I am wondering what is required to play actual factory made retail games on the devs. I was messing around with xextool and the encryption keys don't seem to be different between retail and dev, and the signature + hash checks can be easily removed on a dev, but I did this and it still came up with a "Play DVD" message, so I am wondering what if there is something preventing this and it's most likely located in the game's xex as it is the only thing I can think of.
The keys are different between retail and dev signed xex files, the reason you cant play "factory made retail" games is because they are intended for use with retail consoles, and do not have the debug/dev check in place. To put it in place would require a change which would in turn invalidate the xex files signature causing it to fail to boot. The reason we are able to resign development xex files is simply because the keys required to do so are included in the sdk, and obviously they are very different to the keys required for retail consoles, otherwise piracy would be rampant.
I know the keys are different, I have disabled the Xex signature check though. What is the dev check you speak of?
Im no coder, but i believe its the kernel that checks the xex's signature, not the xex itself, thats how the jtag and the reflashing of the nand has enabled xex files to boot regardless of wether it is signed for dev or retail. The dev check i mentioned is basically checking to see if your running a retail or development kernel, in the readme for xextool, you have command to "make xex dev" or "make xex retail" as far as i have gathered, again bear in mind im no coder, its a simple flag in the xex file itself. It is more likley you have disabled the check of in game files, ala halo's map encryption system or most recently of note, mass effect 2's disc swap nag screen.
No, I edited the dev's kernel to remove the hash and signature checks, which is why I am wondering why it still doesn't work.
Ah, i see, now thats way beyond my understanding, so anything more from me would be just pointless ramblings to be honest, maybe one of the more informed experts would be able to help round here. Sure is an interesting topic i will follow though!
Elaberate. Also do this test first. Run the retail xex's off your hdd. Tell me if that works, if it does not I have an idea of what the problem is.
The kernel is loaded to memory. You can edit it and it will work until you reboot. Also, nothing with retail xex's work. Watson tells me "failed to load module default.xex (C000007B)". So there's probably something in in the image headers of the xex's that isn't compatible with dev kits.
Out of curiousity what offset in memory, Also I was going to tell you... The play dvd error could be occuring because of your dev drive but since it doesn't run from any media idk what to tell you. Do this run gamehack/xextool on it, make sure run from all region/media is checked and leave it retail. Then try to run it from your hdd. Let me know when you figure out the problem seems like a useful patch.
The kernel is always loaded to 0x80040000. Also, that's the problem, I want to run them straight off of the disk, because I could just extract them to my HDD.
You need a valid dvd key to unlock the game partition. Have a look into firmware flashing for more details on this, if someone flashes a drive without the key they will only see the "please insert into xbox 360" screen. How this can fit into your equation i have no clue, but a little tidbit on whats going on.
I know how flashing works, I've flashed several. I just wanted to see if it's possible to play the game straight on the disc upon insertion.
Well there was a way to play retail games on a dev kit using the 4548 kernel because it had a exploit,it worked well for the time being.
It was a tool that used the shader exploit to get privileged code that allowed him to change the security sector security and signature checks for the xex's in order to boot retail games. The application was never released tho. It was made by Xorloser but I forget the name.
A couple things. First of all, I believe that the security sectors have a different key for dev than for retail, causing them to come up invalid and just play the video partition. The media flags would prevent a directly ripped retail xex from playing from HDD. On top of all that, the xexs are encrypted for retail, not dev, which could be a bit of a problem.
I used xextool, the xex encryption keys are the same as the data did not change. If it's just the SS on games, how come retail arcade games wouldn't start with the failed load module message? I do understand that the SS keys are different, so the authentication will fail, but what about getting retail xex's in STFS packages to work, as I will look into the SS check now.
