360 Flash Dump Tool V0.1

[robinsod]

Figured it out

I had to tick the CPU box and use the provided 32 0's. Just did it with the 1BL and CPU key box ticked and it starts up correctly now.

Thanks again to all 

Yeah, another bug For now just check the box for the cpu key and set it to all 0s (or your correct key). If you do use a cpu key of all 0s the keyvault will be invalid and patching wont work.

Sorry about the confusion - Expect an update that fixes this and extracts the patched xexs soon

[Kiss]

Any hints where to search for this XEX1/2 keys ? Or me is simply blind ?

[robinsod]

http://rapidshare.com/files/41015519/tool.72.zip.html

Fixed stupid no CPU key crash bug

Now applies the patches (xexp files) it finds to the xex. So, for a flash dump that contains:

dash.xex (V 1888)
dash.xexp1 (V 2241)
dash.xexp2 (V 2868)

You'll get

dash.xex.1888.bin
dash.xex.2241.bin
dash.xex.2868.bin

etc etc. Check the log file for load address etc

[robinsod]

http://rapidshare.com/files/41019547/XEXDecrypt.rar.html

A standalone XEX decrypt/decompress/patch tool

This little command line util will decrypt and decompress XEX files, it will also apply an xexp file to create the updated XEX. It requires that you have the XEX1 & XEX2 keys correctly set in the registry (using the NAND dump tool above)

Usage:   XEXDecrypt file.xex (patch.xexp)

Where file.xex is a normal XEX (such as default.xex or HdDvdXPlayer.xex). You may also specify an optional patch file, XEXP

It's not been tested much So if you find an XEX that crashes please let me know

[Geremia]

thanks, much appreciated

i sent you a PM about resource.xex, seems not just an executable....

[robinsod]

If you are extracting an update package (or other PIRS I guess) don't use 360Tool it seems to produce corrupt files, the encrypted/compressed length is incorrect. I get good results using wxPirs

[robinsod]

Ooops, looks like there was a bug in the standalone XEXDecypt tool which means that the resulting patched XEX files where incorrect  I'm sorry if you spent a lot of time working with HD DVD Player plus patch versions 4248 & 4629. Unpatched XEXs were unaffected

You can get a fixed tool here:

http://rapidshare.com/files/42886802/XEXDecrypt.rar.html

The tool has also been updated to prefix the XEX2 header on the front of the decrypted/patched binary for compatibility with the IDA Pro XEX loader I hope to release soon

[Geremia]

thanks for the fix 

[robinsod]

360 Flash Dump Tool 0.8

http://rapidshare.com/files/43102250/tool.08.zip.html

Fixed:
Stupid bug that ment xexp files were not applied correctly (same as XEXDecrypt above)

Added:
The tool has also been updated to prefix the XEX2 header on the front of the decrypted/patched binary for compatibility with the IDA Pro XEX loader I hope to release soon
SeventhSon has added the ability to re-encrypt and insert a KeyVault (I'll let him explain more, it's rather cool and his doing)

BTW, I never looked at XB1 region encoding but the 360 seems to use 2 bytes, so far I know:

US : 0x00,0xFF
EU : 0x02,0xFE

I have region 1 (US) DVD movies I can test with and a Jap/NTSC game disk - any idea what the region code for Jap/NTSC is?

[SeventhSon]

SeventhSon has added the ability to re-encrypt and insert a KeyVault (I'll let him explain more, it's rather cool and his doing)

When you click the [Patch] button you now have the option to "Patch keyvault". Check this box if you want to load a modified KV and then select the modified KV plaintext file. The KV file must be 0x3FF0 bytes long and unencrypted, a KV dump made using the Flash tool [Extract] feature is perfect. Then click OK and select the output NAND image file as normal. The output image will contain the new KV.

That's all there is to it. Feel free to PM me any bugs you find with the KV stuff.

Enjoy

P.S. Technical details in the KV contents thread

[SeventhSon]

I've split the region code discussion into a separate thread to keep this one on topic. All region code stuff here please

http://www.xboxhacker.net/index.php?topic=8170.0

[robinsod]

A small update

http://rapidshare.com/files/43612394/tool.081.rar.html

Adds the possibility to dump just the flash in 3 parts:

1) Cx Sections
2) KV
3) File System

Note: If you have bad flash blocks that prevent you dumping a particular area this will is a work around while I write some bad block handling code

EDIT: Update, only the CPU key is required to enable the extraction of the Key Vault

[explizit]

Robinsod I still encounter the problem someone mentioned one page ago. When I try to open a *.raw file, then your tool crashes with the following message "360 Flash Tool MFC Application has encountered a problem and needs to close".
Without the 1BL key it works perfect, but with it doesn't. 1BL key is correct because it worked some hours ago today (pairing data was visible, etc.).
My current operationg system here is vista. When I run it as an admin, the problem is still the same.

Regards,
Explizit

[robinsod]

The most common reason for a crash is bad keys (you might have seen some values in the pairing data but was it correct?). Usually what happens is the 1BL key is used to decrypt CF then info from the CF header is used to find all the CG data. If 1BL is wrong then the data in the CF header is wrong and ..... Please check your 1BL key

[MoDInside]

The most common reason for a crash is bad keys (you might have seen some values in the pairing data but was it correct?). Usually what happens is the 1BL key is used to decrypt CF then info from the CF header is used to find all the CG data. If 1BL is wrong then the data in the CF header is wrong and ..... Please check your 1BL key

robinsod coul you please tell us how to insert the patched KV without the 1bl key, cause tool 081 does not let me do it unless I provide the 1bl key.

Regards.

[TSX1]

Is it possible to remove TSOP from the board and then read the NAND with a programmer instead of using Infectus ?!
If yes, then can I use that file by Flash Dump Tool ?
Thanks

[robinsod]

yep ;

But the Infectus is the cheapest/easiest tool for that initial dump. Once you have that I recommend the Olympus MAUSB / XD card hack (but by then you will have the infectus installed anyway )

[TSX1]

Thank you 'robinsod' for your quick answer 
I removed the TSOP from the board then read the NAND with a programmer. dumped file size is exactly 17301504 bytes.
I have CPU Key and 1BL Key set in the Flash Dump Tool v0.81 but when I want to load my NAND dump, the Flash Dump Tool program crash with error mentioned before by other users!
My console region is NTSC/J.
What's the problem ?
Thanks

[atiman]

If console is running in 4532 or 4548 and you can start tmbinc's software firmware dumper program (with Command 3 instead of 2), you obtain EXACTLY the SAME dump as the one you get with infectus (and you get details about bad sectors if you have some). So, in fact the cheapest/easiest tool for initial dump is... no tool at all...

[TSX1]

Can you explain more, atiman ?
Do you think my dump has bad sectors, and this is the problem which cause Flash Dump Tool to crash ?
Thank you