Un Guide Qui A L'air Bien Pratique : Recupération De La Clef Cpu

zouzzz

Par zouzzz
dans Hack JTAG

 Partager

Messages recommandés

zouzzz Vieille Branche

zouzzz

Posté(e)
Posté(e) (modifié)

Salut,

Voici un guide pour les "novices", choppé sur les forums de xbox-scene et réalisé par openxdkman qui permet en autre de récupérer sa clef CPU :

Here is a guide :

A guide for newbies trying to get ready for homebrew on Xbox360

Purpose : Obtain CPU key in order to be ready for future 360 homebrew

and more, eventually...

Table of Contents :

I) How to start Gentoo LiveCD Xenon Beta v2

II) How to get the ethernet connection

III) How to get comfortable under 1080i

IV) How to switch to your country keyboard layout

V) How to explore folders

VI) How to surf on internet

VII) How to get CPU key or compile/run remotely from your PC

VIII)Thanks

A) Links

Guide :

I) How to start Gentoo LiveCD Xenon Beta v2

You need :

- Vulnerable Xbox360 (fw 4532 or 4548). It can be a core (no harddisk)

- Retail King Kong (first edition, get one for your region -Pal or NTSC-)

- Flashed Drive fw (allowing you to play a backup of your retail KK)

- (OPTIONAL) serial device cable (RS232 -12V/12V <=> 360 port 0/3.3V)

- Cpas's "serial kk patcher v2" or xorloser's patcher (if no serial)

- A blank Verbatim DVD+R Double Layer 8.5Gb

- A DVD DL burner compatible with 360 backups creation

- Some USB keyboard and mouse

Create the special KK backup disc :

- extract .dvd or .iso file from KK original (see other tutorials)

- patch it with patch above (xorloser's one if you don't solder serial plug)

- burn .dvd or .iso file

If you have serial device (can use standard sat decoder flash cable) :

- Plug usb keyboard & mouse

- Boot KK. Play start. You will see a boat. Game will freeze. Ok.

- With a terminal (for example, ZOC 5). Upload xell_choice (rom.bin)

- When it offers choice (1 or 2), eject, put Gentoo live cd. Press 2.

If no serial device :

- Plug usb keyboard & mouse

- Boot KK. Play start. It should eject disc.

- Insert Gentoo live cd and pray (I haven't tested this method myself).

(OPTIONAL)

This is where serial device is to be soldered (top left corner of MB):

	  RX	  |J2B1  1  3  5  7  9  11 13	  X  X  O  O  O  O  X	  X  X  X  X  X  X	  2  4  6  8  10 12	  |		|	 |	  TX	 +3.3v  GND

In ZOC 5, configure speed and type of serial link : 115200 8N1

You will get an orange full ring of light up Leds when Gentoo is started.

Don't worry that's not the "red ring of death"...

You should see the "efuses list" (At least you have it in ZOC 5 window).

Try to write it down and keep it in a safe place.

A part of it is the CPU key that may get you ready for future 360 homebrew,

whatever firmware you will have in future.

If you don't have CPU key at this step, don't worry, we will catch it later.

If you have it you can, eventually stop this guide here.

II) How to get the ethernet connection

The clue is to have the Xbox360 connected to a machine or hub.

This machine (or a machine through the hub) must act as a DHCP server.

The most easy way is to activate "Internet Connection Sharing" on XP.

It's not called this way though. In network configuration on left side,

you should be offered the option to create a local network.

You won't be warned, but that will turn the ethernet plug you choose

to dedicate to ICS into a static IP address 192.168.0.1.

Now each time Gentoo boots, it will get a dynamic address from PC.

If PC is connected to internet, Gentoo will take advantage of it.

You can see if Gentoo got a valid address by going in top menu

(bottom menu for me, see below), and follow the path :

Applications->System tools->Network tools.

- Be sure to look at the "Devices" tab.

- The default device currently selected is "Loopback Interface (l0)".

- Change it and select "Ethernet Interface (eth0)".

- You should read IP address=192.168.0.n (n is decided by your PC).

(If you have something like 127.0.0.1, it's game over. Change your PC config, cables, etc... and reboot as many times as needed. Understand dhcp!)

III) How to get comfortable under 1080i

I'm using a vga box on a vulnerable xbox360 set to 1080i.

On my plasma screen I can't see the very top of screen.

If you don't see top of screen in 1080i :

Move mouse cursor to top right of screen and drag to top bottom.

That will move top bar to bottom of screen

Keyboard shortcuts to know :

(if you can't reach top right controls of a specific window)

Alt+F4 : Close window (quit)

Alt+F5 : Normal state (with it you can get rid of maximized state)

Alt+F6 : Select active window (same as Alt+Tab under Windows)

Alt+F7 : Move window (with arrow keys or mouse, then enter or esc)

Alt+F8 : Resize window (with arrow keys or mouse, then enter or esc)

Alt+F9 : Iconified state (bring it back with Alt+F6)

Alt+F10 : Maximized state (window will cover all screen)

IV) How to switch to your country keyboard layout

- Launch System->Preferences->Keyboard

- Select "Layouts" tab

- Click "Add"

- Select your country. Click "OK".

- Move up and check in your country layout. Click "Close".

V) How to explore folders

- Launch Applications->System Tools->File browser

- In the little combo list on left, replace "Places" with "Tree"

- Go in Edit->Preferences, View tab, replace "Icon view" with "List view"

Now you will have the look and feel of Windows explorer, somehow.

VI) How to surf on internet

- Launch Applications->Internet->Epiphany Web Browser

- Hit Alt+F5 to get rid of maximized window state, if you like

If you are using ICS on XP, if your XP was not connected to internet,

now it is (it connected itself automatically when Gentoo needed it).

VII) How to get CPU key or compile/run remotely from your PC

- Launch Applications->Accessories->Terminal

(I write below : the prompt, the command you have to type in, the results)

gentoo@livecd ~ $ sudo passwd

New UNIX password : mylongpwd

Retype new UNIX password : mylongpwd

passwd: password updated successfully

gentoo@livecd ~ $ sudo /usr/sbin/sshd

Now that ssh daemon is running, on your PC, launch WinSCP (winscp.net)

Fill in the field in order to establish the network link with ssh daemon

Hostname : livecd.mshome.net (or the IP address of the console)

UserID : root

Password : mylongpwd

Confirm you accept the link without warranty (click Yes)

You are asked to change password : type in "mysecondpwd" twice

WinSCP window is now opened and link is established.

You can transfert files at will and start remote sessions in order to compile.

Ctrl+T is the shortcut that creates a remote session.

(Never forget files in LiveCD are stored in RAM. If you shutdown console you lose them. You have to transfert your creations back to your PC each time. However some usb storage devices worked. PSP for example.)

Copy Arnezami's dump32 from your PC harddisk into /var/tmp

(or copy its source and recompile it with "gcc -o dump32 dump32.c")

Open session with Ctrl+T then type in these commands :

chmod u+x ./dump32

sudo ./dump32

After a few secondes it should end (we don't care about returned values)

3 files appear in /var/tmp : Fuses.txt, 1BL.BIN (32Kb), NAND.BIN (16Mb)

(you need to hit refresh button in WinSCP to see them)

Copy Fuses.txt to your PC harddisk (backup it several times !)

Its content shows :

00: c0ffffffffffffff01: 0f0f0f0f0f0f0ff002: 0f0000000000000003: xxxxxxxxxxxxxxxx04: xxxxxxxxxxxxxxxx05: yyyyyyyyyyyyyyyy06: yyyyyyyyyyyyyyyy07: f00000000000000008: 000000000000000009: 00000000000000000a: 00000000000000000b: 0000000000000000

03=04, 05=06 and (03,05) is your CPU Key. Never lose it!

Even if you upgrade to lastest firmware (even if you keep R6T3 resistor), it's quite possible that downgrades become possible assuming you have it.

But dump32 created 2 other interesting files... (Keep them too, who knows)

Copy 1BL.BIN to your hard disk.

1BL.BIN is "the first boot looder". It was stored inside CPU too (I think).

That thing is able to decipher the 2nd boot loader which is in the firmware.

Copy NAND.BIN to your hard disk.

That's the firmware image of your console!

But you can't reflash your NAND (the chipset that stores firmware) with that image (yet). For that you should use a physical firmware image. A physical firmware image can be obtained with infectus, olympus mausb-10 or by unsoldering NAND and using any NAND reader/flasher.

Difference between this image and a physical one is the management of bad blocks and the fact that 360 hardware inner parts may change data on the fly. Sometimes there are blocks (NAND memory is divided into sectors) that are sectors that are damaged (32768 sectors of 512 bytes each). For each sector 16 extra bytes can be obtained in order to control the validity of the sector's data. Reasearches are currently in progress in order to create a clean software firmware reading and flashing.

If dump32 hangs it may be because of damaged sectors. Try to change the loop in order to skip the damaged sectors (M$ tolerates a little number of damaged sectors in the Nand they purchase for 360 manufacturing).

Robinsod has made a nice program that extracts the code modules of firmware image. But I'm not yet very experienced with it. I will post more tutorials later for those interested into firmware exploration...

But if you got cpu keys and can't wait any longer to play lastest games, you can upgrade firmware now. You still keep good chances for homebrew.

If you can wait more, try to play a bit more with your firmware. If you are good, you may end up, for example, with warpjavier's nice mod that allows to swap firmwares just by inserting xD-picture 16Mb memory cards...

I may try that later myself.

Don't lose your CPU Keys now!

Final piece of advise : Water cool your 360 and remove XClamps!

(since it's better to keep with you the 360 you have the CPU keys for!)

VIII) Thanks

Thanks to tmbinc & anonymous friends, Bunny, Cpas, Arnezami, Takires, TheSpecialist, GaryOPA, Warpjavier, SeventhSon, Robinsod...

(Sorry for not writing all the other good hackers names...)

Your (public) progress in improving the utility of xbox360 is great!

Thanks for sharing your knowledge with us!

A) Links

- Gentoo LiveCD Xenon Beta v2

http://xbins.org (see other tutorials about how to enter xbins repository)

- Xorloser's KK patcher (for people without the serial device link)

http://xbins.org (see other tutorials about how to enter xbins repository)

The full name of the patcher is :

"King Kong Shader Exploit for the XELL Loader (No Serial Cable Required) "

- Cpas's "serial kk patcher v2" (for people who soldered a serial device link)

http://www.360mods.net/Downloads/details/id=79.html

- Cpas's xell_choice (rom.bin and its source) :

http://mydedibox.homelinux.com/downloads/x...l_choice.tar.gz

(It's tmbinc's -and friends- xell loader with some nice choice in it :

read cd or boot stuff through tftp)

- WinSCP (allows you to transfert files and open remote sessions)

http://winscp.net

- Arnezami's dump32 utility (get CPU keys, 1BL & NAND with LiveCD!)

Binary: http://rs24.rapidshare.com/files/39038675/dump32.html

Source: http://rs24.rapidshare.com/files/39038437/dump32.c.html

You can follow the progress of these heroes on their favorite site :

http://xboxhacker.net

But, please, just read, don't post there, unless you contribute significantly.

You can make usual comment in this thread instead. They will read it surely.

Je n'ai pas traduit car je suis une bille en anglais, mais ça reste tout à fait compréhensible.

La traduction par xam1311 : http://gueux-forum.net/index.php?showtopic=165468&hl=

Modifié par zouzzz
zouzzz Vieille Branche

zouzzz

Posté(e)
  • Auteur
Posté(e) (modifié)

En autre : changer la clef du lecteur DVD, changer la région de sa console.

Merci xam1311, c'est cool

Modifié par zouzzz
xneon Membre

xneon

Posté(e)
Posté(e) (modifié)

haaaaa !!

En voila une bonne nouvelle !

Edit: Apres vos tests, si sa marche et tout (je pense que oui :P) sa serais bien de nous faire un bon guide en FR :)

Modifié par xneon
zouzzz Vieille Branche

zouzzz

Posté(e)
  • Auteur
Posté(e)

Je crois que la clef CPU n'est pas tout, il faut aussi une autre clef dont je ne sais comment la récupérer (je débarque un peu dans cette section). Mais chaque chose en son temps et avec beaucoup de lecture ici et là on devrait arriver à avoir tout ce qu'il faut.

Créer un compte ou se connecter pour commenter

Vous devez être membre afin de pouvoir déposer un commentaire

Créer un compte

Créez un compte sur notre communauté. C’est facile !

Créer un nouveau compte

Se connecter

Vous avez déjà un compte ? Connectez-vous ici.

Connectez-vous maintenant
 Partager
Aller sur la liste des sujets