Benvenuto, stai navigando nella nostra community come ospite

    Avere un account su Console Tribe ti permetterà di creare e partecipare alle discussioni e al mercatino, organizzare tornei e partite online, iniziare conversazioni personali con gli altri giocatori del forum e di utilizzare tutte le funzioni di questo sito.

    Registra il tuo account in meno di 5 secondi, se vuoi puoi sfruttare i login social via Facebook, Google Plus o Twitter.

mcpx1.1 Toolkit v2.0

Discussione in 'Console News, Articoli e Recensioni' iniziata da Ivan, 15 Settembre 2003.

  1. Ivan

    Ivan Administrator

    9 Dicembre 2002
    "Mi Piace" ricevuti:
    mcpx1.1 Toolkit v2.0

    >> A new version of mcpx1.1 Toolkit has already been released:

    Due to problems ...
    ok, a more enhanced version

    Team Daydream presents mcpx1.1 Toolkit v2.0
    Due to some people thinking they are Gods, i show them now, how far the development in real is.
    All people think, there are only 3 methods (wraparound, swaput, Xcode TEA hash trick) for creating a hacked bios.

    BUT this is false
    There exists a lot of other methods, but kept secret. (i never told anybody)
    As some subjects think, they are the masters, i today present a new method.
    This new method only works on 1.1, but the bios can be made multiboot able with wraparound trick then too(only wraparound for 1.0 version).

    the thing is simple:
    you know, there is a RSA key inside the intro-loader of the flash,and there is a 2048 bit rsa signature inside the flash.
    Unbreakable you may think ?
    you only have to factor the key, and you have won.

    This tool is very simple to use, use an
    - ->Original Introloader (the thing inside the tea hashsection)
    - ->provide a 2bl crypted with the RC4 key, which this tool reports
    - ->provide kernel
    - ->assemble all together

    open the file
    press: Sign the Bios:
    Save the bios.
    your bios is signed new, and ready for using.
    cool, isn't it ?
    you can check it, it will report good condition.

    for 1.0 dualuse, i recommend:
    dump the certificate key, eeprom, etc into the free section (0x90 are there) into the top rom of the flash (the 1.0 keys logicall) make in the last staement of the X-codes a check of 1.0 or 1.1, (seen in evox bios) and implement some jump back code to the microloader at offset 0x0 in ram.

    Afterwards sign the bios.
    Also the Xcodes are hashed with the cryptgraphic routines ...
    so after the mcpx jumps into memory 0x0 .. it executes .. you jump back to introloader beginning.
    as the mcpx is swapped out, the 2bl finds the eeprom, hdd keys in the flash, and not inside the mcpx.

    All roger, should work, but i have no 1.0 box for testing.

    good luck
    and enjoy the tool.

Condividi questa Pagina