RGH 2.0 Released by Team SQUIRT

[Tony_Amigozs]

Thanks cory1492,

So both TX and Team Squirt can shoot themself in the foot one day claiming it's unpatchable.
If MS changes it so it won't be able to extract they cpu-key anymore then we're still screwed.

good thing is is that we can always decrypt the upcoming cb_b.. by simply upgrading a console that we already have cpu key for so we can see precisely what they changed.

[PetrozPL]

let me elaborate a bit further wrt 15$ profits... how come you're defending not only one but two teams? IMHO they should release the sources for the vhdl, mainly because of this:


constant POST_B8 : integer := 12;
constant POST_BA : integer := 13;
constant POST_BB : integer := 14;


(well f*** me, I found this out myself using my LA, you're very welcome)

this is all you need between trinity and "RGH 2.0"...

So, thats the main difference between CB_A glitching on fat and slim? Does it mean, than slim I2C slowdown command is the same and the slowdown CPU frequency is the same as on SLIM consoles?

[uf6667]

let me elaborate a bit further wrt 15$ profits... how come you're defending not only one but two teams? IMHO they should release the sources for the vhdl, mainly because of this:


constant POST_B8 : integer := 12;
constant POST_BA : integer := 13;
constant POST_BB : integer := 14;


(well f*** me, I found this out myself using my LA, you're very welcome)

this is all you need between trinity and "RGH 2.0"...

So, thats the main difference between CB_A glitching on fat and slim? Does it mean, than slim I2C slowdown command is the same and the slowdown CPU frequency is the same as on SLIM consoles?

aye 

[cory1492]

no you said they can change everything and that is not true..  

Its absolutely true, they have the private keys and can change any piece of write-able software they want at any time (including the dvd firmware which many said they couldn't do... until they did.) They could even go and modify the CPU ROM on new units so we can't decrypt the second stage BL on them. To think otherwise is simply not sane. Read what I said again, instead of just the first sentence and consider your post which I was replying to. It would be trivial for them to replace RC4 with something that isn't vulnerable to a plaintext substitution and thus can't be loaded by current CB_A - having decrypted BLs didn't magically give us any CPU key, it's always taken a lot of work (even if some wilfully ignore that).

Personally I'm not all that interested in speculating, whatever they do I have my CPU key and unrevokeable CB_A and am not worried - the simple fact is they will try to limit the hacks impact/scope at some point, they always have (in the least) broke current solutions if not outright blocked them. Sometimes all it takes is abandoning the platform.

[damox]

Personally I'm not all that interested in speculating, whatever they do I have my CPU key and unrevokeable CB_A and am not worried - the simple fact is they will try to limit the hacks impact/scope at some point, they always have (in the least) broke current solutions if not outright blocked them. Sometimes all it takes is abandoning the platform.

QFT.

[Tony_Amigozs]

no you said they can change everything and that is not true..  

Its absolutely true, they have the private keys and can change any piece of write-able software they want at any time (including the dvd firmware which many said they couldn't do... until they did.) They could even go and modify the CPU ROM on new units so we can't decrypt the second stage BL on them. To think otherwise is simply not sane. Read what I said again, instead of just the first sentence and consider your post which I was replying to. It would be trivial for them to replace RC4 with something that isn't vulnerable to a plaintext substitution and thus can't be loaded by current CB_A - having decrypted BLs didn't magically give us any CPU key, it's always taken a lot of work (even if some wilfully ignore that).

Personally I'm not all that interested in speculating, whatever they do I have my CPU key and unrevokeable CB_A and am not worried - the simple fact is they will try to limit the hacks impact/scope at some point, they always have (in the least) broke current solutions if not outright blocked them. Sometimes all it takes is abandoning the platform.

I have seen people stated here on xboxhacker that 1bl key the one on cpu rom is not changeable.. and ms did not changed it after latest update.. so if its takes them more then 8 months to change that key.   if they could they would have done it by now don't you think ?

edit.. just noticed that you said on new units.. but ofcourse I was talking about the currents units they can not change it.. duh ofcourse on new units they can change anything they want.

[uf6667]

don't you hunderstand? the crypto doesn't have to remain RC4!
if this is the case, we'll need to find a fail inside kernel to get the cpu key
feelsbadman

[Tony_Amigozs]

don't you hunderstand? the crypto doesn't have to remain RC4!
if this is the case, we'll need to find a fail inside kernel to get the cpu key
feelsbadman

I wasn't talking about the RC4 crypto.. I was talking about 1bl key in cpu rom..

[asapreta]

I think I got an incompatible CB B: 5773:

Dual CB detected for Falcon CB_B 5773
Traceback (most recent call last):
  File "common/imgbuild/build.py", line 466, in <module>
    CB_B = calc_keystream(CB_B, open("common\\CB\\CBB" + str(build(CB_B)
n", "rb").read(), patch_CB(open(cbbpath, "rb").read()))
IOError: [Errno 2] No such file or directory: 'common\\CB\\CBB5773.bin'

I've checked and there is no CBB5773.BIN on that folder.

[Tony_Amigozs]

look http://team-xecuter.com/forums/showthread.php?t=85470

try that batch tool it has 5773  included should work

[asapreta]

look http://team-xecuter.com/forums/showthread.php?t=85470

try that batch tool it has 5773  included should work

will try, thanks

Edit >>>>
Just to mention the BAT was able to create the rgh2_.ecc

[Tony_Amigozs]

Great when its glitching tell us which chip you have and how long does it take to glitch.  

[asapreta]

Great when its glitching tell us which chip you have and how long does it take to glitch.  

Wasn't able to make it glitch. As soon as I start the console with the .ECC created I get 3RL.

Flashed back the original nand and its fine.

[guerrierodipace]

Oh my god.... messiah is come... thANks TO you

ROTFL
 

[Tony_Amigozs]

http://www.360squirt.com/news.php

squirt new information

    SQUIRTER DONGLE device “preview” (MAGICDONGLE hardware)
    RGH 2.0 STORY ...
    SQUIRT SUPPORT FORUM
    SQUIRT DUAL NAND technical notes