What's new

Discussion Here is where to start now that the Xbox One SDK has been leaked

  • Thread starter Chr0m3 x MoDz
  • Start date
  • Views 665,467
L

Luca24hr

Enthusiast
Messages
167
Reaction score
14
Points
125
Sin$
7
You have no idea what really went down, do you?
I read the document and I didn't really understand it so could you explain it for me.
 
CaptainSkeet

CaptainSkeet

Enthusiast
Messages
97
Reaction score
25
Points
95
Sin$
0
https://mobile.twitter.com/h3ck34

Do you think there's any truth to this guy? A trusted developer over at psxhax says he's legit.

I'm not holding my breath for him, my personal thought's are that he just used snippets from "CTurt" and made his own usb dongle for the ps4...still yet to be proved. Now he has rumors of starting to exploit the durango. Time will tell.
 
CaptainSkeet

CaptainSkeet

Enthusiast
Messages
97
Reaction score
25
Points
95
Sin$
0
not sure if that was directed to me but i have expirience coding cod mod menus and have been inactive to the modding community because i am currently trying to learn all i can so i can start studying for the ceh exam but i dont have any way to perform such tasks right now trying to help with recon because thats what leads to finding vulnerabilities leading to possible exploits

No it wasn't towards you actually, was towards general new post that I have read throughout the 21 pages on this thread...Sorry.

Hi
for now there is no leaked tool we can use available for public .....
but there is some way to move forward....
1st we need a better tool to extract the content of nand dump & manipulate xvd's...
XvdTool is an amazing tool but now needs an update to be really useful.
i use it to extract my nand content but there is some error.....
[Click here to view this link]
i don't have the knowledge to improve this tool but my xbox one as a nand reader soldered and i have some dump....

I was referring to the fact that SuperDae had a working homemade Durango XDK that he got caught with...as well as some other things. I was just curious to see if Chr0m3 x MoDz Chr0m3 x MoDz had some more private knowledge he could share that would help out the public a bit more regarding this matter.
 
B

Bradz modz4u360

Newbie
Messages
9
Reaction score
0
Points
45
Sin$
7
So first of all install the SDK then go to "C:\Program Files (x86)\Microsoft Durango XDK\bin" then you will find DLL's and EXE's some of the interesting ones are xsapi.dll and xvdsign.exe.

So it would be a good idea to look in to mounting xbox one system files on a windows PC to actually get access to the main files from the OS. Now once we can mount .XVD's we should be able to mount games later on and practically run our own Xbox One OS from any windows computer.

The Durango alpha (The one DaE and them got caught with) can be installed on any PC and can run extracted xbox one games.

These functions from xsapi.dll will help get you started. (Thanks to Mojobojo and xdevwiki for the help with all this)
Code:
typedef int(__cdecl* XvdOpenAdapterImp)(HANDLE* handle);
typedef int(__cdecl* XvdCloseAdapterImp)(HANDLE handle);
typedef int(__cdecl* XvdMountImp)(void* unknownReturnValue1, void* unknownReturnValue2, HANDLE xvdHandle, LPCWSTR filePath, long long setToZero, long long setToZero2, int setToZero3);
typedef int(__cdecl* XvdUnmountFileImp)(HANDLE xvdHandle, LPCWSTR filePath);
typedef int(__cdecl* XsCreateConvertVhd2XVDImp)(LPCWSTR lpFileName, LPCWSTR lpFileName2, __int64, __int64, __int64);
typedef int(__cdecl* XvdVmMount)(void* unknownReturnValue1, void* unknownReturnValue2, HANDLE xvdHandle, LPCWSTR filePath, long long setToZero, long long setToZero2, int setToZero3);
Import the dll in to a c++ application like this.
Code:
HINSTANCE hIn = LoadLibraryA("C:\\Program Files (x86)\\Microsoft Durango XDK\\bin\\xsapi.dll");

It's up to you guys to figure out how to use all this. I have given you a starting point.

Here is how far me and mojo got.


For some reason we can't mount the XVD. We get a corrupt file HRESULT. I think it may be something to do with the keys that are used to sign the XVD's I do believe the red key is in xvdsign.exe.

Note: Make sure you compile the application in 64 bit and make sure you run CMD as admin before trying to run the application.

Here are all the keys from xvdsign.exe
Signing Private Key:
Bit length: 4096
Public exponent: 010001
Modulus: C66B09E2B55E84958B9C63D2C0C1E815A7163EEFC2156388D9DB56092693F0AAD07CE16513B380C9DD71FE9770D0255FB9DE15CB3227CCDC06322BD921FA7D38FCB9B543DF706211CEC8BD8C6DB9E1711045C69ACF0129315609897BB7936AC22A74E9A306CEEF9C5469D16908B06279DB86DC438143C99B6369A735B508B3EF0247858031FDE8A1D70CC448E57AAD2F32230EE194244276C8A3E4954388B48F0F316FC91775B2602EC39014B89B4BFAD316CDA3ED49200A8D79DCA7FA61C98BAFD15BF895BDCBB7D8FAE5CDFC92C6064C1F95151E0C41741C381C8839AAF1BDCB847F4B9DFC3A85F7E4C7FD0D5C497BC3115038DA65D6A472E70482FBBA871152560415B57094F710CBA92341E05D597E5F14D99BD995AE5459BDF228142AFA5AE8FB2A83ED7D6AE5B869C9A59C3586C9A0181F1619A5D6C0BAD525950D79D93D151085742AAFE718B1AECAC21D2468B22A0640D8EEEA74456E9E0D0146E4FF1E6A7A58E2CEE154790E8B9214DE98906A3A714A79F7949D7439F5E30B21630849960259E069D4CBED820F2C3ED21926257809F69FF776736181CC44639789377A539BCCBE727818ED235D7A9E95A420EDE34DE33B85CB767DE6A69EC7CA9B5442432C9632B3FF2F84261C40143F3FCA22BCC98BEF389E0D6EF34175C1BC98E1384ECA96ADB5B7BE6DFB0AAE18568A6BAA1D4FAD152B6C12AB3E80D6E9DB0F5B
Prime1: E6484E3FB4407685AEF3DC26CCA7BEB86C51D687F6A2DF21763CAC3BA8C3F67B37E3EF08A4A58E48730944F6CE4D8374FAA6D81E1421B8457D6C845DD69133B5C2616F9DD5BBA4ACFF6C82A22E139B37E1DE26D5F7B45965EBE1360099FE99058D1E482E6710D400F248AEF0D79F30693229FF2709ADCA186582ACD278D3CD853648C339C10CB6AC167BA099D27A51CD78E411BD24298634FE9DCDA37EF02C9A95D16D1C1AE47A31366C8F20505687904429C7A9939084E07D7105D0BE827AFDAC2F31C695AD3D077B3FA30EF11612AF564DEFA1F3E4ED3B452DD2047B176599743A3BED45711AFA172FE3CBFA3F68BAFEE0C18DA9739B1D23D3BD18E30EBE2B
Prime2: DC93BE3B5389B0F6C49DFD0C6912EDB42622B96A3EC0C430EFD4F3CE555D3B978C651F29417FAC6F931AE6AFB3E571227F7DEEB00FC8D2A509FF6A3EEF0DB9D73783977ED48570E0C41863867B4AB70744E8373E53A03B6F527ADA7975DF8B39C0015159CF23A0DFD28FC6195761C3340E7142570058AE90638F6086A417513451D06718CF53089D0FB7BACA75537A23CECF7C44B407AC1C9897B95A7C964F4809898C3CD582ED69ECA161914275D9067272D71E5DAE54E24FDF2825CAC24644E7DF61939485BEEDD3A5EA179CC221DFB4F5F6EF1EBD20945E9EFB8C259ED4B644BA9C83F3B87551A48BC053F1E90210EE66B76C2922B3B83384E25A87C08B91
Exponent1: D1190E9421A3F6FAE42561DD892F37AA5610E96F83AFD85395FCF9972262EDC86CB37734ADEBF60A2B0A5BA88F232B1E690A5E6AD174DCD19C5590CB742D5C7ACA09974405F2E050858D8E009D3E084EF1B4BA26C748E773F87F027E015680B3DDB3856F3CFEB6C2353D723C164DE1B3636D66D597A04A4564C7070E05D0AC692D255CBF705F8EEF2B6B0E251E4D1B422B674C042675DDFAF8C76915F0093D37109A9D2C4BEEF255054A059C1DD6B43976EB48F4DD9CF84AAF1C955F39DD58B84644843A0166D0679EADE5ED8753B79BA60E166D43FCB6BC7ED06046D94E215EF97E7733B73E40749DE14A42C8F412B0D9065439C187CB6CE63F391103FB3B09
Exponent2: 8064EFA290E9E13C830E83B1A9A7FEFD92053C707FBEAD74DEE5D255149384909E846E33119143CA5E92961D48561218C6A5833EB0B1710BE859E87A61A457BCD2EFA24B8D616F67263E1C10B7CBB1E66551D6764D2F43E974D5563EC5422E449B6328FB61FB973531D7C6B4118D329726A0FEC0ADCEF12DD3062E65B136716A47054C3DC0D0D07EBC1B727B4EF81C6CA3815B1092CAB480A0C2107E7F6EEF0F3B9DF927A010EA2972382E16E3DCBD4B676B3994CF6B1EB5ED50348A6B0FD2DF6129421F29A1009667507886EE1482AB3926C36A453649B493AF6F3510E0F76871713E9200582AD22F39B9E6233642A1A063E1F8EFA8E77C1D61087131FBFE41
Coefficient: 90657F97E83F6600E1D5C616F0A6BFD7C1BB835ED39E364CA1C848393354E7D79B2CFE840CD0260DCCDACCE63C57DC7D83E8587FC1059702420E73A24752055D404ED5F5EB9666017F6F5E63306C3BA845612625DA1E29BBCD02F6B06804A595EB32BA7349AC0ECDB12FDCF32AFB75C74184434161A84CAC14D01A3379F7523EE8FD1DFA1BA6C0B9AF8BB03442FAE8AF7DD20F7BD5483F9B78FACEF81F4B4B48F3C120CA484FFFEF6D05B31AE323D1BF1F21E7D46F939B2CDA685AED6F0486818422CE657F80D09D8E53806CF5D39DAB5FCAC06D0FA0710006C9AB0B3DB5B6F40ACAB397BE5C86E051E9929F3C1BFA95F9AEC4E306D1B2AC4A4748378E8531DC
Private exponent: 4B90B2481BE8AE37C1DEC2899E0D7B14DBF875E99B91C7C173AEBBBA6A6DC727569568C5B4D615034C09C0FAEDE4E786E863730B5AC39B9A63E5B19B54FC6FBA474D76822DD3401626197F4EBEEF1EB38F8DF3503BEBE6433AD0110303EBE9A99EBFBDC6EFADD9C540C4B812F7532D7DD9242838B13F1EC5C5FB93C9B973620B7163C9AD03DCFE3EBC86C92E35EF1D8BAEDD792A61DFD94C21A78143735FD9DBEDDE57034FA2EC57031849840AB6621E594C02EF1E4C4E1E96B8C55757DCEC03FDE68ECF423FF118C852ED3820ABC92CD6CAE45D117F7B61FBE946BC7EB1E2B4F490366696F95B54700F3A36DE62BA3D9F11B5EAA10A4DCF7D4F0C01D25ABC5B29BA3A9936EEFE1CC74A202DFC82523A38B2AD00EF9D95BA7B2A0DF1C0201FB91B3D36E38C3B9B634210D4054FD422FDC0D867249BC762CA7A1CD9615B166FEA0F607904E678C7E6A3B0958C5E3E360DCA5F1ECA30F7890A32885750920DE1F26B83C7D0D11B529852169348183BEC390B2DEBE740EEA345EFF517F387BC35118550C5792B7B5BABDDB9D470205C0C07493A2E370FEA2B426F27D2EE386DDE14E5FBF0EA879AE121F6D76801BD325E3D8245B224838A373CC6D0D78CC39AF86CE95A70CD5333C705E1080037A95F0F00E7348BC51C435F15998BC0718FBD3C40CF2E7330DE8D0DECF98379CC45791F6417679D07D220B5ED0849B127D257AA61

Dev Escrow Public Key:
Bit length: 3072
Public exponent: 00010001
Modulus: B9D038BB555C16E1EFB04E0164637F88333D1894CCDC2B9EBE07ED552256EC0521B5FF1D7B5EFE7C31C195CB052D5F9D8FF7D9996E0E4C51D2E3E6CDCE87CDF3230EB4A09DDB1A573048D08FB0AD941AC0686A498D150D848D2C2B426F67114D257D8B3482C47363F9DCBFC426D6F284762B4C81EC85EA1799DCD1B0797330F287410BF2BB11B145B5CB99282DC997205255F79A6511001796578E0BB40B2C8A2A23CB44C9DE96D55807F0380F158A6355C522CB33A3448EB3E4746C666E630FB5090DB6F37DC873B1517AA649B61AD0E8429AB29103255B0F7FE142EAB87C511B4F4501E47C13D8C868F9D2FF008A4680D74AE856BEDB1967A219264146D75A2EB2AC9CFA1A5DD44B93003D56F05C3380085E6B46B61DBD9284FED74658DB1B38E2712B69DD2593A8C1E1D787E5449462FB44D59F333CD890EB1DF618258DA0042A96314B8D7F163715FEB42FAFEC89F1C1D9B39B0691E9048E9A7D4802AECC36504820C2EFB87634751AFCFAB2ACF15291C9478BE436DBF2755D5D13E614CD

Production Escrow Public Key:
Bit length: 3072
Public exponent: 00010001
Modulus: D06D1FCF4A1D57AB798078C474CDD8957318D52A83E777E3C9B3A66A663286ACCC7A6E3096F9524C1BDB123C3A12364CE3CFCD4CFACD7E36E2B88B1D05D3E377E24FBAA1CFD560D080E4E0D6CEFB4D2A615C333469FE408DBEE88005DB0F7B0CE1AC6E4311B060831BFF973A8C12B5E5A4865B3FF492116C538B681E342086F04A44B3C6112B61E66694C5870C00584510FDE71AFDAE862C5C851D1AE391D697DD1C3D5C3A2A1E00DA2C7F2F5574A9E6C1BC214FF5E78BC0CE363D90802CCF4A386479A9FA854596B1A53AB64F28206749062005575D574F734A5EC57C89AD2D96B3515AE1A239BADB2493BDB59532300518BE2ED5EF710C3B41F13D980A2647FD68722C9874E1445AD7566FBBD05CAA183C8859EFB7EFDFFEB2061A440C4B79236FF51ACA239E748C9A3969661FDA39E203C26AFE8EC95704C2E83B34374FC952F6378F192257145BF7BD5F2863E0405780C09345B4219CA75DBEACFA95B1BB1D6538A5767A703E93A9BAB0F141216E4CD5D06FF2024DCD9706276D7A5347BD

Update: (decrypted XVD's mounted)


Now we need to look at getting the retail aes256 key to decrypt the system files.

Update: 9/01/2015
noob25x Has posted vital source code and information about XVD's and XVC's
[Click here to view this link]


Maybe together we can figure all this out.

More info can be found here: http://www.xdevwiki.com/index.php?title=Xbox_Virtual_Disk

Very useful information here for anybody to get into this, I really enjoyed modding the 360 back in the day so might have ago at this in my spare time, I see Microsoft wasn't to keen keeping the nand secure but working more on the encryption side and leaving everything they could serversided just needs a good look into so keep up he good work! Chromemodz
 
Chr0m3 x MoDz

Chr0m3 x MoDz

From the top to the fall, lessons through it all.
VIP
Sinner Services Seasoned Veteran
Messages
5,377
Reaction score
7,882
Points
1,170
Sin$
0
So far no one is getting anywhere with the xbox one, we all have the same ideas but it just doesn't seem to be happening yet.

Maybe people just aren't that interested? It isn't easy this time though, MS did a real good job securing the xbox one.
 
B

Bradz modz4u360

Newbie
Messages
9
Reaction score
0
Points
45
Sin$
7
So far no one is getting anywhere with the xbox one, we all have the same ideas but it just doesn't seem to be happening yet.

Maybe people just aren't that interested? It isn't easy this time though, MS did a real good job securing the xbox one.
It will be harder this time round there is limited space we have available, Microsoft have changed there system around completely, it will just take time to manipulate the system we are just starting to mount the files but yet have no testing phases of repairing the nand as it was extracted so maybe some files are corrupted? I could just be goofing off only thing I know about the Xbox one os is everything I have just read on this post still progress is progress
 
no3dead

no3dead

Enthusiast
Messages
62
Reaction score
17
Points
65
Sin$
0
A friend of my in the scene sent me this today.
g524wsU.png
 
Chr0m3 x MoDz

Chr0m3 x MoDz

From the top to the fall, lessons through it all.
VIP
Sinner Services Seasoned Veteran
Messages
5,377
Reaction score
7,882
Points
1,170
Sin$
0
A friend of my in the scene sent me this today.
g524wsU.png
Nothing we haven't had for years already, Here's one for you. (Kernel debugging on alpha).

It's not of much use at this point in time, because the OS has no security that the Xbox one has.
6c7de24187.jpg
 
Last edited:
no3dead

no3dead

Enthusiast
Messages
62
Reaction score
17
Points
65
Sin$
0
Nothing we haven't had for years already, Here's one for you. (Kernel debugging on alpha).

It's not of much use at this point in time, because the OS has no security that the Xbox one has.
-snip-

That's not the same one that's the January 2013 one, he extracted one of the encrypted xvds.
 
Chr0m3 x MoDz

Chr0m3 x MoDz

From the top to the fall, lessons through it all.
VIP
Sinner Services Seasoned Veteran
Messages
5,377
Reaction score
7,882
Points
1,170
Sin$
0
That's not the same one that's the January 2013 one, he extracted one of the encrypted xvds.
If that's the case (I don't believe that but I obviously don't know), I wonder how he did it without key's if he can extract one, he should be able to extract all.
 
no3dead

no3dead

Enthusiast
Messages
62
Reaction score
17
Points
65
Sin$
0
Me, and him are working to get it running in a VM or natively (VM first).

It'll take us awhile but we are hopeful.
 
Last edited:
B

Bradz modz4u360

Newbie
Messages
9
Reaction score
0
Points
45
Sin$
7
Good luck to you mate, I would try to help out but lost all my computers when I got my own flat, all I know is a little iPad 32 but but when I get my new job taking a grand a week I shall get a 16gb ram tower 64bit and I'll like to help you out anyway I can just make sure u keep the good work up!!!
 
T

toolegit

Enthusiast
Messages
111
Reaction score
5
Points
70
Sin$
0
Can someone please figure this out. I just want gaming to be fun again.
 
Top Bottom
Login
Register