The Specialist bzw. dessen Group hat das 360 Flash Dump Tool V0.1 released.
Mit diesem Tool kann man verschiedene Teile des XBox360 Flash-Dumpes auslesen und decrypten. Der Flash teilt sich in zwei Hauptbereiche:
1) The Cx sections (CB,CD,CE & 0,1 or 2 CF & CG sections).
CB, CPU bootup
CD, unpacker for CE
CE, contains the HV and Kernel in a .cab archive
CF&CG are upgrade patches
Mit dem Tool können die bereiche CB, CD und CE ausgelesen und entschlüsselt werden ausserdem kann ein bestimmter .cab file aus der sektion CE ausgelsen und entpackt werden und jetzt kommts: der erste teil 256 kb aus diesem file ist der Hypervisor und der zweite der 2.0.1888 Kernel
der 2. Teil des Flashes ist das File-System. (das könnt ihr euch selbst übersetzen
ZitatThe tool expects a dump to contain the data (512 bytes) followed by the ECCa (16 bytes). The ECC bytes are used to locate FS entries & identify the version.
The tool consists of the exe and CxKey.txt. CxKey.txt is delivered with 32 '0's and they should be replaced with the key obtained from the 1BL. After all the fuss about AACS keys recently it seems risky to put the key in the exe Wink The Cx sections extracted from a dump will only decrypt correctly if the correct hex digits are inserted in the CxKey.txt file
das ist ein ganz grosser schritt in die richtige richtung, das ding mal zu knacken...
TheSpecialist hat sich auch noch im tread zu dem Tool geäußert, ich poste euch hier mal einen Teil seiner kommentare - das macht doch mal hoffnung
ZitatAlles anzeigen*xlokix:
This is something new. It will help the homebrew scene downgrade from 4552 kernel to the 4532 kernel. I hope. smile.gif
*The Spezialist:
Let's hope that it finally results in something like that, yes. We created the tool for several reaons, one reason is of course that the future version of the tool will be able to use the info in CE+CF/CG to create the 'true' kernel image. Currently, we can only dump the true kernel from mem for kernels that are exploitable, so not 4552 for example ('true' kernel is base kernel+patches applied). This tool will hopefully soon be able to dump such 4552 'true' kernel from a flash image so we can analyse newer kernels as well and maybe find exploits in that too.
Another reason is that we want more insight in that 'pairing' process that tmbinc describes. And hopefully, the availability of the tool will help other hackers with a 'jump' start. Just run the tool and you have all interesting code sections decrypted and ready for analysis ! smile.gif
Zitat*syntaxerror:
So is it though to be possible to decrypt a old kernel and then re-encrypt it with updated fuse data so that we can downgrade even with blown e-fuses to an exploitable kernel?
*The Specialist:
It certainly seems so. But you need the fuse data and to get that you currently need be able to run an exploitable kernel in the first place.
*The Specialist:
ZitatIt's not in the kernel itself, it's in the NAND flash, stored in the 'key section'. It's encrypted with the fuse data. So, in order to decrypt you've got to have the fuse data. In order to get the fuse data, you currently need an exploitable kernel. And to get that running, you need a dvd key in the first place, because you need to boot KK.
So no luck there yet, but have some faith wink.gif
Quelle: XBox-Scene.com / xboxhacker.net