+ Reply to Thread
Results 1 to 3 of 3
  1. #1
    Junior Member
    Xbox Junkie!
    knowlzy10's Avatar
    Join Date
    Feb 2012
    Location
    workington, cumbria, england
    Posts
    574
    Blog Entries
    1
    Thanks
    206
    Thanked 297 Times in 199 Posts

    Corona v2 NAND dumping is done!

    XeLL also boots!

    Chinese hacker zhangjiqi007 has managed to successfully 'glitch' the Corona v2 and was able to launch XeLL in order to grab the CPUkey.




    Chinese hacker zhangjiqi007 managed to get a 66MB NAND dump of the Corona v2 board, that was also decryptable with the CPU key that he obtained from the console.

    Here's the official info:

    Members of Glitch360Team shared the Phison datasheet with several higher up members of the hacking community including zhangjiqi007 who deserves proper credit for finding the method to dump the nand extract the 64MB bootcode area and write the new information ... This is a huge step for this console type ... The datasheet is what allowed him to find what he needed to achieve this.

    I have also been informed by Glitch360Team that they will be sharing some interesting findings regarding the Phison eMMC controller which they have made within the last few weeks.

    This site will not be responsible for someone trying to steal credit or glory from the proper individuals , and from talking to orkid1818 in private messages as well as in the research forum while it seems it may be a language barrier , he truly doesn't seem to know what he is doing.

    Here is a link to the Chinese forum that did this if you understand Chinese have at it: http://bbs.a9vg.com/thread-2239716-1-1.html
    Bigger picture of the nanddump opening in RGBuild:



    Now, it looks like the guy did it "the hardway":

    1 : remove 4gb nand from mainboard and dump it externaly
    2 : use xor hack to build ecc
    3 : flash it in a 16mb nand
    4 : solder the 16mb nand to the xbox motherboard (Changing something on the resistor configuration on the Corona board to make it works)
    5 : grab keys
    This means that, there is still no way to dump and decrypt the nand direclty from the nand.

    And finally, here is a Pastebin of the XeLL output, where you can see that the NAND isnít properly recognized.

    We can say from that:
    Magic bytes are OK
    Nand dump is 66 Mb (like the data part for Jasper BB nand)
    The CPUKey decrypt the KV properly and display console info as Corona
    Bootloader are the one from Corona
    So, itís definitely legit!
    Definitely, this is a big step. Stay tuned for more in the upcoming days!

    SOURCE





  2. The Following 2 Users Say Thank You to knowlzy10 For This Useful Post:


  3. #2
    New Member jonathanb9595's Avatar
    Join Date
    Aug 2011
    Location
    Behind you
    Posts
    263
    Thanks
    149
    Thanked 36 Times in 21 Posts
    Very cool, good find.


    Please consider voting for "A Hat In Time" for steam green light! http://steamcommunity.com/sharedfile...s/?id=92952101
    Consoles: Wii @ 3.2U waninkoko CIOS 21 CFG usb loader, Xbox 360 flashed lite-on LT+2.1, Xbox 360 Falcon Reset Glitched, PS1, DSi m3i @ 1.41 fw, DS phat/lite PSP cfw 6.00m, 3DS, PS3.

  4. #3
    Founding Member
    Join Date
    Mar 2011
    Posts
    195
    Thanks
    128
    Thanked 29 Times in 25 Posts
    the guy did it "the hardway" !

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts