XeDK Disassembly Guide

Discussion in 'Xbox 360 Development' started by neull, Mar 7, 2008.

  1. neull

    neull Guest

    Wewt, this stuff is great.
     
    Last edited by a moderator: Apr 24, 2010
  2. Nonel

    Nonel Member

    Joined:
    Nov 26, 2007
    Messages:
    8
    Likes Received:
    0
    Correct. The firmware is the same, unless it is a true development drive. For example, below v40 Hitachi drive revisions would need to be upgraded to a minimum of v40 firmware before they would function properly in a retail console. The same can be said for the other two drive models.

    If you were to use the previous XeDK retail loader, you would need to modify your dvd firmware. But as stated, that required K:4532.
     
    Last edited: Mar 10, 2008
  3. ConsoleFun

    ConsoleFun Gutsy Member

    Joined:
    Dec 21, 2004
    Messages:
    441
    Likes Received:
    3
    To play retail games on a devkit there are two protection issues that must handled one way or another...


    1. Bypassing the XEX signature check

    All 360 executables (XEXs) are RSA-signed with a RSA private_key. The XEX loader in the 360 kernel checks this RSA signature against a corresponding RSA public_key before it will boot a game:
    Retail 360s will only boot XEXs signed with a "retail" private_key.
    The devkits will only boot XEXs signed with a "devkit" private_key.

    There are two ways to bypass this check on devkits, allowing retail games to be played.

    Since the "devkit" private_key is public, it possible to convert retail XEXs (and DLLs) into devkit XEXs by resigning them. This is an oversimplified explanation of course, there is a bit more to it.

    Another option is to trick the devkit to check the RSA signature against the retail public_key instead of the devkit public_key. This is possible since the retail public_key is known, and since the kernel can be tampered with by exploiting the sc() vulnerability in kernel 4548. This is what the "retail loader" does, and the reason it only works on 4548 - again, this is a very oversimplified explanation.


    2. Bypassing the copy protection on 360 retail discs

    Retail 360 discs are copy protected. To unlock the game partition on retail discs there is a challenge-response (C/R) authentication process. The data needed to perform this C/R process is stored in encrypted tables in a security sector (SS) on the disc. The SS is at a position (PSN) on the disc that can not be copied - in the sense that this PSN can not be written to on writable DVD media.

    To bypass this protection the Xtreme backup format was invented. In this backup format the SS' differ from retail SS' in that they are located at a PSN that is writable, and that the "drive response table" is stored unencrypted.

    To play backups the drive firmware needs to hacked to be compatible with this format, and to report Xtreme discs as original 360 discs.

    This goes for devkits as well. To play backups in Xtreme format on a devkit, using the retail disc loader, the drive must be hacked to be compatiable with this format....

    Another solution is to avoid this issue, by extracting all the files from a backup image, convert all XEXs and DLLs to devkit format, stripping any restrictions on the files in the process, and then boot them off the devkit HD instead.....


    Hope this helps clarify how it works under the hood.....

    CF
     
    Last edited: Mar 11, 2008
  4. LEo

    LEo Fiery Member

    Joined:
    Jan 19, 2008
    Messages:
    845
    Likes Received:
    16
    Thanks for the explanation!
     
  5. tmbinc

    tmbinc Spirited Member

    Joined:
    Oct 10, 2006
    Messages:
    103
    Likes Received:
    1
    be careful, it has been said that under certain unknown conditions the XDK recovery will reflash the drive's key (and generate a new devkit keyvault).

    I don't have details, sorry. Just be careful, and always backup the retail dvdkey.
     
  6. Dark Neo

    Dark Neo Robust Member

    Joined:
    Oct 8, 2007
    Messages:
    232
    Likes Received:
    6
    Good Job.

    Now I need only have an Xbox 360 XDK.:crying:
     
  7. flurix

    flurix Newly Registered

    Joined:
    Nov 13, 2007
    Messages:
    2
    Likes Received:
    0
    Great guide. Only thing I would change is on pg 4:

    "If you feel that you unable to accomplish any of these steps, then do proceed with disassembling the XeDK"

    Sounds like you're telling them that if they are uncomfortable, then to continue on without worry. Just a suggestion though.
     
    Last edited: Apr 28, 2008
  8. neull

    neull Guest

    K.
     
    Last edited by a moderator: Apr 24, 2010
  9. lllsondowlll

    lllsondowlll Fiery Member

    Joined:
    Jan 19, 2008
    Messages:
    867
    Likes Received:
    4
    lulz, I didn't catch that. Thats pretty funny actually. When in doubt... Just go ahead and bust the damn thing anyway. lol
     
  10. Dark Seraph91

    Dark Seraph91 Enthusiastic Member

    Joined:
    May 6, 2008
    Messages:
    577
    Likes Received:
    0
  11. neull

    neull Guest

    Flop!
     
    Last edited by a moderator: Apr 24, 2010
  12. Dark Seraph91

    Dark Seraph91 Enthusiastic Member

    Joined:
    May 6, 2008
    Messages:
    577
    Likes Received:
    0
  13. xorloser

    xorloser Member

    Joined:
    May 9, 2007
    Messages:
    16
    Likes Received:
    3
    just a little point to add to this:

    retail discs and xtreme backups etc have their authentication data encrypted with retail keys, not devkit keys. for this reason these discs will not work on a devkit. (this data is seperate to the signed/encrypted data in the xex files, so altering xex files will not fix this).

    the only way around this would be to hack the kernel/hypervisor, but that's a story for another day... :)
     
  14. neull

    neull Guest

    Xorloser is awesome.

    Hawk is Xorloser's antithesis!
     
    Last edited by a moderator: Apr 24, 2010
  15. dulledblade

    dulledblade Guest

    Thanks for this guide, it helped a lot since I didn't break anything :).
     
  16. neull

    neull Guest

    Thanks for the feedback ;D

    That reminds me, i need to add the section about adding a sidecar to a demo/debug kit.
     
  17. Nomical

    Nomical Member

    Joined:
    Jan 27, 2009
    Messages:
    16
    Likes Received:
    0
    Very nice Gamerfreak.
     
  18. Checksum

    Checksum Active Member

    Joined:
    Sep 23, 2009
    Messages:
    46
    Likes Received:
    0
    The link doesnt work. If its gonna be a sticky someone should keep the 1 and only link updated? No?
     
  19. neull

    neull Guest

    Ramble-Ramble-Ramble
     
    Last edited by a moderator: Apr 24, 2010
  20. Checksum

    Checksum Active Member

    Joined:
    Sep 23, 2009
    Messages:
    46
    Likes Received:
    0
    Thanks for re-upping the link. :katamari2
     
sonicdude10
Draft saved Draft deleted
Insert every image as a...
  1.  0%

Share This Page