LibXenon
Bare-metal Xbox 360 homebrew library
Loading...
Searching...
No Matches
xb360.c
Go to the documentation of this file.
1/*
2 * xb360.c
3 *
4 * Created on: Sep 4, 2008
5 */
6
7#include <string.h>
8#include <stdio.h>
9#include <stdlib.h>
10#include <pci/io.h>
11#include <time/time.h>
12#include <xenon_nand/xenon_sfcx.h>
13#include <xenon_nand/xenon_config.h>
14#include <xenon_soc/xenon_secotp.h>
15#include <xenon_smc/xenon_smc.h>
16#include <crypt/hmac_sha1.h>
17#include <crypt/rc4.h>
18
19#include "xb360.h"
20
21extern struct XCONFIG_SECURED_SETTINGS secured_settings;
22
23extern struct sfc sfc;
24
25static const kventry kvlookup[] =
26 {
27 {XEKEY_MANUFACTURING_MODE, 0x18, 0x01},
28 {XEKEY_ALTERNATE_KEY_VAULT, 0x19, 0x01},
29 {XEKEY_RESERVED_BYTE2, 0x1A, 0x01},
30 {XEKEY_RESERVED_BYTE3, 0x1B, 0x01},
31 {XEKEY_RESERVED_WORD1, 0x1C, 0x02},
32 {XEKEY_RESERVED_WORD2, 0x1E, 0x02},
33 {XEKEY_RESTRICTED_HVEXT_LOADER, 0x20, 0x02},
34 {XEKEY_RESERVED_DWORD2, 0x24, 0x04},
35 {XEKEY_RESERVED_DWORD3, 0x28, 0x04},
36 {XEKEY_RESERVED_DWORD4, 0x2c, 0x04},
37 {XEKEY_RESTRICTED_PRIVILEDGES, 0x30, 0x08},
38 {XEKEY_RESERVED_QWORD2, 0x38, 0x08},
39 {XEKEY_RESERVED_QWORD3, 0x40, 0x08},
40 {XEKEY_RESERVED_QWORD4, 0x48, 0x08},
41 {XEKEY_RESERVED_KEY1, 0x50, 0x10},
42 {XEKEY_RESERVED_KEY2, 0x60, 0x10},
43 {XEKEY_RESERVED_KEY3, 0x70, 0x10},
44 {XEKEY_RESERVED_KEY4, 0x80, 0x10},
45 {XEKEY_RESERVED_RANDOM_KEY1, 0x90, 0x10},
46 {XEKEY_RESERVED_RANDOM_KEY2, 0xA0, 0x10},
47 {XEKEY_CONSOLE_SERIAL_NUMBER, 0xB0, 0x0C},
48 {XEKEY_MOBO_SERIAL_NUMBER, 0xBC, 0x0C},
49 {XEKEY_GAME_REGION, 0xC8, 0x02},
50 {XEKEY_CONSOLE_OBFUSCATION_KEY, 0xD0, 0x10},
51 {XEKEY_KEY_OBFUSCATION_KEY, 0xE0, 0x10},
52 {XEKEY_ROAMABLE_OBFUSCATION_KEY, 0xF0, 0x10},
53 {XEKEY_DVD_KEY, 0x100, 0x10},
54 {XEKEY_PRIMARY_ACTIVATION_KEY, 0x110, 0x18},
55 {XEKEY_SECONDARY_ACTIVATION_KEY, 0x128, 0x10},
56 {XEKEY_GLOBAL_DEVICE_2DES_KEY1, 0x138, 0x10},
57 {XEKEY_GLOBAL_DEVICE_2DES_KEY2, 0x148, 0x10},
58 {XEKEY_WIRELESS_CONTROLLER_MS_2DES_KEY1, 0x158, 0x10},
59 {XEKEY_WIRELESS_CONTROLLER_MS_2DES_KEY2 , 0x168, 0x10},
60 {XEKEY_WIRED_WEBCAM_MS_2DES_KEY1, 0x178, 0x10},
61 {XEKEY_WIRED_WEBCAM_MS_2DES_KEY2, 0x188, 0x10},
62 {XEKEY_WIRED_CONTROLLER_MS_2DES_KEY1, 0x198, 0x10},
63 {XEKEY_WIRED_CONTROLLER_MS_2DES_KEY2, 0x1A8, 0x10},
64 {XEKEY_MEMORY_UNIT_MS_2DES_KEY1, 0x1B8, 0x10},
65 {XEKEY_MEMORY_UNIT_MS_2DES_KEY2, 0x1C8, 0x10},
66 {XEKEY_OTHER_XSM3_DEVICE_MS_2DES_KEY1, 0x1D8, 0x10},
67 {XEKEY_OTHER_XSM3_DEVICE_MS_2DES_KEY2, 0x1E8, 0x10},
68 {XEKEY_WIRELESS_CONTROLLER_3P_2DES_KEY1, 0x1F8, 0x10},
69 {XEKEY_WIRELESS_CONTROLLER_3P_2DES_KEY2, 0x208, 0x10},
70 {XEKEY_WIRED_WEBCAM_3P_2DES_KEY1, 0x218, 0x10},
71 {XEKEY_WIRED_WEBCAM_3P_2DES_KEY2, 0x228, 0x10},
72 {XEKEY_WIRED_CONTROLLER_3P_2DES_KEY1, 0x238, 0x10},
73 {XEKEY_WIRED_CONTROLLER_3P_2DES_KEY2, 0x248, 0x10},
74 {XEKEY_MEMORY_UNIT_3P_2DES_KEY1, 0x258, 0x10},
75 {XEKEY_MEMORY_UNIT_3P_2DES_KEY2, 0x268, 0x10},
76 {XEKEY_OTHER_XSM3_DEVICE_3P_2DES_KEY1, 0x278, 0x10},
77 {XEKEY_OTHER_XSM3_DEVICE_3P_2DES_KEY2, 0x288, 0x10},
78 {XEKEY_CONSOLE_PRIVATE_KEY, 0x298, 0x1D0},
79 {XEKEY_XEIKA_PRIVATE_KEY, 0x468, 0x390},
80 {XEKEY_CARDEA_PRIVATE_KEY, 0x7F8, 0x1D0},
81 {XEKEY_CONSOLE_CERTIFICATE, 0x9C8, 0x1A8},
82 {XEKEY_XEIKA_CERTIFICATE, 0xB70, 0x1388},
83 {XEKEY_CARDEA_CERTIFICATE, 0x1EF8, 0x2108}
84 };
85
86void print_key(char *name, unsigned char *data)
87{
88 int i=0;
89 printf("%s: ", name);
90 for(i=0; i<16; i++)
91 printf("%02X",data[i]);
92 printf("\n");
93}
94
95int cpu_get_key(unsigned char *data)
96{
97 *(unsigned long long*)&data[0] = xenon_secotp_read_line(3) | xenon_secotp_read_line(4);
98 *(unsigned long long*)&data[8] = xenon_secotp_read_line(5) | xenon_secotp_read_line(6);
99 return 0;
100}
101
102int get_virtual_cpukey(unsigned char *data)
103{
104 unsigned char buffer[VFUSES_SIZE];
105
106 if (xenon_get_logical_nand_data(&buffer, VFUSES_OFFSET, VFUSES_SIZE) == -1)
107 {
108 return 2; //Unable to read NAND data...
109 }
110
111 //if we got here then it was at least able to read from nand
112 //now we need to verify the data somehow
113 if(buffer[0]==0xC0 && buffer[1]==0xFF && buffer[2]==0xFF && buffer[3]==0xFF)
114 {
115 memcpy(data,&buffer[0x20],0x10);
116 return 0;
117 }
118 else
119 {
120 // No Virtual Fuses were found at 0x95000, check again at 0xC0000 (Zero fuse DevGL consoles)
121 if (xenon_get_logical_nand_data(&buffer, ZFUSES_OFFSET, VFUSES_SIZE) == -1)
122 {
123 return 2; //Unable to read NAND data...
124 }
125
126 //if we got here then it was at least able to read from nand
127 //now we need to verify the data somehow
128 if(buffer[0]==0xC0 && buffer[1]==0xFF && buffer[2]==0xFF && buffer[3]==0xFF)
129 {
130 memcpy(data,&buffer[0x20],0x10);
131 return 0;
132 }
133
134 // No virtual fuses at 0x95000 or 0xC0000
135 return 1;
136 }
137}
138
139
140int kv_get_key(unsigned char keyid, unsigned char *keybuf, int *keybuflen, unsigned char *keyvault)
141{
142 if (keyid > 0x38)
143 return 1;
144
145 if (*keybuflen != kvlookup[keyid].length)
146 {
147 *keybuflen = kvlookup[keyid].length;
148 return 2;
149 }
150 memcpy(keybuf, keyvault + kvlookup[keyid].offset, kvlookup[keyid].length);
151
152 return 0;
153}
154
155
156int kv_read(unsigned char *data, int virtualcpukey)
157{
158 if (xenon_get_logical_nand_data(data, KV_FLASH_OFFSET, KV_FLASH_SIZE) == -1)
159 return -1;
160
161 unsigned char cpu_key[0x10];
162 if (virtualcpukey)
163 get_virtual_cpukey(cpu_key);
164 else
165 cpu_get_key(cpu_key);
166 //print_key("kv_read: cpu key", cpu_key);
167
168 unsigned char hmac_key[0x10];
169 memcpy(hmac_key, data, 0x10);
170 //print_key("kv_read: hmac key", hmac_key);
171
172 unsigned char rc4_key[0x10];
173 memset(rc4_key, 0, 0x10);
174
175 HMAC_SHA1(cpu_key, hmac_key, rc4_key, 0x10);
176 //print_key("kv_read: rc4 key", rc4_key);
177
178 unsigned char rc4_state[0x100];
179 memset(rc4_state, 0, 0x100);
180
181 rc4_init(rc4_state, rc4_key ,0x10);
182 rc4_crypt(rc4_state, (unsigned char*) &data[0x10], KV_FLASH_SIZE - 0x10);
183
184 //Now then do a little check to make sure it is somewhat correct
185 //We check the hmac_sha1 of the data and compare that to
186 //the hmac_sha1 key in the header of the keyvault
187 //basically the reverse of what we did to generate the key for rc4
188 unsigned char data2[KV_FLASH_SIZE];
189 unsigned char out[20];
190 unsigned char tmp[] = {0x07, 0x12};
191 HMAC_SHA1_CTX ctx;
192
193 //the hmac_sha1 seems destructive
194 //so we make a copy of the data
195 memcpy(data2, data, KV_FLASH_SIZE);
196
197 HMAC_SHA1_Init(&ctx);
198 HMAC_SHA1_UpdateKey(&ctx, (unsigned char *) cpu_key, 0x10);
199 HMAC_SHA1_EndKey(&ctx);
200
201 HMAC_SHA1_StartMessage(&ctx);
202
203 HMAC_SHA1_UpdateMessage(&ctx, (unsigned char*) &data2[0x10], KV_FLASH_SIZE - 0x10);
204 HMAC_SHA1_UpdateMessage(&ctx, (unsigned char*) &tmp[0x00], 0x02); //Special appendage
205
206 HMAC_SHA1_EndMessage(out, &ctx);
207 HMAC_SHA1_Done(&ctx);
208
209 int index = 0;
210 while (index < 0x10)
211 {
212 if (data[index] != out[index])
213 {
214 // Hmm something is wrong, hmac is not matching
215 //printf(" ! kv_read: kv hash check failed\n");
216 return 2;
217 }
218 index += 1;
219 }
220
221 return 0;
222}
223
224int kv_get_dvd_key(unsigned char *dvd_key)
225{
226 if (KV_FLASH_SIZE == 0)
227 return -1; //It's bad data!
228 unsigned char buffer[KV_FLASH_SIZE], tmp[0x10];
229 int result = 0;
230 int keylen = 0x10;
231
232 result = kv_read(buffer, 0);
233 if (result == 2 && get_virtual_cpukey(tmp) == 0){
234 printf("! Attempting to decrypt DVDKey with Virtual CPU Key !\n");
235 result = kv_read(buffer, 1);
236 }
237 if (result != 0){
238 printf(" ! kv_get_dvd_key Failure: kv_read\n");
239 if (result == 2){ //Hash failure
240 printf(" ! the hash check failed probably as a result of decryption failure\n");
241 printf(" ! make sure that the CORRECT key vault for this console is in flash\n");
242 printf(" ! the key vault should be at offset 0x4200 for a length of 0x4200\n");
243 printf(" ! in the 'raw' flash binary from THIS console\n");
244 }
245 return 1;
246 }
247
248 result = kv_get_key(XEKEY_DVD_KEY, dvd_key, &keylen, buffer);
249 if (result != 0){
250 printf(" ! kv_get_dvd_key Failure: kv_get_key %d\n", result);
251 return result;
252 }
253
254 //print_key("dvd key", dvd_key);
255 return 0;
256
257}
258
259void print_cpu_dvd_keys(void)
260{
261 unsigned char key[0x10];
262
263 printf("\n");
264
265 memset(key, '\0', sizeof(key));
266 if (cpu_get_key(key)==0)
267 print_key(" * your cpu key", key);
268 if (xenon_logical_nand_data_ok() == 0)
269 {
270 memset(key, '\0',sizeof(key));
271 if (get_virtual_cpukey(key)==0)
272 print_key(" * your virtual cpu key", key);
273
274 memset(key, '\0', sizeof(key));
275 if (kv_get_dvd_key(key)==0)
276 print_key(" * your dvd key", key);
277 }
278 else
279 printf(" ! Unable to read Keyvault data from NAND\n");
280 printf("\n");
281}
282
283//This version crashes... dunno why... but... old one works perfectly fine so, why change it?!
284
285//int updateXeLL(void * addr, unsigned len)
286//{
287// int i, j, k, startblock, current, offsetinblock, blockcnt;
288// unsigned char *user, *spare;
289//
290// if (sfc.initialized != SFCX_INITIALIZED){
291// printf(" ! sfcx is not initialized! Unable to update XeLL in NAND!\n");
292// return -1;
293// }
294//
295// printf("\n * found XeLL update. press power NOW if you don't want to update.\n");
296// delay(15);
297//
298// for (k = 0; k < XELL_OFFSET_COUNT; k++)
299// {
300// current = xelloffsets[k];
301// offsetinblock = current % sfc.block_sz;
302// startblock = current/sfc.block_sz;
303// blockcnt = offsetinblock ? (XELL_SIZE/sfc.block_sz)+1 : (XELL_SIZE/sfc.block_sz);
304//
305//
306// spare = (unsigned char*)malloc(blockcnt*sfc.pages_in_block*sfc.meta_sz);
307// if(!spare){
308// printf(" ! Error while memallocating filebuffer (spare)\n");
309// return -1;
310// }
311// user = (unsigned char*)malloc(blockcnt*sfc.block_sz);
312// if(!user){
313// printf(" ! Error while memallocating filebuffer (user)\n");
314// return -1;
315// }
316// j = 0;
317// unsigned char pagebuf[MAX_PAGE_SZ];
318//
319// for (i = (startblock*sfc.pages_in_block); i< (startblock+blockcnt)*sfc.pages_in_block; i++)
320// {
321// sfcx_read_page(pagebuf, (i*sfc.page_sz), 1);
322// //Split rawpage into user & spare
323// memcpy(&user[j*sfc.page_sz],pagebuf,sfc.page_sz);
324// memcpy(&spare[j*sfc.meta_sz],&pagebuf[sfc.page_sz],sfc.meta_sz);
325// j++;
326// }
327//
328// if (memcmp(&user[offsetinblock+(XELL_FOOTER_OFFSET)],XELL_FOOTER,XELL_FOOTER_LENGTH) == 0){
329// printf(" * XeLL Binary in NAND found @ 0x%08X\n", (startblock*sfc.block_sz)+offsetinblock);
330//
331// memcpy(&user[offsetinblock], addr,len); //Copy over updxell.bin
332// printf(" * Writing to NAND!\n");
333// j = 0;
334// for (i = startblock*sfc.pages_in_block; i < (startblock+blockcnt)*sfc.pages_in_block; i ++)
335// {
336// if (!(i%sfc.pages_in_block))
337// sfcx_erase_block(i*sfc.page_sz);
338//
339// /* Copy user & spare data together in a single rawpage */
340// memcpy(pagebuf,&user[j*sfc.page_sz],sfc.page_sz);
341// memcpy(&pagebuf[sfc.page_sz],&spare[j*sfc.meta_sz],sfc.meta_sz);
342// j++;
343//
344// if (!(sfcx_is_pageerased(pagebuf))) // We dont need to write to erased pages
345// {
346// memset(&pagebuf[sfc.page_sz+0x0C],0x0, 4); //zero only EDC bytes
347// sfcx_calcecc((unsigned int *)pagebuf); //recalc EDC bytes
348// sfcx_write_page(pagebuf, i*sfc.page_sz);
349// }
350// }
351// printf(" * XeLL flashed! Reboot the xbox to enjoy the new build\n");
352// for(;;);
353//
354// }
355// }
356// printf(" ! Couldn't locate XeLL binary in NAND. Aborting!\n");
357// return -1; // if this point is reached, updating xell failed
358//}
359
360int updateXeLL(char *path)
361{
362 FILE *f;
363 int i, j, k, status, startblock, current, offsetinblock, blockcnt, filelength;
364 unsigned char *updxell, *user, *spare;
365
366 /* Check if updxell.bin is present */
367 f = fopen(path, "rb");
368 if (!f){
369 return -1; //Can't find/open updxell.bin
370 }
371
372 if (sfc.initialized != SFCX_INITIALIZED){
373 fclose(f);
374 printf(" ! sfcx is not initialized! Unable to update XeLL in NAND!\n");
375 return -1;
376 }
377
378 /* Check filesize of updxell.bin, only accept full 256kb binaries */
379 fseek(f, 0, SEEK_END);
380 filelength=ftell(f);
381 fseek(f, 0, SEEK_SET);
382 if (filelength != XELL_SIZE){
383 fclose(f);
384 printf(" ! %s does not have the correct size of 256kb. Aborting update!\n", path);
385 return -1;
386 }
387
388 printf("\n * found XeLL update. press power NOW if you don't want to update.\n");
389 delay(15);
390
391 for (k = 0; k < XELL_OFFSET_COUNT; k++)
392 {
393 current = xelloffsets[k];
394 offsetinblock = current % sfc.block_sz;
395 startblock = current/sfc.block_sz;
396 blockcnt = offsetinblock ? (XELL_SIZE/sfc.block_sz)+1 : (XELL_SIZE/sfc.block_sz);
397
398
399 spare = (unsigned char*)malloc(blockcnt*sfc.pages_in_block*sfc.meta_sz);
400 if(!spare){
401 printf(" ! Error while memallocating filebuffer (spare)\n");
402 return -1;
403 }
404 user = (unsigned char*)malloc(blockcnt*sfc.block_sz);
405 if(!user){
406 printf(" ! Error while memallocating filebuffer (user)\n");
407 return -1;
408 }
409 j = 0;
410 unsigned char pagebuf[MAX_PAGE_SZ];
411
412 for (i = (startblock*sfc.pages_in_block); i< (startblock+blockcnt)*sfc.pages_in_block; i++)
413 {
414 sfcx_read_page(pagebuf, (i*sfc.page_sz), 1);
415 //Split rawpage into user & spare
416 memcpy(&user[j*sfc.page_sz],pagebuf,sfc.page_sz);
417 memcpy(&spare[j*sfc.meta_sz],&pagebuf[sfc.page_sz],sfc.meta_sz);
418 j++;
419 }
420
421 if (memcmp(&user[offsetinblock+(XELL_FOOTER_OFFSET)],XELL_FOOTER,XELL_FOOTER_LENGTH) == 0){
422 printf(" * XeLL Binary in NAND found @ 0x%08X\n", (startblock*sfc.block_sz)+offsetinblock);
423
424 updxell = (unsigned char*)malloc(XELL_SIZE);
425 if(!updxell){
426 printf(" ! Error while memallocating filebuffer (updxell)\n");
427 return -1;
428 }
429
430 status = fread(updxell,1,XELL_SIZE,f);
431 if (status != XELL_SIZE){
432 fclose(f);
433 printf(" ! Error reading file from %s\n", path);
434 return -1;
435 }
436
437 if (memcmp(&updxell[XELL_FOOTER_OFFSET],XELL_FOOTER, XELL_FOOTER_LENGTH)){
438 printf(" ! XeLL does not seem to have matching footer, Aborting update!\n");
439 return -1;
440 }
441
442 fclose(f);
443 memcpy(&user[offsetinblock], updxell,XELL_SIZE); //Copy over updxell.bin
444 printf(" * Writing to NAND!\n");
445 j = 0;
446 for (i = startblock*sfc.pages_in_block; i < (startblock+blockcnt)*sfc.pages_in_block; i ++)
447 {
448 if (!(i%sfc.pages_in_block))
449 sfcx_erase_block(i*sfc.page_sz);
450
451 /* Copy user & spare data together in a single rawpage */
452 memcpy(pagebuf,&user[j*sfc.page_sz],sfc.page_sz);
453 memcpy(&pagebuf[sfc.page_sz],&spare[j*sfc.meta_sz],sfc.meta_sz);
454 j++;
455
456 if (!(sfcx_is_pageerased(pagebuf))) // We dont need to write to erased pages
457 {
458 memset(&pagebuf[sfc.page_sz+0x0C],0x0, 4); //zero only EDC bytes
459 sfcx_calcecc((unsigned int *)pagebuf); //recalc EDC bytes
460 sfcx_write_page(pagebuf, i*sfc.page_sz);
461 }
462 }
463 printf(" * XeLL flashed! Reboot the xbox to enjoy the new build\n");
464 for(;;);
465
466 }
467 }
468 printf(" ! Couldn't locate XeLL binary in NAND. Aborting!\n");
469 return -1;
470}
471
472unsigned int xenon_get_DVE()
473{
474 unsigned int DVEversion, tmp;
475 xenon_smc_ana_read(0xfe, &DVEversion);
476 tmp = DVEversion;
477 tmp = (tmp & ~0xF0) | ((DVEversion >> 12) & 0xF0);
478 return (tmp & 0xFF);
479}
480
481unsigned int xenon_get_PCIBridgeRevisionID()
482{
483 return ((read32(0xd0000008) << 24) >> 24);
484}
485
486unsigned int xenon_get_CPU_PVR()
487{
488 unsigned int PVR;
489 asm volatile("mfpvr %0" : "=r" (PVR));
490 return PVR;
491}
492
493unsigned int xenon_get_XenosID()
494{
495 return ((read32(0xd0010000) >> 16) & 0xFFFF);
496}
497
498int xenon_get_console_type()
499{
500 unsigned int PVR, PCIBridgeRevisionID, consoleVersion, DVEversion;
501
502 PCIBridgeRevisionID = xenon_get_PCIBridgeRevisionID();
503 consoleVersion = xenon_get_XenosID();
504 DVEversion = xenon_get_DVE();
505 PVR = xenon_get_CPU_PVR();
506 if(PVR == 0x710200 || PVR == 0x710300) //TODO: Add XenosID check also!
507 return REV_ZEPHYR;
508 if(consoleVersion < 0x5821)
509 return REV_XENON;
510 else if(consoleVersion >= 0x5821 && consoleVersion < 0x5831)
511 {
512 return REV_FALCON;
513 }
514 else if(consoleVersion >= 0x5831 && consoleVersion < 0x5841)
515 return REV_JASPER;
516 else if(consoleVersion >= 0x5841 && consoleVersion < 0x5851)
517 {
518 //TODO: If PVR is always the same for trinity, move it to the if statement above...
519 if (DVEversion >= 0x20 && PVR == 0x710800)
520 {
521 if (PCIBridgeRevisionID >= 0x70 && sfcx_readreg(SFCX_PHISON) != 0)
522 return REV_CORONA_PHISON;
523 return REV_CORONA;
524 }
525 else
526 return REV_TRINITY;
527 }
528 else if(consoleVersion >= 0x5851)
529 {
530 if (PCIBridgeRevisionID >= 0x70 && sfcx_readreg(SFCX_PHISON) != 0)
531 return REV_WINCHESTER_MMC;
532 return REV_WINCHESTER;
533 }
534 return REV_UNKNOWN;
535}
536
537int xenon_logical_nand_data_ok()
538{
539 uint16_t tmp;
540 memcpy(&tmp, (const void*)(0x80000200C8000000ULL), 2);
541 if (tmp != 0xFF4F)
542 return -1;
543 return 0;
544}
545
546int xenon_get_logical_nand_data(void* buf, unsigned int offset, unsigned int len)
547{
548 if (xenon_logical_nand_data_ok() == 0)
549 memcpy(buf, (const void*)(0x80000200C8000000ULL + offset), len);
550 else
551 return -1;
552 return 0;
553}
554
555unsigned int xenon_get_kv_size()
556{
557 unsigned int ret;
558 if (xenon_get_logical_nand_data(&ret, 0x60, 4) == 0)
559 return ret;
560 return 0;
561}
562
563unsigned int xenon_get_kv_offset()
564{
565 unsigned int ret;
566 if (xenon_get_logical_nand_data(&ret, 0x6C, 4) == 0)
567 return ret;
568 return 0;
569}
length
uint16_t length
Definition: ata.h:4
status
u32 status
Definition: ehci_defs.h:15
HMAC_SHA1_EndMessage
void HMAC_SHA1_EndMessage(unsigned char *out, HMAC_SHA1_CTX *ctx)
Definition: hmac_sha1.c:170
HMAC_SHA1
void HMAC_SHA1(void *secret, void *data, void *res, int len)
Definition: hmac_sha1.c:190
HMAC_SHA1_UpdateMessage
void HMAC_SHA1_UpdateMessage(HMAC_SHA1_CTX *ctx, unsigned char *data, unsigned int datalen)
Definition: hmac_sha1.c:166
HMAC_SHA1_Done
void HMAC_SHA1_Done(HMAC_SHA1_CTX *ctx)
Definition: hmac_sha1.c:181
HMAC_SHA1_Init
void HMAC_SHA1_Init(HMAC_SHA1_CTX *ctx)
Definition: hmac_sha1.c:71
HMAC_SHA1_StartMessage
void HMAC_SHA1_StartMessage(HMAC_SHA1_CTX *ctx)
Definition: hmac_sha1.c:161
HMAC_SHA1_UpdateKey
void HMAC_SHA1_UpdateKey(HMAC_SHA1_CTX *ctx, unsigned char *key, unsigned int keylen)
Definition: hmac_sha1.c:79
HMAC_SHA1_EndKey
void HMAC_SHA1_EndKey(HMAC_SHA1_CTX *ctx)
Definition: hmac_sha1.c:133
hmac_sha1.h
uint16_t
u16 uint16_t
Definition: libfdt_env.h:10
rc4_init
void rc4_init(unsigned char *state, unsigned char *key, int len)
Definition: rc4.c:5
rc4_crypt
void rc4_crypt(unsigned char *state, unsigned char *data, int len)
Definition: rc4.c:22
XCONFIG_SECURED_SETTINGS
Definition: xenon_config.h:28
_HMAC_SHA1_CTX
Definition: hmac_sha1.h:61
kventry
Definition: xb360.h:102
kventry::length
int length
Definition: xb360.h:105
sfc
Definition: xenon_sfcx.h:84
sfc::page_sz
int page_sz
Definition: xenon_sfcx.h:88
sfc::meta_sz
int meta_sz
Definition: xenon_sfcx.h:89
sfc::block_sz
int block_sz
Definition: xenon_sfcx.h:93
sfc::initialized
int initialized
Definition: xenon_sfcx.h:85
sfc::pages_in_block
int pages_in_block
Definition: xenon_sfcx.h:92
delay
void delay(int u)
Definition: time.c:22
xenon_get_logical_nand_data
int xenon_get_logical_nand_data(void *buf, unsigned int offset, unsigned int len)
Definition: xb360.c:546
xenon_get_CPU_PVR
unsigned int xenon_get_CPU_PVR()
Definition: xb360.c:486
print_key
void print_key(char *name, unsigned char *data)
Definition: xb360.c:86
get_virtual_cpukey
int get_virtual_cpukey(unsigned char *data)
Definition: xb360.c:102
updateXeLL
int updateXeLL(char *path)
Definition: xb360.c:360
xenon_get_PCIBridgeRevisionID
unsigned int xenon_get_PCIBridgeRevisionID()
Definition: xb360.c:481
xenon_get_kv_offset
unsigned int xenon_get_kv_offset()
Definition: xb360.c:563
xenon_get_XenosID
unsigned int xenon_get_XenosID()
Definition: xb360.c:493
kv_read
int kv_read(unsigned char *data, int virtualcpukey)
Definition: xb360.c:156
print_cpu_dvd_keys
void print_cpu_dvd_keys(void)
Definition: xb360.c:259
secured_settings
struct XCONFIG_SECURED_SETTINGS secured_settings
Definition: xenon_config.c:17
kv_get_key
int kv_get_key(unsigned char keyid, unsigned char *keybuf, int *keybuflen, unsigned char *keyvault)
Definition: xb360.c:140
xenon_get_DVE
unsigned int xenon_get_DVE()
Definition: xb360.c:472
xenon_get_kv_size
unsigned int xenon_get_kv_size()
Definition: xb360.c:555
xenon_logical_nand_data_ok
int xenon_logical_nand_data_ok()
Definition: xb360.c:537
xenon_get_console_type
int xenon_get_console_type()
Definition: xb360.c:498
cpu_get_key
int cpu_get_key(unsigned char *data)
Definition: xb360.c:95
kv_get_dvd_key
int kv_get_dvd_key(unsigned char *dvd_key)
Definition: xb360.c:224
XEKEY_RESERVED_WORD2
#define XEKEY_RESERVED_WORD2
Definition: xb360.h:15
XEKEY_RESERVED_QWORD2
#define XEKEY_RESERVED_QWORD2
Definition: xb360.h:21
XELL_SIZE
#define XELL_SIZE
Definition: xb360.h:78
XEKEY_RESERVED_KEY4
#define XEKEY_RESERVED_KEY4
Definition: xb360.h:27
KV_FLASH_SIZE
#define KV_FLASH_SIZE
Definition: xb360.h:71
XEKEY_WIRELESS_CONTROLLER_3P_2DES_KEY1
#define XEKEY_WIRELESS_CONTROLLER_3P_2DES_KEY1
Definition: xb360.h:51
XEKEY_WIRED_CONTROLLER_3P_2DES_KEY2
#define XEKEY_WIRED_CONTROLLER_3P_2DES_KEY2
Definition: xb360.h:56
KV_FLASH_OFFSET
#define KV_FLASH_OFFSET
Definition: xb360.h:72
XEKEY_KEY_OBFUSCATION_KEY
#define XEKEY_KEY_OBFUSCATION_KEY
Definition: xb360.h:34
XEKEY_RESERVED_BYTE3
#define XEKEY_RESERVED_BYTE3
Definition: xb360.h:13
REV_XENON
#define REV_XENON
Definition: xb360.h:91
XEKEY_GLOBAL_DEVICE_2DES_KEY1
#define XEKEY_GLOBAL_DEVICE_2DES_KEY1
Definition: xb360.h:39
XEKEY_ROAMABLE_OBFUSCATION_KEY
#define XEKEY_ROAMABLE_OBFUSCATION_KEY
Definition: xb360.h:35
REV_CORONA
#define REV_CORONA
Definition: xb360.h:96
VFUSES_SIZE
#define VFUSES_SIZE
Definition: xb360.h:75
XEKEY_WIRELESS_CONTROLLER_MS_2DES_KEY1
#define XEKEY_WIRELESS_CONTROLLER_MS_2DES_KEY1
Definition: xb360.h:41
VFUSES_OFFSET
#define VFUSES_OFFSET
Definition: xb360.h:76
REV_ZEPHYR
#define REV_ZEPHYR
Definition: xb360.h:92
REV_CORONA_PHISON
#define REV_CORONA_PHISON
Definition: xb360.h:97
XEKEY_PRIMARY_ACTIVATION_KEY
#define XEKEY_PRIMARY_ACTIVATION_KEY
Definition: xb360.h:37
XEKEY_RESERVED_DWORD4
#define XEKEY_RESERVED_DWORD4
Definition: xb360.h:19
XEKEY_WIRELESS_CONTROLLER_MS_2DES_KEY2
#define XEKEY_WIRELESS_CONTROLLER_MS_2DES_KEY2
Definition: xb360.h:42
XEKEY_WIRED_WEBCAM_3P_2DES_KEY1
#define XEKEY_WIRED_WEBCAM_3P_2DES_KEY1
Definition: xb360.h:53
XEKEY_SECONDARY_ACTIVATION_KEY
#define XEKEY_SECONDARY_ACTIVATION_KEY
Definition: xb360.h:38
XEKEY_MEMORY_UNIT_3P_2DES_KEY2
#define XEKEY_MEMORY_UNIT_3P_2DES_KEY2
Definition: xb360.h:58
XEKEY_RESERVED_KEY1
#define XEKEY_RESERVED_KEY1
Definition: xb360.h:24
XEKEY_CARDEA_PRIVATE_KEY
#define XEKEY_CARDEA_PRIVATE_KEY
Definition: xb360.h:63
XELL_OFFSET_COUNT
#define XELL_OFFSET_COUNT
Definition: xb360.h:83
XEKEY_RESERVED_KEY3
#define XEKEY_RESERVED_KEY3
Definition: xb360.h:26
XEKEY_RESTRICTED_HVEXT_LOADER
#define XEKEY_RESTRICTED_HVEXT_LOADER
Definition: xb360.h:16
XEKEY_WIRED_CONTROLLER_3P_2DES_KEY1
#define XEKEY_WIRED_CONTROLLER_3P_2DES_KEY1
Definition: xb360.h:55
XEKEY_RESERVED_RANDOM_KEY1
#define XEKEY_RESERVED_RANDOM_KEY1
Definition: xb360.h:28
XEKEY_OTHER_XSM3_DEVICE_MS_2DES_KEY1
#define XEKEY_OTHER_XSM3_DEVICE_MS_2DES_KEY1
Definition: xb360.h:49
XEKEY_MEMORY_UNIT_MS_2DES_KEY2
#define XEKEY_MEMORY_UNIT_MS_2DES_KEY2
Definition: xb360.h:48
REV_WINCHESTER_MMC
#define REV_WINCHESTER_MMC
Definition: xb360.h:99
XEKEY_MANUFACTURING_MODE
#define XEKEY_MANUFACTURING_MODE
Definition: xb360.h:10
XEKEY_MEMORY_UNIT_MS_2DES_KEY1
#define XEKEY_MEMORY_UNIT_MS_2DES_KEY1
Definition: xb360.h:47
XEKEY_WIRED_CONTROLLER_MS_2DES_KEY1
#define XEKEY_WIRED_CONTROLLER_MS_2DES_KEY1
Definition: xb360.h:45
XEKEY_RESERVED_QWORD3
#define XEKEY_RESERVED_QWORD3
Definition: xb360.h:22
XEKEY_XEIKA_PRIVATE_KEY
#define XEKEY_XEIKA_PRIVATE_KEY
Definition: xb360.h:62
XEKEY_MEMORY_UNIT_3P_2DES_KEY1
#define XEKEY_MEMORY_UNIT_3P_2DES_KEY1
Definition: xb360.h:57
XEKEY_CONSOLE_SERIAL_NUMBER
#define XEKEY_CONSOLE_SERIAL_NUMBER
Definition: xb360.h:30
XEKEY_WIRED_WEBCAM_MS_2DES_KEY1
#define XEKEY_WIRED_WEBCAM_MS_2DES_KEY1
Definition: xb360.h:43
XEKEY_CONSOLE_OBFUSCATION_KEY
#define XEKEY_CONSOLE_OBFUSCATION_KEY
Definition: xb360.h:33
XEKEY_RESERVED_WORD1
#define XEKEY_RESERVED_WORD1
Definition: xb360.h:14
XEKEY_RESTRICTED_PRIVILEDGES
#define XEKEY_RESTRICTED_PRIVILEDGES
Definition: xb360.h:20
XEKEY_DVD_KEY
#define XEKEY_DVD_KEY
Definition: xb360.h:36
XEKEY_WIRELESS_CONTROLLER_3P_2DES_KEY2
#define XEKEY_WIRELESS_CONTROLLER_3P_2DES_KEY2
Definition: xb360.h:52
REV_TRINITY
#define REV_TRINITY
Definition: xb360.h:95
XEKEY_WIRED_WEBCAM_3P_2DES_KEY2
#define XEKEY_WIRED_WEBCAM_3P_2DES_KEY2
Definition: xb360.h:54
XEKEY_CONSOLE_CERTIFICATE
#define XEKEY_CONSOLE_CERTIFICATE
Definition: xb360.h:64
XEKEY_RESERVED_DWORD2
#define XEKEY_RESERVED_DWORD2
Definition: xb360.h:17
REV_FALCON
#define REV_FALCON
Definition: xb360.h:93
REV_JASPER
#define REV_JASPER
Definition: xb360.h:94
XEKEY_RESERVED_DWORD3
#define XEKEY_RESERVED_DWORD3
Definition: xb360.h:18
REV_WINCHESTER
#define REV_WINCHESTER
Definition: xb360.h:98
XEKEY_RESERVED_QWORD4
#define XEKEY_RESERVED_QWORD4
Definition: xb360.h:23
XEKEY_CONSOLE_PRIVATE_KEY
#define XEKEY_CONSOLE_PRIVATE_KEY
Definition: xb360.h:61
XEKEY_WIRED_WEBCAM_MS_2DES_KEY2
#define XEKEY_WIRED_WEBCAM_MS_2DES_KEY2
Definition: xb360.h:44
XEKEY_RESERVED_RANDOM_KEY2
#define XEKEY_RESERVED_RANDOM_KEY2
Definition: xb360.h:29
XEKEY_OTHER_XSM3_DEVICE_3P_2DES_KEY1
#define XEKEY_OTHER_XSM3_DEVICE_3P_2DES_KEY1
Definition: xb360.h:59
XEKEY_ALTERNATE_KEY_VAULT
#define XEKEY_ALTERNATE_KEY_VAULT
Definition: xb360.h:11
XEKEY_XEIKA_CERTIFICATE
#define XEKEY_XEIKA_CERTIFICATE
Definition: xb360.h:65
XEKEY_GAME_REGION
#define XEKEY_GAME_REGION
Definition: xb360.h:32
XEKEY_RESERVED_KEY2
#define XEKEY_RESERVED_KEY2
Definition: xb360.h:25
XEKEY_OTHER_XSM3_DEVICE_3P_2DES_KEY2
#define XEKEY_OTHER_XSM3_DEVICE_3P_2DES_KEY2
Definition: xb360.h:60
ZFUSES_OFFSET
#define ZFUSES_OFFSET
Definition: xb360.h:77
XEKEY_OTHER_XSM3_DEVICE_MS_2DES_KEY2
#define XEKEY_OTHER_XSM3_DEVICE_MS_2DES_KEY2
Definition: xb360.h:50
REV_UNKNOWN
#define REV_UNKNOWN
Definition: xb360.h:100
XEKEY_RESERVED_BYTE2
#define XEKEY_RESERVED_BYTE2
Definition: xb360.h:12
XEKEY_GLOBAL_DEVICE_2DES_KEY2
#define XEKEY_GLOBAL_DEVICE_2DES_KEY2
Definition: xb360.h:40
XEKEY_MOBO_SERIAL_NUMBER
#define XEKEY_MOBO_SERIAL_NUMBER
Definition: xb360.h:31
XEKEY_CARDEA_CERTIFICATE
#define XEKEY_CARDEA_CERTIFICATE
Definition: xb360.h:66
XEKEY_WIRED_CONTROLLER_MS_2DES_KEY2
#define XEKEY_WIRED_CONTROLLER_MS_2DES_KEY2
Definition: xb360.h:46
pagebuf
unsigned char pagebuf[MAX_PAGE_SZ]
Definition: xenon_config.c:20
xenon_config.h
xenon_secotp_read_line
uint64_t xenon_secotp_read_line(int nr)
Definition: xenon_secotp.c:3
xenon_secotp.h
sfcx_readreg
unsigned long sfcx_readreg(int addr)
Definition: xenon_sfcx.c:20
sfcx_is_pageerased
int sfcx_is_pageerased(unsigned char *data)
Definition: xenon_sfcx.c:361
sfcx_read_page
int sfcx_read_page(unsigned char *data, int address, int raw)
Definition: xenon_sfcx.c:25
sfcx_write_page
int sfcx_write_page(unsigned char *data, int address)
Definition: xenon_sfcx.c:74
sfcx_calcecc
void sfcx_calcecc(unsigned int *data)
Definition: xenon_sfcx.c:211
sfcx_erase_block
int sfcx_erase_block(int address)
Definition: xenon_sfcx.c:150
xenon_sfcx.h
SFCX_INITIALIZED
#define SFCX_INITIALIZED
Definition: xenon_sfcx.h:76
SFCX_PHISON
#define SFCX_PHISON
Definition: xenon_sfcx.h:14
MAX_PAGE_SZ
#define MAX_PAGE_SZ
Definition: xenon_sfcx.h:61
xenon_smc_ana_read
int xenon_smc_ana_read(uint8_t addr, uint32_t *val)
Definition: xenon_smc.c:149
xenon_smc.h
XELL_FOOTER
#define XELL_FOOTER
Definition: xenon_syscalls.c:24
XELL_FOOTER_LENGTH
#define XELL_FOOTER_LENGTH
Definition: xenon_syscalls.c:23
XELL_FOOTER_OFFSET
#define XELL_FOOTER_OFFSET
Definition: xenon_syscalls.c:22
data
union @15 data
j
u8 j
Definition: xenos_edid.h:10
k
u8 k
Definition: xenos_edid.h:9
Generated by doxygen 1.9.5