|
1
|
Research & Technical XboxHacking (Xbox 360) / Software (TECHNICAL) / Re: Anyone know how to decrypt Xdata/Secdata?
|
on: July 30, 2011, 06:18:37 PM
|
i dont think he released his source but i would like this for my droid for sure
here is some python to show how it is done.
# XVal.py By Redline99
# Descrpyts the "X:" Value from the Xbox 360 dashboard
# This can indicate if the console has been flagged
# for some types of security violations
import sha, hmac, struct, sys
FLAG_SSB_NONE = 0x0000
FLAG_SSB_AUTH_EX_FAILURE = 0x0001
FLAG_SSB_AUTH_EX_NO_TABLE = 0x0002
FLAG_SSB_AUTH_EX_RESERVED = 0x0004
FLAG_SSB_INVALID_DVD_GEOMETRY = 0x0008
FLAG_SSB_INVALID_DVD_DMI = 0x0010
FLAG_SSB_DVD_KEYVAULT_PAIR_MISMATCH = 0x0020
FLAG_SSB_CRL_DATA_INVALID = 0x0040
FLAG_SSB_CRL_CERTIFICATE_REVOKED = 0x0080
FLAG_SSB_UNAUTHORIZED_INSTALL = 0x0100
FLAG_SSB_KEYVAULT_POLICY_VIOLATION = 0x0200
FLAG_SSB_CONSOLE_BANNED = 0x0400
FLAG_SSB_ODD_VIOLATION = 0x0800
try:
import Crypto.Cipher.DES as DES
except ImportError:
print "Error importing Crypto.Cipher.DES - please install python-crypto!"
print "You can get it from http://www.dlitz.net/software/pycrypto/"
print "Win32 version from http://www.voidspace.org.uk/python/modules.shtml"
sys.exit(-1)
def ByteToHex( byteStr ):
return ''.join( [ "%02X " % ord( x ) for x in byteStr ] ).strip()
def HexToByte( hexStr ):
bytes = []
hexStr = ''.join( hexStr.split(" ") )
for i in range(0, len(hexStr), 2):
bytes.append( chr( int (hexStr[i:i+2], 16 ) ) )
return ''.join( bytes )
def DecryptXVal(console_serial, console_xval):
# convert to bytes in needed
if console_xval.find("-") or console_xval.hexdigits:
console_xval = HexToByte(console_xval.replace("-",""))
# get our decrypt key
assert len(console_serial) == 0xC
des_key = hmac.new(console_serial + "\0", "XBOX360SSB", sha).digest()[0:8]
# set our decrypt key
assert len(des_key) == 8
des = DES.new(des_key)
# decrypt
assert len(console_xval) == 8
decrypted_data = des.decrypt(console_xval)
DisplayResults(decrypted_data)
print "Data:", ByteToHex(decrypted_data)
def DisplayResults(xval):
(xval_h, xval_l) = struct.unpack(">LL", xval) # extract our integers formt the buffer
if(xval_h == 0 and xval_l == 0): # nothing is flagged in secdata.bin, all is good from this standpoint
print "Secdata is Clean"
elif(xval_h == 0xFFFFFFFF and xval_l == 0xFFFFFFFF): # secdata was prob tampered with
print "Secdata is invalid"
elif (xval_h != 0 and xval_l != 0): # most likely the serial or xval is incorrect
print "Secdata decryption error"
else: # the high dword = 0 and low dword not 0
# afaik best check. have to look at disassembly more
if(xval_l & FLAG_SSB_AUTH_EX_FAILURE):
print "AuthEx Challenge Failure" # AP25 related
if(xval_l & FLAG_SSB_AUTH_EX_NO_TABLE):
print "AuthEx Table missing" # AP25 related
if(xval_l & FLAG_SSB_AUTH_EX_RESERVED):
print "AuthEx Reserved Flag" # AP25 related
if(xval_l & FLAG_SSB_INVALID_DVD_GEOMETRY):
print "Invalid DVD Geometry"
if(xval_l & FLAG_SSB_INVALID_DVD_DMI):
print "Invalid DVD DMI"
if(xval_l & FLAG_SSB_DVD_KEYVAULT_PAIR_MISMATCH):
print "DVD Keyvault Pair Mismatch"
if(xval_l & FLAG_SSB_CRL_DATA_INVALID):
print "Invalid CRL Data"
if(xval_l & FLAG_SSB_CRL_CERTIFICATE_REVOKED):
print "CRL Certificate Revoked"
if(xval_l & FLAG_SSB_UNAUTHORIZED_INSTALL):
print "Unauthorized Install"
if(xval_l & FLAG_SSB_KEYVAULT_POLICY_VIOLATION):
print "Keyvault Policy Violation"
if(xval_l & FLAG_SSB_CONSOLE_BANNED):
print "Console Banned"
if(xval_l & FLAG_SSB_ODD_VIOLATION):
print "ODD Violation"
if(xval_l & 0xFFFFF000): # mask for bits we dont have a description for,
# note: we are not looking at the hi dword yet
print "Unknown Violation(s)"
return
|
|
|
|
|
3
|
Xbox 360 / Tech Support 360 / Re: Read a LT flashed Lite-On
|
on: March 01, 2010, 08:40:08 PM
|
|
jelle2503
This is your official warning from myself. Anymore rants or other fighting with peers and you will be banned. I'm tired of reading crap everyday and I'm tired of the multiple people asking me to ban you. I have been very lenient so far.
Please contain yourself more.
|
|
|
|
|
5
|
Xbox 360 / Xbox 360 General Discussion / Re: DO NOT USE INTERNAL MEMORY ON A BIG BLOCK JASPER!
|
on: January 31, 2010, 01:42:47 PM
|
[30:01:10:13:23] <Redline99> because xbr_3 screwed up the block numbers
[30:01:10:13:23] <mastag21> i just trash the MU partition
[30:01:10:13:23] <Redline99> its difficult to explain
[30:01:10:13:23] <mastag21> i always delete MU partition
[30:01:10:13:23] <mastag21> too many people's systems been getting fubar
[30:01:10:13:23] <Redline99> but I will release a new bbm when a new xbr is released
[30:01:10:13:23] <Redline99> MU is not usable, using it at all screws up flash
Straight from Redline99 =)
To clarify, the xbr_3 for large block is a hybrid image meaning it has some parts from a small block and some parts from a large block. The block numbering issue is not directly related to the MU issue. It causes issues with apps such as bad block mover. The MU corrupting thing something else. The nand is not an easy structure to mess with and it is a long learning curve for everyone. So just be patient and I'm sure issues will be addressed as quickly as possible. I will re-release bad block mover for large block when a new xbr for large block is released that is not a hybrid. The issue is that it cannot remap blocks from the "hybrid" section reliably because the block ids are not valid. So even if they are remapped it seems that they cannot be located without metadata fixes. This can be done, but its better to just wait for a new xbr that isn't a hybrid. |
|
|
|
|
12
|
Xbox 360 / Tech Support 360 / Re: XBR and the !SWITCH command
|
on: January 14, 2010, 07:47:05 PM
|
|
Neptune, Yeah I dont know what the exact issue was. Glad it is working for you now. But as Tiros said, the "!SWITCH" serial command is "one-way" (last I looked). Meaning all the little routine does it send the command blindly waits a specific amount of time and then assumes a cygnos was on the other end of the serial to recieve the command and switch to the 8955 image and. In a true xD card setup (which I use myself) this extra serial command doesn't make any difference to the operation of xbr_3. If xbr_3 is running from cygnos then yes, there could be issues. When you hexed out the "!SWITCH" and re ecc'ed the block and flashed, I cant explain why that all of a sudden made it work for you. What tool do you use for flashing?
|
|
|
|
|
13
|
Xbox 360 / XboxHacking - General / Re: Make extract-xiso compatible with xbox360 images...
|
on: January 07, 2010, 09:29:30 PM
|
|
A verrrrrry long time ago I made a port of "xtract360 from PI" and put the source code on xbins.
"XBOX 360/xdvdfs/Game Dump Extractors/xtract360ex/"
You should be able to get that to work, careful though there is a possible buffer overflow if the root dir spans a few sectors or something like that (going from memory) A good test app is "Star Trek Legacy" because it has over 30,000 files or something like that.
My code additions supported extracting all ISO types.
|
|
|
|
|
15
|
Xbox 360 / Xbox 360 General Discussion / Re: XBR BANNED FROM LIVE!!!
|
on: December 24, 2009, 08:50:30 PM
|
Bull$#!t.. It was made VERY F***ing clear on this very forum they already knew enough about the exploit to detect with ease it if you went on live.
EXACTLY, I don't know how many times I have stated that if you take ANY of the rebooted console online you will be banned no matter what you do, no matter what game you play, no matter how long you are signed in. Everyone has been warned multiple times, you are foolish to think this hack is the like the dvd firmware hack. Do not take an exploited/rebooted console onto Live, that is not the place for it. Plus I will be pissed to have some jerk cheat me in COD: Modern Warfare 2.  |
|
|
|
|
16
|
Xbox 360 / XboxHacking - General / Re: Using lflash to flash XBReboot??
|
on: December 10, 2009, 11:26:01 PM
|
When doing a 512MB NAND, isn't the first 16MB used for the good stuff and the rest for save games? I'd assume you can just do nandpro lpt: -r16 nand.bin and it would only take 40 minutes not 16 hours.
No, on 256 and 512, its the first 64MB not 16MB. |
|
|
|
|
17
|
Xbox 360 / XboxHacking - General / Re: XELL - some noob questions
|
on: December 09, 2009, 01:49:21 PM
|
|
Plug in a wired controller and turn on the console via the big center xbox button on the controller. Both FreeBoot and XBR use the standard JTAG bootstrap and both have a XELL in the "backup slot" But one issue with XBR .5_0, it seems to have a bad xell that hangs around the cpu key reads. Im working on xell/flash stuff and I will have a fix for it for the bad xell and a better more reliable xell with more features. My schedule is busy so I code on it when I can.
|
|
|
|
|
Show Posts
