ALERT!
Click here to register with a few steps and explore all our cool stuff we have to offer!
Home
Upgrade
Credits
Help
Search
Awards
Achievements
 12720

information on the certificate generation for 0x50

by the1Domo - 08-12-2018 - 10:36 PM
#31
(06-30-2019 - 03:46 PM)xcryptic Wrote: I know for a fact you dont know how to generate the ecc and encrypted hv. You may know what the keys are for. But you don’t know what to do with them!
You have no idea what to do with them.
Reply
#32
nice drop of some good information
Reply
#33
(03-31-2020 - 04:26 AM)Slutty-eGirlz Wrote: nice drop of some good information
lol really :DDDDD lmfao
Add m on Discord :)
Ursula von der Leyen#1337
Reply
#34
(03-31-2020 - 04:31 AM)CrystalMeth Wrote:
(03-31-2020 - 04:26 AM)Slutty-eGirlz Wrote: nice drop of some good information
lol really :DDDDD lmfao
best way to get credits lmfao
Reply
#35
(03-31-2020 - 05:15 AM)Slutty-eGirlz Wrote:
(03-31-2020 - 04:31 AM)CrystalMeth Wrote:
(03-31-2020 - 04:26 AM)Slutty-eGirlz Wrote: nice drop of some good information
lol really :DDDDD lmfao
best way to get credits lmfao
xDDDDD
Add m on Discord :)
Ursula von der Leyen#1337
Reply
#36
After its initialization sequence, the kernel loads the following executables (in order)

xam.xex
xbdm.xex
xstudio.xex
ximecore.xex
Xam.Community.xex (from disk)
huduiskin.xex
xshell.xex (devkits) / dash.xex (retail)
It then unloads the following:

huduiskin.xex
bootanim.xex
Reply
#37
(03-31-2020 - 04:10 PM)Marioriel Wrote: After its initialization sequence, the kernel loads the following executables (in order)

xam.xex
xbdm.xex
xstudio.xex
ximecore.xex
Xam.Community.xex (from disk)
huduiskin.xex
xshell.xex (devkits) / dash.xex (retail)
It then unloads the following:

huduiskin.xex
bootanim.xex
This has nothing to do with the challenge at all lol
Reply
#38
I mean you can last with the Xenon method you know just poking value still hypervisor through hypervisor Peak and Polk. you literally don't have to do anything else just clean a hypervisor and poke it. don't be stupid and try to poke the whole thing.


just a way to make it easy for translating the xebuild patches :)
Code:
        VOID setHV0(BYTE* HV, QWORD qAddress, DWORD Address, DWORD Size)
        {
            BYTE* Data = (BYTE*)XPhysicalAlloc(Size, MAXULONG_PTR, NULL, PAGE_READWRITE);
            memset(Data, 0, Size);
            memcpy(Data, HV + Address, Size);
            xbox::Hvx::HvPokeBytes(qAddress + Address, Data, Size);
            XPhysicalFree(Data);
        }

Code:
VOID cleaningHV(BYTE* SystemHV, BYTE* CleanHV)
        {
            setHV0(CleanHV,        0x8000010000000000, 0x00, 0xFFFF);
            setHV0(SystemHV,    0x8000010000000000, 0x00, 0x20);

            //setHV0(CleanHV,    0x8000010000000000, 0x34, 0x40);
            //setHV0(CleanHV,    0x8000010000000000, 0x40, 0x30);
            //setHV0(SystemHV,    0x8000010000000000, 0x54, 0x10);
            //setHV0(SystemHV,    0x8000010000000000, 0x77, 0x02);
            //setHV0(CleanHV,    0x8000010000000000, 0x78, 0xFF88);


            setHV0(SystemHV,    0x8000010200000000, 0x10000, 0x04);
            setHV0(SystemHV,    0x8000010200000000, 0x10020, 0xA0);

            setHV0(CleanHV,        0x8000010200000000, 0x100C0, 0x40);
            setHV0(SystemHV,    0x8000010200000000, 0x10100, 0x30);
            setHV0(SystemHV,    0x8000010200000000, 0x16390, 0x04);
            setHV0(SystemHV,    0x8000010200000000, 0x16620, 0x01);
            setHV0(SystemHV,    0x8000010200000000, 0x16640, 0x14);

            setHV0(CleanHV,        0x8000010200000000, 0x10350, 0x30);

            setHV0(CleanHV, 0x8000010200000000, 0x15E00, 0x80);
            setHV0(CleanHV, 0x8000010200000000, 0x15FD0, 0x04);
            setHV0(CleanHV, 0x8000010200000000, 0x16280, 0x40);
            setHV0(CleanHV, 0x8000010200000000, 0x162A0, 0x16);
            setHV0(CleanHV, 0x8000010200000000, 0x16EA0, 0x60);
            setHV0(CleanHV, 0x8000010200000000, 0x169DE, 0x01);
            setHV0(CleanHV, 0x8000010200000000, 0x16A37, 0x01);

            setHV0(SystemHV, 0x8000010200000000, 0x16710, 0x10);
            setHV0(SystemHV, 0x8000010200000000, 0x16980, 0x102);
            setHV0(SystemHV, 0x8000010200000000, 0x16B90, 0x10);
            setHV0(SystemHV, 0x8000010200000000, 0x16E98, 0x04);

            setHV0(CleanHV, 0x8000010400000000, 0x20000, 0xFFFF);
            setHV0(CleanHV, 0x8000010600000000, 0x30000, 0xFFFF);
        }
        
        VOID DirtyHV(BYTE* SystemHV)
        {
            setHV0(SystemHV, 0x8000010000000000, 0x00000, 0xFFFF);
            setHV0(SystemHV, 0x8000010200000000, 0x10000, 0xFFFF);
            setHV0(SystemHV, 0x8000010400000000, 0x20000, 0xFFFF);
            setHV0(SystemHV, 0x8000010600000000, 0x30000, 0xFFFF);
        }
if you like my posts and want to see more please plus rep
Reply
#39
(04-01-2020 - 01:41 PM)theDomo Wrote: I mean you can last with the Xenon method you know just poking value still hypervisor through hypervisor Peak and Polk. you literally don't have to do anything else just clean a hypervisor and poke it. don't be stupid and try to poke the whole thing.


just a way to make it easy for translating the xebuild patches :)
Code:
VOID setHV0(BYTE* HV, QWORD qAddress, DWORD Address, DWORD Size)
{
BYTE* Data = (BYTE*)XPhysicalAlloc(Size, MAXULONG_PTR, NULL, PAGE_READWRITE);
memset(Data, 0, Size);
memcpy(Data, HV + Address, Size);
xbox::Hvx::HvPokeBytes(qAddress + Address, Data, Size);
XPhysicalFree(Data);
}

Code:
                VOID cleaningHV(BYTE* SystemHV, BYTE* CleanHV)
{
setHV0(CleanHV, 0x8000010000000000, 0x00, 0xFFFF);
setHV0(SystemHV, 0x8000010000000000, 0x00, 0x20);

//setHV0(CleanHV, 0x8000010000000000, 0x34, 0x40);
//setHV0(CleanHV, 0x8000010000000000, 0x40, 0x30);
//setHV0(SystemHV, 0x8000010000000000, 0x54, 0x10);
//setHV0(SystemHV, 0x8000010000000000, 0x77, 0x02);
//setHV0(CleanHV, 0x8000010000000000, 0x78, 0xFF88);


setHV0(SystemHV, 0x8000010200000000, 0x10000, 0x04);
setHV0(SystemHV, 0x8000010200000000, 0x10020, 0xA0);

setHV0(CleanHV, 0x8000010200000000, 0x100C0, 0x40);
setHV0(SystemHV, 0x8000010200000000, 0x10100, 0x30);
setHV0(SystemHV, 0x8000010200000000, 0x16390, 0x04);
setHV0(SystemHV, 0x8000010200000000, 0x16620, 0x01);
setHV0(SystemHV, 0x8000010200000000, 0x16640, 0x14);

setHV0(CleanHV, 0x8000010200000000, 0x10350, 0x30);

setHV0(CleanHV, 0x8000010200000000, 0x15E00, 0x80);
setHV0(CleanHV, 0x8000010200000000, 0x15FD0, 0x04);
setHV0(CleanHV, 0x8000010200000000, 0x16280, 0x40);
setHV0(CleanHV, 0x8000010200000000, 0x162A0, 0x16);
setHV0(CleanHV, 0x8000010200000000, 0x16EA0, 0x60);
setHV0(CleanHV, 0x8000010200000000, 0x169DE, 0x01);
setHV0(CleanHV, 0x8000010200000000, 0x16A37, 0x01);

setHV0(SystemHV, 0x8000010200000000, 0x16710, 0x10);
setHV0(SystemHV, 0x8000010200000000, 0x16980, 0x102);
setHV0(SystemHV, 0x8000010200000000, 0x16B90, 0x10);
setHV0(SystemHV, 0x8000010200000000, 0x16E98, 0x04);

setHV0(CleanHV, 0x8000010400000000, 0x20000, 0xFFFF);
setHV0(CleanHV, 0x8000010600000000, 0x30000, 0xFFFF);
}

VOID DirtyHV(BYTE* SystemHV)
{
setHV0(SystemHV, 0x8000010000000000, 0x00000, 0xFFFF);
setHV0(SystemHV, 0x8000010200000000, 0x10000, 0xFFFF);
setHV0(SystemHV, 0x8000010400000000, 0x20000, 0xFFFF);
setHV0(SystemHV, 0x8000010600000000, 0x30000, 0xFFFF);
}
Meme
Reply
#40
sounds like someone's angry. I love how people make brand new accounts to troll.
if you like my posts and want to see more please plus rep
Reply

Users browsing: 18 Guest(s)