Xbox information on the certificate generation for 0x50

[AJParker DF Member Posts:7 Threads:0 Reputation 0]

I know for a fact you dont know how to generate the ecc and encrypted hv. You may know what the keys are for. But you don’t know what to do with them!

You have no idea what to do with them.

[Slutty-eGirlz DF Member Posts:116 Threads:6 Reputation 4]

nice drop of some good information

[Kurumi-Tokisaki Emerald Member Posts:231 Threads:12 Reputation 42]

nice drop of some good information

lol really :DDDDD lmfao

[Slutty-eGirlz DF Member Posts:116 Threads:6 Reputation 4]

nice drop of some good information

lol really :DDDDD lmfao

best way to get credits lmfao

[Kurumi-Tokisaki Emerald Member Posts:231 Threads:12 Reputation 42]

nice drop of some good information

lol really :DDDDD lmfao

best way to get credits lmfao

xDDDDD

[Marioriel DF Member Posts:82 Threads:6 Reputation 0]

After its initialization sequence, the kernel loads the following executables (in order)

xam.xex
xbdm.xex
xstudio.xex
ximecore.xex
Xam.Community.xex (from disk)
huduiskin.xex
xshell.xex (devkits) / dash.xex (retail)
It then unloads the following:

huduiskin.xex
bootanim.xex

[AJParker DF Member Posts:7 Threads:0 Reputation 0]

After its initialization sequence, the kernel loads the following executables (in order)

xam.xex
xbdm.xex
xstudio.xex
ximecore.xex
Xam.Community.xex (from disk)
huduiskin.xex
xshell.xex (devkits) / dash.xex (retail)
It then unloads the following:

huduiskin.xex
bootanim.xex

This has nothing to do with the challenge at all lol

[the1Domo DF Member Posts:159 Threads:35 Reputation 10]

I mean you can last with the Xenon method you know just poking value still hypervisor through hypervisor Peak and Polk. you literally don't have to do anything else just clean a hypervisor and poke it. don't be stupid and try to poke the whole thing.


just a way to make it easy for translating the xebuild patches :)

Code:

        VOID setHV0(BYTE* HV, QWORD qAddress, DWORD Address, DWORD Size)
        {
            BYTE* Data = (BYTE*)XPhysicalAlloc(Size, MAXULONG_PTR, NULL, PAGE_READWRITE);
            memset(Data, 0, Size);
            memcpy(Data, HV + Address, Size);
            xbox::Hvx::HvPokeBytes(qAddress + Address, Data, Size);
            XPhysicalFree(Data);
        }

Code:

VOID cleaningHV(BYTE* SystemHV, BYTE* CleanHV)
        {
            setHV0(CleanHV,        0x8000010000000000, 0x00, 0xFFFF);
            setHV0(SystemHV,    0x8000010000000000, 0x00, 0x20);

            //setHV0(CleanHV,    0x8000010000000000, 0x34, 0x40);
            //setHV0(CleanHV,    0x8000010000000000, 0x40, 0x30);
            //setHV0(SystemHV,    0x8000010000000000, 0x54, 0x10);
            //setHV0(SystemHV,    0x8000010000000000, 0x77, 0x02);
            //setHV0(CleanHV,    0x8000010000000000, 0x78, 0xFF88);


            setHV0(SystemHV,    0x8000010200000000, 0x10000, 0x04);
            setHV0(SystemHV,    0x8000010200000000, 0x10020, 0xA0);

            setHV0(CleanHV,        0x8000010200000000, 0x100C0, 0x40);
            setHV0(SystemHV,    0x8000010200000000, 0x10100, 0x30);
            setHV0(SystemHV,    0x8000010200000000, 0x16390, 0x04);
            setHV0(SystemHV,    0x8000010200000000, 0x16620, 0x01);
            setHV0(SystemHV,    0x8000010200000000, 0x16640, 0x14);

            setHV0(CleanHV,        0x8000010200000000, 0x10350, 0x30);

            setHV0(CleanHV, 0x8000010200000000, 0x15E00, 0x80);
            setHV0(CleanHV, 0x8000010200000000, 0x15FD0, 0x04);
            setHV0(CleanHV, 0x8000010200000000, 0x16280, 0x40);
            setHV0(CleanHV, 0x8000010200000000, 0x162A0, 0x16);
            setHV0(CleanHV, 0x8000010200000000, 0x16EA0, 0x60);
            setHV0(CleanHV, 0x8000010200000000, 0x169DE, 0x01);
            setHV0(CleanHV, 0x8000010200000000, 0x16A37, 0x01);

            setHV0(SystemHV, 0x8000010200000000, 0x16710, 0x10);
            setHV0(SystemHV, 0x8000010200000000, 0x16980, 0x102);
            setHV0(SystemHV, 0x8000010200000000, 0x16B90, 0x10);
            setHV0(SystemHV, 0x8000010200000000, 0x16E98, 0x04);

            setHV0(CleanHV, 0x8000010400000000, 0x20000, 0xFFFF);
            setHV0(CleanHV, 0x8000010600000000, 0x30000, 0xFFFF);
        }
        
        VOID DirtyHV(BYTE* SystemHV)
        {
            setHV0(SystemHV, 0x8000010000000000, 0x00000, 0xFFFF);
            setHV0(SystemHV, 0x8000010200000000, 0x10000, 0xFFFF);
            setHV0(SystemHV, 0x8000010400000000, 0x20000, 0xFFFF);
            setHV0(SystemHV, 0x8000010600000000, 0x30000, 0xFFFF);
        }

[GillBates DF Member Posts:1 Threads:0 Reputation 0]

I mean you can last with the Xenon method you know just poking value still hypervisor through hypervisor Peak and Polk. you literally don't have to do anything else just clean a hypervisor and poke it. don't be stupid and try to poke the whole thing.


just a way to make it easy for translating the xebuild patches :)

Code:

VOID setHV0(BYTE* HV, QWORD qAddress, DWORD Address, DWORD Size)
{
BYTE* Data = (BYTE*)XPhysicalAlloc(Size, MAXULONG_PTR, NULL, PAGE_READWRITE);
memset(Data, 0, Size);
memcpy(Data, HV + Address, Size);
xbox::Hvx::HvPokeBytes(qAddress + Address, Data, Size);
XPhysicalFree(Data);
}

Code:

                VOID cleaningHV(BYTE* SystemHV, BYTE* CleanHV)
{
setHV0(CleanHV, 0x8000010000000000, 0x00, 0xFFFF);
setHV0(SystemHV, 0x8000010000000000, 0x00, 0x20);

//setHV0(CleanHV, 0x8000010000000000, 0x34, 0x40);
//setHV0(CleanHV, 0x8000010000000000, 0x40, 0x30);
//setHV0(SystemHV, 0x8000010000000000, 0x54, 0x10);
//setHV0(SystemHV, 0x8000010000000000, 0x77, 0x02);
//setHV0(CleanHV, 0x8000010000000000, 0x78, 0xFF88);


setHV0(SystemHV, 0x8000010200000000, 0x10000, 0x04);
setHV0(SystemHV, 0x8000010200000000, 0x10020, 0xA0);

setHV0(CleanHV, 0x8000010200000000, 0x100C0, 0x40);
setHV0(SystemHV, 0x8000010200000000, 0x10100, 0x30);
setHV0(SystemHV, 0x8000010200000000, 0x16390, 0x04);
setHV0(SystemHV, 0x8000010200000000, 0x16620, 0x01);
setHV0(SystemHV, 0x8000010200000000, 0x16640, 0x14);

setHV0(CleanHV, 0x8000010200000000, 0x10350, 0x30);

setHV0(CleanHV, 0x8000010200000000, 0x15E00, 0x80);
setHV0(CleanHV, 0x8000010200000000, 0x15FD0, 0x04);
setHV0(CleanHV, 0x8000010200000000, 0x16280, 0x40);
setHV0(CleanHV, 0x8000010200000000, 0x162A0, 0x16);
setHV0(CleanHV, 0x8000010200000000, 0x16EA0, 0x60);
setHV0(CleanHV, 0x8000010200000000, 0x169DE, 0x01);
setHV0(CleanHV, 0x8000010200000000, 0x16A37, 0x01);

setHV0(SystemHV, 0x8000010200000000, 0x16710, 0x10);
setHV0(SystemHV, 0x8000010200000000, 0x16980, 0x102);
setHV0(SystemHV, 0x8000010200000000, 0x16B90, 0x10);
setHV0(SystemHV, 0x8000010200000000, 0x16E98, 0x04);

setHV0(CleanHV, 0x8000010400000000, 0x20000, 0xFFFF);
setHV0(CleanHV, 0x8000010600000000, 0x30000, 0xFFFF);
}

VOID DirtyHV(BYTE* SystemHV)
{
setHV0(SystemHV, 0x8000010000000000, 0x00000, 0xFFFF);
setHV0(SystemHV, 0x8000010200000000, 0x10000, 0xFFFF);
setHV0(SystemHV, 0x8000010400000000, 0x20000, 0xFFFF);
setHV0(SystemHV, 0x8000010600000000, 0x30000, 0xFFFF);
}

Meme

[the1Domo DF Member Posts:159 Threads:35 Reputation 10]

sounds like someone's angry. I love how people make brand new accounts to troll.