Hacking nandone for xboxone

[tunip3]

nandone is an Xbox One NAND Filesystem tool made by tuxuser that decrypts an xbox one emmc nand dump for the filesystem and allows for it to be viewed this may even lead to some way to switch the os to windows

nandone Parses Xbox One Nanddumps for filesystem header and extracts the binary files. It's probably not very compatible and contains bugs for sure

Requirements

• Python 3.*
• Xbox One eMMC NAND Dump
• Python libs: construct

Usage

Spoiler: code

nandone.py [-h] [--extract] filename

Flags:

-h Help
--extract Extract found files
Example: nandone.py --extract nanddump.bin

Spoiler: note from tux user

Please use python3 for best compatibility. I didn't test with python2 at all.

Use the following command to start it:

python3 -m module

If you try to start the *.py file directly, most likely the imports wont be resolved.

nand - Nand / eMMC flash tools
nand.NANDOne

v0.03

• Major rewrite
• Scan for filesystem header at ?all? 3 offsets
• Extract files by name

v0.02

• ExtractSFBXdata: Extracting the bootblock @ addr 0x0
• mmap: Fixing memory issues on 32bit systems by reading in chunks
• DumpSFBX: SFBX size is now read dynamically, not fixed anymore
• 'sfbxscan' is obsolete, that's done automatically now, if needed
• XVD header gets detected and printed in info output
• Filetype-magic is appended to extracted filenames
• Some cleanup
• Support for parsing and extracting SFBX entries
• Possibility to scan for SFBX block
• Additional error checking

v0.01

• Initial release

new link for 3.0

but while writing this i found tux user deleted his github repo so all that remains is a fork of his 2.0 on github
and a zip of supposed version 3.0 from garryopa

update found tux users new repo

 

[ploggy]

Thank you for putting this up

Also Hacking and Homebrew section? nice

 

[tunip3]

updated

 

[tech3475]

this may even lead to some way to switch the os to windows

I wonder what the system layout is like? I remember the PS4 CCC where they revealed that while x86, it was otherwise fairly unique.

That said, if the OS can be exploited, I wonder if we may be able to run windows in a VM using Hyper-V?

 

[Deleted User]

I wonder what the system layout is like? I remember the PS4 CCC where they revealed that while x86, it was otherwise fairly unique.

That said, if the OS can be exploited, I wonder if we may be able to run windows in a VM using Hyper-V?

Windows can be ran natively afaik. Either RT or x86 version, it's like Win10 layout since I think Kernel is just a heavily modified win10/8.1

 

[lisreal2401]

Windows can be ran natively afaik. Either RT or x86 version, it's like Win10 layout since I think Kernel is just a heavily modified win10/8.1

It's not heavily modified, the builds are getting much closer to being similar. With all that said running desktop Windows 10 in unlikely as the everything is most likely signed and stuff.

 

[tech3475]

Windows can be ran natively afaik. Either RT or x86 version, it's like Win10 layout since I think Kernel is just a heavily modified win10/8.1

Isn't RT for ARM? I'm also thinking about drivers, etc.

Remember, the original Xbox was X86 but was still different enough that you needed qemu to run windows (despite the kernel being W2k based).

It's not heavily modified, the builds are getting much closer to being similar. With all that said running desktop Windows 10 in unlikely as the everything is most likely signed and stuff.

Obviously I was only think after the system was hacked to some extent.

 

[Deleted User]

Isn't RT for ARM? I'm also thinking about drivers, etc.

Remember, the original Xbox was X86 but was still different enough that you needed qemu to run windows (despite the kernel being W2k based).



Obviously I was only think after the system was hacked to some extent.

RT is also for x86 devices.

 

[tech3475]

RT is also for x86 devices.

Source? So far the closest Ive found for RT is armv7 and Windows 10 arm.

 

[Pickle_Rick]

Isn't RT for ARM? I'm also thinking about drivers, etc.

Remember, the original Xbox was X86 but was still different enough that you needed qemu to run windows (despite the kernel being W2k based).



Obviously I was only think after the system was hacked to some extent.

You're right about RT. But, the Xbox OS is Windows 10 with a different UI. I imagine we can just rip the drivers from Xbox OS and install them in 10. Wasn't the OG Xbox based on WinCE? Either way, Microsoft hasn't made drastic changes to the kernel this time. They said it themselves.

 

[tech3475]

You're right about RT. But, the Xbox OS is Windows 10 with a different UI. I imagine we can just rip the drivers from Xbox OS and install them in 10. Wasn't the OG Xbox based on WinCE? Either way, Microsoft hasn't made drastic changes to the kernel this time. They said it themselves.

From what I've read, the OS runs 3 OSs, the base OS which run Hyper-V and then two other OSs for games and apps.

So it would be interesting to see how various other parts of the system work, even if it's still based around the W10 kernel.

In regards to the OXbox, I've heard comments from various sources saying it's either WinCE or W2K.

Looking it up again, apparently it runs it's own OS but still unsure whether the kernel was based on NT (even if the APIs were):
https://blogs.msdn.microsoft.com/xboxteam/2006/02/17/the-xbox-operating-system/

 

[Pickle_Rick]

From what I've read, the OS runs 3 OSs, the base OS which run Hyper-V and then two other OSs for games and apps.

So it would be interesting to see how various other parts of the system work, even if it's still based around the W10 kernel.

In regards to the OXbox, I've heard comments from various sources saying it's either WinCE or W2K.

Looking it up again, apparently it runs it's own OS but still unsure whether the kernel was based on NT (even if the APIs were):
https://blogs.msdn.microsoft.com/xboxteam/2006/02/17/the-xbox-operating-system/

The main OS that UWP apps run in on Xbox is Windows 10. The games and 360 games run in a virtual machine.

 

[Foxi4]

A quick reminder to users - while various kinds of code are permitted to be redistributed for educational/research purposes, this does not include actual dumps of copyrighted software. The way it pertains to dumping a NAND for instance is that it’s perfectly legal to share the thought process, methodology and even actual software that will allow a user to read information from their own device or storage, something that they own a license for, like a video game console (provided the reverse engineering process was clean and no stolen copyrighted code was used in the method). That’s a device that you already have in possession and can apply the modifications described - that’s precisely the “educational” aspect. There is nothing particularly “educational” in sharing someone’s dumped NAND - that you’d need to procure yourself, from your own system. When in doubt, contact staff and we can always clarify things.