Post: [Theory] Getting Xbox's private key.
Options
04-09-2011, 09:31 PM
#1
kiwimoosical
Bounty hunter
Source for some of my info on the boot process: You must login or register to view this content.
04-10-2011, 06:59 PM
#3
CRACKbomber
What's a CRACKbomber?
04-10-2011, 10:20 PM
#4
kiwimoosical
Bounty hunter
Originally posted by Moxie
Apparently, you are a prick. If you think you are right, than explain it out instead of being a jerk. Prove your theory correct. This isn't se7ensins where everyone is a mean and a selfish jerk-off, NGU is a friendly community. So if you think you are going to come here and rip on a respected member and be a douche bag, than do us all a favor and go back to the shithole you came from(se7ensins).
I never said I was right, I said that it was a theory. But I definitely typed this out myself, so don't accuse me of copying and pasting. You must login or register to view this content. - I do believe that this is the post you are talking about, look at the times, I was the one who posted this first, dizzy is a kiniving thief.
Let me explain my theory in depth a bit more.
SysCall 13 (0x0C) is the first call in the boot process that frees memory, this is before the memory that contains the private key is allocated.
XexpLoadFile (SysCall 0x11, 18th call) is known to retrieve the private key %r4 holds the header, %r5 is the region, %r6 holds the value 4 which is used to offset the private key, and I'm not sure what %r7 holds.
Btw, %r = register (kinda like a variable, I guess you could call it a reference to memory that holds a variable, kinda).
SysCalls 19 and 20 (0x12 and 0x13) free memory for the XexpLoadFile calls following.
The 37th syscall - XeKeysSaveKeyVault saves and disposes of the memory that holds the private key.
If we were to patch the boot process to make a duplicate of the key and not dispose of it, we could dump the memory from an xex. I wrote a memory dumping xex, I'll post if I find it. But there ya go, there is my theory more in depth, do you believe that I posted this now?...
04-10-2011, 10:36 PM
#5
Moxie
Formally Vmodz
Originally posted by kiwimoosical
I never said I was right, I said that it was a theory. But I definitely typed this out myself, so don't accuse me of copying and pasting. You must login or register to view this content. - I do believe that this is the post you are talking about, look at the times, I was the one who posted this first, dizzy is a kiniving thief.
Let me explain my theory in depth a bit more.
SysCall 13 (0x0C) is the first call in the boot process that frees memory, this is before the memory that contains the private key is allocated.
XexpLoadFile (SysCall 0x11, 18th call) is known to retrieve the private key %r4 holds the header, %r5 is the region, %r6 holds the value 4 which is used to offset the private key, and I'm not sure what %r7 holds.
Btw, %r = register (kinda like a variable, I guess you could call it a reference to memory that holds a variable, kinda).
SysCalls 19 and 20 (0x12 and 0x13) free memory for the XexpLoadFile calls following.
The 37th syscall - XeKeysSaveKeyVault saves and disposes of the memory that holds the private key.
If we were to patch the boot process to make a duplicate of the key and not dispose of it, we could dump the memory from an xex. I wrote a memory dumping xex, I'll post if I find it. But there ya go, there is my theory more in depth, do you believe that I posted this now?...
Let me explain my theory in depth a bit more.
SysCall 13 (0x0C) is the first call in the boot process that frees memory, this is before the memory that contains the private key is allocated.
XexpLoadFile (SysCall 0x11, 18th call) is known to retrieve the private key %r4 holds the header, %r5 is the region, %r6 holds the value 4 which is used to offset the private key, and I'm not sure what %r7 holds.
Btw, %r = register (kinda like a variable, I guess you could call it a reference to memory that holds a variable, kinda).
SysCalls 19 and 20 (0x12 and 0x13) free memory for the XexpLoadFile calls following.
The 37th syscall - XeKeysSaveKeyVault saves and disposes of the memory that holds the private key.
If we were to patch the boot process to make a duplicate of the key and not dispose of it, we could dump the memory from an xex. I wrote a memory dumping xex, I'll post if I find it. But there ya go, there is my theory more in depth, do you believe that I posted this now?...
I appreciate you explaining this better. Next time just don't get so defensive when someone debates your theory. You will be more productive if you discuss instead of argue.
04-11-2011, 12:05 AM
#7
kiwimoosical
Bounty hunter
Originally posted by Reaper
Alright, the flame stops right here right now. If anybody wants to continue to flame this thread will be closed and infractions may come. Have a discussion for once. And a message to the OP do not get out of hand with people. Just simply report and the issue will be take care of. Thanks
My apologies, I just want my due credit.
Copyright © 2026, NextGenUpdate.
All Rights Reserved.
