ALERT!
Click here to register with a few steps and explore all our cool stuff we have to offer!
Home
Upgrade
Credits
Help
Search
Awards
Achievements
 6660

information on the certificate generation for 0x50

by the1Domo - 08-12-2018 - 10:36 PM
#1
it's funny how everybody runs around eating offsets and single hashes having no idea how any of this system works so I'm going to give everybody a hint on how to even get started or even point you in the right direction 

Content Unlocked

Code:
// the security engine contains multiple keys, this is important
// 0x00000X**_00000000 X = region, ** = key select
// x = 0 should be physical
// x = 1 should be hashed
// x = 2 should be SoC
// x = 3 should be encrypted



sub_2440 is where it takes the key and random bytes of 0x80
sub_23918 is where the signature is generated



PHP Code:
# =============== S U B    R O U T    I N E =======================================


sub_23918:
        
mflr      r12
        bla      __savegprlr_24
        stdu      r1
, -0xA0(r1)
        
mr      r29r6
        mr      r24
r3
        mr      r26
r4
        mr      r31
r5
        mr      r28
r7
        mr      r25
r8
        cmplwi      cr6
r290x2A
        bge      cr6
loc_2394C

loc_23944
:                # CODE XREF: sub_23918+3Cj
        
li      r30
        b      loc_23A08
# ---------------------------------------------------------------------------

loc_2394C:                # CODE XREF: sub_23918+28j
        
addi      r11r29, -0x2A
        cmplw      cr6
r26r11
        bgt      cr6
loc_23944
        cmpldi      cr6
r280
        bne      cr6
loc_23968
        addis      r11
r21
        addi      r28
r110x5E48

loc_23968
:                # CODE XREF: sub_23918+44j
        
li      r110
        addi      r30
r311
        li      r5
0x14
        mr      r4
r25
        mr      r3
r30
        stb      r11
0(r31)
        
bla      memcpy
        addi      r31
r310x15
        subf      r11
r26r29
        mr      r4
r28
        li      r5
0x14
        mr      r3
r31
        addi      r29
r29, -0x15
        addi      r28
r11, -0x2A
        bla      memcpy
        clrldi      r27
r2832
        li      r4
0
        addi      r3
r310x14
        mr      r5
r27
        bla      memset
        addi      r11
r280x14
        li      r10
1
        clrldi      r9
r1132
        add      r11
r27r31
        clrldi      r5
r2632
        mr      r4
r24
        addi      r3
r110x15
        stbx      r10
r9r31
        bla      memcpy
        mr      r6
r29
        mr      r5
r31
        li      r4
0x14
        mr      r3
r25
        bl      sub_23830
        li      r6
0x14
        mr      r5
r30
        mr      r4
r29
        mr      r3
r31
        bl      sub_23830
        li      r3
1

loc_23A08
:                # CODE XREF: sub_23918+30j
        
addi      r1r10xA0
        ba      __restgprlr_24
# End of function sub_23918


// ------------------- Function Prototypes --------------------

int32_t memcpy(int32_t a1int32_t a2);
int32_t memset(int32_t a1char a2int32_t a3);
int32_t sub_23830(int32_t a1int32_t a2int32_t a3int32_t a4);
int32_t sub_23918(int32_t a1uint32_t a2char a3uint32_t a4int32_t a5int32_t a6int32_t a7);

// --------------------- Global Variables ---------------------

int32_t g1 = -0x7f31b9e2;

// ------------------------ Functions -------------------------

// Address range: 0x23918 - 0x23a10
int32_t sub_23918(int32_t a1uint32_t a2char a3uint32_t a4int32_t a5int32_t a6int32_t a7) {
 
   int32_t v1 = (int32_t)a3;
 
   int32_t v2 a5// r28
 
   if (a4 42 || a4 42 a2) {
 
       // 0x23a08
 
       return 0;
 
   }
 
   // 0x23958
 
   if (a5 == 0) {
 
       // 0x23960
 
       v2 0x5e48 + (int32_t)&g1;
 
       // branch -> 0x23968
 
   }
 
   int32_t v3 v1 + (int32_t)"NDg"// 0x2396c
 
   *a3 0;
 
   memcpy(v3a6);
 
   int32_t v4 v1 21// 0x23984
 
   int32_t v5 a4 21// r29
 
   memcpy(v4v2);
 
   int32_t v6 0// r27
 
   memset(v4 200v6);
 
   *(char *)(a7 v4) = (char)"NDg";
 
   memcpy(v6 21 v4a1);
 
   sub_23830(a620v4v5);
 
   sub_23830(v4v5v320);
 
   // branch -> 0x23a08
 
   // 0x23a08
 
   return (int32_t)"NDg";




(_create_aes_sbox_128bit) sub_2440 (is where it takes the key and random bytes)
Code:
# =============== S U B    R O U T    I N E =======================================


sub_2440:

.set var_C0, -0xC0
.set var_A0, -0xA0
.set var_20, -0x20
.set var_10, -0x10
.set var_8, -8

        mflr      r12
        std          r12, -8(r1)
        std      r31, -0x10(r1)
        stdu      r1, -0x110(r1)
        addis      r11, r2, 1
        li      r4, 0x14
        addi      r3, r1, 0x50
        lwz      r11, 0(r11)
        stw      r11, 0xF0(r1)
        bl      sub_B488
        addis      r11, r2, 1
        addi      r8, r1, 0x50
        addi      r3, r11, 0x100
        li      r7, 0
        li      r6, 0x80 # '€'
        addi      r5, r1, 0x70
        li      r4, 0x30 # '0'
        bl      sub_B428
        cmpwi      cr6, r3, 0
        beq      cr6, loc_24F0
        li      r4, 0x80 # '€'
        addi      r3, r1, 0x70
        bl      sub_B480
        li      r5, 0x10
        addi      r4, r1, 0x70
        addi      r3, r1, 0x70
        bl      sub_B3A8
        addis      r11, r2, 1
        addi      r3, r1, 0x70
        addi      r5, r11, 0x350
        addis      r11, r2, 1
        addi      r31, r11, 0x40
        mr      r4, r31
        bl      sub_B3E8
        cmpwi      cr6, r3, 0
        mr      r3, r31
        bne      cr6, loc_24E4
        li      r5, 0x80 # '€'
        li      r4, 0
        bl      sub_AD20
        b      loc_24F0
# ---------------------------------------------------------------------------

loc_24E4:
        li      r5, 0x10
        mr      r4, r31
        bl      sub_B3A8

loc_24F0:
        lwz      r3, 0xF0(r1)
        bl      sub_204
        addi      r1, r1, 0x110
        ld      r12, -8(r1)
        mtlr      r12
        ld      r31, -0x10(r1)
        blr
# End of function sub_2440

# ---------------------------------------------------------------------------





now will everyone please stop talking bad about each other to each other and just learn how to work together I mean seriously this community is like a bunch of little children who are all like trying to be the smartest idiot I feel like I'm in grade school with all these kids thinking I'm better than you all need to grow up and be adults
if you like my posts and want to see more please plus rep
Reply
#2
there's also tons of useful information on the internet that will help you guys all figure this out if everyone would just work together instead of attacking each other we would have a better community

my archives was garbage
http://projectgames.club/Xbox/

Archive of Xbox 360 Wiki
https://github.com/Free60Project/wiki


I mean are you guys serious they even give you bootloader code here
https://github.com/Free60Project/wiki/bl...bl_Code.md
https://github.com/Free60Project/wiki/bl...CB_Code.md



stop trying to show each other your penises and show who the bigger idiot is and just work together from what I've been reading none of you guys know anything I've been working in this community for a very long time I'm the one who originally leak the original source from Xbox stealth or as some people call me the Liberator everyone just likes to talk crap to everyone even though all of your original resource and all of the original research was never obtained by any of you you guys just all run around with the same garbage perfecting it


I will give you guys that you guys have done a good job of perfecting garbage you  guys have made it run very well and in very good States I just want to see this community grow to what it used to be before all this Xbox Live stealth fucking garbage I mean seriously you guys are all better than this stop acting like idiots



and those of you return the base careers off of stove Services don't you realize that these are all going to go away in a few years and powerpc isn't even and you said anymore it's not even industry-standard it's dead so you're spending all of this time learning a dead system talking crap to each other International who has the bigger penis when you get you guys should all be learning how to actually do things so in the future you guys can have careers I really like to get a bunch of you together and teach you how to hack real video games on PCs


I really think most of you guys need to Branch out of the Xbox garbage if anyone is actually interested and making real money and actually having something that can last send me a message via p.m. and I'll give you a Discord where you can learn how to make a real hacks for PC games which actually take skill

security initialization in the HV 


Hidden Content
You must register or login to view this content.

if you like my posts and want to see more please plus rep
Reply
#3
is ready to be an adult and learn how to really code for a real system join my Discord I will not help with Xbox but I can give you advice I think the community has become very toxic

but join me and talk
https://discord.gg/4RE83e


http://projectgames.club
if you like my posts and want to see more please plus rep
Reply
#4
??let's see very interesting
Reply
#5
seeing what this is thanks
Reply
#6
nice ty frends !!
Reply
#7
Hey can you help with online games ?
Reply
#8
I'm just curious what you actually put in this..
Reply
#9
thanks for the post!
This account is currently banned
Ban reason: Multi
Reply
#10
this seems like a good place to leech, thanks thunder thighs!
Reply

Users browsing: 7 Guest(s)