Acidmods

Console Modding------ ( Here you can talk about your favorite Consoles ) => XBOX 360 => Topic started by: KingMike_OS on June 16, 2012, 07:20:29 PM

Title: How M$ Killed The XOR Hack
Post by: KingMike_OS on June 16, 2012, 07:20:29 PM
With the new 15*** update, M$ has added a new key to their hash calculation for the rc4 key. It's basically just the first 16 bytes of the header, which include the version number, entrypoint, and size. These are all per-CB, per-version, so we cannot take a keystream from a 15*** CBB and use it to make a 14*** CB because the CBA on 14*** is unable to calculate the rc4 key no matter what we change.
 
What this means:
 In order to RGH2 an xbox with 15***, you need either:
 
1) The cpu_key

2) A previous exploitable dump from the SAME XBOX. Must fit one of the following:
 - Phats: 14717, 14719
 - Slims: 9199, 12416, 12625, 13146, 13599, 13604, 13146, 13599, 14699, 14717, 14719 (e.g. ANY version before 15722)
 
Older dumps will NOT WORK with RGH2/RGH3 !
 
DO NOT UPDATE TO 15*** WITHOUT BACKING UP FIRST!
 
What do we do now:
 We are looking into ways of exploiting the rc4.
 
To make it clear, the new way of generating the CBB decryption rc4 key is as follows:
 
Secret = CBA[0x10:0x20]
 Digest = CBB[0x10:0x20] + CPU_Key + CBA[0:6] + 0×0000 + CBA[8:0x10]
 
def decrypt_CB_Cpu(CB):
   assert cpukey
   secret = CB_A[0x10:0x20]
   h = hmac.new(secret,None, sha);
   h.update(CB[0x10:0x20]);
   h.update(cpukey);

   v = struct.unpack(">h", CB_A[0x6:0x8])[0]
   print " * checking flag: %X" % v
   if( v & 0x1000):
      print "  ** Using new encryption scheme"
      h.update(CB_A[0:0x6] + "\x00\x00" + CB_A[8:0x10]);

   key = h.digest()[0:0x10]
   CB = CB[0:0x10] +key+ RC4.new(key).decrypt(CB[0x20:])
   return CB

Thx Team Xecuter For The Update
Title: Re: How M$ Killed The XOR Hack
Post by: Rodent on June 17, 2012, 06:25:38 AM
This new update.. is just coming to the point of ruining the Dual Nand and the Triple nand Consoles not only will it come to the point of banning the console but  to the point it starts to band your xbl account.. thanks for the  keeping us up to date King Mike
Title: Re: How M$ Killed The XOR Hack
Post by: Nevbox on June 17, 2012, 10:00:08 AM
WHY don't they just give up :(
Title: Re: How M$ Killed The XOR Hack
Post by: Rodent on June 17, 2012, 10:58:59 AM
Quote from: Nevbox on June 17, 2012, 10:00:08 AM
WHY don't they just give up :(
Then there wouldnt be any challenge to it
Title: Re: How M$ Killed The XOR Hack
Post by: Anonamous on June 18, 2012, 06:54:58 AM
Quote from: Nevbox on June 17, 2012, 10:00:08 AM
WHY don't they just give up :(

(https://www.acidmods.com/forum/index.php?action=dlattach;attach=5771;type=avatar)

your avatar pretty much says everything.
Title: Re: How M$ Killed The XOR Hack
Post by: 3D0kassiah on June 18, 2012, 07:59:52 AM
after reading this morning for the time being you will not be able to rgh 15xxx if you already have your cpu from a 14xxx dump then your fine just gotta wait for jrunner etc to patch the 15xxx dash

and yes i agree why dont they give up........M$ thats means you
seriously why even bother xb devs are just gonna crack it within a few weeks anyway
smart move on m$ behalf tho releasing the update a few days before the official  demon release
reason i say they already started cracking the new dash update you dont think TX is gonna protect there investment? if this update did kill rgh then this will be tx's biggest fail ever think there gonna sit around let that happen no ?
SimplePortal 2.3.5 © 2008-2012, SimplePortal