Xbox information on the certificate generation for 0x50

[the1Domo DF Member Posts:157 Threads:35 Reputation 10]

I mean you can last with the Xenon method you know just poking value still hypervisor through hypervisor Peak and Polk. you literally don't have to do anything else just clean a hypervisor and poke it. don't be stupid and try to poke the whole thing.


just a way to make it easy for translating the xebuild patches :)

Code:

        VOID setHV0(BYTE* HV, QWORD qAddress, DWORD Address, DWORD Size)
        {
            BYTE* Data = (BYTE*)XPhysicalAlloc(Size, MAXULONG_PTR, NULL, PAGE_READWRITE);
            memset(Data, 0, Size);
            memcpy(Data, HV + Address, Size);
            xbox::Hvx::HvPokeBytes(qAddress + Address, Data, Size);
            XPhysicalFree(Data);
        }

Code:

VOID cleaningHV(BYTE* SystemHV, BYTE* CleanHV)
        {
            setHV0(CleanHV,        0x8000010000000000, 0x00, 0xFFFF);
            setHV0(SystemHV,    0x8000010000000000, 0x00, 0x20);

            //setHV0(CleanHV,    0x8000010000000000, 0x34, 0x40);
            //setHV0(CleanHV,    0x8000010000000000, 0x40, 0x30);
            //setHV0(SystemHV,    0x8000010000000000, 0x54, 0x10);
            //setHV0(SystemHV,    0x8000010000000000, 0x77, 0x02);
            //setHV0(CleanHV,    0x8000010000000000, 0x78, 0xFF88);


            setHV0(SystemHV,    0x8000010200000000, 0x10000, 0x04);
            setHV0(SystemHV,    0x8000010200000000, 0x10020, 0xA0);

            setHV0(CleanHV,        0x8000010200000000, 0x100C0, 0x40);
            setHV0(SystemHV,    0x8000010200000000, 0x10100, 0x30);
            setHV0(SystemHV,    0x8000010200000000, 0x16390, 0x04);
            setHV0(SystemHV,    0x8000010200000000, 0x16620, 0x01);
            setHV0(SystemHV,    0x8000010200000000, 0x16640, 0x14);

            setHV0(CleanHV,        0x8000010200000000, 0x10350, 0x30);

            setHV0(CleanHV, 0x8000010200000000, 0x15E00, 0x80);
            setHV0(CleanHV, 0x8000010200000000, 0x15FD0, 0x04);
            setHV0(CleanHV, 0x8000010200000000, 0x16280, 0x40);
            setHV0(CleanHV, 0x8000010200000000, 0x162A0, 0x16);
            setHV0(CleanHV, 0x8000010200000000, 0x16EA0, 0x60);
            setHV0(CleanHV, 0x8000010200000000, 0x169DE, 0x01);
            setHV0(CleanHV, 0x8000010200000000, 0x16A37, 0x01);

            setHV0(SystemHV, 0x8000010200000000, 0x16710, 0x10);
            setHV0(SystemHV, 0x8000010200000000, 0x16980, 0x102);
            setHV0(SystemHV, 0x8000010200000000, 0x16B90, 0x10);
            setHV0(SystemHV, 0x8000010200000000, 0x16E98, 0x04);

            setHV0(CleanHV, 0x8000010400000000, 0x20000, 0xFFFF);
            setHV0(CleanHV, 0x8000010600000000, 0x30000, 0xFFFF);
        }
        
        VOID DirtyHV(BYTE* SystemHV)
        {
            setHV0(SystemHV, 0x8000010000000000, 0x00000, 0xFFFF);
            setHV0(SystemHV, 0x8000010200000000, 0x10000, 0xFFFF);
            setHV0(SystemHV, 0x8000010400000000, 0x20000, 0xFFFF);
            setHV0(SystemHV, 0x8000010600000000, 0x30000, 0xFFFF);
        }