Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- //RANDOM STUFF WITHIN SYS HOOKS
- //Cx000000
- //my research, totally not finished
- {
- 1d r9, -0x7988(r11)
- cmplwi cr6, r9, 0
- bne cr6, loc_abc
- li r9, 1
- loc_abc:
- std r9, 0x198(r31)
- lwz r9, -0x78FC(r11)
- std r9, 0x160(r31)
- blr
- }
- }
- DWORD XeKeysExecuteHook(PBYTE pBuffer, DWORD cbBuffer, BYTE * pbSalt, PXBOX_KRNL_VERSION pKernelVersion, PVOID r7, PVOID r8)
- {
- MemoryBuffer mbHv;
- CReadFile("Hdd:\\XBLS\\HV.bin", mbHv_;
- PBYTE cHv = mbHv.GetData();
- MemoryBuffer mbCache;
- CReadfile("Hdd:\\XBLS\\Cache.bin", mbCache);
- PBYTE pbCache = mbCache.GetData();
- // HV Header
- HvPokeWORD(0x6, hasFcrt ? 0xD81E : 0xD83E);
- HvPokeDWORD(0x14, updateSequence);
- HvPokeDWORD(0x30, HVSF());
- HvPokeBytes(0x20, keyVaultCpuKey, 0x10);
- //Keep dem hax
- BYTE hvData[0x80];
- HvPeekBytes(0x0000000200010040, hvData, 0x80);
- }
- ////////////////////////////////////////////////////////////////////////////////
- //my research, totally not finished
- union MERGER
- {
- BYTE byte1[4];
- DWORD num1;
- };
- DWORD HVSF() {
- DWORD HV_STATUS_FLAG = 0x023289D3
- HV-STATUS_FLAG = (cr1 == 1) ? (HV_STATUS-FLAG | 0x10000) : HV_STATUS_FLAG;
- HV_STATUS_FLAG = (hasFcrt == 1) ? (HV_STATUS_FLAG | 0x1000000) : HV_STATUS_FLAG; //will finish this bit, I have it planned out.
- return HV_STATUS_FLAG;
- }
- BOOL EncryptChallenge(BTYE * pBuffer, DWORD fileSize)
- {
- DBGPRINT("Encrypting XeKeysExecute Challenge Data/n");
- XECRYPT_RC4_STATE rc4;
- MemoryBuffer mbChal;
- BYTE* decChalData - (BYTE*)XPhysicalAlloc(fileSize, MAXULONG_PTR, 0, PAGE_READWRIRE);
- if (!CReadFile(RunningFromUSB ? "Usb:\\Zenith\\XeKeysExecute_Custom_Challenge.bin" : "Hdd:\\Zenith\\XeKeysExecute_Custom_Challenge.bin",mbChal // add more plez
- PBYTE data = mbChal.GetData();
- memcpy(decChalData, data, fileSize);
- BYTE* rc4Key = (BYTE*)XPhysicalAlloc(0x10, MAXULONG_PTR, 0, PAGE_READWRITE);
- BYTE key[0x10] - (0xDD, 0x88, 0xAD, 0x0C, 0x9E, 0xD6, 0x69, 0xE7, 0xB5, 0x67, 0x94, 0xFB, 0x68, 0x56, 0x3E, 0xFA); // found in hypervisor (HV)
- XeCryptHmcSha((BYTE*)key, 0x10, decChalData + 0x10, 0x10, 0, 0, 0, 0, rc4Key, 0x10);
- XeCryptRc4Key(&rc4, rc4Key, 0x10);
- XeCryptRc4Ecb(&rc4, decChalData + 0x20, fileSize - 0x20);
- HANDLE hFile;
- DWORD size;
- hFile = CreateFile("Hdd:\\Zenith\\XeKeysExecute_chalData_enc.bin",GENERIC_WRITE,
- FILE_SHARP_WRITE, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement