Strange error: 0x81DA07FF

[sabrax]

OK, someone who is fluent in hungarian?
Seems like this guy http://xmedia360.hu/e107_plugins/forum/forum_viewtopic.php?34467 have also bought a card which is allowing him to MFG mode only he have: CHALLENGE RESPONSE . Google Translate is unfortunately not good enough.

[utar]

This from tmbinc's original readme on the jtag hack may be relevant:

Now there is a special situation: If the 2BL pairing block is all-zero, the
pairing block will not be checked. However, a bit is set so that the kernel
doesn't boot the dashboard binary, but a special binary called
"MfgBootLauncher", where "Mfg" probably stands for "Manufacturing". So this
is a leftover of the production process, where the flash image is used on
all hardware, probably also before any CPU-key has been programmed.

However I suspect this MU will be of no use once boxes leaves the production line.

[sabrax]

You guys are great, I think tomorrow will see if it is sending ethernet data with wireshark/ethereal, but I'm short on time right now.

[xXhighpowerXx]

urg stop wasting your time that MTE does nothing than just do some self testing. I just got a copy form a forum and that MTE need a MTE DVD to make it work:



Uploaded with ImageShack.us
***************

[sabrax]

Do you happen have some screenshots from the MTE disc you sent links to, mr. urg? I guess there are a lot of different utilities MS use in their repair centers.

[Arakon]

Those DVDs are copyrighted and confidential, we can't allow links to them.

[xXhighpowerXx]

Do you happen have some screenshots from the MTE disc you sent links to, mr. urg? I guess there are a lot of different utilities MS use in their repair centers.

Yes i see the screen and some random 3D models and HD video and some PIC just self-testing 

[sabrax]

Found an old xbox 360 which RRoD'd and fixed it at least temporary. Tomorrow will read the flash, empty it and start with the MU only to see what happens. Then will JTAG it to see where it goes. Also tomorrow I expect wired pad to see if I can access the menus.

[jester]

Found an old xbox 360 which RRoD'd and fixed it at least temporary. Tomorrow will read the flash, empty it and start with the MU only to see what happens. Then will JTAG it to see where it goes. Also tomorrow I expect wired pad to see if I can access the menus.

Keep us posted, this thread interests me.

[sabrax]

Everyone interested in the MU dump can private message me, but I will give it only to ones really knowing what to do with it. After the weekend I will provide the links to the dump.

[sabrax]

Since already one member requested and I sent him this info, here it is:
the tool is in Partition1, it is 5.4 MB in size and is called default.XEX
also there is a file called automct.ini, here are its contents:

Code:

[Sig]
bk924I4H2f5FlnU35XTQJ6PQMng8KgpXFeChPdWXDdz8cmcedrnKLy8HXNDdwDxLZX9yismk7kMZstR4pdEzJdPup4e8/u0e

LaB1mW6XkNCqpuXJFgDPKVfsKYetkrPcZ5z9bhxYNWQ+k6g9hEKtEGuDDBnAWmX77/Pp4I9WlHW0SmfgYLFeFIb3t/hFnK/s

P93Neaopnh/ksyZxijg2zWoaEhJHnEh3+B6sbqZQarOaKI91D4h+GOw+PKst9O/ObPYnppfKKMzTamlrQbBERpQet0AHnPYr

4wEJbdakvM3gt6kDKEKvvGqSQp/tOKmvMWAJ2arsAfLX0D4AMTR7NA==


[Script] 
SetMfgMode



[Parameters]

and here is the Xextool info, some data at the footer is cut,as it it irrevelant without the xex itself:

Code:

Xex Info
  Retail
  Compressed
  Encrypted
  Title Module
  Manufacturing Utility
  Manufacturing Support Tool
  No Forced Reboot
  Restricted HUD Features
  Has Secure Sockets
  Has Call Cap Data   (6C511C92 7C511C92)

Basefile Info
  Original PE Name:   muAutoMCT.exe
  Load Address:       92000000
  Entry Point:        9205B310
  Image Size:           85D000
  Page Size:              1000
  Checksum:           001F124A
  Filetime:           4877312A - Fri Jul 11 13:08:42 2008
  Stack Size:           130000

Regions
  All Regions

Allowed Media
  Memory Unit

Media Id
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Encryption Key
  D3 3E 2E D8 09 DB E1 14 B9 B2 87 2D 19 65 A4 9C

LAN Key
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Bounding Path
  \device\mu0\default.xex

TLS Info
  Number of Slots:    64
  Data Size:          4
  Raw Data Address:   921DA400
  Raw Data Size:      4

Execution Id
  Media Id:           00000000
  Title Id:           00000000
  Savegame Id:        00000000
  Version:            v2.0.32767.0
  Base Version:       v2.0.32767.0
  Platform:           0
  Executable Type:    0
  Disc Number:        0
  Number of Discs:    0

Static Libraries
    0) XAPILIBD       v2.0.6534.0
    1) CMTD           v2.0.6534.0
    2) XBOXKRNL       v2.0.6534.0
    3) D3D9D          v2.0.6534.0
    4) XUIRUND        v2.0.6534.0
    5) XUIRNDRD       v2.0.6534.0
    6) XAUDD          v2.0.6534.0
    7) XNETD          v2.0.6534.0
    8) XRTLLIBD       v2.0.6534.0
    9) XMPD           v2.0.6534.0
   10) D3DX9D         v2.0.6534.0
   11) XGRAPHCD       v2.0.6534.0

Import Libraries
    0) xam.xex        v2.0.6534.0  (min v2.0.1861.0)
    1) xboxkrnl.exe   v2.0.6534.0  (min v2.0.1861.0)

Resources
    0) 921DB000 - 9285C839 : media

[jester]

Sig is base64, here's decoded version (0x100 long ):

Code:

6E 4F 76 E0 8E 07 D9 FE 45 96 75 37 E5 74 D0 27
A3 D0 32 78 3C 2A 0A 57 15 E0 A1 3D D5 97 0D DC
FC 72 67 1E 76 B9 CA 2F 2F 07 5C D0 DD C0 3C 4B
65 7F 72 8A C9 A4 EE 43 19 B2 D4 78 A5 D1 33 25
D3 EE A7 87 BC FE ED 1E 2D A0 75 99 6E 97 90 D0
AA A6 E5 C9 16 00 CF 29 57 EC 29 87 AD 92 B3 DC
67 9C FD 6E 1C 58 35 64 3E 93 A8 3D 84 42 AD 10
6B 83 0C 19 C0 5A 65 FB EF F3 E9 E0 8F 56 94 75
B4 4A 67 E0 60 B1 5E 14 86 F7 B7 F8 45 9C AF EC
3F DD CD 79 AA 29 9E 1F E4 B3 26 71 8A 38 36 CD
6A 1A 12 12 47 9C 48 77 F8 1E AC 6E A6 50 6A B3
9A 28 8F 75 0F 88 7E 18 EC 3E 3C AB 2D F4 EF CE
6C F6 27 A6 97 CA 28 CC D3 6A 69 6B 41 B0 44 46
94 1E B7 40 07 9C F6 2B E3 01 09 6D D6 A4 BC CD
E0 B7 A9 03 28 42 AF BC 6A 92 42 9F ED 38 A9 AF
31 60 09 D9 AA EC 01 F2 D7 D0 3E 00 31 34 7B 34

[jester]

After the weekend I will provide the links to the dump.

It's Monday 

[ReverseAffect]

yes i even pm-ed you...is this just a put on to up our thoughts of wanting this and you 'push the f***-u button'?...lol
i mean i don't want to assemble the freaking thing..I just want the stuff as is.

i see as in here,
LAN Key
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

either it needed a validated machine or you 360's port wasn't configured for this?

[q36]

Ya this is pretty disappointing.

[q36]

so sabrax. What's the deal?

[jester]

Problem is if something come out of this most people will ultimately use it to play "backups", which is something I do not want to be part of.

This made me laugh, he's so pure of heart. The bottom line is that this has potential, and I and many others would appreciate it if you posted it, sabrax.

[ddxcb]

Problem is if something come out of this most people will ultimately use it to play "backups", which is something I do not want to be part of.

This made me laugh, he's so pure of heart. The bottom line is that this has potential, and I and many others would appreciate it if you posted it, sabrax.

he cant post it its illegal but to obtain it threw something else is diffrent xD

[l_oliveira]

By now this sabrax guy is probably receiving some nice and beautiful Cease and Desist letter from Microsoft... 

This is not the first time production/service software leaked. Neither will be the last.

[q36]

meh, there are way more fun ways to hack a console.