XboxHacker BBS
 
Home Help Search Login Register
*
Welcome, Guest. Please login or register.
Did you miss your activation email? 		May 24, 2013, 03:56:28 AM


Login with username, password and session length


XboxHacker BBS > Research & Technical XboxHacking (Xbox 360) > Software (TECHNICAL) (Moderators: SiliconIce, Arakon, Redline99) > 1bl.bin
Pages: 1
« previous next »
  Print  
Author Topic: 1bl.bin  (Read 2565 times)
Solenoglyph
Newbie
*
Posts: 1


View Profile
« on: June 13, 2008, 01:44:47 AM »
So i've been reading up on all the great work done here but it seems like research into the kernel has stagnated some. I'm 95% sure that i don't have anything to offer but I do have a lot of free time on my hands, so i've decided to start poking around in my NAND. I have an infectus on the way, but I have a falcon board, so I can't downgrade and dump my fuses or the 1BL.bin.
The fuses I will have to live without; i will leave the KV research to the better reverse engineers. What I am interested in is finding an unsigned code vector in the 2BL. To that end, i'd like write some code that will duplicate the signature check of the 1BL; i.e, an .exe that I can feed a NAND image that will tell me whether or not the 1BL will choke on it, without having to reflash to find out. Make sense?
However, I can't dissect the 1BL because I can't dump it from my box. So ATM I am SOL.
I'm hoping that somebody can help in any of the following ways:
           1. Pointing me to a tool that already does this, at which point i will leave in shame and never return,
           2. Pointing me in the right direction with some pseudocode, or
           3. PM'ing or posting a link to a large meaningless number for no reason Wink.
I'm also hoping that people will NOT tell me i'm an idiot/wasting my time. I am well aware of the futility of breaking RSA and it is not my intended plan of attack.
Thanks in advance.
-Solen
Logged
Shaun
Xbox Hacker
*****
Posts: 505



View Profile
« Reply #1 on: June 13, 2008, 04:13:45 PM »
by all means go and have a play but i dont see how you will check if the 1bl has passed as no1 know the rsa private key ?
the code which checks 2bl auth is on this forum in parts and probably exists in 'the usual places' such as xbins.
afaik 1bl does not change from xenon, zephyr, falcon as it doesnt make sense / cost effective and no evidence exists to disprove this.
2bl can be easily found by decrypting the nand dumps with robinsods tool using the public 2bl key which was found from the 1bl when dumped and is still valid, analysis via ida which is also mentioned on this forum
Logged
jee34
Newbie
*
Posts: 6


View Profile
« Reply #2 on: August 08, 2012, 08:10:13 AM »
So i read well, 2BL can be decrypted without knowing the cpu key ?
Logged
Pages: 1
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC

Valid XHTML 1.0! Valid CSS! Dilber MC Theme by HarzeM