XeKeysExecute RSA

[Fuse]

Hi, bit of a noob and only just started taking PPC seriously, so sorry in advance if my information is incorrect or I say dumb stuff

I've set myself a project to try and load custom payloads via calling XeKeysExecute. However, the payload would fail because it's unofficial. So from my understanding, NOPing the handler that deals with the RSA check will work.

So far I've got a non-live HV loaded in IDA with half the functions labeled, XeKeysExecute being one of them. I know the handler is a small function and I think it returns 0 to r3 if RSA fails. Basically, I'm asking for a bit of help locating the function. Any help or tips would be great!

Please correct me if I'm wrong on anything, which I properly am lol.

Thanks!

[Dwack]

In 14719 it uses XeCryptBnQwBeSigVerify to check the signature.

Code:

ROM:00005B34                 bl        XeCryptBnQwBeSigVerify
ROM:00005B38                 cmpwi     cr6, r3, 0
ROM:00005B3C                 bne       cr6, loc_5B4C # go here if r3 DOES NOT equal zero
ROM:00005B40                 lis       r30, -0x3800 # 0xC8000036
ROM:00005B44                 ori       r30, r30, 0x36 # 0xC8000036
ROM:00005B48                 b         loc_59D0

Instead of having the branch to verify the signature just change it to:

Code:

ROM:00005B34                 li        r3, 1
ROM:00005B38                 cmpwi     cr6, r3, 0
ROM:00005B3C                 bne       cr6, loc_5B4C
ROM:00005B40                 lis       r30, -0x3800 # 0xC8000036
ROM:00005B44                 ori       r30, r30, 0x36 # 0xC8000036
ROM:00005B48                 b         loc_59D0

Just remember that your file would still need proper encryption and would only pass on your xbox.

[Fuse]

Thanks Dwack, located and patched. Working on custom payload now