360 Flash Dump Tool V0.1

[jester]

Nice bump, thanks a lot arnezami!

[Textbook]

I have a 4552 kernel system that I dumped using Tiros' Nandpro 2.0 (LPT dump).  I dumped the NAND twice , and both dumps had matching MD5 checksums.  What I did notice though was that these dumps had a block read error @ 300 though.



The dump opens up just fine with Flash Tool 88b without the cpu key.

I flashed the NAND with the Xenon hack to load Xell and this gave me the cpu key.  When I set Flash Tool to use the cpu key and 1BL key (and yes, it's the right 1BL key), then try to load the dump, Flash Tool crashes.

Here is my cpu key via Xell output: 000f343821ff9cee35aa7acc753648ed



I can upload the nand dump I made with nandpro, but I was unsure of the rules regarding linking to that.  If this is allowed, I can do that and you can try it for yourself.

I just wanted to know if Flash Tool has a problem with dumps from chips with bad blocks or some other explanation.  I do not know the DVD drive key for this system and this is preventing me from obtaining it.  Thanks.

[welly_59]

Try it without entering the 1bl key. I'm sure it states somewhere in this thread that onkly the cpukey was needed to decrypt the keyvault with this tool after a certain revision by robinsod

[welly_59]

Have a look at reply 111. He added this in flashtool 0.81

[Textbook]

Tried that, still crashes.  It loads fine with no CPU key and with a wrong CPU key (but obviously says key is bad).  When I set the correct key and try to open it, that's when it crashes.

[welly_59]

Message me a link to the dump if u want mate and I'll have a look when I finish work

[gupek]

its quite strange, if U want me to see it too U can m@il me dump

[arnezami]

Info on small bug.

If a processor key starts with 00 then the program crashed. This was because of this (quick and dirty) check in KV decryption (CXSection.cpp)

Code:

if(*pK0 == 0x00)
{
return FALSE;
}

This code was probably meant to stop decypting if the key was all 00's. So when you replace it with this code:

Code:

BYTE SomeZeros[0x10];
memset(SomeZeros,0,0x10);

if(memcmp(pK0,SomeZeros, 0x10) == 0)
{
return FALSE;
}

then you won't have any problem decrypting your flash/kv (no crash).

Regards,

arnezami

PS. Here a fixed flash tool (based on 88a, I don't have source of 88b)

[zouzzz]

Good job (again).

[gupek]

yeah, now it works, thx

[Textbook]

Yeah, that fixed it.  Thanks arnezami.

[Cpasjuste]

Textbook you should not post your fuseset.

[DarkstarTM]

The fixed version still crashes when I try to extract from a dump that I made from a Falcon box.

CB/CD is 5770. Also I had the following error while dumping:

Error: 250 reading block 304

[arnezami]

The fixed version still crashes when I try to extract from a dump that I made from a Falcon box.

CB/CD is 5770. Also I had the following error while dumping:

Error: 250 reading block 304

I've looked at this and Flash Dump Tool doesn't check if the CPU key is available when it comes to decrypting CD, CE, CF and CG (only needed when you have CB/CD 1920 or higher). This means it crashes on the decompression algos (it can't decompress random data).

In other words: as long as you don't have your CPU and have 1920 or higher then Flash Dump Tool can only decrypt CB for you (and it then crashes). You need to get the CPU key from the jtag exploit first. But for that you need a proper CD section. From what I understand this CD section has to be "guessed" from a previous CD version (which is probably 99% the same or so) and a hash in the new CB version (that is decrypted by this Flash Dump Tool) and that will match if the guesses are correct. tmbinc probably knows much more details.

Does anybody have a CB/CD version of 1921 btw?

Regards,

arnezami

[tmbinc]

Yes, that's how i obtained 1921: I've disassembled 1920 back into something which assembled byte-identical, and then inserted the TA-fix until it matched the target hash.

[reddwarfusa]

HELP

Ok I obtained by nand dump via the lpt and its perfect, grabbed twice and compared they are the same.  I try to open the 360 flash dump tool (.88b) retail and it opens,  as soon as I search for my nand dump it crashes with mfc application error.  This happens every time.  I then (for fits and giggles) tried the devkit version and the dump gets opened.  Does any one have any ideas?  Seems strange and will stop me obtaining my DVD key.  Can i use the devkit version of and then enter cpu key to check for DVD key or is there anything i can do to get hte retail verison working?

Thanks

[agaputo]

Hi,

I put the 360 Flash Tool v. 088b on hotfile.

http://hotfile.com/dl/10853411/6462cbe/360_Flash_Tool_Retail.exe.html

http://rapidshare.com/files/271423102/360_Flash_Tool_Retail.exe.html

[Pimp_My_Console]

i have a prolem...my nand backup can't uploaded by 360 Flash Tool v. 088b.the program freezing..but before th program can load the nand bacup..todey make me an error..the nand backup are ok!!!!today freeze the program!!!why???
can i get dvd key whitout this program?

noo
noo
sorry sorry my mistake!!!sorry again

[AHippyHop]

Hello,

Just dumped my 7371 NAND using Cygnos v2. It has two bad blocks at 0x3FE 0x3FF. I already have my CPU key.

When I move to extract the RAW file system to obtain my smc.bin and smc_config.bin for XeLL/image construction,
using 360 Flash Tool, they are missing. All other files are present and correct.

Am I doing something wrong? 

Any help welcome! Hope I've put this question in the right category.

AHippyhop




*****UPDATE******
 
Solved it. My fault.

You need to install Visual C++ 2008 Express Edition or the Visual C++ Runtime Library
and use the 360 Flash Tool included in the freeBOOT 0.01 package. No other 360 Flash Tool
version will extract the smc.bin and smc_config.bin properly.

I got this info from .ISO and icekiller posts from a month ago. Many thanks

*****UPDATE ENDS***

[APE]

Getting crashes on all versions with my NAND dump. Dumping it again to compare and check to see if it is even a *good* dump. Grabbing this from a Zephyr mobo if that matters at all.