Nand.Bin File

[J3rk My Turk3y]

Im trying to edit my nand dump from my jtag but its encrypted.  I cant seem to decrypt it, im using IDA pro.
I need to null the server side check when my jtag tries to connect to live.
This code i found will enaable me to connect with a older kernal version. Its a start on the road to live.


I posted here as the nand is coded in c++.

[debug]

Firstly, the NAND is a filesystem. It simply holds the executables you're trying to disassemble. Secondly, what you're looking at is a exported function to get the base version, i.e 1888. And thirdly, you're going to have to learn PPC assembly and at least look into the Hypervisor if you plan to get anywhere.

The truth is that you're trying to **** with LIVE, just don't bother.

[J3rk My Turk3y]

Thank you for the information I wanna learn and try to figure the correct method. Just something im interested in.

[J3rk My Turk3y]

Yeah i agree this is going to be alot to learn. With little and no understanding i have figured how to edit the xam.xex and change the kernal version to the latest. This will allow me to conect on a older dashboard and spoof as the 12625 while having the 12611 kernal.

I have been scrolling through the data looking for anything that pops out, a shot in the dark to be honest. I have found these challenges and think they are the correct ones.

Im rather exited and started to learn ppc but it mega hard, if anyone wants to take a look and maybe give some advice if im right or wrong i have attatched my xam.xex below to look at.
http://www.megaupload.com/?d=DXRCQAD1
The information i have been using is his quote

"More for you guys to look at,

The challenges are sent back to M$ and it carries them info to do checks on your console.

There is value's in place, look into the challenges, one challenge should be getting edited with alot of sub routes that lead up to that one challenge, there is challenges in more areas then the hypervisor.

Console return value's it may be the value being a mis match which then leads to your JTAG not connecting at all.

They can detect everything on your console unless removed/spoofed so the value's get detected, if it is a match to the set default value then connecting will occur, if say there was a modified console and it tries to connect, it is modified and the server checks would be able to detect it considering its modded, it is sending back a different value.

That is just another thing for you guys to look into, look into what info is being sent back from the challenges, and where they are being executes, where the return and response take place also.

There is many many things that need to be looked at, the only way you will find the exploit is through testing and searching.

+All the hypervisor talk does not mean the actual function getting modded is pulled directly from the hypervisor, the hypervisor contains no actual online whole functions. Other functions from places out side the hypervisor use its imports. Some functions grab info out of the hypervisor but the whole function is not directly locate din the hypervisor, it is just re directing info from it".

Thanks, Ketchup

[debug]

You most likely won't find anything in the xam.xex worth using, most of the stuff in there is content-related. Not much security apart from basic verification.

I've found the kernel version in both the Hypervisor header and the xboxkrnl.exe (first export). But even changing those won't be enough, they aren't going to let a simple version change allow you on to LIVE.

In all honesty, you're out of your depth on this one. Microsoft have an excellent research and development team, they aren't going to make such stupid mistakes like this.

Edt: I just googled that post and it brought me to TTG.. don't believe any technical "research" from kiddie sites like those. Most of them are just BSing to whore attention.

[J3rk My Turk3y]

Thank you debug for the information, i think you are probably right. Im in over my head here, i just keep seing people online with there jtag's. I thaught this would give me something new to learn and make alot of money when i did get my jtag online. Simple fact is its to darn complicated.

[debug]

Thank you debug for the information, i think you are probably right. Im in over my head here, i just keep seing people online with there jtag's. I thaught this would give me something new to learn and make alot of money when i did get my jtag online. Simple fact is its to darn complicated.

The people online simply edited the FreeBOOT patches to enable online, since the creator of FB originally disabled it. They aren't doing anything anywhere near as complex as this.