Print

[rzax2]

I, like a complete idiot, got my box flagged by the AP25 check on the new dashboard. I tried to restore my secdata.bin using the standard methods but all my time stamps are the same so im thinking they are all no good (findsecdata shares this same assumption).        

Now I have noticed this xbox always has the same date and time whenever I turn it on (its an offline only box).  This appears to be the dame time as on the secdata timestamps. Is it possible that I may still have an old secdata even though they all have the same time stamp just because thats always the time my xbox displays? Even so, if those are all from the previous dashboard, I'm still boned, right?

Assuming that those secdatas are bad, would it be possible to use a donor NAND and my kv to restore a good secdata?  Seems like I'm pretty SOL on getting this xbox to sign trusted content again.

[userix]

QUOTE(rzax2 @ Nov 23 2010, 12:20 PM)

I, like a complete idiot, got my box flagged by the AP25 check on the new dashboard. I tried to restore my secdata.bin using the standard methods but all my time stamps are the same so im thinking they are all no good (findsecdata shares this same assumption).        

Now I have noticed this xbox always has the same date and time whenever I turn it on (its an offline only box).  This appears to be the dame time as on the secdata timestamps. Is it possible that I may still have an old secdata even though they all have the same time stamp just because thats always the time my xbox displays? Even so, if those are all from the previous dashboard, I'm still boned, right?

Assuming that those secdatas are bad, would it be possible to use a donor NAND and my kv to restore a good secdata?  Seems like I'm pretty SOL on getting this xbox to sign trusted content again.

Is it only flagged offline? Mine is flagged and it is not crippled, I can still use my save games and play other games that are non-AP2.5.  I was thinking of trying to restore an old secdata.bin using the guides posted in this forum, but thought about the same problem you have encountered with all the timestamps being the same due to the system being offline and not able to obtain the real time.  

Is the secdata.bin dashboard specific?  I thought it was only the encrypted x-value, which is independent of dashboard versions.  But even then, wouldn't there be at least one secdata.bin instance that was created from installing the new dash update?

In theory, couldn't you back up your NAND, and then try zero-filling all instances of secdata.bin except one to see if that can restore the xval back to the clean state?  And then repeat all possible combinations to see if one will restore secdata to clean state?  Since zero-filling all instances of secdata.bin except one, would force the xbox to restore the only secdata.bin instance that wasn't zero-filled.  Someone please correct me if my logic is incorrect.

rzax2, can you post your findsecdata output?  I want to see what exactly it looks like in your case.

[rzax2]

QUOTE(userix @ Nov 23 2010, 08:03 PM)

Is it only flagged offline? Mine is flagged and it is not crippled, I can still use my save games and play other games that are non-AP2.5.  I was thinking of trying to restore an old secdata.bin using the guides posted in this forum, but thought about the same problem you have encountered with all the timestamps being the same due to the system being offline and not able to obtain the real time.  

Is the secdata.bin dashboard specific?  I thought it was only the encrypted x-value, which is independent of dashboard versions.  But even then, wouldn't there be at least one secdata.bin instance that was created from installing the new dash update?

In theory, couldn't you back up your NAND, and then try zero-filling all instances of secdata.bin except one to see if that can restore the xval back to the clean state?  And then repeat all possible combinations to see if one will restore secdata to clean state?  Since zero-filling all instances of secdata.bin except one, would force the xbox to restore the only secdata.bin instance that wasn't zero-filled.  Someone please correct me if my logic is incorrect.

First off thanks for any help or information you provided. Im somewhat new to this whole "scene" so to speak, so Im sorry if i say or do anything completely retarded.

Yes i can still use save games, but only on this console. I like to carry my gamertag with me on USB for use on my online console and other friends consoles, so swapping to those consoles directly after using the the offline one is a no-go since the profile is not signed. Also somewhat of a gamerscore whore. Im mainly doing this because Im lazy and would rather spend the one time effort of fixing this then have to uncorrupt my profile each time from my computer whenever i want to use it on a different box (which also pisses me off because of the constant reminder of the stupid mistake i made everytime I have to do that, even though it probably takes no more than 2-3 minutes to do)

I honestly have no idea if the secdata.bin's are Dashboard specific. Would definitely be nice for me if they werent   I think I have 2-3 secdatas that I could try, using the technique you stated. I wanted to do a bit more asking around before I went stabbing in the dark there incase it was pointless to do so. Some of the secdatas that are there are definitely overwritten, as I can see they have garbage written over parts of them, but I could atleast verify if the remaining ones are possibly good.

Maybe you could take a guess at what to try with the dump of my findsecdata:

findsecdata v0.62 2009-12-09 by boby2pc
Controller version 3
Last filetable change: 0x42
ECC change: 0x42 Filetbl: 0x0BC5 Secdata: 0x00DD Timestamp: 33766031 2005-11-22
ECC change: 0x3F Filetbl: 0x0B99 Secdata: 0x0140 Timestamp: 33766001 2005-11-22
ECC change: 0x38 Filetbl: 0x0C19 Secdata: 0x0138 Timestamp: 33766001 2005-11-22
ECC change: 0x37 Filetbl: 0x0BF8 Secdata: 0x03EE Timestamp: 33766001 2005-11-22

Checking secdata:
0140 containts not 0 values above offset 1024 or zeros below 1024 (overwritten)
0140 containts not 0 values above offset 1024 or zeros below 1024 (overwritten)
03EE containts not 0 values above offset 1024 or zeros below 1024 (overwritten)

Searching for recommended

Extracting secdata:
secdata00DD.bin
secdata0138.bin

Extracting filetables:
filetable0BC5.bin
filetable0C19.bin

Creating patched secdata:
Patchedsecdata00DD.bin
Patchedsecdata0138.bin

Creating patched filetables:
Patchedfiletable0BC5By0BC5.bin
Patchedfiletable0BC5By0C19.bin

Use:

Old secdata.bin not found. Console might be not banned, already patched or secdata.bin overwritten.

Press ENTER



Hmm... Now that I look at it again, that first time stamp appears to be slightly larger, even though the translated date is coming back the same.  Maybe thats the one I should try nuking.

[userix]

Yeah, that one does seem suspect.  I am sort of new to the NAND flashing scene too, but it would seem that secdata doesn't always update?  Only when there is either some flag being thrown up or the likes.  My guess is secdata doesn't always update unless something bad happens that it needs to flag the console for a ban.

Some more questions:

   If you use a hex editor and manually search for secdata.bin instances, how many are there?  Findsecdata.exe only lists 4 total?  I remember seeing in a post somewhere that a manual search through a hex editor yielded many more instances of secdata.bin.  Not sure how many previous backups of secdata are present in the NAND.

Here is another way to verify if indeed those four instances of secdata.bin are identical or different (NOT 100% sure if this works, again theory based off of what I know so far):

Read each instance of secdata.bin as listed by Findsecdata.exe using nandpro and save them as separate bin files, then use an MD5 checker (ie. md5sum) and compare the hash values for each instance.  If the 3 that have identical timestamps are truly the same, the md5 values for those respective 3 should be the same.  Again, I could be wrong about this...

But of course, if you have fully backed up your NAND, there should be no problem experimenting around with my zero-fill theory.  If anything goes awry, just simply flash your complete, untouched NAND backup to your console.

Which method did you use to read your NAND?  jerry-rigged LPT parallel cable? or Nand-x usb device?

Are you saying that our offline console getting AP25 flagged cannot have their profiles and savegames moved to another console?  will it be corrupt on the other console?  I thought corruption only happens if we ever connect the flagged console to live and get it banned.  Right now, the only thing on our consoles is that Failed AP25 xval and that is only tied to the console.  If we move our profile and saves right now to a different console, my guess is that they will work fine since the xval doesn't go with the profile. But again, I am a total noob here with only speculation and hypotheses based off of what I learned from this forum so far.

This post has been edited by userix: Nov 24 2010, 04:14 AM

[rzax2]

Using a hex editor I get substantial more secdata.bin. Most of them seem overwritten (looking at the ascii at the side, some of the english words have characters replaced with other things). Whatever ECC change stands for in FindSecData, all the secdata.bin's i found using the hexeditor have one of those 4 values as their ECC, and all but that one have the same timestamp.  Either way, I should probably just go the zero-fill route on atleast 00DD and 0138 guys.  Think it would be best to just zero-fill every one of the secdata's minus the one Im testing, even the ones that appear overwritten?

I used nand-x and dumped the nand 3 times. All bin's matched fine.

Yes, that is pretty much correct. Moving this profile (just swapping the USB from the offline box to the online box) yields a corrupt profile, as well as any save game loaded on the offline box also being corrupted. It really is a minor issue and more of a matter of inconvenience then anything, but I wouldnt mind fixing it if the tools are available if you know what I mean.

This post has been edited by rzax2: Nov 24 2010, 04:17 AM

[userix]

Dang, so our profiles are corrupted if we try to move it off our flagged console?  I thought only after a ban from M$ does our profile/savegames become corrupted.  So if you were to successfully clean the secdata, the profile/savegames will work once again on the other console?

How many more instances of secdata did you find using a manual search?  For Nand-x you used the quick solder boards?

So the 3 secdata with identical timestamps are identical secdata themselves?  They are 3 copies of the same thing?

This post has been edited by userix: Nov 24 2010, 04:30 AM

[rzax2]

Yeah they are definitely corrupt. Can use an uncorrupter and rehash/resign it and its fine, but annoying to have to do everytime.  And yes, cleaning the secdata will allow your xbox to sign trusted content once again, and you should be fine from that point forward (may have to uncorrupt and rehash/resign one last time, but that should be it).

I found 9 total instances when using a hex editor.

I used the QSB's. Very easy to install.

They dont appear to be identical. Just a quick glance at them, things appear to be different, but I dont know how to tell the difference between a valid secdata and one that has been overwritten.  Ill probably dump all 9 instances of the secdata's when i get a change (hopefully tomorrow) and do a more thorough look at them.  I should probably look into how findsecdata determines if the secdata has been overwritten so i know which ones not to mess with, but all in all it may just be easier to start with the ones that findsecdata seems to think is valid, and then if those dont work test the remaining 7.

This post has been edited by rzax2: Nov 24 2010, 05:17 AM

[userix]

Yeah, that's what I figure as much, and since you have a backup already, you have no worries if you mess up.  Can you reflash and start over again, trying the next secdata.

Definitely keep me posted, cuz I want to clean my secdata too.  *waiting for my nand-x to come in next week*

This post has been edited by userix: Nov 24 2010, 07:06 AM

[rzax2]

Unfortunately this is the end of the road for me recovering the secdata.bin unless its possible to use a donor nand. I looked at all the remaining secdata's, and all but one are definitely overwritten.

[userix]

Sorry to hear.  How can you tell they are all overwritten?  Have you tried to force recovering each secdata.bin to see what happens anyways?  Did you use the console a lot after it was flagged with AP25 failure?  What's the the one secdata that isn't overwritten?

This post has been edited by userix: Nov 25 2010, 03:02 AM

[rzax2]

I didnt use it much after it was overwritten, but i did try do boot the AP25 game a few times before i realized the mistake that was made, so that may have caused issues. I have a feeling the dashboard update itself blew away some of the old ones as well as removing an overwritten secdata lead to an E79 error (meaning something else is now using that memory location obviously). The corrupt ones have random characters dumped in the legible ascii *such as "systemupdate.xex looking like .ystemupdate.xe or vairous combinations like that as well as when you pull them off individually, the leading values you expect to see using the zero method tutorial looks like it has other data there instead of the empty data.  I didnt try to use each secdata, only a couple of them. I will probably try them eventually but its not looking promising.

The one secdata that wasnt overwritten is the current one that is flagged for failing AP25

[userix]

When and where are you getting the E79 error?  Did you actually attempt to zero fill and flash some of the secdata back and boot the console?  The absence of leading values you are referring to is the repeating "1F FB" that is suppose to show up at the beginning of the individually dumped secdata sector?

[Strigy]

hey, the same thing happened to my xbox, it was banned last year and i zerofilled my secdata to allow trusted content.  everything was working fine until lastweek when i upgrade to the latest dash and tried to play NFSHP.  My xbox seems to of rebanned itself even though it hasn't been online for almost a year and a half.  I like to keep my profile on a memory card and move it from my offline and online xbox to keep my gamerscore.  but it seems my profile is corrupted now.  like rzax2, i can hook it up to my pc easy enough to uncorrupt it but its a pain.  I took a nand dump lastnight and am getting the same result from findsecdata.  I tried restoring my previous nand from a year ago before the dash update, but thats not working either.  Can i get the secdata from my previous nand backup to inject them into my current nand?  or is there anything else i can try?

[Unregistered007]

Comeon guys we need more information. I want to unflag my Offline ONLY console as well.

[MadBoxer]

QUOTE(Strigy @ Nov 25 2010, 06:05 AM)

I tried restoring my previous nand from a year ago before the dash update, but thats not working either.  Can i get the secdata from my previous nand backup to inject them into my current nand?  or is there anything else i can try?

No, once you update your dash, the old nand dump is pretty much trash unless you have the CPU key. I know it doesn't help you now, but this is why it is important to backup the nand every time you update the dash.