Man, to make it boot all you need is the original keyvault. Even for freeboot, using mismatching (donor) security files is no big deal.
It only matters if you're a f***ing lamer and want to ruin other peoples fun on live. Then proper security files might get you online for a little longer. (we know you're not...)
But then meh.
And you only need the original keyvault for the CPU because of the hashing protection on the keyvault.
You can get around that if you have Freeboot 3.0 (but then cope/deal with the corrupted profiles problem)
To read the original (mangled) dump keyvault block:
nandpro <device> -R16 keyvault.bin 1 1
Device can be file_name.bin: or either LPT: USB: depending on which device you are using.
After you obtain the (supposedly) keyvault dump, use the excellent tool Bincrypt (search this forum for it) to decrypt the block you extracted. For it to work with bincrypt, use -R not -r on nandpro as command parameter.
Bincrypt should be set this way:
CPU key (for the chip you have currently on the mother board) should be pasted on the CPU Key field. No spaces allowed.
If decryption is sucessful, then you have the working keyvault you need.
For the decrypted keyvault from bincrypt to work on freeboot (making the image) you might need to remove the first 16 bytes of the file (hmac hash) as ibuild don't use that information and expects the dump to not have it.
Paste it in a set of files from a donor dump and your console should then work.
Hopefully you can salvage the original keyvault from the damaged dump with these instructions. Good luck.