libxenon/xb360_8c_source.html

/*

 * xb360.c

 *

 *  Created on: Sep 4, 2008

 */


#include <string.h>

#include <stdio.h>

#include <stdlib.h>

#include <sys/stat.h>

#include <pci/io.h>

#include <time/time.h>

#include <xenon_nand/xenon_sfcx.h>

#include <xenon_nand/xenon_config.h>

#include <xenon_soc/xenon_secotp.h>

#include <xenon_smc/xenon_smc.h>

#include <crypt/hmac_sha1.h>

#include <crypt/rc4.h>


#include "xb360.h"


extern struct XCONFIG_SECURED_SETTINGS secured_settings;


extern struct sfc sfc;


static const kventry kvlookup[] =

    {

    {XEKEY_MANUFACTURING_MODE,                  0x18,   0x01},

    {XEKEY_ALTERNATE_KEY_VAULT,                 0x19,   0x01},

    {XEKEY_RESERVED_BYTE2,                      0x1A,   0x01},

    {XEKEY_RESERVED_BYTE3,                      0x1B,   0x01},

    {XEKEY_RESERVED_WORD1,                      0x1C,   0x02},

    {XEKEY_RESERVED_WORD2,                      0x1E,   0x02},

    {XEKEY_RESTRICTED_HVEXT_LOADER,             0x20,   0x02},

    {XEKEY_RESERVED_DWORD2,                     0x24,   0x04},

    {XEKEY_RESERVED_DWORD3,                     0x28,   0x04},

    {XEKEY_RESERVED_DWORD4,                     0x2c,   0x04},

    {XEKEY_RESTRICTED_PRIVILEDGES,              0x30,   0x08},

    {XEKEY_RESERVED_QWORD2,                     0x38,   0x08},

    {XEKEY_RESERVED_QWORD3,                     0x40,   0x08},

    {XEKEY_RESERVED_QWORD4,                     0x48,   0x08},

    {XEKEY_RESERVED_KEY1,                       0x50,   0x10},

    {XEKEY_RESERVED_KEY2,                       0x60,   0x10},

    {XEKEY_RESERVED_KEY3,                       0x70,   0x10},

    {XEKEY_RESERVED_KEY4,                       0x80,   0x10},

    {XEKEY_RESERVED_RANDOM_KEY1,                0x90,   0x10},

    {XEKEY_RESERVED_RANDOM_KEY2,                0xA0,   0x10},

    {XEKEY_CONSOLE_SERIAL_NUMBER,               0xB0,   0x0C},

    {XEKEY_MOBO_SERIAL_NUMBER,                  0xBC,   0x0C},

    {XEKEY_GAME_REGION,                         0xC8,   0x02},

    {XEKEY_CONSOLE_OBFUSCATION_KEY,             0xD0,   0x10},

    {XEKEY_KEY_OBFUSCATION_KEY,                 0xE0,   0x10},

    {XEKEY_ROAMABLE_OBFUSCATION_KEY,            0xF0,   0x10},

    {XEKEY_DVD_KEY,                             0x100,  0x10},

    {XEKEY_PRIMARY_ACTIVATION_KEY,              0x110,  0x18},

    {XEKEY_SECONDARY_ACTIVATION_KEY,            0x128,  0x10},

    {XEKEY_GLOBAL_DEVICE_2DES_KEY1,             0x138,  0x10},

    {XEKEY_GLOBAL_DEVICE_2DES_KEY2,             0x148,  0x10},

    {XEKEY_WIRELESS_CONTROLLER_MS_2DES_KEY1,    0x158,  0x10},

    {XEKEY_WIRELESS_CONTROLLER_MS_2DES_KEY2 ,   0x168,  0x10},

    {XEKEY_WIRED_WEBCAM_MS_2DES_KEY1,           0x178,  0x10},

    {XEKEY_WIRED_WEBCAM_MS_2DES_KEY2,           0x188,  0x10},

    {XEKEY_WIRED_CONTROLLER_MS_2DES_KEY1,       0x198,  0x10},

    {XEKEY_WIRED_CONTROLLER_MS_2DES_KEY2,       0x1A8,  0x10},

    {XEKEY_MEMORY_UNIT_MS_2DES_KEY1,            0x1B8,  0x10},

    {XEKEY_MEMORY_UNIT_MS_2DES_KEY2,            0x1C8,  0x10},

    {XEKEY_OTHER_XSM3_DEVICE_MS_2DES_KEY1,      0x1D8,  0x10},

    {XEKEY_OTHER_XSM3_DEVICE_MS_2DES_KEY2,      0x1E8,  0x10},

    {XEKEY_WIRELESS_CONTROLLER_3P_2DES_KEY1,    0x1F8,  0x10},

    {XEKEY_WIRELESS_CONTROLLER_3P_2DES_KEY2,    0x208,  0x10},

    {XEKEY_WIRED_WEBCAM_3P_2DES_KEY1,           0x218,  0x10},

    {XEKEY_WIRED_WEBCAM_3P_2DES_KEY2,           0x228,  0x10},

    {XEKEY_WIRED_CONTROLLER_3P_2DES_KEY1,       0x238,  0x10},

    {XEKEY_WIRED_CONTROLLER_3P_2DES_KEY2,       0x248,  0x10},

    {XEKEY_MEMORY_UNIT_3P_2DES_KEY1,            0x258,  0x10},

    {XEKEY_MEMORY_UNIT_3P_2DES_KEY2,            0x268,  0x10},

    {XEKEY_OTHER_XSM3_DEVICE_3P_2DES_KEY1,      0x278,  0x10},

    {XEKEY_OTHER_XSM3_DEVICE_3P_2DES_KEY2,      0x288,  0x10},

    {XEKEY_CONSOLE_PRIVATE_KEY,                 0x298,  0x1D0},

    {XEKEY_XEIKA_PRIVATE_KEY,                   0x468,  0x390},

    {XEKEY_CARDEA_PRIVATE_KEY,                  0x7F8,  0x1D0},

    {XEKEY_CONSOLE_CERTIFICATE,                 0x9C8,  0x1A8},

    {XEKEY_XEIKA_CERTIFICATE,                   0xB70,  0x1388},

    {XEKEY_CARDEA_CERTIFICATE,                  0x1EF8, 0x2108}

    };


void print_key(char *name, unsigned char *data)

{

    int i=0;

    printf("%s: ", name);

    for(i=0; i<16; i++)

        printf("%02X",data[i]);

    printf("\n");

}


int cpu_get_key(unsigned char *data)

{

    *(unsigned long long*)&data[0] = xenon_secotp_read_line(3) | xenon_secotp_read_line(4);

    *(unsigned long long*)&data[8] = xenon_secotp_read_line(5) | xenon_secotp_read_line(6);

    return 0;

}


int get_virtual_cpukey(unsigned char *data)

{

   unsigned char buffer[VFUSES_SIZE];


   if (xenon_get_logical_nand_data(&buffer, VFUSES_OFFSET, VFUSES_SIZE) == -1)

   {

         return 2; //Unable to read NAND data...

   }


   //if we got here then it was at least able to read from nand

   //now we need to verify the data somehow

   if(buffer[0]==0xC0 && buffer[1]==0xFF && buffer[2]==0xFF && buffer[3]==0xFF)

   {

      memcpy(data,&buffer[0x20],0x10);

      return 0;

   }

   else

   {

      // No Virtual Fuses were found at 0x95000, check again at 0xC0000 (Zero fuse DevGL consoles)

      if (xenon_get_logical_nand_data(&buffer, ZFUSES_OFFSET, VFUSES_SIZE) == -1)

      {

         return 2; //Unable to read NAND data...

      }


      //if we got here then it was at least able to read from nand

      //now we need to verify the data somehow

      if(buffer[0]==0xC0 && buffer[1]==0xFF && buffer[2]==0xFF && buffer[3]==0xFF)

      {

         memcpy(data,&buffer[0x20],0x10);

         return 0;

      }


      // No virtual fuses at 0x95000 or 0xC0000

      return 1;

   }

}


int kv_get_key(unsigned char keyid, unsigned char *keybuf, int *keybuflen, unsigned char *keyvault)

{

    if (keyid > 0x38)

        return 1;


    if (*keybuflen != kvlookup[keyid].length)

    {

        *keybuflen = kvlookup[keyid].length;

        return 2;

    }

    memcpy(keybuf, keyvault + kvlookup[keyid].offset, kvlookup[keyid].length);


    return 0;

}


int kv_read(unsigned char *data, int virtualcpukey)

{

    if (xenon_get_logical_nand_data(data, KV_FLASH_OFFSET, KV_FLASH_SIZE) == -1)

        return -1;


    unsigned char cpu_key[0x10];

        if (virtualcpukey)

            get_virtual_cpukey(cpu_key);

        else

            cpu_get_key(cpu_key);

    //print_key("kv_read: cpu key", cpu_key);


    unsigned char hmac_key[0x10];

    memcpy(hmac_key, data, 0x10);

    //print_key("kv_read: hmac key", hmac_key);


    unsigned char rc4_key[0x10];

    memset(rc4_key, 0, 0x10);


    HMAC_SHA1(cpu_key, hmac_key, rc4_key, 0x10);

    //print_key("kv_read: rc4 key", rc4_key);


    unsigned char rc4_state[0x100];

    memset(rc4_state, 0, 0x100);


    rc4_init(rc4_state, rc4_key ,0x10);

    rc4_crypt(rc4_state, (unsigned char*) &data[0x10], KV_FLASH_SIZE - 0x10);


    //Now then do a little check to make sure it is somewhat correct

    //We check the hmac_sha1 of the data and compare that to

    //the hmac_sha1 key in the header of the keyvault

    //basically the reverse of what we did to generate the key for rc4

    unsigned char data2[KV_FLASH_SIZE];

    unsigned char out[20];

    unsigned char tmp[] = {0x07, 0x12};

    HMAC_SHA1_CTX ctx;


    //the hmac_sha1 seems destructive

    //so we make a copy of the data

    memcpy(data2, data, KV_FLASH_SIZE);


    HMAC_SHA1_Init(&ctx);

    HMAC_SHA1_UpdateKey(&ctx, (unsigned char *) cpu_key, 0x10);

    HMAC_SHA1_EndKey(&ctx);


    HMAC_SHA1_StartMessage(&ctx);


    HMAC_SHA1_UpdateMessage(&ctx, (unsigned char*) &data2[0x10], KV_FLASH_SIZE - 0x10);

    HMAC_SHA1_UpdateMessage(&ctx, (unsigned char*)   &tmp[0x00], 0x02); //Special appendage


    HMAC_SHA1_EndMessage(out, &ctx);

    HMAC_SHA1_Done(&ctx);


    int index = 0;

    while (index < 0x10)

    {

        if (data[index] != out[index])

        {

            // Hmm something is wrong, hmac is not matching

            //printf(" ! kv_read: kv hash check failed\n");

            return 2;

        }

        index += 1;

    }


    return 0;

}


int kv_get_dvd_key(unsigned char *dvd_key)

{

    if (KV_FLASH_SIZE == 0)

        return -1; //It's bad data!

    unsigned char buffer[KV_FLASH_SIZE], tmp[0x10];

    int result = 0;

    int keylen = 0x10;


    result = kv_read(buffer, 0);

        if (result == 2 && get_virtual_cpukey(tmp) == 0){

            printf("! Attempting to decrypt DVDKey with Virtual CPU Key !\n");

            result = kv_read(buffer, 1);

        }

    if (result != 0){

        printf(" ! kv_get_dvd_key Failure: kv_read\n");

        if (result == 2){ //Hash failure

            printf(" !   the hash check failed probably as a result of decryption failure\n");

            printf(" !   make sure that the CORRECT key vault for this console is in flash\n");

            printf(" !   the key vault should be at offset 0x4200 for a length of 0x4200\n");

            printf(" !   in the 'raw' flash binary from THIS console\n");

        }

        return 1;

    }


    result = kv_get_key(XEKEY_DVD_KEY, dvd_key, &keylen, buffer);

    if (result != 0){

        printf(" ! kv_get_dvd_key Failure: kv_get_key %d\n", result);

        return result;

    }


    //print_key("dvd key", dvd_key);

    return 0;


}


void print_cpu_dvd_keys(void)

{

    unsigned char key[0x10];


    printf("\n");


    memset(key, '\0', sizeof(key));

    if (cpu_get_key(key)==0)

        print_key(" * your cpu key", key);

    if (xenon_logical_nand_data_ok() == 0)

    {

        memset(key, '\0',sizeof(key));

        if (get_virtual_cpukey(key)==0)

            print_key(" * your virtual cpu key", key);


        memset(key, '\0', sizeof(key));

        if (kv_get_dvd_key(key)==0)

            print_key(" * your dvd key", key);

    }

    else

        printf(" ! Unable to read Keyvault data from NAND\n");

    printf("\n");

}


//This version crashes... dunno why... but... old one works perfectly fine so, why change it?!


//int updateXeLL(void * addr, unsigned len)

//{

//  int i, j, k, startblock, current, offsetinblock, blockcnt;

//  unsigned char *user, *spare;

//

//    if (sfc.initialized != SFCX_INITIALIZED){

//        printf(" ! sfcx is not initialized! Unable to update XeLL in NAND!\n");

//      return -1;

//    }

//

//    printf("\n * found XeLL update. press power NOW if you don't want to update.\n");

//    delay(15);

//

//    for (k = 0; k < XELL_OFFSET_COUNT; k++)

//    {

//      current = xelloffsets[k];

//      offsetinblock = current % sfc.block_sz;

//      startblock = current/sfc.block_sz;

//      blockcnt = offsetinblock ? (XELL_SIZE/sfc.block_sz)+1 : (XELL_SIZE/sfc.block_sz);

//

//

//      spare = (unsigned char*)malloc(blockcnt*sfc.pages_in_block*sfc.meta_sz);

//      if(!spare){

//        printf(" ! Error while memallocating filebuffer (spare)\n");

//        return -1;

//      }

//      user = (unsigned char*)malloc(blockcnt*sfc.block_sz);

//      if(!user){

//        printf(" ! Error while memallocating filebuffer (user)\n");

//        return -1;

//      }

//      j = 0;

//      unsigned char pagebuf[MAX_PAGE_SZ];

//

//      for (i = (startblock*sfc.pages_in_block); i< (startblock+blockcnt)*sfc.pages_in_block; i++)

//      {

//         sfcx_read_page(pagebuf, (i*sfc.page_sz), 1);

//      //Split rawpage into user & spare

//      memcpy(&user[j*sfc.page_sz],pagebuf,sfc.page_sz);

//      memcpy(&spare[j*sfc.meta_sz],&pagebuf[sfc.page_sz],sfc.meta_sz);

//      j++;

//      }

//

//        if (memcmp(&user[offsetinblock+(XELL_FOOTER_OFFSET)],XELL_FOOTER,XELL_FOOTER_LENGTH) == 0){

//            printf(" * XeLL Binary in NAND found @ 0x%08X\n", (startblock*sfc.block_sz)+offsetinblock);

//

//        memcpy(&user[offsetinblock], addr,len); //Copy over updxell.bin

//        printf(" * Writing to NAND!\n");

//      j = 0;

//        for (i = startblock*sfc.pages_in_block; i < (startblock+blockcnt)*sfc.pages_in_block; i ++)

//        {

//          if (!(i%sfc.pages_in_block))

//          sfcx_erase_block(i*sfc.page_sz);

//

//          /* Copy user & spare data together in a single rawpage */

//            memcpy(pagebuf,&user[j*sfc.page_sz],sfc.page_sz);

//          memcpy(&pagebuf[sfc.page_sz],&spare[j*sfc.meta_sz],sfc.meta_sz);

//          j++;

//

//          if (!(sfcx_is_pageerased(pagebuf))) // We dont need to write to erased pages

//          {

//              memset(&pagebuf[sfc.page_sz+0x0C],0x0, 4); //zero only EDC bytes

//              sfcx_calcecc((unsigned int *)pagebuf);    //recalc EDC bytes

//              sfcx_write_page(pagebuf, i*sfc.page_sz);

//          }

//        }

//        printf(" * XeLL flashed! Reboot the xbox to enjoy the new build\n");

//      for(;;);

//

//      }

//  }

//    printf(" ! Couldn't locate XeLL binary in NAND. Aborting!\n");

//    return -1; // if this point is reached, updating xell failed

//}


int updateXeLL(char *path)

{

    FILE *f;

    int i, j, k, status, startblock, current, offsetinblock, blockcnt, filelength;

    unsigned char *updxell, *user, *spare;

    struct stat s;


    memset(&s, 0, sizeof(struct stat));

    stat(path, &s);

    long size = s.st_size;

    if (size <= 0)

        return -1; //Invalid Filesize


    /* Check if updxell.bin is present */

    f = fopen(path, "rb");

    if (!f){

        return -1; //Can't find/open updxell.bin

    }


    if (sfc.initialized != SFCX_INITIALIZED){

        fclose(f);

        printf(" ! sfcx is not initialized! Unable to update XeLL in NAND!\n");

    return -1;

    }


    /* Check filesize of updxell.bin, only accept full 256kb binaries */

    fseek(f, 0, SEEK_END);

    filelength=ftell(f);

    fseek(f, 0, SEEK_SET);

    if (filelength != XELL_SIZE){

        fclose(f);

        printf(" ! %s does not have the correct size of 256kb. Aborting update!\n", path);

        return -1;

    }


    printf("\n * found XeLL update. press power NOW if you don't want to update.\n");

    delay(15);


    for (k = 0; k < XELL_OFFSET_COUNT; k++)

    {

      current = xelloffsets[k];

      offsetinblock = current % sfc.block_sz;

      startblock = current/sfc.block_sz;

      blockcnt = offsetinblock ? (XELL_SIZE/sfc.block_sz)+1 : (XELL_SIZE/sfc.block_sz);


      spare = (unsigned char*)malloc(blockcnt*sfc.pages_in_block*sfc.meta_sz);

      if(!spare){

        printf(" ! Error while memallocating filebuffer (spare)\n");

        return -1;

      }

      user = (unsigned char*)malloc(blockcnt*sfc.block_sz);

      if(!user){

        printf(" ! Error while memallocating filebuffer (user)\n");

        return -1;

      }

      j = 0;

      unsigned char pagebuf[MAX_PAGE_SZ];


      for (i = (startblock*sfc.pages_in_block); i< (startblock+blockcnt)*sfc.pages_in_block; i++)

      {

         sfcx_read_page(pagebuf, (i*sfc.page_sz), 1);

     //Split rawpage into user & spare

     memcpy(&user[j*sfc.page_sz],pagebuf,sfc.page_sz);

     memcpy(&spare[j*sfc.meta_sz],&pagebuf[sfc.page_sz],sfc.meta_sz);

     j++;

      }


        if (memcmp(&user[offsetinblock+(XELL_FOOTER_OFFSET)],XELL_FOOTER,XELL_FOOTER_LENGTH) == 0){

            printf(" * XeLL Binary in NAND found @ 0x%08X\n", (startblock*sfc.block_sz)+offsetinblock);


         updxell = (unsigned char*)malloc(XELL_SIZE);

         if(!updxell){

           printf(" ! Error while memallocating filebuffer (updxell)\n");

           return -1;

         }


         status = fread(updxell,1,XELL_SIZE,f);

         if (status != XELL_SIZE){

           fclose(f);

           printf(" ! Error reading file from %s\n", path);

           return -1;

         }


         if (memcmp(&updxell[XELL_FOOTER_OFFSET],XELL_FOOTER, XELL_FOOTER_LENGTH)){

       printf(" ! XeLL does not seem to have matching footer, Aborting update!\n");

       return -1;

     }


         fclose(f);

         memcpy(&user[offsetinblock], updxell,XELL_SIZE); //Copy over updxell.bin

         printf(" * Writing to NAND!\n");

     j = 0;

         for (i = startblock*sfc.pages_in_block; i < (startblock+blockcnt)*sfc.pages_in_block; i ++)

         {

         if (!(i%sfc.pages_in_block))

        sfcx_erase_block(i*sfc.page_sz);


         /* Copy user & spare data together in a single rawpage */

             memcpy(pagebuf,&user[j*sfc.page_sz],sfc.page_sz);

         memcpy(&pagebuf[sfc.page_sz],&spare[j*sfc.meta_sz],sfc.meta_sz);

         j++;


         if (!(sfcx_is_pageerased(pagebuf))) // We dont need to write to erased pages

         {

             memset(&pagebuf[sfc.page_sz+0x0C],0x0, 4); //zero only EDC bytes

             sfcx_calcecc((unsigned int *)pagebuf);       //recalc EDC bytes

             sfcx_write_page(pagebuf, i*sfc.page_sz);

         }

         }

         printf(" * XeLL flashed! Reboot the xbox to enjoy the new build\n");

     for(;;);


      }

    }

    printf(" ! Couldn't locate XeLL binary in NAND. Aborting!\n");

    return -1;

}


unsigned int xenon_get_DVE()

{

    unsigned int DVEversion, tmp;

    xenon_smc_ana_read(0xfe, &DVEversion);

    tmp = DVEversion;

    tmp = (tmp & ~0xF0) | ((DVEversion >> 12) & 0xF0);

    return (tmp & 0xFF);

}


unsigned int xenon_get_PCIBridgeRevisionID()

{

    return ((read32(0xd0000008) << 24) >> 24);

}


unsigned int xenon_get_CPU_PVR()

{

    unsigned int PVR;

    asm volatile("mfpvr %0" : "=r" (PVR));

    return PVR;

}


unsigned int xenon_get_XenosID()

{

    return ((read32(0xd0010000) >> 16) & 0xFFFF);

}


int xenon_get_console_type()

{

    unsigned int PVR, PCIBridgeRevisionID, consoleVersion, DVEversion;


    PCIBridgeRevisionID = xenon_get_PCIBridgeRevisionID();

    consoleVersion = xenon_get_XenosID();

    DVEversion = xenon_get_DVE();

    PVR = xenon_get_CPU_PVR();

    if(PVR == 0x710200 || PVR == 0x710300) //TODO: Add XenosID check also!

        return REV_ZEPHYR;

    if(consoleVersion < 0x5821)

        return REV_XENON;

    else if(consoleVersion >= 0x5821 && consoleVersion < 0x5831)

    {

        return REV_FALCON;

    }

    else if(consoleVersion >= 0x5831 && consoleVersion < 0x5841)

        return REV_JASPER;

    else if(consoleVersion >= 0x5841 && consoleVersion < 0x5851)

    {

        //TODO: If PVR is always the same for trinity, move it to the if statement above...

        if (DVEversion >= 0x20 && PVR == 0x710800)

        {

            if (PCIBridgeRevisionID >= 0x70 && sfcx_readreg(SFCX_PHISON) != 0)

                return REV_CORONA_PHISON;

            return REV_CORONA;

        }

        else

            return REV_TRINITY;

    }

    else if(consoleVersion >= 0x5851)

    {

        if (PCIBridgeRevisionID >= 0x70 && sfcx_readreg(SFCX_PHISON) != 0)

            return REV_WINCHESTER_MMC;

        return REV_WINCHESTER;

    }

    return REV_UNKNOWN;

}


int xenon_logical_nand_data_ok()

{

    uint16_t tmp;

    memcpy(&tmp, (const void*)(0x80000200C8000000ULL), 2);

    if (tmp != 0xFF4F)

        return -1;

    return 0;

}


int xenon_get_logical_nand_data(void* buf, unsigned int offset, unsigned int len)

{

    if (xenon_logical_nand_data_ok() == 0)

        memcpy(buf, (const void*)(0x80000200C8000000ULL + offset), len);

    else

        return -1;

    return 0;

}


unsigned int xenon_get_kv_size()

{

    unsigned int ret;

    if (xenon_get_logical_nand_data(&ret, 0x60, 4) == 0)

        return ret;

    return 0;

}


unsigned int xenon_get_kv_offset()

{

    unsigned int ret;

    if (xenon_get_logical_nand_data(&ret, 0x6C, 4) == 0)

        return ret;

    return 0;

}

length
uint16_t length
Definition: ata.h:4

status
u32 status
Definition: ehci_defs.h:15

HMAC_SHA1_EndMessage
void HMAC_SHA1_EndMessage(unsigned char *out, HMAC_SHA1_CTX *ctx)
Definition: hmac_sha1.c:170

HMAC_SHA1
void HMAC_SHA1(void *secret, void *data, void *res, int len)
Definition: hmac_sha1.c:190

HMAC_SHA1_UpdateMessage
void HMAC_SHA1_UpdateMessage(HMAC_SHA1_CTX *ctx, unsigned char *data, unsigned int datalen)
Definition: hmac_sha1.c:166

HMAC_SHA1_Done
void HMAC_SHA1_Done(HMAC_SHA1_CTX *ctx)
Definition: hmac_sha1.c:181

HMAC_SHA1_Init
void HMAC_SHA1_Init(HMAC_SHA1_CTX *ctx)
Definition: hmac_sha1.c:71

HMAC_SHA1_StartMessage
void HMAC_SHA1_StartMessage(HMAC_SHA1_CTX *ctx)
Definition: hmac_sha1.c:161

HMAC_SHA1_UpdateKey
void HMAC_SHA1_UpdateKey(HMAC_SHA1_CTX *ctx, unsigned char *key, unsigned int keylen)
Definition: hmac_sha1.c:79

HMAC_SHA1_EndKey
void HMAC_SHA1_EndKey(HMAC_SHA1_CTX *ctx)
Definition: hmac_sha1.c:133

hmac_sha1.h

io.h

size
u32 size
Definition: iso9660.c:537

uint16_t
u16 uint16_t
Definition: libfdt_env.h:10

stat
int stat(const char *file, struct stat *st)
Definition: newlib.c:643

rc4_init
void rc4_init(unsigned char *state, unsigned char *key, int len)
Definition: rc4.c:5

rc4_crypt
void rc4_crypt(unsigned char *state, unsigned char *data, int len)
Definition: rc4.c:22

rc4.h

stdio.h

XCONFIG_SECURED_SETTINGS
Definition: xenon_config.h:28

_HMAC_SHA1_CTX
Definition: hmac_sha1.h:61

kventry
Definition: xb360.h:102

kventry::length
int length
Definition: xb360.h:105

sfc
Definition: xenon_sfcx.h:84

sfc::page_sz
int page_sz
Definition: xenon_sfcx.h:88

sfc::meta_sz
int meta_sz
Definition: xenon_sfcx.h:89

sfc::block_sz
int block_sz
Definition: xenon_sfcx.h:93

sfc::initialized
int initialized
Definition: xenon_sfcx.h:85

sfc::pages_in_block
int pages_in_block
Definition: xenon_sfcx.h:92

delay
void delay(int u)
Definition: time.c:22

time.h

xenon_get_logical_nand_data
int xenon_get_logical_nand_data(void *buf, unsigned int offset, unsigned int len)
Definition: xb360.c:554

xenon_get_CPU_PVR
unsigned int xenon_get_CPU_PVR()
Definition: xb360.c:494

print_key
void print_key(char *name, unsigned char *data)
Definition: xb360.c:87

get_virtual_cpukey
int get_virtual_cpukey(unsigned char *data)
Definition: xb360.c:103

updateXeLL
int updateXeLL(char *path)
Definition: xb360.c:361

xenon_get_PCIBridgeRevisionID
unsigned int xenon_get_PCIBridgeRevisionID()
Definition: xb360.c:489

xenon_get_kv_offset
unsigned int xenon_get_kv_offset()
Definition: xb360.c:571

xenon_get_XenosID
unsigned int xenon_get_XenosID()
Definition: xb360.c:501

kv_read
int kv_read(unsigned char *data, int virtualcpukey)
Definition: xb360.c:157

print_cpu_dvd_keys
void print_cpu_dvd_keys(void)
Definition: xb360.c:260

secured_settings
struct XCONFIG_SECURED_SETTINGS secured_settings
Definition: xenon_config.c:17

kv_get_key
int kv_get_key(unsigned char keyid, unsigned char *keybuf, int *keybuflen, unsigned char *keyvault)
Definition: xb360.c:141

xenon_get_DVE
unsigned int xenon_get_DVE()
Definition: xb360.c:480

xenon_get_kv_size
unsigned int xenon_get_kv_size()
Definition: xb360.c:563

xenon_logical_nand_data_ok
int xenon_logical_nand_data_ok()
Definition: xb360.c:545

xenon_get_console_type
int xenon_get_console_type()
Definition: xb360.c:506

cpu_get_key
int cpu_get_key(unsigned char *data)
Definition: xb360.c:96

kv_get_dvd_key
int kv_get_dvd_key(unsigned char *dvd_key)
Definition: xb360.c:225

xb360.h

XEKEY_RESERVED_WORD2
#define XEKEY_RESERVED_WORD2
Definition: xb360.h:15

XEKEY_RESERVED_QWORD2
#define XEKEY_RESERVED_QWORD2
Definition: xb360.h:21

XELL_SIZE
#define XELL_SIZE
Definition: xb360.h:78

XEKEY_RESERVED_KEY4
#define XEKEY_RESERVED_KEY4
Definition: xb360.h:27

KV_FLASH_SIZE
#define KV_FLASH_SIZE
Definition: xb360.h:71

XEKEY_WIRELESS_CONTROLLER_3P_2DES_KEY1
#define XEKEY_WIRELESS_CONTROLLER_3P_2DES_KEY1
Definition: xb360.h:51

XEKEY_WIRED_CONTROLLER_3P_2DES_KEY2
#define XEKEY_WIRED_CONTROLLER_3P_2DES_KEY2
Definition: xb360.h:56

KV_FLASH_OFFSET
#define KV_FLASH_OFFSET
Definition: xb360.h:72

XEKEY_KEY_OBFUSCATION_KEY
#define XEKEY_KEY_OBFUSCATION_KEY
Definition: xb360.h:34

XEKEY_RESERVED_BYTE3
#define XEKEY_RESERVED_BYTE3
Definition: xb360.h:13

REV_XENON
#define REV_XENON
Definition: xb360.h:91

XEKEY_GLOBAL_DEVICE_2DES_KEY1
#define XEKEY_GLOBAL_DEVICE_2DES_KEY1
Definition: xb360.h:39

XEKEY_ROAMABLE_OBFUSCATION_KEY
#define XEKEY_ROAMABLE_OBFUSCATION_KEY
Definition: xb360.h:35

REV_CORONA
#define REV_CORONA
Definition: xb360.h:96

VFUSES_SIZE
#define VFUSES_SIZE
Definition: xb360.h:75

XEKEY_WIRELESS_CONTROLLER_MS_2DES_KEY1
#define XEKEY_WIRELESS_CONTROLLER_MS_2DES_KEY1
Definition: xb360.h:41

VFUSES_OFFSET
#define VFUSES_OFFSET
Definition: xb360.h:76

REV_ZEPHYR
#define REV_ZEPHYR
Definition: xb360.h:92

REV_CORONA_PHISON
#define REV_CORONA_PHISON
Definition: xb360.h:97

XEKEY_PRIMARY_ACTIVATION_KEY
#define XEKEY_PRIMARY_ACTIVATION_KEY
Definition: xb360.h:37

XEKEY_RESERVED_DWORD4
#define XEKEY_RESERVED_DWORD4
Definition: xb360.h:19

XEKEY_WIRELESS_CONTROLLER_MS_2DES_KEY2
#define XEKEY_WIRELESS_CONTROLLER_MS_2DES_KEY2
Definition: xb360.h:42

XEKEY_WIRED_WEBCAM_3P_2DES_KEY1
#define XEKEY_WIRED_WEBCAM_3P_2DES_KEY1
Definition: xb360.h:53

XEKEY_SECONDARY_ACTIVATION_KEY
#define XEKEY_SECONDARY_ACTIVATION_KEY
Definition: xb360.h:38

XEKEY_MEMORY_UNIT_3P_2DES_KEY2
#define XEKEY_MEMORY_UNIT_3P_2DES_KEY2
Definition: xb360.h:58

XEKEY_RESERVED_KEY1
#define XEKEY_RESERVED_KEY1
Definition: xb360.h:24

XEKEY_CARDEA_PRIVATE_KEY
#define XEKEY_CARDEA_PRIVATE_KEY
Definition: xb360.h:63

XELL_OFFSET_COUNT
#define XELL_OFFSET_COUNT
Definition: xb360.h:83

XEKEY_RESERVED_KEY3
#define XEKEY_RESERVED_KEY3
Definition: xb360.h:26

XEKEY_RESTRICTED_HVEXT_LOADER
#define XEKEY_RESTRICTED_HVEXT_LOADER
Definition: xb360.h:16

XEKEY_WIRED_CONTROLLER_3P_2DES_KEY1
#define XEKEY_WIRED_CONTROLLER_3P_2DES_KEY1
Definition: xb360.h:55

XEKEY_RESERVED_RANDOM_KEY1
#define XEKEY_RESERVED_RANDOM_KEY1
Definition: xb360.h:28

XEKEY_OTHER_XSM3_DEVICE_MS_2DES_KEY1
#define XEKEY_OTHER_XSM3_DEVICE_MS_2DES_KEY1
Definition: xb360.h:49

XEKEY_MEMORY_UNIT_MS_2DES_KEY2
#define XEKEY_MEMORY_UNIT_MS_2DES_KEY2
Definition: xb360.h:48

REV_WINCHESTER_MMC
#define REV_WINCHESTER_MMC
Definition: xb360.h:99

XEKEY_MANUFACTURING_MODE
#define XEKEY_MANUFACTURING_MODE
Definition: xb360.h:10

XEKEY_MEMORY_UNIT_MS_2DES_KEY1
#define XEKEY_MEMORY_UNIT_MS_2DES_KEY1
Definition: xb360.h:47

XEKEY_WIRED_CONTROLLER_MS_2DES_KEY1
#define XEKEY_WIRED_CONTROLLER_MS_2DES_KEY1
Definition: xb360.h:45

XEKEY_RESERVED_QWORD3
#define XEKEY_RESERVED_QWORD3
Definition: xb360.h:22

XEKEY_XEIKA_PRIVATE_KEY
#define XEKEY_XEIKA_PRIVATE_KEY
Definition: xb360.h:62

XEKEY_MEMORY_UNIT_3P_2DES_KEY1
#define XEKEY_MEMORY_UNIT_3P_2DES_KEY1
Definition: xb360.h:57

XEKEY_CONSOLE_SERIAL_NUMBER
#define XEKEY_CONSOLE_SERIAL_NUMBER
Definition: xb360.h:30

XEKEY_WIRED_WEBCAM_MS_2DES_KEY1
#define XEKEY_WIRED_WEBCAM_MS_2DES_KEY1
Definition: xb360.h:43

XEKEY_CONSOLE_OBFUSCATION_KEY
#define XEKEY_CONSOLE_OBFUSCATION_KEY
Definition: xb360.h:33

XEKEY_RESERVED_WORD1
#define XEKEY_RESERVED_WORD1
Definition: xb360.h:14

XEKEY_RESTRICTED_PRIVILEDGES
#define XEKEY_RESTRICTED_PRIVILEDGES
Definition: xb360.h:20

XEKEY_DVD_KEY
#define XEKEY_DVD_KEY
Definition: xb360.h:36

XEKEY_WIRELESS_CONTROLLER_3P_2DES_KEY2
#define XEKEY_WIRELESS_CONTROLLER_3P_2DES_KEY2
Definition: xb360.h:52

REV_TRINITY
#define REV_TRINITY
Definition: xb360.h:95

XEKEY_WIRED_WEBCAM_3P_2DES_KEY2
#define XEKEY_WIRED_WEBCAM_3P_2DES_KEY2
Definition: xb360.h:54

XEKEY_CONSOLE_CERTIFICATE
#define XEKEY_CONSOLE_CERTIFICATE
Definition: xb360.h:64

XEKEY_RESERVED_DWORD2
#define XEKEY_RESERVED_DWORD2
Definition: xb360.h:17

REV_FALCON
#define REV_FALCON
Definition: xb360.h:93

REV_JASPER
#define REV_JASPER
Definition: xb360.h:94

XEKEY_RESERVED_DWORD3
#define XEKEY_RESERVED_DWORD3
Definition: xb360.h:18

REV_WINCHESTER
#define REV_WINCHESTER
Definition: xb360.h:98

XEKEY_RESERVED_QWORD4
#define XEKEY_RESERVED_QWORD4
Definition: xb360.h:23

XEKEY_CONSOLE_PRIVATE_KEY
#define XEKEY_CONSOLE_PRIVATE_KEY
Definition: xb360.h:61

XEKEY_WIRED_WEBCAM_MS_2DES_KEY2
#define XEKEY_WIRED_WEBCAM_MS_2DES_KEY2
Definition: xb360.h:44

XEKEY_RESERVED_RANDOM_KEY2
#define XEKEY_RESERVED_RANDOM_KEY2
Definition: xb360.h:29

XEKEY_OTHER_XSM3_DEVICE_3P_2DES_KEY1
#define XEKEY_OTHER_XSM3_DEVICE_3P_2DES_KEY1
Definition: xb360.h:59

XEKEY_ALTERNATE_KEY_VAULT
#define XEKEY_ALTERNATE_KEY_VAULT
Definition: xb360.h:11

XEKEY_XEIKA_CERTIFICATE
#define XEKEY_XEIKA_CERTIFICATE
Definition: xb360.h:65

XEKEY_GAME_REGION
#define XEKEY_GAME_REGION
Definition: xb360.h:32

XEKEY_RESERVED_KEY2
#define XEKEY_RESERVED_KEY2
Definition: xb360.h:25

XEKEY_OTHER_XSM3_DEVICE_3P_2DES_KEY2
#define XEKEY_OTHER_XSM3_DEVICE_3P_2DES_KEY2
Definition: xb360.h:60

ZFUSES_OFFSET
#define ZFUSES_OFFSET
Definition: xb360.h:77

XEKEY_OTHER_XSM3_DEVICE_MS_2DES_KEY2
#define XEKEY_OTHER_XSM3_DEVICE_MS_2DES_KEY2
Definition: xb360.h:50

REV_UNKNOWN
#define REV_UNKNOWN
Definition: xb360.h:100

XEKEY_RESERVED_BYTE2
#define XEKEY_RESERVED_BYTE2
Definition: xb360.h:12

XEKEY_GLOBAL_DEVICE_2DES_KEY2
#define XEKEY_GLOBAL_DEVICE_2DES_KEY2
Definition: xb360.h:40

XEKEY_MOBO_SERIAL_NUMBER
#define XEKEY_MOBO_SERIAL_NUMBER
Definition: xb360.h:31

XEKEY_CARDEA_CERTIFICATE
#define XEKEY_CARDEA_CERTIFICATE
Definition: xb360.h:66

XEKEY_WIRED_CONTROLLER_MS_2DES_KEY2
#define XEKEY_WIRED_CONTROLLER_MS_2DES_KEY2
Definition: xb360.h:46

pagebuf
unsigned char pagebuf[MAX_PAGE_SZ]
Definition: xenon_config.c:20

xenon_config.h

xenon_secotp_read_line
uint64_t xenon_secotp_read_line(int nr)
Definition: xenon_secotp.c:3

xenon_secotp.h

sfcx_readreg
unsigned long sfcx_readreg(int addr)
Definition: xenon_sfcx.c:20

sfcx_is_pageerased
int sfcx_is_pageerased(unsigned char *data)
Definition: xenon_sfcx.c:361

sfcx_read_page
int sfcx_read_page(unsigned char *data, int address, int raw)
Definition: xenon_sfcx.c:25

sfcx_write_page
int sfcx_write_page(unsigned char *data, int address)
Definition: xenon_sfcx.c:74

sfcx_calcecc
void sfcx_calcecc(unsigned int *data)
Definition: xenon_sfcx.c:211

sfcx_erase_block
int sfcx_erase_block(int address)
Definition: xenon_sfcx.c:150

xenon_sfcx.h

SFCX_INITIALIZED
#define SFCX_INITIALIZED
Definition: xenon_sfcx.h:76

SFCX_PHISON
#define SFCX_PHISON
Definition: xenon_sfcx.h:14

MAX_PAGE_SZ
#define MAX_PAGE_SZ
Definition: xenon_sfcx.h:61

xenon_smc_ana_read
int xenon_smc_ana_read(uint8_t addr, uint32_t *val)
Definition: xenon_smc.c:149

xenon_smc.h

XELL_FOOTER
#define XELL_FOOTER
Definition: xenon_syscalls.c:24

XELL_FOOTER_LENGTH
#define XELL_FOOTER_LENGTH
Definition: xenon_syscalls.c:23

XELL_FOOTER_OFFSET
#define XELL_FOOTER_OFFSET
Definition: xenon_syscalls.c:22

data
union @15 data

j
u8 j
Definition: xenos_edid.h:10

k
u8 k
Definition: xenos_edid.h:9