and if not how do those savegame that launch evo-x work?

you could sign an xbe to work on a unmodded xbox....if you had the ms private key. Untill that you need to exploit the key in memory in some way or another.
The gamesave exploit does that so a non ms signed xbe can be launched.

The gamesave/font/audio exploits work by overflowing in memory, then an xbe that has been signed specifically for that exploit (most use the habibi signature key, some of the older font exploits use the font signature key) you can launch anything from a gamesave you want provided the game has been exploited, you have the right version of that game, and your xbe has been signed with the correct key (usually habibi) If you really wanted to, you could even make a gamesave launch another game! But that would be pointless.

can the xdk kit sign .xbe's with there "private key"? or isnt there a way to copy the signature key from a M$ game or something?

I'm not an expert with messing with xbe files and signing them but i'm sure that is not possible (at least it hasn't been discovered yet). If it was a Slayer's CD could easily be made with an M$ signed xbe to softmod the xbox straight from a CD without even using gamesaves.

also like to ask if i had that key could i just burn a dvd and it would load with no mod at all?

OKay so if every M$ signed .xbe file has a specifice signature key, then if I were to look in like 10 different .xbe files and find the same HEX STRING in most of them, do you think that would be the signature key, cuz if so we would just have to add that hex string to evox.xbe ad then burn to cd or dvd and it would work, right? If not then could you tell me if it's possible to get a person who signs xbe files to sign an EvoX.xbe file, or something like that, i could bribe him or sumthing!!?? I want to know if I should waste alot of time searching in .xbe files or not PLZ tell me what you think.

HOLY FUCK LOOK WHAT FUCKING FOUND!

no no not possable probly never will be. once again no and no. no it will never happon in any usable amount of time. maybe in 10 years when xbox are 10$ on ebay and noone cares abought them couse there emulator on there pc runs xbox fine we might have cracked the key hence might it probly never will happon.

stop asking stupid questions.

that may be your opinion but you have NO right to tell ANY XS member what to do
,hes MY opinion on you lil stupid dragonball z fan your So HARDCORE

I'm not sure you understand what an RSA key is. This specific key is 2048 bits in size. Please take a look at the documentation on XBOX-Linux's website on the subject and I'm sure you'll learn what you need.

Basically, it find out how big the XBE is, what it was designed for, and what the XBE looks like.

It takes this information and encrypts it with the MS private key.
The Xbox takes it and decrypts it with the public key.

(RSA works by letting you encrypt with one special key, and then it can only be decrypted with the other special key. The public and private keys.)

If the information on how big the XBE is, what it was designed for, and what the file looks like is right it'll run. If not, error 21.

So simply swapping the sign code won't work.


To make it work you would need the private key, probably under heavy guard at the MS offices.

Plus to decode a 2048 bit key using brute force discovery methods

128bit keys are considered secure enough for financial transaction. The xbox uses a 2048bit key...Consider this - aech time you add one bit to the key length, you double either the computing power or the time to break a key with brute force.
It was only in 2002 that 109bit encryption was defeated by bruteforce. Even then, it took 10,000 computers 549 days(24 hours per day) to do it. The next most secure version of that software uses 163-bit keys, and would need approximately 100 million times more computing power to crack (i.e it would take the same computers 550 MILLION DAYS to crack it)

Short story - don't hold your breath

But you never know that some other weaknesses like the seed key might appear...

cool thx for clearing that up i understnd now

Hey calm down plz,

This is a topic which has and will be discussed again. One thing though, do you not think if it was as simple as scanning xbe's for a string of hex that someone would have done it by now. Seeing as we have all these amazing exploits which took thousands of man hours to develop, to get aroud the M$ key.

The FreeX group were attempting to crack the Key by brute force but seemed to give up, saying it would take 3 or 4 years of many comupter around the world working together to crack it. Now maybe they did give up or maybe they are keeping it quiet but either way it's a long way off.

That is unless someone from M$ with a wish to loose their job and serve time in prison wants to release all the info secretly. ; ) lol

Still and interesting topic, but please people, do a bit of reading in this area alone and you will find more than enough info on this.

OliG

Do a little reading on SHA-1 and asymmetric hash functions. That should remove any confusion as to why we don't scan xbe's to find the 'private' key..

I think there are more than enough users here that'd run a distributed computing project on their machines to crack the signature key I say we give it a shot , haha , now , anyone know how to write a distributed computing client and server? haha

well... we have the public key... and it decrypts... what is the relationship(or link) between it and the private key.. (the rsa algorithm?). because.. i would think the 2 are linked with math... or else it wouldnt just decrypt for a random key... if that was the case... couldnt you just "put the algorithm in reverse?" or would you have to "rewrite" the algorithm so that it does the exact opposite.... that seems a billion times easier than brute forcing the private key... if possible...

sorry, just my 2 cents ;)

[QUOTE]%s, %02d %s %4d %02d:%02d:%02d GMT..%I64u...........%d..signaturekey....Xbox Version=%s Title=0x%08X TitleVersion=%d....1.00.5849.3.krbtgt..XBOX.COM....%s@%s...sg..S%u.....//msg.%02x/u:%016I64x/%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x_%02x./xpnfront/xmessaging.srf....CONTENT-TYPE: text/xml; charset="utf-8"..SOAPACTION: urn

If this is the signature key code then how do we find out what goes in place for the % and alll the other stuff?

That garbled data represents Hex values, which represent 1's and 0's, which represent machine instructions... The stuff you can understand relates to strings or symbols.. The stuff you can't understand is the instructions..
This is basically how I would explain it to an inquisitive kid (No offence).. But its so dumbed down its basically wrong..

Edit: I am kind of curious to know what that ./xpnfront/xmessaging.srf is.. I've never come accross that file.. And hey, it was compiled with xdk 5849 from the looks of it..

These posts are starting to get a little out of hand. No one goes out and tries to do a little reading before opening their mouth with what they think is "the answer to all our troubles". Just sign an XBE with the private MS key. Like why didn't I think of that? We must all be morons, all this time wasted looking for bugs to exploit. Spending money on mod-chips (i know this is the 'sploit forum, but some have them still). We could just sign our own code!!

Who's seen Mission Impossible? You know that vault where the NOC list is? Well I'm sure that vault is generations behind the technology that must protect the computer, that then protects the 2048-bit key we all dream about.

Who mentioned bribing someone at MS? Are you kidding me? Bill would probably have that guy mysteriously killed. They seem pretty pissed about Halo 2 being leaked. So much so they are banning anyone in the Back-up forum for mentioning it. Imagine the private key being "leaked". Heads would roll.

Anyway, sorry for my rant, and I appologize if I offended someone, but I think mods should just lock and/or delete threads like this. It's all been mentioned before everytime a new exploit is found, or someone wakes up one morning feeling creative after having a "vision".

Just to add a bit to this:

It's common security practice in the physical world for 'keys' to secure material (money, etc.) to be distributed around a number of key holders ('distributed' not duplicated!). Same goes for electronic keys. With secure electronic keys, each key holder only has a fragment (and Bill is probably a fragment holder). So bribing one person won't get you very far.

PedrosPad, just a thought... but if the key was distributed... well that would be pretty pointless... that would mean that if gates had part of the key... he would have to be there for EVERY game signing... and i dont find that to be likely... i mean there is always that possibility... but... honestly... it would be to inconvenient for them to have the key "split" up...
just my 2 cents... (and no offence to Pedro!...)

There aren't too many games for execs to attend all signings if they use distributed keys.. They could secure it other ways as well, such as time locks etc. in an extremely secure environment.. Regardless of how they secure it, I would assume the ppl who have the most to lose if it is leaked would be present anytime it was taken out of its box..

Er, in the virtual world the key holders don't need to actually attend - There's an entire market in digital key software. Programs exist to simply send the Exec an email asking him to approve the signing of an MD5 checksummed file, etc. All he has to do is use the Outlook voting buttons, etc. and his fragment is sent. The digital key server/XBE signing station simply emails all the Execs., waits for them all to approve, and then signs the XBE. If written sensibly, the fragments are further encrypted during transfer over the networks, etc., and the whole key is either assembled only momentarily, or, more realistically, never at all.