Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- typedef DWORD(*ExecuteSupervisorChallenge_t)(DWORD dwTaskParam1, PBYTE pbDaeTableName, DWORD cbDaeTableName, PBYTE pBuffer, DWORD cbBuffer);
- DWORD XamLoaderExecuteAsyncChallengeHook(DWORD dwAddress, DWORD dwTaskParam1, PBYTE pbDaeTableName, DWORD szDaeTableName, PBYTE pBuffer, DWORD cbBuffer) {
- memcpy((void*)0x8E03AA30, cpuKeyDigest, 0x10);
- memcpy((void*)0x8E03AA40, kvDigest, 0x10);
- memset((BYTE*)0x8E038780, 0, 0x14);
- *(WORD*)0x8E038600 = fcrt ? 0xD81E : 0xD83E;
- DWORD hv_status_flags = 0x023289D3;
- if (crl) hv_status_flags |= 0x10000;
- if (fcrt) hv_status_flags |= 0x1000000;
- *(DWORD*)0x8E038610 = hv_status_flags;
- // Fixed bytes//17526
- *(DWORD*)(0x8167F8D8) = 0x5563DFFE; // Gold Spoof
- *(DWORD*)(0x81A3BCB8) = 0x5563673E; // Gold Bar
- ExecuteSupervisorChallenge_t ExecuteSupervisorChallenge = (ExecuteSupervisorChallenge_t)dwAddress;
- ExecuteSupervisorChallenge(dwTaskParam1, pbDaeTableName, szDaeTableName, pBuffer, cbBuffer);
- memcpy(pBuffer + 0xF0, &keyVault.XeikaCertificate.Data.OddData.InquiryData, 0x24);
- memcpy(pBuffer + 0x114, pBuffer + 0xF0, 0x24);
- *(DWORD*)(pBuffer + 0x150) = keyVault.PolicyFlashSize;
- DWORD hardware_flags = 0x40000207;
- BYTE kv[2];
- QWORD kvAddress = HvPeekQWORD(hvKvPtrRetail);
- HvPeekBytes(kvAddress + 0x9D1, kv, 0x2);
- BYTE mobo = ((kv[0] << 4) & 0xF0) | (kv[1] & 0x0F);
- if (mobo < 0x10) { //xenon
- memcpy(pBuffer + 0x70, (void*)0x8E03AA50, 0x10);
- *(DWORD*)(pBuffer + 0x1D0) = 0x00000207;
- }
- else if (mobo < 0x14) { //zephyr
- memcpy(pBuffer + 0x70, (void*)0x8E03AA50, 0x10);
- *(DWORD*)(pBuffer + 0x1D0) = 0x10000227;
- }
- else if (mobo < 0x18) { //falcon
- memcpy(pBuffer + 0x70, Falcon_Hash, 0x10);
- *(DWORD*)(pBuffer + 0x1D0) = 0x20000227;
- }
- else if (mobo < 0x52) { //jasper
- memcpy(pBuffer + 0x70, Jasper_Hash, 0x10);
- *(DWORD*)(pBuffer + 0x1D0) = 0x30000227;
- }
- else if (mobo < 0x58) { //trinity
- memcpy(pBuffer + 0x70, Trinity_Hash, 0x10);
- *(DWORD*)(pBuffer + 0x1D0) = 0x40000227;
- }
- else { //corona and maybe winchester?
- memcpy(pBuffer + 0x70, Corona_Hash, 0x10);
- *(DWORD*)(pBuffer + 0x1D0) = 0x50000227;
- }
- //17526
- *(DWORD*)(0x8167F8D8) = 0x38600000;//Gold Spoof
- *(DWORD*)(0x81A3BCB8) = 0x38600001;//Gold Bar
- return 0;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement