I'm spending this weekend writing my own just for that purpose. Since I work (mostly) on linux I've been working mostly with a hacky set of my own python scripts, but if I polish it up it should do well. The only thing that I can't do is decompress the 5BL. Everything else I've seen just uses XDK libs, I might have to try to make some weird wrapper for it
They're proper loaders, they work like the xex one does. Well this kind of got me back into them a bit. I'll throw them up on a git server so you guys can check them out. The shadowboot loader asks which bl you'd like to work with as it parses through the file. The only thing I'd like to do better is load the kernel better. I'm trying to make a smoother load so it acts more like it does when you load one from the sdk symsrv. Since it is the same you can load symbols with it if they are available.
Sweet, looking forward to it. That'd be pretty cool, always wanted a way to get the NAND kernel loading with symbols properly, I never could figure out what made it different to the exe in the SDK.
https://github.com/Dwack/X360-IDA-Tools The 5bl loader option will fail atm, you have to comment out: Code: int res = load_loader_module(_li, "pe", NULL, false); on line 562 This was all built using SDK version 6.1. I'm not going to link to it because of obvious reasons, but it is very easy to get with a google search. You'll also have to change the post link events to copy the output file to your IDA install directory.
I've finished version .5 of my shadowboot analysis tool: https://gitlab.acabey.xyz/acabey/flash-dump-tool Despite its name, flash dumps are totally broken, they have some weird discrepancies that I still have to figure out (the actual length of a section does not match the one in the header...) , but shadowboot images work well I had to gut a lot of stuff as part of a refactor (turning a bunch of hacky scripts into a real program), but it is working well now! Right now you can enumerate the contents, extract and replace (encrypted) sections. I have all of the logic for decryption, just have to work it into the interface. I also have to add back the SMC, kernel and HV. Next on the TODO is patching and signing.
My intention is to make a cross-platform, open source (free software) tool for this stuff. RGl isn't obfuscated, but still not open source. Also if you weren't aware, stoker25 (three posts above) developed RGloader
I knew that. He left the project and now ED9 is the only one left working on it, he's a busy man. My friend had to wait three months for the test to dev + rgl shadowboot for his EXPO test kit
