Topic: 360 Flash Dump Tool V0.1 (Read 227 times)

Xbox-Scene · « **on:** May 28, 2007, 02:04:00 AM »

360 Flash Dump Tool V0.1
Posted by Iriez | May 28 03:28 EST | News Category: Xbox360

(IMG:http://www.burstnet.com/cgi-bin/ads/ad9520b.cgi/ns/v=2.1S/sz=300x250A/

This tool will allow you to decrypt and extract various parts of a XBox360 flash dump. The flash is devided into 2 major parts

1) The Cx sections (CB,CD,CE & 0,1 or 2 CF & CG sections).
CB, CPU bootup
CD, unpacker for CE
CE, contains the HV and Kernel in a .cab archive
CF&CG are upgrade patches

The tool will extract and decrypt sections CB, CD, CE. Additionally it will extract the .cab file in section CE. This can be opened with winrar and the content (xboxkrnl.img) extracted. The first 256K of xboxkrnl.img is the Hypervisor, the remainder is the 2.0.1888 Kernel.

2) The Flash File System.

The tool expects a dump to contain the data (512 bytes) followed by the ECC (16 bytes). The ECC bytes are used to locate FS entries & identify the version.

The tool consists of the exe and CxKey.txt. CxKey.txt is delivered with 32 '0's and they should be replaced with the key obtained from the 1BL. After all the fuss about AACS keys recently it seems risky to put the key in the exe Wink The Cx sections extracted from a dump will only decrypt correctly if the correct hex digits are inserted in the CxKey.txt file

To do to it

Add support for CF & CG sections
Patch and re-encrypt pairing data in CB and CF

News-Source: xboxhacker.net

Ravo5002 · « **Reply #1 on:** May 28, 2007, 02:09:00 AM »

sweet, so we basicly can look for mistakes in the as src since its uncrypted?

zest · « **Reply #2 on:** May 28, 2007, 02:32:00 AM »

I would guess so. This is nice and with the recent "setback" fresh in mind i hope that something good is going to come out from this. Keep up the good work! \o/

Knasen · « **Reply #3 on:** May 28, 2007, 03:30:00 AM »

So, is this something new that perhaps could help the homebrew scene or is it just "old" news thats getting more available to the public ?

CreisoN · « **Reply #4 on:** May 28, 2007, 05:22:00 AM »

Seems thats the 1ºstep to have a hacked bios in xbox360.
Will us in a future b able to unban those banned 360´s i bet yes!

Imagine a 360 serial generator and we able to replace the 360 key for a good one not banned!

I hope im not that Wrong !
Peace u all!

xlokix · « **Reply #5 on:** May 28, 2007, 05:33:00 AM »

QUOTE(Knasen @ May 28 2007, 05:30 AM)

So, is this something new that perhaps could help the homebrew scene or is it just "old" news thats getting more available to the public ?

This is something new. It will help the homebrew scene downgrade from 4552 kernel to the 4532 kernel. I hope.

Quote from tmbinc:

"That means: If you know how to calculate the CF pairing data, you could modify the "expected sequence" value there (this, however, should be verified by someone.) And to be able to calculate that data, you need the "per-box-key". But if you have that, you could set the number of a 4532 to those of a 4552, and it should boot again."

GuntherMP5 · « **Reply #6 on:** May 28, 2007, 07:12:00 AM »

Will this allow to read the key requested for the DVD drive from the 360 CPU?

I still need to try to fix an old bricked sammy.

TheSpecialist · « **Reply #7 on:** May 28, 2007, 07:25:00 AM »

QUOTE(xlokix @ May 28 2007, 02:09 PM)

This is something new. It will help the homebrew scene downgrade from 4552 kernel to the 4532 kernel. I hope. (IMG:style_emoticons/default/smile.gif)

Let's hope that it finally results in something like that, yes. We created the tool for several reaons, one reason is of course that the future version of the tool will be able to use the info in CE+CF/CG to create the 'true' kernel image. Currently, we can only dump the true kernel from mem for kernels that are exploitable, so not 4552 for example ('true' kernel is base kernel+patches applied). This tool will hopefully soon be able to dump such 4552 'true' kernel from a flash image so we can analyse newer kernels as well and maybe find exploits in that too.

Another reason is that we want more insight in that 'pairing' process that tmbinc describes. And hopefully, the availability of the tool will help other hackers with a 'jump' start. Just run the tool and you have all interesting code sections decrypted and ready for analysis ! (IMG:style_emoticons/default/smile.gif)

QUOTE(CreisoN @ May 28 2007, 01:58 PM)

Seems thats the 1ºstep to have a hacked bios in xbox360.
Will us in a future b able to unban those banned 360´s i bet yes!:D

I don't think unbanning will ever be possible I'm afraid. The console ID is linked to a so called 'console certificate'. That certificate is signed with the MS private key. If these don't match, the x360 won't boot. And since we don't have the MS private key, we can't create a certificate for another console ID. Even if we'd hack the x360 so that it wouldnt care less about an unmatching certificate, it would be incredibly easy for MS to ask for a valid certificate via LIVE.

This post has been edited by TheSpecialist: May 28 2007, 02:38 PM

acsutton · « **Reply #8 on:** May 28, 2007, 08:16:00 AM »

I have a quick nooby question. When the spring update is applied, does it not update the kernel. I was holding off on updating in hopes that I would be able to run homebrew someday on 4552, but if it doesn't even matter I would go ahead and update.

CreisoN · « **Reply #9 on:** May 28, 2007, 07:41:00 AM »

Hum ok !
If we able to get the key from a MB with this we maybe able to replace from a 3 redlight console that is not banned like we do with the drives?
It is like pick the key from the broken consoles that i know it is not banned and put this key in my from
ex: it is like my console now is that one not banned for MS isnt it?
like b4 we able to replace the key only with the drives it save lots of peaple to insted lose the hol console insted and save atlest the drive what is very inportant

Now we might b able to replace the key also in the MB what u think ?
My question is it possible ?
Peace u ALL!

bLiTz 2k · « **Reply #10 on:** May 28, 2007, 08:01:00 AM »

QUOTE(CreisoN @ May 28 2007, 07:58 AM)

Seems thats the 1ºstep to have a hacked bios in xbox360.
Will us in a future b able to unban those banned 360´s i bet yes!

Imagine a 360 serial generator and we able to replace the 360 key for a good one not banned!

I hope im not that Wrong !
Peace u all!

You're very wrong...

QUOTE(CreisoN @ May 28 2007, 10:17 AM)

Hum ok !
If we able to get the key from a MB with this we maybe able to replace from a 3 redlight console that is not banned like we do with the drives?
It is like pick the key from the broken consoles that i know it is not banned and put this key in my from
ex: it is like my console now is that one not banned for MS isnt it?
like b4 we able to replace the key only with the drives it save lots of peaple to insted lose the hol console insted and save atlest the drive what is very inportant

Now we might b able to replace the key also in the MB what u think ?
My question is it possible ?
Peace u ALL!

You're thinking a little too far ahead for what this tool's intentions are. This isnt going to get you unbanned anytime soon, as its purpose is mainly for kernel analysis. Sure at some point there may be a way to do something of an eeprom swap such as what was done on the original xbox, but thats highly unlikely, at least for a very very very long time. I think you need to keep things in perspective, and if you want Live so bad buy another 360.

The Prankster · « **Reply #11 on:** May 28, 2007, 08:56:00 AM »

This is a good reason to get infectus... This is awesome news, good job!

Cmon CreisoN... stop resorting everything to 'The solution for banning.' You = banned, which in turn = permanent. There are other threads for that 'Never-gonna-happen-theory-stuff.'

Cheers.

This post has been edited by The Prankster: May 28 2007, 04:00 PM

BrooksyX · « **Reply #12 on:** May 28, 2007, 08:56:00 AM »

This is great news, hopefully it will lead to bigger and better things soon.

BLKMGK · « **Reply #13 on:** May 28, 2007, 09:11:00 AM »

This looks much like some of the early steps with the PSP. With this the workings of the flash can be better understood and documented, a baby step but a huge one! Have to have the tools and understanding before anything can be built. The PSP community started out much the same way as I recall, this is very good news indeed!

Certificates were mentioned for Live!, are they also signing the flash images? In other words does any minor modification to a flash image invalidate it? Is the code that does this checking hardwired somehow or perhaps just in the installer? I'd be surprised if there's no crypto check on the image, hopefully it can be worked around and enough understanding of the workings gained to allow for unsigned code to be run. For me, personally, that's the holy grail! Something like XBMC or the 360MAME kinds of code is what I'm after rather than a cheap Linux box.

Seeing efforts like this is VERY encouraging and I'm glad I purchased a box with the old firmware just to hold onto. 2 actually but I upgraded the one with the less supported DVD drive so I could play games on Live! heh. I know others whoi have done the same thing, and glad they did I'm betting.

If the community can get to the point where the PSP development is now - unsigned code, custom fetures, blah blah, I will be damned happy, I hope that unsigned code execution is the shared goal.

CreisoN · « **Reply #14 on:** May 28, 2007, 09:13:00 AM »

Hum iC well apriciate bLiTz 2k your clarification hopefully some day in a future things become more flexible like
eeprom swap or key swap.
I really dont care about to play on live, the only thing i like about live r the demos and videos from the upcoming releases dont think worths pay to play with others i already paid for the console:well thats my point of view.
But im not wondering to get a new 360 to have it back like b4.

Anyway apriciate your atention Thank u very much.
Peace U ALL!

Author Topic: 360 Flash Dump Tool V0.1 (Read 227 times)