restore hdd game install after ban with nand backup?

[warpjavier]

here's how to properly mimic the old block on the new position:

Once you found out the position for both blocks do this:


nandpro lpt: -R16 oldandgood_secdata.bin XXX 1    (where XXX is the block the file is at... 1CF for last poster)
nandpro lpt: -R16 newandbad_secdata.bin YYY 1    (where YYY is where the new secdata is at... the block you see when you open the nand on the tools)

Resulting files must be 16384 bytes long. Open them on the hexaeditor and check if they contain *only* one kilobyte (1024 decimal or 400h addresses) and the rest should be all zeros.

To replace new with old:

nandpro lpt: -W16 oldandgood_secdata.bin XXX 1   (Puts contents of old block on new position. Nothing else needs to be changed)

Check for XCODE change with XVAL 2.0

Hi,
Wouldn't it be like this?
nandpro lpt: -W16 oldandgood_secdata.bin YYY 1

As you have to replace the bad secdata.bin with the good one?

[l_oliveira]

Hi,
Wouldn't it be like this?
nandpro lpt: -W16 oldandgood_secdata.bin YYY 1

As you have to replace the bad secdata.bin with the good one?

Yes, that's correct... Now I'll go sleep as I am too tired to think properly ... lol

[sandungas]

what's the offset of the timestamp ? it's not a timestamp starting on 1/1/70 - something in the 0xF80000 range from my calculations ...

The timestamp in the filetable entry is marked in blue in this picture
http://img20.imageshack.us/img20/4887/portapapeles01w.png
The timestamp in the secdata.bin "file" (decrypted with bincrypt 2.0) is in 0x20 lenght 0x8

The entry in the filesystem table is pointing to the real file, both has a timestamp, and this timestamps must match
The "problem" is that is not easy to convert this timestamps between the 2 different formats used

[Redline99]

The filesystem uses a 4 byte "DOSTIME" 2 bytes date 2 bytes time. The timestamps in the files such as in secdata uses 8 byte  "FILETIME" structure so you need to convert.

[warpjavier]

I've done it in a Jasper 16Mb nand and didn't work.
I had to fix the secdata.bin sector by hand to match the new nand format in the jaspers and also recalculate the ecc for the new format, but still didn't work.
Any help will be appreciated it.

[corpo]

Guys, it seems we've missed some commands of nandpro

-e# (HexStartBlock HexBlockCount) Erase
+W# Write while ADDING ECC from file without ECC
+w# Write while FIXING ECC from RAW (with ECC)

There's all we need to either erase the fsroot or rewrite the old secdata with corrected ecc
Haven't tried this on my box, to busy playing nfs shift from hdd ...

[ffriozi]

can anyone help me? i got the cable to read the nand and etc... and i should do now?

I have JASPER 512mb!!! what i need write to copy nand to my pc? and how to fix it? remember i have Jasper 512mb
Please help. Thanks in advanced.

[sandungas]

can anyone help me? i got the cable to read the nand and etc... and i should do now?

I have JASPER 512mb!!! what i need write to copy nand to my pc? and how to fix it? remember i have Jasper 512mb
Please help. Thanks in advanced.

If you dont know your cpu-key, you need to look in your nand dump with a hex editor, and look for: secdata.bin (this are in the filesystem table, like an index)
Take note of the positions and timestamps of every entry (the bigger timestamp one is your actual used secdata)
Multiply the position of the file * block size of your nand = here begins your file (the size of the file is always 1 block)
You need to erase this block
This forces the console to load an old copy of secdata.bin

If you know your cpu-key you can play with the timestamps
This means that you can take an old secdata.bin and copy it in the position of the last one (overwriting it)
To make this, is needed to match the timestamps of the filesytem table & your new file
*And the ldv info inside the secdata.bin
To modify the file, you need your cpu-key & bincrypt http://www.xboxhacker.net/index.php?topic=12857.0
And to translate timestamps in different formats you need this tool http://www.xboxhacker.net/index.php?topic=12778.msg87552#msg87552



*For more info, read this thread completly, and this one http://www.xboxhacker.net/index.php?topic=12778.0
*I cant explain this better, sorry, my english sucks a bit, and i cant make a tutorial or whatever

[warpjavier]

If you dont know your cpu-key, you need to look in your nand dump with a hex editor, and look for: secdata.bin (this are in the filesystem table, like an index)
Take note of the positions and timestamps of every entry (the bigger timestamp one is your actual used secdata)
Multiply the position of the file * block size of your nand = here begins your file (the size of the file is always 1 block)
You need to erase this block
This forces the console to load an old copy of secdata.bin

I tried that in my jasper, and does not work. I get FFFFFFFFFFFFFFFF Secdata is invalid in Xval.
I tried everything with no luck.
Did anybody have this working in a Jasper?

Thanks

[sandungas]

Are you working with nandpro to corrupt the block or in a hex editor?
Im not sure how nandpro works with big blocks nands

You can extract the files with the hex editor, first look at the positions in the "index" and make this calculation (in a hex calculator):
position * nand block size = begining of the file
The size of the file is 1 block

In a 16mb nand 1 block is 4200, but in jaspers im not sure, try with this size

maybe you need to calculate using 0x10800 instead of 0x4200 for jasper? 

And take a look at the extracted files in hex... it seems random data but the sizes of data & zeroes are fixed

Resulting files must be 16384 bytes long. Open them on the hexaeditor and check if they contain *only* one kilobyte (1024 decimal or 400h addresses) and the rest should be all zeros.

All valid secdatas must seems like this
If you have your cpu-key, you can decript them with bincrypt, and you can see the timestamp of the file, and a ldv counter





Btw:
The last secdata (the newer, or the actual one used) is not selected by the console using the timestamps
Because timestamps can be "faked" if you change the settings of the console (date & time) before the secdata is created
I have a nand dump here with random timestamps, and the secdata used when booting the console is not the one with the bigger timestamp

The best way to know which one is your last secdata is to open the dump in "360 flash tool" or "bincrypt"

[corpo]

If you dont know your cpu-key, you need to look in your nand dump with a hex editor, and look for: secdata.bin (this are in the filesystem table, like an index)
Take note of the positions and timestamps of every entry (the bigger timestamp one is your actual used secdata)
Multiply the position of the file * block size of your nand = here begins your file (the size of the file is always 1 block)
You need to erase this block
This forces the console to load an old copy of secdata.bin

I tried that in my jasper, and does not work. I get FFFFFFFFFFFFFFFF Secdata is invalid in Xval.
I tried everything with no luck.
Did anybody have this working in a Jasper?

Thanks

This is not the secdata's block that you have to erase, it's the fsroot block (which should be the next block) in which you find the reference to the latest secdata.

It's the only way to do it, as secdata.bin AND crl.bin have to match (internal timestamp of secdata.bin has to match the one stored in crl.bin). So without cpu key, you have to erase the last fsroot to force the system to revert to the previous one, with matching crl.bin & not banned secdata.bin.

[Pacote-san]

Ok, so here is what i did.... i dont have a drive right now (sold to a friend but will install a hitachi in a few days, just need my new optical unit to arrive from mail) so i cant confirm that i got the hdd install feature back but bear with me:

This is from my banned 8599 xbox (16mb xenon)

- Dumped my nand 2 times and checked with fc.exe

- Opened my nand.bin file with flashtool and secdata.bin appears as block 0363

- Opened the nand.bin file with Hex Workshop and searched for "secdata.bin"

- Found the secdata.bin filename in eleven places, used the one that is on the 03 63 block

- Used hex calculator to divide the address of this file / 04200 so 00DFD3D0 / 0420 = 364.xxxxxx

- Used Nandpro to read block 0x0364 and opened with Hex Workshop. Started with 1F FB, repeats for a bit, have only one secdata.bin string, lenght 4200...

- Filled the whole thing with zeros, saved as newsecdata.bin and writed it back to 0x0364

The console booted fine but as i have no drive i dont know any other way to test it if this worked

I did any step wrong?

Thanks

[corpo]

Nothing wrong, but a nandpro lpt: -e16 0x364 would have made things faster
Use Xval to know about banned or not

[Pacote-san]

Nothing wrong, but a nandpro lpt: -e16 0x364 would have make things faster
Use Xval to know about banned or not

hmm i was using a tutorial from X-S, i didnt know that just erasing the block would be the same

Thanks

[corpo]

hmm i was using a tutorial from X-S, i didnt know that just erasing the block would be the same

Thanks

I've discovered this command yesterday, sometimes it's usefull to read the nfo

[joeyddr]

Nothing wrong, but a nandpro lpt: -e16 0x364 would have made things faster
Use Xval to know about banned or not

so flashtool to find the secdata.bin block then -e16 0xwhateverthatblockis...

[gupek]

is fstool.exe working in vista? becasue for me not... maby i have missed some libraries?

[Pacote-san]

is fstool.exe working in vista? becasue for me not... maby i have missed some libraries?

I tested fstool and the nand.bin modified by it, didnt work

No one ever confirmed that it would work, the author himself said that he needed someone to test it

Use Xval to know about banned or not

Oh and by the way i testes XVAL and i got

0000000000000400
Console banned

But i can try to play games from HDD but it asks for the disc on the drive (as i have no drive....)
I thing a hdd cripped console wouldnt let you even select this option am i right?

[corpo]

Nothing wrong, but a nandpro lpt: -e16 0x364 would have made things faster
Use Xval to know about banned or not

so flashtool to find the secdata.bin block then -e16 0xwhateverthatblockis...

nearly : take to block next to secdata, this is the one needed to erase

[corpo]

Oh and by the way i testes XVAL and i got

0000000000000400
Console banned

But i can try to play games from HDD but it asks for the disc on the drive (as i have no drive....)
I thing a hdd cripped console wouldnt let you even select this option am i right?

if you got 0x0400 then hdd install are disabled ...
Banned console allow you to choose but then refuses to launch (same as if the game was installed from another xbox)