Really nice post! I read the whole thing it was interesting.

Maybe you should change the title of the post to F.A.Q about online JTAGs.

Anyways good post.

Very good and Detailed you have my thanks+ some rep good job!

magiikmodderz wrote
What stops me from going online?

Click to View Content

-There is a small encrypted file located on the console Nand, known as the Hypervisor. The hypervisor runs a series of tests on the console while it is connecting to Xbox Live, and builds a "response." The response is basically your console in a nutshell, the response is sent to an Xbox Live server, and checked for flaws. If your response matches, you get online, if your response does not match, the above mentioned outcome will occur.

You make it sound like the HV itself is responsible for the checks. It's more like the bouncer for the 360 night club, controls what goes on and who gets in.

If you want the plain jane HV you can extract it from the NAND. It is the first 0x40000 bytes of the kernel. Just remember that it will have to be decrypted and patched up to the newest build.

Getting the HV that has all the keys and other information is somewhat more involved. Not to say it is hard, but with a few patches using XeBuild you can grab it using a modified systemcall(just one of many possible ways to get it).

When you connect to XBL you are sent a payload(signed and encrypted) from MS. That payload gets sent to the HV and uses high level privileges to check the system. It checks certain register values as well as performing a SHA hash of the HV at predetermined offsets/lengths.

Since XeBuild hacks up the HV so much it is obviously going to fail.

SSJ4_Dwack wrote

magiikmodderz wrote
What stops me from going online?

Click to View Content

-There is a small encrypted file located on the console Nand, known as the Hypervisor. The hypervisor runs a series of tests on the console while it is connecting to Xbox Live, and builds a "response." The response is basically your console in a nutshell, the response is sent to an Xbox Live server, and checked for flaws. If your response matches, you get online, if your response does not match, the above mentioned outcome will occur.

You make it sound like the HV itself is responsible for the checks. It's more like the bouncer for the 360 night club, controls what goes on and who gets in.

If you want the plain jane HV you can extract it from the NAND. It is the first 0x40000 bytes of the kernel. Just remember that it will have to be decrypted and patched up to the newest build.

Getting the HV that has all the keys and other information is somewhat more involved. Not to say it is hard, but with a few patches using XeBuild you can grab it using a modified systemcall(just one of many possible ways to get it).

When you connect to XBL you are sent a payload(signed and encrypted) from MS. That payload gets sent to the HV and uses high level privileges to check the system. It checks certain register values as well as performing a SHA hash of the HV at predetermined offsets/lengths.

Since XeBuild hacks up the HV so much it is obviously going to fail.

I knew you would have something to share, updating OP.