Softmodding Exploits Explained.

Softmodding goes like this. There is an exploit. It allows you to run software that isn't signed with the M$ private key. 3 known exploits are available at the moment. The audio hack, the font hack and the gamesave hack.

The audio hack can run non-official software by putting in some key combo in the msdash music player. The audio hack itself is considered obsolete since it only works on older dashes and newer/easier/more reliable exploits are found. I used to use this. I do believe the combination was something like Music>blank soundtrack>Copy>Select>Copy>New Soundtrack><<Eggsβox>> . Then the Uber dash would start.

The font hack runs the non official software straight from bootup (except the mechinstaller fonts). The most used font exploits nowadays are the UDE, UDE2 and the UXE. All three of them exploit an update.xbe file renamed as xboxdash.xbe (this is the first file the xbox looks for when turned on without dvd).
The difference in the three of them lie in the compatabilaty.
UDE works on all xboxes with exception of kernels 5713 or higher
UDE2 works on all region 2 (USA/Canada) xboxes
UXE works on all xboxes (no limitations)

The gamesave exploit runs non official software that is put into a specially designed/hacked gamesave. Only three games can make use of those special gamesave at the moment. mechassault, 007 Agent under fire and splinter cell.

So exploits allow us to run non official software but that doesn't mean we can just play everything we want. The exploit only allows software that is prepared in a particular way (signed with habibi key). Now we don't like to do that with all our stuff so what if we take one program, prepare it with that special signature and let that program kick out or patch the existing bios to a bios that we like (without any checks for signatures, region numbers and what more). That is what bios loaders and kernel patchers do. There are 2 ways to do it now. Bios launchers or kernel patchers.

A bios loader kicks the M$ bios out of the xbox memory and puts in a hacked one. Most used bios loaders nowadays are PBL metoo, FBL and PBL-lite. Since a bios loader "loads" a bios it will need a bios file it can use to put in the memory. The bios that gets loaded looks for a dashboard file to boot succesfully. This does not work on the newer dashes because M$ released the 5838 kernel and that gay Excalibur chip.

A kernel patcher doesn't kick out the m$ bios but it just alters it (again only in memory) so all the security checks are removed and some stuff is inserted. Since it only "patches" the bios the kernel doesn't need a bios file. The kernel(bios) is patched so it will also look for a new dashboard file. This is thee NKPATCHER that loads in all of Krayzie's installers. Its faster and much more compatible then bios loaders. Works with ALL kernels and dashes.

Basically this is the gist of it.

Xbox is turned on
exploit kicks in (or is triggered in case of audio hack)
exploit boots to bios loader or kernel patcher
new or patched bios looks for dashboard
dashboard boots up and voila a softmodded xbox

[digitalhigh]

Very nice explanation, old bean. Couldn't have said it better myself.

I tried to make it as well explained as you explain things.

I love this thread.

[MeTThoDz]

So what does a softmoded xbox allow you to do?

[tumeg]

Would this work online? I'm sure they found a way to stop it back in the day, i just wonder if it even matters to M$ anymore, there's a small cult of us that still meet up on the Original Ghost Recon and Island Thunder so i was just wondering if i could pack an extra punch....