How Microsoft killed the XOR Hack.
This is exactly as it seems. the XOR hack was patched with the recent update. It was pretty obvious that it was going to happen. But we can no longer RGH consoles on 15xxx without a CPU key and earlier exploitable dump (14719, 14717, 14699, 13599 or below)
Code:
With the new 15*** update, M$ has added a new key to their hash calculation for the rc4 key.
It's basically just the first 16 bytes of the header, which include the version number, entrypoint, and size.
These are all per-CB, per-version, so we cannot take a keystream
from a 15*** CBB and use it to make a 14*** CB
because the CBA on 14*** is unable to calculate the rc4 key no matter what we change.
What this means:
In order to RGH2 an xbox with 15***, you need either:
1) The cpu_key
2) A previous exploitable dump from the SAME XBOX. Must fit one of the following:
- Phats: 14717, 14719
- Slims: 13146, 13599, 14699, 14717, 14719
Older dumps will NOT WORK with RGH2/RGH3 !
DO NOT UPDATE TO 15*** WITHOUT BACKING UP FIRST!
What do we do now:
We are looking into ways of exploiting the rc4.
To make it clear, the new way of generating the CBB decryption rc4 key is as follows:
Secret = CBA[0x10:0x20]
Ingest = CBB[0x10:0x20] + CPU_Key + CBA[0:6] + 0x0000 + CBA[6:0x10]
Code:
def decrypt_CB_Cpu(CB):
assert cpukey
secret = CB_A[0x10:0x20]
h = hmac.new(secret,None, sha);
h.update(CB[0x10:0x20]);
h.update(cpukey);
v = struct.unpack(">h", CB_A[0x6:0x8])[0]
print " * checking flag: %X" % v
if( v & 0x1000):
print " ** Using new encryption scheme"
h.update(CB_A[0:0x6] + "\x00\x00" + CB_A[8:0x10]);
key = h.digest()[0:0x10]
CB = CB[0:0x10] +key+ RC4.new(key).decrypt(CB[0x20:])
return CB
Source - http://team-xecuter.com/how-ms-killed-the-xor-hack/
Re: How Microsoft killed the XOR Hack.
good share Ren , i was just reading this elsewhere , and thought about posting it... seems like u ninja'd me :P
hope this will warn people to wait update if they want RGH, its a matter of time before this will be solved , and new dash gets exploitible.
Re: How Microsoft killed the XOR Hack.
meaning i need to get a new xbox as soon as possible so i don't have one with the new dash... -.-
thanks for the share though ^_^
Re: How Microsoft killed the XOR Hack.
dont worry sam , this is just a little game of cat and mouse... eventually M$ will loose , and we will have every dash exploitibles.
Re: How Microsoft killed the XOR Hack.
yea i know... but that might take some time though... ^_^'
Re: How Microsoft killed the XOR Hack.
Just wondering, but which update¿ My console hasn't asked me to update yet.
I've been online on the console except for when working and sleeping.
I'm currently watching the Suda 51 interview [Lollipop Chainsaw] on the Japanese Inside Xbox show.
Do we get system updates silently now or something¿
Re: How Microsoft killed the XOR Hack.
Its always a waiting game for both sides may the force be with us lol
Re: How Microsoft killed the XOR Hack.
This makes me want to get me my hands on a 15*** dump.