SHARE
TWEET

Untitled

a guest Nov 11th, 2018 322 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.  
  2. typedef DWORD(*ExecuteSupervisorChallenge_t)(DWORD dwTaskParam1, PBYTE pbDaeTableName, DWORD cbDaeTableName, PBYTE pBuffer, DWORD cbBuffer);
  3. DWORD XamLoaderExecuteAsyncChallengeHook(DWORD dwAddress, DWORD dwTaskParam1, PBYTE pbDaeTableName, DWORD szDaeTableName, PBYTE pBuffer, DWORD cbBuffer) {
  4.     memcpy((void*)0x8E03AA30, cpuKeyDigest, 0x10);
  5.     memcpy((void*)0x8E03AA40, kvDigest, 0x10);
  6.     memset((BYTE*)0x8E038780, 0, 0x14);
  7.     *(WORD*)0x8E038600 = fcrt ? 0xD81E : 0xD83E;
  8.     DWORD hv_status_flags = 0x023289D3;
  9.     if (crl) hv_status_flags |= 0x10000;
  10.     if (fcrt) hv_status_flags |= 0x1000000;
  11.     *(DWORD*)0x8E038610 = hv_status_flags;
  12.  
  13.     // Fixed bytes//17526
  14.     *(DWORD*)(0x8167F8D8) = 0x5563DFFE; // Gold Spoof
  15.     *(DWORD*)(0x81A3BCB8) = 0x5563673E; // Gold Bar
  16.  
  17.     ExecuteSupervisorChallenge_t ExecuteSupervisorChallenge = (ExecuteSupervisorChallenge_t)dwAddress;
  18.     ExecuteSupervisorChallenge(dwTaskParam1, pbDaeTableName, szDaeTableName, pBuffer, cbBuffer);
  19.  
  20.     memcpy(pBuffer + 0xF0, &keyVault.XeikaCertificate.Data.OddData.InquiryData, 0x24);
  21.     memcpy(pBuffer + 0x114, pBuffer + 0xF0, 0x24);
  22.     *(DWORD*)(pBuffer + 0x150) = keyVault.PolicyFlashSize;
  23.  
  24.     DWORD hardware_flags = 0x40000207;
  25.  
  26.     BYTE kv[2];
  27.     QWORD kvAddress = HvPeekQWORD(hvKvPtrRetail);
  28.     HvPeekBytes(kvAddress + 0x9D1, kv, 0x2);
  29.     BYTE mobo = ((kv[0] << 4) & 0xF0) | (kv[1] & 0x0F);
  30.     if (mobo < 0x10) { //xenon
  31.         memcpy(pBuffer + 0x70, (void*)0x8E03AA50, 0x10);
  32.         *(DWORD*)(pBuffer + 0x1D0) = 0x00000207;
  33.     }
  34.     else if (mobo < 0x14) { //zephyr
  35.         memcpy(pBuffer + 0x70, (void*)0x8E03AA50, 0x10);
  36.         *(DWORD*)(pBuffer + 0x1D0) = 0x10000227;
  37.     }
  38.     else if (mobo < 0x18) { //falcon
  39.         memcpy(pBuffer + 0x70, Falcon_Hash, 0x10);
  40.         *(DWORD*)(pBuffer + 0x1D0) = 0x20000227;
  41.     }
  42.     else if (mobo < 0x52) { //jasper
  43.         memcpy(pBuffer + 0x70, Jasper_Hash, 0x10);
  44.         *(DWORD*)(pBuffer + 0x1D0) = 0x30000227;
  45.     }
  46.     else if (mobo < 0x58) { //trinity
  47.         memcpy(pBuffer + 0x70, Trinity_Hash, 0x10);
  48.         *(DWORD*)(pBuffer + 0x1D0) = 0x40000227;
  49.     }
  50.     else { //corona and maybe winchester?
  51.         memcpy(pBuffer + 0x70, Corona_Hash, 0x10);
  52.         *(DWORD*)(pBuffer + 0x1D0) = 0x50000227;
  53.     }
  54.  
  55.     //17526
  56.     *(DWORD*)(0x8167F8D8) = 0x38600000;//Gold Spoof
  57.     *(DWORD*)(0x81A3BCB8) = 0x38600001;//Gold Bar
  58.     return 0;
  59. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top