Robinsod released a new version of the 360 Flash Dump a developer’s tool that will allow you to decrypt and extract various parts of a Xbox360 flash dump.
What's new/fixed (since v0.2)
* Fixed CG extraction * Reverted CE.cab to single file (thanks Takires) * As TheSpecialist said extraction of CE section is now working, and what a pig it was Wink, you may now right click and select 'Extract' and get just the raw, decrypted CE Section or Kernel(s). Selecting Kernel(s) causes the application to extract the base (typically 1888) HV and Kernel as an uncompressed file - "xboxkrnl.1888.exe". The option to extract them as a .cab file has now been removed. If 1 or both of the patch (CF/CG) slots are occupied they will be applied to the base kernel and the result is also written as a file - xboxkrnl.XXXX.exe.
For example, if you have a base kernel (1888) and 2 patches (2858 and 4552) in your flash dump, load into the tool, right click on CE and choose kernel(s) you will get 3 files:<.i>
- xboxkrnl.1888.exe The base HV & kernel, no patches - xboxkrnl.2858.exe The base HV & kernel, patched to 2858 - xboxkrnl.4552.exe The base HV & kernel, patched to 4552
* I noticed an odd bug in the upgrade process while developing this tool. I have some dumps from a box where 4532 is upgraded to 4548. As I noted the other day the first 0xBB40 bytes of CG are stored immediately after CF and the remainder is stored in FS blocks (there's a list in the CF header and they also appear in the FS as sysupdate.xexp files).
Well it appears during the update process from 4532 to 4548 the CG data for 4532 was deleted but the list in CF is still valid. This is odd since 4548 was not a lock down version was it? Yet it would be impossible to roll back from a corrupt 4548 to 4532 * Its very interesting to diff. 4548 and 4552 they have << 100 bytes of differences so I guess the exploit fix was pretty small Wink.
Now you may have read this and are not quite sure as to what it all means. What it means is developers are getting a much more in depth look at how the 360 works. The end result of better knowledge of how the system works. This will pave the way for what most of you modders out there have been waiting for.
Homebrew Applications
Don’t get me wrong all the hard work that has been put into dvd firmwares is greatly appreciated, but I’ve been waiting for homebrew for quite some time. Play backup copies of games is nifty and all, but running apps on my 360 one day is what gets me worked up like the day before Christmas when you know you have a great present waiting.
Of course there will still be a lot of work, and hard hours ahead, but the developers are just one step closer to enjoying the full potential that the 360 is. Big thanks goes out to those working on this.
Robinsod over at http://www.xboxhacker.net has announced a new tool. It will allow you to decrypt and extract various parts of an XBox360 flash dump.
The flash is devided into 2 major parts
1) The Cx sections (CB,CD,CE & 0,1 or 2 CF & CG sections).
CB, CPU bootup
CD, unpacker for CE
CE, contains the HV and Kernel in a .cab archive
CF&CG are upgrade patches
The tool will extract and decrypt sections CB, CD, CE. Additionally it will extract the .cab file in section CE. This can be opened with winrar and the content (xboxkrnl.img) extracted. The first 256K of xboxkrnl.img is the Hypervisor, the remainder is the 2.0.1888 Kernel.
2) The Flash File System.
The tool expects a dump to contain the data (512 bytes) followed by the ECC (16 bytes). The ECC bytes are used to locate FS entries & identify the version.
The tool consists of the exe and CxKey.txt. CxKey.txt is delivered with 32 '0's and they should be replaced with the key obtained from the 1BL. After all the fuss about AACS keys recently it seems risky to put the key in the exe The Cx sections extracted from a dump will only decrypt correctly if the correct hex digits are inserted in the CxKey.txt file