UH60Hawk wrote

Click to View Content

NAND-X wrote Now here is the problem when the hypervisor is patched when you sign in to xbox live ms knows you're on a jtag how? well in your hypervisor there is challenge responses (works like this basically) xbox -> hypervisor -> challenge responses -> challenges -> xbox servers -> you have signed in to xbox live!

So now you see how that works well what if the challenge responses are wrong? lets see xbox -> hypervisor -> challenge responses -> challenges -> challenges failed -> you have been console banned

Now the thing is when the hypervisor is patched the challenge responses are incorrect (compared to the retail)

So then how do people get online?

There is some smart people out there they will get a retail HV.bin and put it on a server or on the xbox locally and they run the retail HV.bin challenge responses against the challenges on the server so it goes like this

xbox -> retail hypervisor (either local or hosted on a server) -> challenge responses -> challenges -> xbox servers -> you have signed in to xbox live!

xbox -> (there server) -> check cpu key on console -> if cpu key is authorized on server -> retail hv.bin gets download to memory on your console -> run retail hypervisor against challenges on ms servers -> connect to xbox live -> delete retail hv.bin from your console

The map type things in server connection are not 100% accurate obviously there is more to it

Nice Job Copying and Pasting

yes I did copy and paste what U want a cookie I can't put the website down as on phone and to be honest can't even see what in typing if U want to check it out on chrome x mods website posted by him also if i wanted people to believe this was my own knowledge don't you think i would of made it look like i just typed it out and not copied it in not here to steal others stuff there's plenty off people on TTG who do that in just sharing info so maybe some people can try to understand some more things Much love - NAND-X

you say your 13? saying authenticated? i belive those types of words do not exist in a 13 year olds vocabulary so sir plz enough with these silly posts. of ERMAIGAWD I KNOW HOW TO GET ONLINE! stuff it wont work how ever you think your gonna try so just sit down and read a book

~Lipton out.

XboxLiveUnban wrote

Dumb_Modz wrote

XboxLiveUnban wrote

Dumb_Modz wrote has anyone thought to use Dwack's XeDumpHV tool that dumps the hv of the console

idk I'm just guessing things

Well that would work if you used xbls to get online then dumped it.

it won't because the hypervisor does not stay on the xbox if it did stealth would've been out of business a long time ago

you could just make a plugin to dump it right as you connect

Jester already said why this isn't possible.

That would be insecure as hell. They do response generation on the server, meaning without compromising all of the server code (and the servers copy of the HV) it cannot be reproduced.

Putting the entire HV into memory and hashing it on the buyers xbox is a great way to let someone steal the method

XBLS_ wrote It's not trivial to spoof the CPU key. Why do you think it doesn't boot if you build an image with the wrong CPU key? Using a donor NAND doesn't negate the need for your per-box key and it is read directly from the fuselines

i was taking a piss with the donor image, i know you would still need to write you own key to the donor image,and i dont know how you could get a xex to read the fuseline , but what i was thinking was if you misused a syscall to report back a different cpu key.

Fuselines are read directly from the HV, more than once, with checks against spoofing/patching.

XBLS_ wrote Fuselines are read directly from the HV, more than once, with checks against spoofing/patching.

Doesn't stop somebody from hooking HvxGetVersions to return a different CPU key.

TroPPicZ wrote

XBLS_ wrote Fuselines are read directly from the HV, more than once, with checks against spoofing/patching.

Doesn't stop somebody from hooking HvxGetVersions to return a different CPU key.

Spoofing the cpu key in HV memory does not spoof the fuselines, so no.

nickcas wrote

TroPPicZ wrote

XBLS_ wrote Fuselines are read directly from the HV, more than once, with checks against spoofing/patching.

Doesn't stop somebody from hooking HvxGetVersions to return a different CPU key.

Spoofing the cpu key in HV memory does not spoof the fuselines, so no.

Obviously not, but the way his xex reads the CPU key is by calling HvxGetVersions and reading 0x20 in the hv. Well it used to at least... maybe my xex is out of date.

Lets Just all agree that you are all wrong and XBLS, Nickas, Jester, Dwack are right ;)

ImJtagModz wrote Lets Just all agree that you are all wrong and XBLS, Nickas, Jester, Dwack are right ;)

At least this kid understands.