What's new

C/C++ Xbox 360 - Get CPU Key

  • Thread starter XeClutch
  • Start date
  • Views 2,083
X

XeClutch

Contingency Dev
Messages
3,687
Reaction score
2,452
Need a bit of help on this one, I have tried the following and none worked. Some crashed, others returned an invalid key.

Method 1:
Code:
QWORD _declspec(n***d) HvxExpansionCall(DWORD ExpansionID, QWORD Param1 = 0, QWORD Param2 = 0, QWORD Param3 = 0, QWORD Param4 = 0)
{
    if (XboxKrnlVersion->Build == 9199)
        __asm { li r0, 0x76 }
   else if (XboxKrnlVersion->Build == 12611 || XboxKrnlVersion->Build == 12625)
        __asm { li r0, 0x70 }
   else if (XboxKrnlVersion->Build >= 13110)
        __asm { li r0, 0x6F }
    __asm
    {
        sc
        blr
    }
}
HRESULT HvPeekQWORD(QWORD Address)
{
    return (HRESULT)HvxExpansionCall(0x48565050, 8, Address);
}
VOID HvGetFuses(QWORD *Out)
{
    for (int i = 0; i < 16; i++)
        Out[i] = HvPeekQWORD(0x8000020000020000 + (i * 0x200));
}
string GetCPU()
{
    char* str;
    QWORD fuses[12];
    HvGetFuses(fuses);
    sprintf(str, "%016I64X%016I64X", fuses[3], fuses[5]);
    return str;
}

Method 2:
Code:
QWORD _declspec(n***d) HvxExpansionCall(DWORD ExpansionID, QWORD Param1 = 0, QWORD Param2 = 0, QWORD Param3 = 0, QWORD Param4 = 0)
{
   if (XboxKrnlVersion->Build == 9199)
        __asm { li r0, 0x76 }
   else if (XboxKrnlVersion->Build == 12611 || XboxKrnlVersion->Build == 12625)
        __asm { li r0, 0x70 }
   else if (XboxKrnlVersion->Build >= 13110)
        __asm { li r0, 0x6F }
    __asm
    {
        sc
        blr
    }

}
HRESULT HvPeekQWORD(QWORD Address)
{
    return (HRESULT)HvxExpansionCall(0x48565050, 8, Address);
}
string GetCPU()
{
    string str;
    byte CPU[16];
    CPU = HvPeekQWORD(0x8000020000020600);
    CPU[8] = HvPeekQWORD(0x8000020000020A00);
    for (int i = 0; i < 16; i++)
        str += va("%X", CPU[i]);
    return str;
}
 
X

XeClutch

Contingency Dev
Messages
3,687
Reaction score
2,452
I get this error when it is called. (xbWatson screenshot)
1351280a53e13ed06d4804d6c9f35a50.png
 
S

S7 Pro

Seasoned Member
Messages
2,511
Reaction score
1,604
I get this error when it is called. (xbWatson screenshot)
1351280a53e13ed06d4804d6c9f35a50.png
You're using HvxExpansionCall incorrectly. The second parameter should be the 0x3, as 0x8 is for poking.

Code:
QWORD HvPeekQWORD(QWORD Address) {
return HvxExpansionCall(0x48565050, 0x3, Address, 0, 0);
}
 
X

XeClutch

Contingency Dev
Messages
3,687
Reaction score
2,452
You're using HvxExpansionCall incorrectly. The second parameter should be the 0x3, as 0x8 is for poking.

Code:
QWORD HvPeekQWORD(QWORD Address) {
return HvxExpansionCall(0x48565050, 0x3, Address, 0, 0);
}
Didn't work, here is what I used.
Code:
QWORD _declspec(n***d) HvxExpansionCall(DWORD ExpansionID, QWORD Param1 = 0, QWORD Param2 = 0, QWORD Param3 = 0, QWORD Param4 = 0)
{
  if (XboxKrnlVersion->Build == 9199)
  __asm { li r0, 0x76 }
  else if (XboxKrnlVersion->Build == 12611 || XboxKrnlVersion->Build == 12625)
  __asm { li r0, 0x70 }
  else if (XboxKrnlVersion->Build >= 13110)
  __asm { li r0, 0x6F }
  __asm
  {
  sc
  blr
  }
}
HRESULT HvPeekQWORD(QWORD Address)
{
  return (HRESULT)HvxExpansionCall(0x48565050, 3, Address);
}
VOID HvGetFuses(QWORD *Out)
{
  for (int i = 0; i < 16; i++)
  Out[i] = HvPeekQWORD(0x8000020000020000 + (i * 0x200));
}
string GetCPU()
{
  char* str;
  QWORD fuses[12];
  HvGetFuses(fuses);
  sprintf(str, "%016I64X%016I64X", fuses[3], fuses[5]);
  return str;
}
 
S

S7 Pro

Seasoned Member
Messages
2,511
Reaction score
1,604
Didn't work, here is what I used.
Code:
QWORD _declspec(****d) HvxExpansionCall(DWORD ExpansionID, QWORD Param1 = 0, QWORD Param2 = 0, QWORD Param3 = 0, QWORD Param4 = 0)
{
  if (XboxKrnlVersion->Build == 9199)
  __asm { li r0, 0x76 }
  else if (XboxKrnlVersion->Build == 12611 || XboxKrnlVersion->Build == 12625)
  __asm { li r0, 0x70 }
  else if (XboxKrnlVersion->Build >= 13110)
  __asm { li r0, 0x6F }
  __asm
  {
  sc
  blr
  }
}
HRESULT HvPeekQWORD(QWORD Address)
{
  return (HRESULT)HvxExpansionCall(0x48565050, 3, Address);
}
VOID HvGetFuses(QWORD *Out)
{
  for (int i = 0; i < 16; i++)
  Out[i] = HvPeekQWORD(0x8000020000020000 + (i * 0x200));
}
string GetCPU()
{
   char* str;
   QWORD fuses[12];
   HvGetFuses(fuses);
   sprintf(str, "%016I64X%016I64X", fuses[3], fuses[5]);
   return str;
}
First of all, you're only creating an array of qwords with a size of 12 in the array, whereas your GetCPU method iterates over 16, so there's a runtime error there. Secondly, since you're only getting the fourth and sixth fuse, wouldn't it be easier to grab just those fuses? Next, you didn't allocate any memory for your buffer. Here's some updated code, keep in mind might have an error or two, wrote it pretty quick.
Code:
void * GetCPU(const char *buffer)
{
QWORD fuses[2];
fuses[0] = HvPeekQWORD(0x8000020000020000 + (3 * 0x200)); // grabs fourth fuse
fuses[1] = HvPeekQWORD(0x8000020000020000 + (5 * 0x200)); // grabs sixth fuse
sprintf(buffer, "%016I64X%016I64X", fuses[0], fuses[1]);
}

to use:

char *buffer = (char*)malloc(32);
GetCPU(buffer); //buffer will now contain cpu key
 
Last edited:
X

XeClutch

Contingency Dev
Messages
3,687
Reaction score
2,452
First of all, you're only creating an array of qwords with a size of 12 in the array, whereas your GetCPU method iterates over 16, so there's a runtime error there. Secondly, since you're only getting the fourth and sixth fuse, wouldn't it be easier to do:
Code:
string GetCPU()
{
QWORD fuses[2];
fuses[0] = HvPeekQWORD(0x8000020000020000 + (3 * 0x200)); // grabs fourth fuse
Out[1] = HvPeekQWORD(0x8000020000020000 + (5 * 0x200)); // grabs sixth fuse
sprintf(str, "%016I64X%016I64X", fuses[0], fuses[1]);
return str;
}
Doesn't crash but returns "(null)".
ef41a9bcd37c04b307443b6562dc8f19.png
 
X

XeClutch

Contingency Dev
Messages
3,687
Reaction score
2,452
Uh, I had return type wrong. Fixed it if you refer to above.
Works (more/less). It returned the value of some other two fuses (I think). Didn't crash but stopped the game from loading.
Code:
VOID GetCPU(const char* buffer)
{
   QWORD fuses[2];
   fuses[0] = HvPeekQWORD(0x8000020000020000 + (3 * 0x200));
   fuses[1] = HvPeekQWORD(0x8000020000020000 + (5 * 0x200));
   sprintf((char*)buffer, "%016I64X%016I64X", fuses[0], fuses[1]);
}

// call
char* cpu = (char*)malloc(64);
GetCPU(cpu);
DbgPrint("CPU Key: %s\n", cpu);
 
Top Bottom