These fonts are experimental. They are the sum of several ideas to make the exploit better.
The blinking red light was deactivated and it tries to fix the clock problem.
Current Status:: 07-25 //
Based on the original version, the xtf files included in this package also have the reset-on-eject hack. Only works with kernel 4043.
!Loader xbe has been removed from the download (XDK), only the XTF files are in the archive.
The double-dash fonts exploit boots to an unmodded state. This exploit takes advantage of the fact that live-enabled xbox dashes have the 'live tab', that when pressed will launch xonlinedash.xbe from C:\xodash. Moreover, it exploits the fact that live-enabled dashboards loads its fonts from the C:\fonts folder while older dash version loaded the fonts from the root of C:
By replacing xonlinedash.xbe with an old 'pre-live' dashboard's xboxdash.xbe we can therefore boot to an unmodded state by having the original fonts in C:\fonts.We then launch the font exploit by launching the old dashboard via the 'live-tab' and having hacked fonts in the root of C. If the clock needs setting we will reach the clock-setting screen, just like with the audio exploit.
The hacked fonts needed are not the same as the usual hacked fonts, since these were designed to work on boot. New fonts were needed for this new scenario, and such fonts have now cleverly been designed by rmenhal.
Based on the original version of the exploit and tries to fixes the clock-problem (xbox fails to boot if xbox clock is not working or reset). Problem is that it puts the date of your xbox to July 4th all the time.
Current Status:: Reloaded //
Original XTF dashboard exploit released by free-x. It will patch the public key in RAM and run c:/default.xbe (must be signed with free-x key).
Instead of exploiting the original xbox dashboard xbe the UDE exploit will exploit the C:\xodash\update.xbe file. Rmenhal released hacked fonts files to exploit this file.
The result? The “Ultimate Dashboard Exploit” allows the booting of a habibi signed XBE, with no risk of a clock loop.
+ Directing booting to Linux/PBL/Evox, etc.
+ No risk of clock loop.
+ Can still use custom sound tracks in games (the M$ Dashboard can still be accessed from Evox).
- No Dashboard access to the XBOX!Live console.
- No XBOX!Live game access to the XBOX!Live console.
It achieves this by not actually booting a Dashboard at all, but by booting another M$ signed XBE, with the appropriate flags set to enable it to run from the hard disk. The actual XBE exploited is the C:\xodash\update.xbe, installed by the “updater to Live 1.0 Dashboard 4920” that is part of the original XBOX!Live startup kit, and shipped with most of the early XBOX!Live games (Splinter Cell, etc.).
There are a few different versions out there. Ensure you use the right expoit font for the right update.xbe!
Warning: This version of the exploit does not work on Kernels that prevent the execution of pre-live Dashboards, such as K:5713 or higher! Owners of K:5713+ XBOXs should look at the UDE2
UDE2 is the solution for people with newer Xboxes with Kernel (bios) 5713 or higher. Kernel 5713+ does not allow to run pre-live dashboards, thus preventing the UDE(1) or older xbe/font exploits to work.
Rmenhal found that NFL Fever 2003 !Live content (thus signed for HD) has/had an update.xbe that works with all kernels (3944-5838). PAL, JAP, and ELSEWHERE owners can use it too, but it requires an edit of the EEPROM to region 1
for those specific consoles. Rmenhal made his fonts fonts work with this specific xbe too.