Print

[ramzi22]

CODE

HMAC_SHA1(hddkey,HMAC_SHA1(authkey,data))

Now, AutoUpdates and Downloadable Content have files named contentmeta.xbx.  These meta files contain information about the data files in the package.  This contains the filenames and the sha1 hashes.  The first 20 bytes of the contentmeta.xbx is the non-roamable signature.  Through testing only offsets 0x14 - 0x64 or 20 - 108 are used in the hmac sha1 calculations.  What i did was i ran xbinstcont over and over changing on byte at a time to see which parts of the contentmeta.xbx altered the 20 byte signature.  I tryed dissambling xbinstcont (an XDK tool) to see if it had the signing methods, but after a packet sniff i found that xbinstcont just told the xbox to sign it using its API.  This is what one of the packets contained:

CODE

SIGNCONTENT NAME="S:\4D530064\$U\contentmeta.xbx" TITLEID=0x4d530064

So i tryed doing HMAC_SHA1(hdkey,HMAC_SHA1(authkey,20-108 of contentmeta.xbx)) but it didnt come out to the correct signature.  Does anyone have any ideas or more info that i dont?

Also, When running halo 2 on an xbox it creates E:\CACHE\ with some .bin files.  I opened them in a hex editor and they were packets.  Inside it contained the serial key that the xbox1 emulator uses, however it wasn't the serial on the case, i did a search through my entire hd dump and didn't find the serial key so it much be stored somewhere else, encrypted, or in another form i didnt search for.  Itryed searching for the serial key in the dump in ascii form, as hex, and converted to hex, but no luck.

EDIT: The packet in E:\CACHE on the xbox 360 was like this http://xbox-linux.so...phoneshome.html  Also, i know its not E:\ but the emulator partition.