InterestedHacker: As i posted earlier in the thread. the values between the 8050L and 3120L at offsets 0x20BA, 0x6000 are the same in both files. Based on the information from an old post on xbox-scene about the deciphered 8050L it should contain strings HL-DT-STDVD-ROM at these offsets.
I was also thinking parhaps if we have know values for those offsets. I was going to attempt to work backwards starting with the HL-DT-STDVD-ROM (48 4C 2D 44 54 2D 53 54 44 56 44 2D 52 4F 4D) and then ciphered hex and go from there.
Sounds like an idea!!
With the bit shifts you guys are going are you doing single bytes or like 32bit shift?
You could just look for runs of values that are between the ascii text values. So like Capital A-0x40 through like Capital Z-0x5A and lower case a-0x61 through lowercase z-7A or you could even include the digits 0x30 through 0x39. So you could detect the cleartext if like more then 3 of this values are in a row. I'm sure you would get some false positives but it might be better then looking for specific words.
I have shifted using single bytes, and 32bit shift, I couldn't see anything of value in the output of either. Just been experimenting using RCL, rotate carry left, and I think this is string data found at around 0003C2C0. It's still not correct, but I think that's a good place to look to check results. You may need to copy and paste the below into notepad to see the alignment. I am looking at the patterns more than the content below.
0003C2C0 5F3F AF7F 4F3E AF7F FF7F FEFE EF3F FEFE _?..O>.......?..
0003C2D0 6F3E FEFE FF7E EE7E EF3F EE7E 6F3E EE7E o>...~.~.?.~o>.~
0003C2E0 DF7E BEFE CF3F BEFE 4F7F AEFE DF7E AE7E .~...?..O....~.~
0003C2F0 5F3F AE7E 6B7F BE7F FB7E FFFD 7B3F FFFD _?.~k....~..{?..
0003C300 6B7F EFFD EB7E EF7D 7B3E EF7D 4B7F FF7D k....~.}{>.}K..}
0003C310 CB7E BFFD 5B3E BFFD 4B7F AFFD CB3F AF7D .~..[>..K....?.}
0003C320 5B3E AF7D FB7F FEFC EB3F FEFC 7B3E FEFC [>.}.....?..{>..
0003C330 FB7F EE7C EB3F EE7C 6B3E EE7C DB7E BEFC ...|.?.|k>.|.~..
0003C340 5B3E BEFC DB7E AE7C 5B3E AE7C FF7E F7FF [>...~.|[>.|.~..
0003C350 7F3E F7FF FF7E E77F 7F3E E77F DF7E B7FF .>...~...>...~..
0003C360 5F3E B7FF DF7E A77F 5F3E A77F FF7E F6FE _>...~.._>...~..
0003C370 7F3E F6FE FF7E E67E 7F3E E67E DF7E B6FE .>...~.~.>.~.~..
0003C380 5F3E B6FE DF7E A67E 5F3E A67E FB7E F7FD _>...~.~_>.~.~..
0003C390 7B3E F7FD FB7E E77D 7B3E E77D DB7E B7FD {>...~.}{>.}.~..
0003C3A0 5B3E B7FD DB7E A77D 5B3E A77D FB7E F6FC [>...~.}[>.}.~..
0003C3B0 7B3E F6FC FB7E E67C 7B3E E67C DB7E B6FC {>...~.|{>.|.~..
0003C3C0 5B3E B6FC DB7E A67C 5B3E A67C FF7C FFDF [>...~.|[>.|.|..
0003C3D0 7F3C FFDF FF7C EF5F 7F3C EF5F DF7C BFDF .<...|._.<._.|..
0003C3E0 5F3C BFDF DF7C AF5F 5F3C AF5F FF7C FEDE _<...|.__<._.|..
0003C3F0 7F3C FEDE FF7C EE5E 7F3C EE5E DF7C BEDE .<...|.^.<.^.|..
0003C400 5F3C BEDE DF7C AE5E 5F3C AE5E FB7C FFDD _<...|.^_<.^.|..
0003C410 7B3C FFDD FB7C EF5D 7B3C EF5D DB7C BFDD {<...|.]{<.].|..
0003C420 5B3C BFDD DB7C AF5D 5B3C AF5D FB7C FEDC [<...|.][<.].|..
0003C430 7B3C FEDC FB7C EE5C 7B3C EE5C DB7C BEDC {<...|.\{<.\.|..
0003C440 5B3C BEDC DB7C AE5C 5B3C AE5C FF7C F7DF [<...|.\[<.\.|..
0003C450 7F3C F7DF FF7C E75F 7F3C E75F DF7C B7DF .<...|._.<._.|..
0003C460 5F3C B7DF DF7C A75F 5F3C A75F FF7C F6DE _<...|.__<._.|..
0003C470 7F3C F6DE FF7C E65E 7F3C E65E DF7C B6DE .<...|.^.<.^.|..
0003C480 5F3C B6DE DF7C A65E 5F3C A65E 793E CD7A _<...|.^_<.^y>.z
0003C490 9B74 E4F9 1D56 F67F BD7D A67C 6D76 F5DF .t...V...}.|mv..
0003C4A0 4F55 A1FE EF17 F87C 4F5D F4DC 4B5C BC5D OU.....|O]..K\.]
0003C4B0 EF1D FC5F EB1F F4FD 5F5E E47F CB1F ED7E ..._...._^.....~
0003C4C0 5B1E EC7D FB5E BDFD 6F5E ACFE 4F5E BD7F [..}.^..o^..O^..
0003C4D0 4B17 E7DE EB75 A2DC 4B35 B35D EB74 F35D K....u..K5.].t.]
0003C4E0 DF75 B25E FF75 F25E DF35 B35F 5F35 B3DF .u.^.u.^.5.__5.
When I get a bit further I will rethink about ways of looking for text patterns, regardless of the obfuscation. ie. differences between dwords in sequence. I am pretty sure that the XOR is applied first, just not sure if it's 999b9f08 or 666460f7 just yet. I need to test RCL with 666460f7 next.
