141 lines
3.9 KiB
INI
141 lines
3.9 KiB
INI
|
#
|
||
|
# Configuration file for xbflash
|
||
|
#
|
||
|
# The main RC4 key is NOT provided here, and must be provided
|
||
|
# in order for xblflash to work!!
|
||
|
#
|
||
|
# The offsets/addresses in this file are for an 'original'
|
||
|
# Xbox Flash ROM. It's possible that these have changed in
|
||
|
# future kernel releases.
|
||
|
#
|
||
|
# I'm not sure if this will work on 'patched' ROMs - xbflash
|
||
|
# relies on the data format of an original Xbox Flash ROM.
|
||
|
#
|
||
|
# The parser for this config file is not very forgiving -
|
||
|
# be sure to keep the format of these lines identical to
|
||
|
# the original if you make changes
|
||
|
#
|
||
|
|
||
|
#######################################################
|
||
|
#
|
||
|
# Main RC4 key (used to decrypt 2BL image)
|
||
|
#
|
||
|
#######################################################
|
||
|
|
||
|
#
|
||
|
# If this is a ROM image for a "1.0" Xbox, enter the 16-byte RC4 key
|
||
|
# (from inside the MCPX 1.0 ROM) as:
|
||
|
#
|
||
|
# RC4_KEY=0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
|
||
|
#
|
||
|
#
|
||
|
#
|
||
|
# If this is a ROM image for a "1.1" (or higher) Xbox, and you know the *internal* MCPX
|
||
|
# RC4 key (16-bytes), enter it as:
|
||
|
#
|
||
|
# RC4_keymethod=1
|
||
|
# RC4_KEY=0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
|
||
|
# (don't forget the "RC4_keymethod=1")
|
||
|
#
|
||
|
#
|
||
|
# If this is a ROM image for a "1.1" (or higher) Xbox, and you don't know the internal
|
||
|
# 16-byte RC4 key, use the "mcpx 1.1 toolkit" to get the 20-byte RC4 key, and enter as:
|
||
|
#
|
||
|
# RC4_KEY=0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
|
||
|
#
|
||
|
#
|
||
|
# (Note that you won't be able to 're-sign' the FBL region (using the TEA RSA hack) unless you have
|
||
|
# the *internal* MCPX RC4 key for MCPX 1.1/higher)
|
||
|
#
|
||
|
# Also note that 'multi' BIOS's aren't supported, so a key of all zeros is invalid
|
||
|
#
|
||
|
RC4_key_encrypt=0
|
||
|
RC4_KEY=0x27 0x45 0xA9 0x10 0x39 0x7E 0x6A 0xA6 0x86 0xFB 0x4B 0x1A 0x4B 0xA9 0x0F 0xD2
|
||
|
|
||
|
#
|
||
|
# Base address of 2BL in Flash
|
||
|
#
|
||
|
2BL_base_ROM_address=0xffff9e00
|
||
|
|
||
|
#
|
||
|
# Size of 2BL in Flash
|
||
|
#
|
||
|
2BL_size=0x6000
|
||
|
|
||
|
#
|
||
|
# Address in ROM to top-align the KERNEL + KERNEL initialized data segment
|
||
|
# (normally this is the 2BL_base_ROM_address minus 1)
|
||
|
#
|
||
|
KERNEL_top_ROM_address=0xffff9dff
|
||
|
|
||
|
#
|
||
|
# Base address of KERNEL when executing in RAM (used to adjust
|
||
|
# pointers into offsets into the KERNEL)
|
||
|
#
|
||
|
KERNEL_address_adjust=0x80010000
|
||
|
|
||
|
|
||
|
##############################################################
|
||
|
#
|
||
|
# The following are all offsets into the decrypted 2BL image
|
||
|
#
|
||
|
##############################################################
|
||
|
|
||
|
#
|
||
|
# Offset into 2BL to secondary RC4 key (used to decrypt KERNEL)
|
||
|
#
|
||
|
2BL_kernelkey_offset=0x0000008c
|
||
|
|
||
|
#
|
||
|
# Offset into 2BL to DWORD containing size of KERNEL's initialized
|
||
|
# data segment
|
||
|
#
|
||
|
2BL_dwkerneldatasize_offset=0x00005fdc
|
||
|
|
||
|
#
|
||
|
# Offset into 2BL to DWORD containing number of bytes at beginning
|
||
|
# of Flash (x-code, etc) to include in KERNEL SHA-1 hash calculation
|
||
|
#
|
||
|
2BL_dwflashstart_hashsize=0x00005fe0
|
||
|
|
||
|
#
|
||
|
# Offset into 2BL to DWORD containing the size of the COMPRESSED
|
||
|
# KERNEL image
|
||
|
#
|
||
|
2BL_dwkernelsize_offset=0x00005fe8
|
||
|
|
||
|
#
|
||
|
# Offset into 2BL to 20-byte SHA-1 digest of KERNEL (result of
|
||
|
# SHA-1 hash on KERNEL, KERNEL initialized data segment, and
|
||
|
# x-code section of Flash base)
|
||
|
#
|
||
|
2BL_sha_digest_offset=0x00005fec
|
||
|
|
||
|
|
||
|
|
||
|
##############################################################
|
||
|
#
|
||
|
# The following are all offsets into the decrypted/decompressed
|
||
|
# KERNEL image
|
||
|
#
|
||
|
##############################################################
|
||
|
|
||
|
#
|
||
|
# Offset into KERNEL to DWORD containing the size of the KERNEL
|
||
|
# initialized data section
|
||
|
#
|
||
|
KERNEL_dwdatasize_offset=0x0000002c
|
||
|
|
||
|
#
|
||
|
# Offset into KERNEL to DWORD containing the base ROM address of
|
||
|
# the KERNEL initialized data section
|
||
|
#
|
||
|
KERNEL_dwdataROMbase_offset=0x00000030
|
||
|
|
||
|
#
|
||
|
# Offset into KERNEL to DWORD containing the base RAM address of
|
||
|
# the KERNEL initialized data section (where it gets copied to
|
||
|
# at runtime)
|
||
|
#
|
||
|
KERNEL_dwdataRAMbase_offset=0x00000034
|