Some Research from halo 3

Discussion in 'Halo 3 Modding' started by xxsoftwarexx, Feb 16, 2009 with 3 replies and 650 views.

Thread Status:
Not open for further replies.
  1. xxsoftwarexx

    xxsoftwarexx Enthusiast

    Messages:
    36
    Ratings:
    3
    RSA private key .txt codes-
    Code:
    .text:825810E0
    .text:825810E0
    .text:825810E0
    .text:825810E0 sub_825810E0: # CODE XREF: sub_82581D18+150p
    .text:825810E0
    .text:825810E0 .set var_40, -0x40
    .text:825810E0 .set var_30, -0x30
    .text:825810E0 .set var_10, -0x10
    .text:825810E0 .set var_8, -8
    .text:825810E0
    .text:825810E0 mflr %r12
    .text:825810E4 stw %r12, var_8(%sp)
    .text:825810E8 std %r31, var_10(%sp)
    .text:825810EC stwu %sp, -0x90(%sp)
    .text:825810F0 li %r11, 0
    .text:825810F4 mr %r31, %r3
    .text:825810F8 li %r10, 0x14
    .text:825810FC addi %r9, %sp, 0x90+var_30
    .text:82581100 li %r8, 0
    .text:82581104 li %r7, 0
    .text:82581108 stw %r11, 0x90+var_40(%sp)
    .text:8258110C li %r6, 0
    .text:82581110 li %r5, 0
    .text:82581114 li %r4, 0x58
    .text:82581118 addi %r3, %r31, 0x22C
    .text:8258111C bl XeCryptSha
    .text:82581120 addi %r5, %sp, 0x90+var_40
    .text:82581124 addi %r4, %r31, 4
    .text:82581128 addi %r3, %sp, 0x90+var_30
    .text:8258112C bl XeKeysConsoleSignatureVerification
    .text:82581130 cmpwi %r3, 0
    .text:82581134 beq loc_82581148
    .text:82581138 lwz %r11, 0x90+var_40(%sp)
    .text:8258113C li %r3, 1
    .text:82581140 cmpwi cr6, %r11, 0
    .text:82581144 bne cr6, loc_8258114C
    .text:82581148
    .text:82581148 loc_82581148: # CODE XREF: sub_825810E0+54j
    .text:82581148 li %r3, 0
    .text:8258114C
    .text:8258114C loc_8258114C: # CODE XREF: sub_825810E0+64j
    .text:8258114C addi %sp, %sp, 0x90
    .text:82581150 lwz %r12, var_8(%sp)
    .text:82581154 mtlr %r12
    .text:82581158 ld %r31, var_10(%sp)
    .text:8258115C blr
    .text:8258115C # End of function sub_825810E0
    .text:8258115C
    .text:82581160
    .text:82581160
    .text:82581160
    .text:82581160
    .text:82581160 sub_82581160: # CODE XREF: sub_82581460+B8p
    .text:82581160 # sub_82581D18+278p
    .text:82581160
    .text:82581160 .set var_47C, -0x47C
    .text:82581160 .set var_470, -0x470
    .text:82581160 .set var_468, -0x468
    .text:82581160 .set var_460, -0x460
    .text:82581160 .set var_458, -0x458
    .text:82581160 .set var_454, -0x454
    .text:82581160 .set var_450, -0x450
    .text:82581160 .set var_440, -0x440
    .text:82581160 .set var_420, -0x420
    .text:82581160
    .text:82581160 mflr %r12
    .text:82581164 bl __savegprlr_29
    .text:82581168 stwu %sp, -0x4D0(%sp)
    .text:8258116C li %r31, 0
    .text:82581170 addi %r11, %sp, 0x4D0+var_468+4
    .text:82581174 mr %r30, %r3
    .text:82581178 li %r5, 0x3FF
    .text:8258117C li %r4, 0
    .text:82581180 stw %r31, 0x4D0+var_468(%sp)
    .text:82581184 addi %r3, %sp, 0x4D0+var_420+1
    .text:82581188 stw %r31, 0(%r11)
    .text:8258118C stb %r31, 0x4D0+var_420(%sp)
    .text:82581190 bl sub_8258E5C0
    .text:82581194 li %r6, 0x22
    .text:82581198 stw %r31, 0x4D0+var_458(%sp)
    .text:8258119C lis %r11, unk_8200241C@h
    .text:825811A0 li %r31, 0x40
    .text:825811A4 addi %r11, %r11, unk_8200241C@l
    .text:825811A8 li %r10, 1
    .text:825811AC stw %r6, 0x4D0+var_47C(%sp)
    .text:825811B0 li %r9, 1
    .text:825811B4 li %r8, 4
    .text:825811B8 li %r7, 0
    .text:825811BC stw %r31, 0x4D0+var_450(%sp)
    .text:825811C0 addi %r6, %sp, 0x4D0+var_460
    .text:825811C4 stw %r11, 0x4D0+var_454(%sp)
    .text:825811C8 addi %r5, %sp, 0x4D0+var_458
    .text:825811CC lis %r4, -0x3FF0
    .text:825811D0 addi %r3, %sp, 0x4D0+var_470
    .text:825811D4 bl NtCreateFile
    .text:825811D8 mr. %r31, %r3
    .text:825811DC blt loc_82581288
    .text:825811E0 li %r10, 0x14
    .text:825811E4 addi %r9, %sp, 0x4D0+var_440
    .text:825811E8 li %r8, 0
    .text:825811EC li %r7, 0
    .text:825811F0 li %r6, 0
    .text:825811F4 li %r5, 0
    .text:825811F8 li %r4, 0x58
    .text:825811FC addi %r3, %r30, 0x22C
    .text:82581200 bl XeCryptSha
    .text:82581204 addi %r4, %r30, 4
    .text:82581208 addi %r3, %sp, 0x4D0+var_440
    .text:8258120C bl XeKeysConsolePrivateKeySign
    .text:82581210 li %r29, 0x800
    .text:82581214 addi %r10, %sp, 0x4D0+var_468
    .text:82581218 lwz %r3, 0x4D0+var_470(%sp)
    .text:8258121C li %r9, 0x400
    .text:82581220 addi %r8, %sp, 0x4D0+var_420
    .text:82581224 addi %r7, %sp, 0x4D0+var_460
    .text:82581228 li %r6, 0
    .text:8258122C std %r29, 0x4D0+var_468(%sp)
    .text:82581230 li %r5, 0
    .text:82581234 li %r4, 0
    .text:82581238 bl NtReadFile
    .text:8258123C mr. %r31, %r3
    .text:82581240 blt loc_82581280
    .text:82581244 addi %r3, %sp, 0x4D0+var_420
    .text:82581248 li %r5, 0x284
    .text:8258124C mr %r4, %r30
    .text:82581250 bl sub_8258E090
    .text:82581254 addi %r10, %sp, 0x4D0+var_468
    .text:82581258 li %r9, 0x400
    .text:8258125C lwz %r3, 0x4D0+var_470(%sp)
    .text:82581260 addi %r8, %sp, 0x4D0+var_420
    .text:82581264 std %r29, 0x4D0+var_468(%sp)
    .text:82581268 addi %r7, %sp, 0x4D0+var_460
    .text:8258126C li %r6, 0
    .text:82581270 li %r5, 0
    .text:82581274 li %r4, 0
    .text:82581278 bl NtWriteFile
    .text:8258127C mr %r31, %r3
    .text:82581280
    .text:82581280 loc_82581280: # CODE XREF: sub_82581160+E0j
    .text:82581280 lwz %r3, 0x4D0+var_470(%sp)
    .text:82581284 bl NtClose
    .text:82581288
    .text:82581288 loc_82581288: # CODE XREF: sub_82581160+7Cj
    .text:82581288 mr %r3, %r31
    .text:8258128C addi %sp, %sp, 0x4D0
    .text:82581290 b __restgprlr_29
    .text:82581290 # End of function sub_82581160
    .text:82581290
    .text:82581290 #
    --------------------------------------------------------------------------
    RSA KEY-
    --------------------------------------------------------------------------
    Code:
    EDD43009666D5C4A5C3657FAB40E022F535AC6C9EE471F01F1A44756B7714F1C36EC
    0000000000000000002000010001000000000000000002675D239DA747D712131ED641674BD
    B3FF4705AABA3B3172C3465F04D90CF55AA6CBDED40274E62BB0FE295120B5F8F772E4BB7BA
    8E6BFA99C8C26C3CE6A42F4B2B05A4213A2B6ED849CB084CC52EC24308B51BF5A70D673703A1
    931E8ACE1B29A9455E45BB301A0BEDBDC616E6A45BD843671D1B559F2E54450DDA02736E52A04F
    52DC9A811EA56A5A9F5B458F59282ECE5A7D21018B7BE69B7C99143F2EB8B16DC52F94244560D2B
    34E3D2A8F3E41389148E6D8B5E095621ADDF11A91EDD083F8EA8E99595286AC0DBEAC3F4EB933086
    1A5907A67B0C498F10869C36C40D682563859FAE3E5C77A9A2450F19CE7A48D3416297C24BEB4A99B
    3B1D97943269
    --------------------------------------------------------------------------
    RSA Key privsign_START-
    Code:
    .rdata:82000828 __imp__XeKeysConsolePrivateKeySign:.long 0x10256
    .rdata:8200082C __imp__NtReadFile:.long 0x100F0
    .rdata:82000830 __imp__NtWriteFile:.long 0x100FF
    .rdata:82000834 __imp__XeCryptSha:.long 0x10192
    .rdata:82000838 __imp__XeKeysConsoleSignatureVerification:.long 0x10257
    --------------------------------------------------------------------------
    Halo 3's XEX encryption Key-
    Code:
    72 15 DE 17 D2 D7 F6 87 78 68 45 78 A8 1C 42 1E
    --------------------------------------------------------------------------
    LAN Key-
    Code:
    51 55 A4 F8 11 C1 E9 19 E7 D9 A4 7F 16 E0 6C C9
    --------------------------------------------------------------------------
    XeX File StaRTER-
    halo3_cache_release.exe
    --------------------------------------------------------------------------

    --------------------------------------------------------------------------
    The Subroutine XEX SHA .1-
    Code:
    .text:8258111C bl XeCryptSha
    --------------------------------------------------------------------------
    Subroutine Console Varification XeX Sha-
    Code:
    .text:8258112C bl XeKeysConsoleSignatureVerification
    --------------------------------------------------------------------------
    The Subroutine XEX SHA .2-
    Code:
    .text:82581200 bl XeCryptSha
    --------------------------------------------------------------------------
    The XEX private key:
    Code:
    .text:8258120C bl XeKeysConsolePrivateKeySign
    --------------------------------------------------------------------------
    XeX Read And Write Files
    Code:
    .text:82581238 bl NtReadFile
    Code:
    .text:82581278 bl NtWriteFile
    --------------------------------------------------------------------------
    Xam.XEX 360-
    Code:
    .text:8270D664
    .text:8270D664
    .text:8270D664 # Attributes: library function
    .text:8270D664
    .text:8270D664 XeKeysConsoleSignatureVerification: # CODE XREF: sub_825810E0+4Cp
    .text:8270D664 li %r3, 0x257
    .text:8270D668 li %r4, 0x257
    .text:8270D66C mtctr %r11
    .text:8270D670 bctr
    .text:8270D670 # End of function XeKeysConsoleSignatureVerification
    .text:8270D670
    .text:8270D674 # [00000010 BYTES: COLLAPSED FUNCTION XeCryptSha. PRESS KEYPAD "+" TO EXPAND]
    .text:8270D684 # [00000010 BYTES: COLLAPSED FUNCTION NtWriteFile. PRESS KEYPAD "+" TO EXPAND]
    .text:8270D694
    .text:8270D694
    .text:8270D694
    .text:8270D694 # Attributes: library function
    .text:8270D694
    .text:8270D694 XeKeysConsolePrivateKeySign: # CODE XREF: sub_82581160+ACp
    .text:8270D694 li %r3, 0x256
    .text:8270D698 li %r4, 0x256
    .text:8270D69C mtctr %r11
    .text:8270D6A0 bctr
    .text:8270D6A0 # End of function XeKeysConsolePrivateKeySign
    --------------------------------------------------------------------------
    Halo 3's default.xex encryption Keys labeled addressesses, as well with the cryptology methods
    Code:


    Code *Address*Description*
    82010EAB Crypto: zlib
    820119DB Crypto: zlib
    82027433 Crypto: zlib
    8202752B Crypto: zlib
    82027693 Crypto: zlib
    8202A3EB Crypto: zlib
    8202A4EB Crypto: zlib
    8200FF28 Crypto: CRC32
    82010E20 Crypto: zlib
    82010EA8 Crypto: zlib
    82011958 Crypto: zlib
    820119D8 Crypto: zlib
    82011A58 Crypto: zlib
    82011AD0 Crypto: zlib
    820273A0 Crypto: zlib
    82027430 Crypto: zlib
    820274B0 Crypto: zlib
    82027528 Crypto: zlib
    82027618 Crypto: zlib
    82027690 Crypto: zlib
    82028040 Crypto: CRC32
    8202A3E8 Crypto: zlib
    8202A468 Crypto: zlib
    8202A4E8 Crypto: zlib
    8202A568 Crypto: zlib
    -----------------------------------------------------------------------------
    Map_Sums-
    .MAP 296E75BB: gdan
    .Map BB2E87C6: iston
    .MAP 4631BEFA: lokt
    .MAP 93010F6A: rvwd
    .MAP 78B7E5F3: Shrn
    .MAP D58A38D8: sdwr
    .MAP 645189D4: sbod
    .MAP 751D051C: amra
    .MAP 101ED950: amr2
    .MAP FFB0A750: bukd
    .MAP 13CABE44: cill
    .MAP D56039E6: cyne
    .MAP 80AAC5ED: ddlk
    .MAP AE1932FC: gtwn
    .MAP 2461D028: znzr
    .MAP 4287E24F: WrHe
    ------------------------------------------------------------------------------
    Map_StRt_
    Halo_3_Map_Load_StRt_.EXE
    ------------------------------------------------------------------------------
    System upDate
    .su20076000_00000000
    .su20086000_00000000
    .su20096000_00000000
    -------------------------------------------------------------------------------
     
  2. XeNoN.7

    XeNoN.7 Banned VIP

    Messages:
    155
    Ratings:
    120
    Honestly man just leave the research to the people who don't search "RSA" in IDA and copy and paste code..

    Half of that **** is 100% irrelevant to RSA, and the private key is NO where in the game or console, hence the entire POINT of the asymmetrical RSA usage.

    Lock please.
     
    • Like Like x 1
  3. gabe_k

    gabe_k Enthusiast

    Messages:
    852
    Ratings:
    229
    As I recall, this originated when shotspartin copied a lot of **** that he thought looked important into a textbox in his ".map resigner".
     
  4. Venomous Fire

    Venomous Fire Retired Admin 4 Life Retired

    Messages:
    8,342
    Ratings:
    3,132
    None of that is anything that isnt completely known already... and most of it is pretty useless

    Closed
     
Thread Status:
Not open for further replies.