You are viewing our Forum Archives. To view or take place in current topics click here.

Is this topic useful?

Yes
25.53% (12 votes)
No
48.94% (23 votes)
Kinda
25.53% (12 votes)

Total Votes: 47

#51. Posted:
NAND-X
  • TTG Master
Status: Offline
Joined: May 27, 201212Year Member
Posts: 863
Reputation Power: 0
Status: Offline
Joined: May 27, 201212Year Member
Posts: 863
Reputation Power: 0
UH60Hawk wrote
NAND-X wrote Now here is the problem when the hypervisor is patched when you sign in to xbox live ms knows you're on a jtag how? well in your hypervisor there is challenge responses (works like this basically) xbox -> hypervisor -> challenge responses -> challenges -> xbox servers -> you have signed in to xbox live!

So now you see how that works well what if the challenge responses are wrong? lets see xbox -> hypervisor -> challenge responses -> challenges -> challenges failed -> you have been console banned

Now the thing is when the hypervisor is patched the challenge responses are incorrect (compared to the retail)

So then how do people get online?

There is some smart people out there they will get a retail HV.bin and put it on a server or on the xbox locally and they run the retail HV.bin challenge responses against the challenges on the server so it goes like this

xbox -> retail hypervisor (either local or hosted on a server) -> challenge responses -> challenges -> xbox servers -> you have signed in to xbox live!

xbox -> (there server) -> check cpu key on console -> if cpu key is authorized on server -> retail hv.bin gets download to memory on your console -> run retail hypervisor against challenges on ms servers -> connect to xbox live -> delete retail hv.bin from your console

The map type things in server connection are not 100% accurate obviously there is more to it


Nice Job Copying and Pasting
yes I did copy and paste what U want a cookie I can't put the website down as on phone and to be honest can't even see what in typing if U want to check it out on chrome x mods website posted by him also if i wanted people to believe this was my own knowledge don't you think i would of made it look like i just typed it out and not copied it in not here to steal others stuff there's plenty off people on TTG who do that in just sharing info so maybe some people can try to understand some more things Much love - NAND-X
#52. Posted:
Escent
  • Rising Star
Status: Offline
Joined: Nov 26, 201013Year Member
Posts: 756
Reputation Power: 50
Status: Offline
Joined: Nov 26, 201013Year Member
Posts: 756
Reputation Power: 50
you say your 13? saying authenticated? i belive those types of words do not exist in a 13 year olds vocabulary so sir plz enough with these silly posts. of ERMAIGAWD I KNOW HOW TO GET ONLINE! stuff it wont work how ever you think your gonna try so just sit down and read a book

~Lipton out.
#53. Posted:
-Peacee
  • Prospect
Status: Offline
Joined: Feb 01, 201014Year Member
Posts: 667
Reputation Power: 28
Status: Offline
Joined: Feb 01, 201014Year Member
Posts: 667
Reputation Power: 28
XboxLiveUnban wrote
Dumb_Modz wrote
XboxLiveUnban wrote
Dumb_Modz wrote has anyone thought to use Dwack's XeDumpHV tool that dumps the hv of the console

idk I'm just guessing things
Well that would work if you used xbls to get online then dumped it.


it won't because the hypervisor does not stay on the xbox if it did stealth would've been out of business a long time ago
you could just make a plugin to dump it right as you connect

Jester already said why this isn't possible.
That would be insecure as hell. They do response generation on the server, meaning without compromising all of the server code (and the servers copy of the HV) it cannot be reproduced.

Putting the entire HV into memory and hashing it on the buyers xbox is a great way to let someone steal the method
#54. Posted:
vokal
  • TTG Addict
Status: Offline
Joined: Dec 05, 201013Year Member
Posts: 2,130
Reputation Power: 103
Status: Offline
Joined: Dec 05, 201013Year Member
Posts: 2,130
Reputation Power: 103
XBLS_ wrote It's not trivial to spoof the CPU key. Why do you think it doesn't boot if you build an image with the wrong CPU key? Using a donor NAND doesn't negate the need for your per-box key and it is read directly from the fuselines
i was taking a piss with the donor image, i know you would still need to write you own key to the donor image,and i dont know how you could get a xex to read the fuseline , but what i was thinking was if you misused a syscall to report back a different cpu key.
#55. Posted:
XBL-NiNJA
  • New Member
Status: Offline
Joined: Jun 01, 201311Year Member
Posts: 28
Reputation Power: 1
Status: Offline
Joined: Jun 01, 201311Year Member
Posts: 28
Reputation Power: 1
Fuselines are read directly from the HV, more than once, with checks against spoofing/patching.
#56. Posted:
TroPPicZ
  • Resident Elite
Status: Offline
Joined: Nov 22, 201014Year Member
Posts: 239
Reputation Power: 10
Status: Offline
Joined: Nov 22, 201014Year Member
Posts: 239
Reputation Power: 10
XBLS_ wrote Fuselines are read directly from the HV, more than once, with checks against spoofing/patching.
Doesn't stop somebody from hooking HvxGetVersions to return a different CPU key.
#57. Posted:
nickcas
  • New Member
Status: Offline
Joined: Feb 27, 201014Year Member
Posts: 30
Reputation Power: 1
Status: Offline
Joined: Feb 27, 201014Year Member
Posts: 30
Reputation Power: 1
TroPPicZ wrote
XBLS_ wrote Fuselines are read directly from the HV, more than once, with checks against spoofing/patching.
Doesn't stop somebody from hooking HvxGetVersions to return a different CPU key.


Spoofing the cpu key in HV memory does not spoof the fuselines, so no.
#58. Posted:
TroPPicZ
  • Resident Elite
Status: Offline
Joined: Nov 22, 201014Year Member
Posts: 239
Reputation Power: 10
Status: Offline
Joined: Nov 22, 201014Year Member
Posts: 239
Reputation Power: 10
nickcas wrote
TroPPicZ wrote
XBLS_ wrote Fuselines are read directly from the HV, more than once, with checks against spoofing/patching.
Doesn't stop somebody from hooking HvxGetVersions to return a different CPU key.


Spoofing the cpu key in HV memory does not spoof the fuselines, so no.

Obviously not, but the way his xex reads the CPU key is by calling HvxGetVersions and reading 0x20 in the hv. Well it used to at least... maybe my xex is out of date.
#59. Posted:
ImJtagModz
  • Spooky Poster
Status: Offline
Joined: Jan 07, 201311Year Member
Posts: 98
Reputation Power: 5
Status: Offline
Joined: Jan 07, 201311Year Member
Posts: 98
Reputation Power: 5
Lets Just all agree that you are all wrong and XBLS, Nickas, Jester, Dwack are right ;)
#60. Posted:
SK7
  • Powerhouse
Status: Offline
Joined: May 26, 201311Year Member
Posts: 491
Reputation Power: 22
Status: Offline
Joined: May 26, 201311Year Member
Posts: 491
Reputation Power: 22
ImJtagModz wrote Lets Just all agree that you are all wrong and XBLS, Nickas, Jester, Dwack are right ;)


At least this kid understands.
Jump to:
You are viewing our Forum Archives. To view or take place in current topics click here.