[Question] What is an RGH Xbox 360 Console?

Discussion in 'Console Help Center' started by Rockman, Apr 8, 2012.

  1. Rockman

    Rockman Godlike

    Joined:
    May 29, 2011
    Messages:
    1,111
    Likes Received:
    380
    I did some Bing! and found it was Reset Glitch Hack and basing off of comments I've seen here, is RGH close to a JTAG console functions?

    I'm not going to hack my 360, just curious.

    Thanks.
     
  2. Dark Scyth

    Dark Scyth Moderator

    Joined:
    Mar 3, 2009
    Messages:
    2,594
    Likes Received:
    459
    RGH started out a little different than a Jtag but the end results have ended up the same. Only difference is Jtag was patched after 7377 (I think that's the correct revision), while RGH is a method that can't be patched completely (they can change boot timing which will throw off the glitch chip but that can be fixed just as well).
     
  3. Jordan Smart

    Jordan Smart New Member

    Joined:
    Apr 9, 2012
    Messages:
    1
    Likes Received:
    0
    tmbinc said it himself, software based approaches of running unsigned code on the 360 mostly don't work, it was designed to be secure from a software point of view.
    The processor starts running code from ROM (1bl) , which then starts loading a RSA signed and RC4 crypted piece of code from NAND (CB).
    CB then initialises the processor security engine, its task will be to do real time encryption and hash check of physical DRAM memory. From what we found, it's using AES128 for crypto and strong (Toeplitz ?) hashing. The crypto is different each boot because it is seeded at least from:

    • A hash of the entire fuseset.
    • The timebase counter value.
    • A truly random value that comes from the hardware random number generator the processor embeds. on fats, that RNG could be electronically deactivated, but there's a check for "apparent randomness" (merely a count of 1 bits) in CB, it just waits for a seemingly proper random number.
    CB can then run some kind of simple bytecode based software engine whose task will mainly be to initialise DRAM, CB can then load the next bootloader (CD) from NAND into it, and run it.
    Basically, CD will load a base kernel from NAND, patch it and run it.
    That kernel contains a small privileged piece of code (hypervisor), when the console runs, this is the only code that would have enough rights to run unsigned code. In kernel versions 4532/4548, a critical flaw in it appeared, and all known 360 hacks needed to run one of those kernels and exploit that flaw to run unsigned code. On current 360s, CD contains a hash of those 2 kernels and will stop the boot process if you try to load them. The hypervisor is a relatively small piece of code to check for flaws and apparently no newer ones has any flaws that could allow running unsigned code.
    On the other hand, tmbinc said the 360 wasn't designed to withstand certain hardware attacks such as the timing attack and "glitching".
    Glitching here is basically the process of triggering processor bugs by electronical means.
    This is the way we used to be able to run unsigned code.


    It is similar to the JTAG, and as stated above, it isn't fully patchable.
     
  4. Rockman

    Rockman Godlike

    Joined:
    May 29, 2011
    Messages:
    1,111
    Likes Received:
    380
    Thanks, very informative!

    I do like the idea of having an RGH 360 console, but I won't 'cos I don't wanna get banned from Xbox 360 or/and buy that piece of hardware. :P
     
  5. Dark Scyth

    Dark Scyth Moderator

    Joined:
    Mar 3, 2009
    Messages:
    2,594
    Likes Received:
    459
    With certain Glitch Chips, it is possible to set up a dual NAND. One that can contain the modified NAND, while the other contains the clean one. So the Modded NAND can be used for offline brew, while the original NAND can remain just fine without the worry of a ban.
     
    clockcycle likes this.

Share This Page