L
Luca24hr
Enthusiast
I read the document and I didn't really understand it so could you explain it for me.You have no idea what really went down, do you?
I read the document and I didn't really understand it so could you explain it for me.You have no idea what really went down, do you?
Probably a very one sided story, http://www.thesmokinggun.com/documents/Microsoft-Xbox-hackers-576321I read the document and I didn't really understand it so could you explain it for me.
https://mobile.twitter.com/h3ck34
Do you think there's any truth to this guy? A trusted developer over at psxhax says he's legit.
not sure if that was directed to me but i have expirience coding cod mod menus and have been inactive to the modding community because i am currently trying to learn all i can so i can start studying for the ceh exam but i dont have any way to perform such tasks right now trying to help with recon because thats what leads to finding vulnerabilities leading to possible exploits
Hi
for now there is no leaked tool we can use available for public .....
but there is some way to move forward....
1st we need a better tool to extract the content of nand dump & manipulate xvd's...
XvdTool is an amazing tool but now needs an update to be really useful.
i use it to extract my nand content but there is some error.....
[Click here to view this link]
i don't have the knowledge to improve this tool but my xbox one as a nand reader soldered and i have some dump....
So first of all install the SDK then go to "C:\Program Files (x86)\Microsoft Durango XDK\bin" then you will find DLL's and EXE's some of the interesting ones are xsapi.dll and xvdsign.exe.
So it would be a good idea to look in to mounting xbox one system files on a windows PC to actually get access to the main files from the OS. Now once we can mount .XVD's we should be able to mount games later on and practically run our own Xbox One OS from any windows computer.
The Durango alpha (The one DaE and them got caught with) can be installed on any PC and can run extracted xbox one games.
These functions from xsapi.dll will help get you started. (Thanks to Mojobojo and xdevwiki for the help with all this)
Import the dll in to a c++ application like this.Code:typedef int(__cdecl* XvdOpenAdapterImp)(HANDLE* handle); typedef int(__cdecl* XvdCloseAdapterImp)(HANDLE handle); typedef int(__cdecl* XvdMountImp)(void* unknownReturnValue1, void* unknownReturnValue2, HANDLE xvdHandle, LPCWSTR filePath, long long setToZero, long long setToZero2, int setToZero3); typedef int(__cdecl* XvdUnmountFileImp)(HANDLE xvdHandle, LPCWSTR filePath); typedef int(__cdecl* XsCreateConvertVhd2XVDImp)(LPCWSTR lpFileName, LPCWSTR lpFileName2, __int64, __int64, __int64); typedef int(__cdecl* XvdVmMount)(void* unknownReturnValue1, void* unknownReturnValue2, HANDLE xvdHandle, LPCWSTR filePath, long long setToZero, long long setToZero2, int setToZero3);
Code:HINSTANCE hIn = LoadLibraryA("C:\\Program Files (x86)\\Microsoft Durango XDK\\bin\\xsapi.dll");
It's up to you guys to figure out how to use all this. I have given you a starting point.
Here is how far me and mojo got.
For some reason we can't mount the XVD. We get a corrupt file HRESULT. I think it may be something to do with the keys that are used to sign the XVD's I do believe the red key is in xvdsign.exe.
Note: Make sure you compile the application in 64 bit and make sure you run CMD as admin before trying to run the application.
Here are all the keys from xvdsign.exe
Signing Private Key:
Bit length: 4096
Public exponent: 010001
Modulus: C66B09E2B55E84958B9C63D2C0C1E815A7163EEFC2156388D9DB56092693F0AAD07CE16513B380C9DD71FE9770D0255FB9DE15CB3227CCDC06322BD921FA7D38FCB9B543DF706211CEC8BD8C6DB9E1711045C69ACF0129315609897BB7936AC22A74E9A306CEEF9C5469D16908B06279DB86DC438143C99B6369A735B508B3EF0247858031FDE8A1D70CC448E57AAD2F32230EE194244276C8A3E4954388B48F0F316FC91775B2602EC39014B89B4BFAD316CDA3ED49200A8D79DCA7FA61C98BAFD15BF895BDCBB7D8FAE5CDFC92C6064C1F95151E0C41741C381C8839AAF1BDCB847F4B9DFC3A85F7E4C7FD0D5C497BC3115038DA65D6A472E70482FBBA871152560415B57094F710CBA92341E05D597E5F14D99BD995AE5459BDF228142AFA5AE8FB2A83ED7D6AE5B869C9A59C3586C9A0181F1619A5D6C0BAD525950D79D93D151085742AAFE718B1AECAC21D2468B22A0640D8EEEA74456E9E0D0146E4FF1E6A7A58E2CEE154790E8B9214DE98906A3A714A79F7949D7439F5E30B21630849960259E069D4CBED820F2C3ED21926257809F69FF776736181CC44639789377A539BCCBE727818ED235D7A9E95A420EDE34DE33B85CB767DE6A69EC7CA9B5442432C9632B3FF2F84261C40143F3FCA22BCC98BEF389E0D6EF34175C1BC98E1384ECA96ADB5B7BE6DFB0AAE18568A6BAA1D4FAD152B6C12AB3E80D6E9DB0F5B
Prime1: E6484E3FB4407685AEF3DC26CCA7BEB86C51D687F6A2DF21763CAC3BA8C3F67B37E3EF08A4A58E48730944F6CE4D8374FAA6D81E1421B8457D6C845DD69133B5C2616F9DD5BBA4ACFF6C82A22E139B37E1DE26D5F7B45965EBE1360099FE99058D1E482E6710D400F248AEF0D79F30693229FF2709ADCA186582ACD278D3CD853648C339C10CB6AC167BA099D27A51CD78E411BD24298634FE9DCDA37EF02C9A95D16D1C1AE47A31366C8F20505687904429C7A9939084E07D7105D0BE827AFDAC2F31C695AD3D077B3FA30EF11612AF564DEFA1F3E4ED3B452DD2047B176599743A3BED45711AFA172FE3CBFA3F68BAFEE0C18DA9739B1D23D3BD18E30EBE2B
Prime2: DC93BE3B5389B0F6C49DFD0C6912EDB42622B96A3EC0C430EFD4F3CE555D3B978C651F29417FAC6F931AE6AFB3E571227F7DEEB00FC8D2A509FF6A3EEF0DB9D73783977ED48570E0C41863867B4AB70744E8373E53A03B6F527ADA7975DF8B39C0015159CF23A0DFD28FC6195761C3340E7142570058AE90638F6086A417513451D06718CF53089D0FB7BACA75537A23CECF7C44B407AC1C9897B95A7C964F4809898C3CD582ED69ECA161914275D9067272D71E5DAE54E24FDF2825CAC24644E7DF61939485BEEDD3A5EA179CC221DFB4F5F6EF1EBD20945E9EFB8C259ED4B644BA9C83F3B87551A48BC053F1E90210EE66B76C2922B3B83384E25A87C08B91
Exponent1: D1190E9421A3F6FAE42561DD892F37AA5610E96F83AFD85395FCF9972262EDC86CB37734ADEBF60A2B0A5BA88F232B1E690A5E6AD174DCD19C5590CB742D5C7ACA09974405F2E050858D8E009D3E084EF1B4BA26C748E773F87F027E015680B3DDB3856F3CFEB6C2353D723C164DE1B3636D66D597A04A4564C7070E05D0AC692D255CBF705F8EEF2B6B0E251E4D1B422B674C042675DDFAF8C76915F0093D37109A9D2C4BEEF255054A059C1DD6B43976EB48F4DD9CF84AAF1C955F39DD58B84644843A0166D0679EADE5ED8753B79BA60E166D43FCB6BC7ED06046D94E215EF97E7733B73E40749DE14A42C8F412B0D9065439C187CB6CE63F391103FB3B09
Exponent2: 8064EFA290E9E13C830E83B1A9A7FEFD92053C707FBEAD74DEE5D255149384909E846E33119143CA5E92961D48561218C6A5833EB0B1710BE859E87A61A457BCD2EFA24B8D616F67263E1C10B7CBB1E66551D6764D2F43E974D5563EC5422E449B6328FB61FB973531D7C6B4118D329726A0FEC0ADCEF12DD3062E65B136716A47054C3DC0D0D07EBC1B727B4EF81C6CA3815B1092CAB480A0C2107E7F6EEF0F3B9DF927A010EA2972382E16E3DCBD4B676B3994CF6B1EB5ED50348A6B0FD2DF6129421F29A1009667507886EE1482AB3926C36A453649B493AF6F3510E0F76871713E9200582AD22F39B9E6233642A1A063E1F8EFA8E77C1D61087131FBFE41
Coefficient: 90657F97E83F6600E1D5C616F0A6BFD7C1BB835ED39E364CA1C848393354E7D79B2CFE840CD0260DCCDACCE63C57DC7D83E8587FC1059702420E73A24752055D404ED5F5EB9666017F6F5E63306C3BA845612625DA1E29BBCD02F6B06804A595EB32BA7349AC0ECDB12FDCF32AFB75C74184434161A84CAC14D01A3379F7523EE8FD1DFA1BA6C0B9AF8BB03442FAE8AF7DD20F7BD5483F9B78FACEF81F4B4B48F3C120CA484FFFEF6D05B31AE323D1BF1F21E7D46F939B2CDA685AED6F0486818422CE657F80D09D8E53806CF5D39DAB5FCAC06D0FA0710006C9AB0B3DB5B6F40ACAB397BE5C86E051E9929F3C1BFA95F9AEC4E306D1B2AC4A4748378E8531DC
Private exponent: 4B90B2481BE8AE37C1DEC2899E0D7B14DBF875E99B91C7C173AEBBBA6A6DC727569568C5B4D615034C09C0FAEDE4E786E863730B5AC39B9A63E5B19B54FC6FBA474D76822DD3401626197F4EBEEF1EB38F8DF3503BEBE6433AD0110303EBE9A99EBFBDC6EFADD9C540C4B812F7532D7DD9242838B13F1EC5C5FB93C9B973620B7163C9AD03DCFE3EBC86C92E35EF1D8BAEDD792A61DFD94C21A78143735FD9DBEDDE57034FA2EC57031849840AB6621E594C02EF1E4C4E1E96B8C55757DCEC03FDE68ECF423FF118C852ED3820ABC92CD6CAE45D117F7B61FBE946BC7EB1E2B4F490366696F95B54700F3A36DE62BA3D9F11B5EAA10A4DCF7D4F0C01D25ABC5B29BA3A9936EEFE1CC74A202DFC82523A38B2AD00EF9D95BA7B2A0DF1C0201FB91B3D36E38C3B9B634210D4054FD422FDC0D867249BC762CA7A1CD9615B166FEA0F607904E678C7E6A3B0958C5E3E360DCA5F1ECA30F7890A32885750920DE1F26B83C7D0D11B529852169348183BEC390B2DEBE740EEA345EFF517F387BC35118550C5792B7B5BABDDB9D470205C0C07493A2E370FEA2B426F27D2EE386DDE14E5FBF0EA879AE121F6D76801BD325E3D8245B224838A373CC6D0D78CC39AF86CE95A70CD5333C705E1080037A95F0F00E7348BC51C435F15998BC0718FBD3C40CF2E7330DE8D0DECF98379CC45791F6417679D07D220B5ED0849B127D257AA61
Dev Escrow Public Key:
Bit length: 3072
Public exponent: 00010001
Modulus: B9D038BB555C16E1EFB04E0164637F88333D1894CCDC2B9EBE07ED552256EC0521B5FF1D7B5EFE7C31C195CB052D5F9D8FF7D9996E0E4C51D2E3E6CDCE87CDF3230EB4A09DDB1A573048D08FB0AD941AC0686A498D150D848D2C2B426F67114D257D8B3482C47363F9DCBFC426D6F284762B4C81EC85EA1799DCD1B0797330F287410BF2BB11B145B5CB99282DC997205255F79A6511001796578E0BB40B2C8A2A23CB44C9DE96D55807F0380F158A6355C522CB33A3448EB3E4746C666E630FB5090DB6F37DC873B1517AA649B61AD0E8429AB29103255B0F7FE142EAB87C511B4F4501E47C13D8C868F9D2FF008A4680D74AE856BEDB1967A219264146D75A2EB2AC9CFA1A5DD44B93003D56F05C3380085E6B46B61DBD9284FED74658DB1B38E2712B69DD2593A8C1E1D787E5449462FB44D59F333CD890EB1DF618258DA0042A96314B8D7F163715FEB42FAFEC89F1C1D9B39B0691E9048E9A7D4802AECC36504820C2EFB87634751AFCFAB2ACF15291C9478BE436DBF2755D5D13E614CD
Production Escrow Public Key:
Bit length: 3072
Public exponent: 00010001
Modulus: D06D1FCF4A1D57AB798078C474CDD8957318D52A83E777E3C9B3A66A663286ACCC7A6E3096F9524C1BDB123C3A12364CE3CFCD4CFACD7E36E2B88B1D05D3E377E24FBAA1CFD560D080E4E0D6CEFB4D2A615C333469FE408DBEE88005DB0F7B0CE1AC6E4311B060831BFF973A8C12B5E5A4865B3FF492116C538B681E342086F04A44B3C6112B61E66694C5870C00584510FDE71AFDAE862C5C851D1AE391D697DD1C3D5C3A2A1E00DA2C7F2F5574A9E6C1BC214FF5E78BC0CE363D90802CCF4A386479A9FA854596B1A53AB64F28206749062005575D574F734A5EC57C89AD2D96B3515AE1A239BADB2493BDB59532300518BE2ED5EF710C3B41F13D980A2647FD68722C9874E1445AD7566FBBD05CAA183C8859EFB7EFDFFEB2061A440C4B79236FF51ACA239E748C9A3969661FDA39E203C26AFE8EC95704C2E83B34374FC952F6378F192257145BF7BD5F2863E0405780C09345B4219CA75DBEACFA95B1BB1D6538A5767A703E93A9BAB0F141216E4CD5D06FF2024DCD9706276D7A5347BD
Update: (decrypted XVD's mounted)
Now we need to look at getting the retail aes256 key to decrypt the system files.
Update: 9/01/2015
noob25x Has posted vital source code and information about XVD's and XVC's
[Click here to view this link]
Maybe together we can figure all this out.
More info can be found here: http://www.xdevwiki.com/index.php?title=Xbox_Virtual_Disk
It will be harder this time round there is limited space we have available, Microsoft have changed there system around completely, it will just take time to manipulate the system we are just starting to mount the files but yet have no testing phases of repairing the nand as it was extracted so maybe some files are corrupted? I could just be goofing off only thing I know about the Xbox one os is everything I have just read on this post still progress is progressSo far no one is getting anywhere with the xbox one, we all have the same ideas but it just doesn't seem to be happening yet.
Maybe people just aren't that interested? It isn't easy this time though, MS did a real good job securing the xbox one.
Nothing we haven't had for years already, Here's one for you. (Kernel debugging on alpha).A friend of my in the scene sent me this today.
Nothing we haven't had for years already, Here's one for you. (Kernel debugging on alpha).
It's not of much use at this point in time, because the OS has no security that the Xbox one has.
-snip-
If that's the case (I don't believe that but I obviously don't know), I wonder how he did it without key's if he can extract one, he should be able to extract all.That's not the same one that's the January 2013 one, he extracted one of the encrypted xvds.
A friend of my in the scene sent me this today.
Nope.So hes able to extract enscypted xvds ?