Some of you may have used XEXDecrypt, the tool which may decrypt and decompress a XEX if given the correct keys. Say I wanted to recompile the XEX, and compress it back with keys I have...How would I do so? Is there a utility for it(doubt it), or does anyone have a white paper, or any information they would be willing to share?
well each xex has a rsa sig(which is probably based off a sha1 hash) which can only be signed with a private key microsoft knows. maybe if you generated your own keys somehow you could play xex signed with your generated private key. i'm almost sure the second xex key is generated at runtime though(could be wrong) and i dont know how you would edit that. for more info: go to xboxhacker.net(but you probably know that if you are this far along). I'm pretty sure they must have discussed the xex encryption on the site before.
i've just been informed that the xex needs to be compressed with lzx compression techniques and encrypted with aes. i don't really know about either of these though. i'm just quoting that.
I know its done with LZX and I know you need your own keys and MS keys to decrypt... I have keys to decrypt and reencrypt. And I know what compression method is used. I was just wondering if there was a tool out there that could do it for me. Could imagexex work?
my friend and i are working on one. i'll let you know when we make some progress. I wasn't aware there were others released in the public and I haven't heard of the one you mentioned. I only know about one xex program besides xexdecrypt. hitmen.c02.at/html/xbox360_releases.html I'm pretty sure you need to sign some hashes after reencrypting and recompressing to get it working also. We are in the process of working on that
well, the devkit keys are of course public... i don't know of a tool which can re-create a PE file which contains everything, so you could use it with imagexex again. Then, xextool (xorloser's) should be able to transform your encrypted, packed .xex file into an unencrypted, non-compressed (but still signed) file. Then you can patch around, and lateron, you can make xextool to fix the signature for you.
Not the devkit key you fool! ;P The keys I didn't figure out myself so I shouldn't be giving that away. I know how to decrypt, I didn't need that first part of the explanation tmbinc. I'll look into xextool fixing signatures. Thank you.
I *really* doubt you have the proper keys to sign a retail xex. All you have are the symmetric keys, right? But they (of course) are only half of the deal (or sub-0.000000001%, to be honest).
The chance that anywhere outside of 1 or 2 secure servers at Microsoft have the private half of the RSA key for either XBOX or XBOX 360 is pretty much zero.
Exactly... Which is what I've been saying. You don't need that other key to sign to dev... But its ok, with Xextool I get it now...
