Hacking Hack SXOS

Reacher17

Well-Known Member
OP
Member
Joined
Sep 18, 2019
Messages
128
Trophies
0
XP
729
Country
France
Hack SXOS License (no spoof)
the purpose of this script is to change the license decryption key. which will allow you to create your own license. you will need to run sxos for the first time to create a license-request.dat file which you will then retrieve from the SD. then you copied it to a folder containing the boot.dat file (unmodified) and the script. you run the script that will modify the boot.dat file to replace the license key and create a license that matches your license-request.dat. copied license.dat and boot.dat to your SD card. and admired the work.



My script was updated by @mrdude and he fix the cheat support and some mistake i made on my first script, @b&nder for his help about the reverse engineering and many thing, @chronoss for his great collaboration a sacrifice for his sx licence :rofl2:, @Zoria , @hexkyz, Shadow and Darkstorm.​


Key payload80 sxos 2.9.5
sxos v2.9.3 v2.9.4 v2.9.5

payload80000000.bin

Code:
from Crypto.Cipher import AES
from Crypto.Util import Counter
import os
import struct

def aes_ctr_dec(buf, key, iv):
    ctr = Counter.new(128, initial_value=long(iv.encode('hex'), 16))
    return AES.new(key, AES.MODE_CTR, counter=ctr).encrypt(buf)

#Addr: 0x84E0    size: 0x900
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "23C4758625E917742377AFEA7B01F4AA"

#Addr: 0x8DE0      size: 0x2A00
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "1C7B21915F911F5C9E7DDFA976E89ECB"

#Addr: 0xB7E0      size: 0x79780
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "2A9536AA2DFFB168D4F047372D90AACC"

#Addr: 0x84F60   size: 0xEA0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "E62CF9BE86E89FDED329CD894DDFEB32"

#Addr: 0x85E00   size: 0x1D0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "AF1380B9EAD8DB49B92A4FF663F123E9"

#Addr: 0x85FD0   size: 0x11F0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "7B72429908850206D81DCFFB916D1CDE"

#Addr: 0x871C0   size: 0x1040
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "CDEAFB612E2D684D994C9EB77546F9C3"

#Addr: 0x88200   size: 0x4410
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "46EAB8827D792795848AC2963ACCEC93"

#Addr: 0x8C610    size: 0xC20
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "38790F87C2CCEF575623980066E7B993"

#Addr: 0x8D230    size: 0x2960
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "09EDF6AAE33ADFBA3ED728379DA7B950"

#Addr: 0x8FB90    size: 0x2A0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "8986E6366FF02FB480BC16FB303FA412"

#Addr: 0x8FE30    size: 0x910
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "7F7CBCED6F45EB318E16A0939DD46444"

#Addr: 0x90740    size: 0x10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "7CD795905F39146120615E2B140ADE5A"

#Addr: 0x90750    size: 0x11B0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "F94BA9E8FB07717F905E226A0E9D9362"

#Addr: 0x91900   size: 0xF20
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "D1B9EE93463D59E36A3705DF1BEA7FB4"

#Addr: 0x92820   size: 0x160
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "0DF6D2FBEF9890FCD0F2B80E051BB1C4"

#Addr: 0x92980   size: 0x11D0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "67F07E1D1CBA6C8777E55E04B0E53CC8"

#Addr: 0x93B50   size: 0x800
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "AB5145E920085B47903088431B93FE70"

#Addr: 0x94350   size: 0x1150
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "6E93E123C40A45138B650A83ECECBEA5"

#Addr: 0x954A0    size: 0xEB0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "FE15F6F72F80AFFC6C754AD30F6873EA"

#Addr: 0x96350    size: 0xF30
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "A064A9DBA0898A9BE41FA28150A6DDB6"

#Addr: 0x97280    size: 0x1150
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "DF85B68B238735EB347F73D04DC93C03"

#Addr: 0x983D0    size: 0x200
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "307D0916213CF345A75F605EC600180C"

#Addr: 0x985D0    size: 0x4E0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "92823A34CD4D2C9DB22B18E76375EDB4"

#Addr: 0x98AB0    size: 0x8D0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "D40A3937867C86B1651992808E6D683D"

#Addr: 0x99380    size: 0x10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "0B62FE1C369975FB523D5E0A073C8415"

#Addr: 0x99390    size: 0x8D0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "F37C3BFE78857EF2D8527BA2361CCA35"

#Addr: 0x99C60    size: 0x2120
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "6720C40AEC49402781EF3E1159F933A6"

#Addr: 0x9BD80    size: 0x550
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "44DB793CF04AC42C4E19491C7EF0A510"

#Addr: 0x9c2D0  size: 0x10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "EF3E77E9942A9257CDB67E2FBA7A429E"

#Addr: 0x9c2e0  size: 0xF90
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "8EBB8BDA00880A154D69AEF408DFA7EC"

#Addr: 0x9D270  size: 0x1A60
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "97E1B83B22DE39025AE7D55EB26850D0"

#Addr: 0x9ECB0    size: 0x20 ???
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = ""

#Addr: 0x9ECD0    size: 0x1030
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "DB5FEAE3F1291C9E62C7180803AA2ED6"

#Addr: 0x9FD00    size: 0xC0 ???
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = ""

#Addr: 0x9FDC0    size: 0x1e0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "D96F01AEBEC99A866A951D7E05FC660D"

#Addr: 0x9FFA0    size: 0x500
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "E1BE093E09E15F281BD987D10188CA92"

#Addr: 0xA04A0    size: 0x10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "609D2775183FDE9DD5B8420F4E36AFA5"

#Addr: 0xA04B0    size: 0xF30 ???
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = ""

#Addr: 0xA13E0    size: 0x3C20
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "70CA9253F81722B848C61A6B1838EC52"

#Addr: 0xA5000    size: 0x2BE0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "C1BB824BCA3F7395E9C423A502430517"

#Addr: 0xA7BE0    size: 0xC50 ???
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = ""

#Addr: 0xA8830    size: 0x14A0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "76B8BC721ED4301E6AA35436822556AF"

#Addr: 0xA9CD0    size: 0x10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "4BF1329218C7853F8316447B20AC67C9"

#Addr: 0xA9CE0    size: 0x10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "53F8147D113F1F9030718726944095E7"

#Addr: 0xA9CF0    size: 0x10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "7B117D2C943311F125EBE4CD6C2C756E"

#Addr: 0xA9D00    size: 0x2140
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "B3572BAD1665259B9C68897369762412"

#Addr: 0xABE40    size: 0x1B10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "B74E2CA5B2BDBED6194503651C5903FB"

#Addr: 0xAD950    size: 0x8C0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "A797BC58D08D8326DAB96EA9B2E01B08"

#Addr: 0xAE210    size: 0xF10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "FFED61C2CF143AD186A5E83900773E99"

#Addr: 0xAF120    size: 0x11F0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "62A9221F850152BFF0CBA217F82B246E"

#Addr: 0xB0310    size: 0x3600
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "D28E70B8F637A3F2BABCA80EF6097D18"

#Addr: 0xB3910    size: 0x1D0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "E2EC8964BA8F828E74F9ECF4F68E7899"

#Addr: 0xB3AE0    size: 0x48B0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "A31943AC553D1098D01D8E55ABE6C1DD"

#Addr: 0xB8390    size: 0xCA0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "B22F1D3F621525E7F71AF5E26BAD8ECD"

#Addr: 0xB9030    size: 0x550 ???
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = ""

#Addr: 0xB9580    size: 0x1C10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "25BCB61C715FE3361800E3BB5E27261B"

#Addr: 0xBB190    size: 0x10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "3EF6B9A216F68275A4A95550F0E7367D"

#Addr: 0xBB1A0    size: 0x20
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "08B1E8A8EAF97EC7779EB4891ED06F16"

#Addr: 0xBB1C0    size: 0xF40
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "7BAFC2D19F25DC7A6FDAC079D92CC7BA"

#Addr: 0xBC100   size: 0xF40 ???
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = ""

#Addr: 0xBD040   size: 0xE0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "290C110580C3E0DAC10347E071CB268A"

#Addr: 0xBD120  size: 0x74950
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "                    "

#Addr: 0x131A70   size: 0x6D0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "D9AE3BC1BCBC02F4C5FF616DBD936C2D"

#Addr: 0x132140   size: 0xD0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "6A3EEB913484B6788FEA75797890750B"

#Addr: 0x132210  size: 0x310
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "03F52F148BC344FADB3CED21E93C3B31"

#Addr: 0x132520    size: 0x70
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "94031E43C8786088A66C66BBD6DD1E3B"

#Addr: 0x132590    size: 0x10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "47024D938410E178097692558836CD56"

#Addr: 0x1325A0    size: 0x850
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "0C0F92D93D3A88915CADBA875AB5E923"

#Addr: 0x132DD0   size: 0x20
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = ""

#Addr: 0x132DF0   size: 0xCC0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "A522EAF0A0E6FB33DE4CFB1CAEBC1036"

#Addr: 0x133AB0    size: 0x10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "802A0636F2F4CF6BD3E795D4BD0A11A3"

#Addr: 0x133AC0    size: 0x10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "2C25FEB2918D96996A393767F264AF1E"

#Addr: 0x133AD0    size: 0xC0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "342E0237CAB7B25DE1B882293E6C0022"

#Addr: 0x133B90    size: 0x1A40
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "9D07201C9816C6CA3A0FE95AA433341B"

#Addr: 0x1355D0    size: 0x10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "24FF2947714B5B5BAAA431AF87205D01"

#Addr: 0x1355E0    size: 0x190
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "DDF2B4703A66E08345B0A8DE43B99266"

#Addr: 0x135770    size: 0x9120 ???
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = ""

#Addr: 0x13E890  size: 0x1E0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "8A177CEE1860839EEE5CEB1F90076824"

#Addr: 0x13EA70  size: 0x20
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "4B51A716AB1C4C35D11B93DBFC2A508E"

#Addr: 0x13EA90  size: 0x1D50
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "71AACB3F51D36860EEB848753C3E2D63"

#Addr: 0x1407e0   size: 0x50
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "35921578DB997A41774FC736B951320F"

#Addr: 0x140830   size: 0x10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "674FEEA3F132A38D45253C9914AAB859"

#Addr: 0x140840   size: 0x1D0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "0F8446D6795EC74550BAB70DF50A30E3"

#Addr: 0x140A10   size: 0x1310
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "0A915AC245154C79FF9E473F6D8F0253"

#Addr: 0x141D20   size: 0x4C0 ???
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = ""

#Addr: 0x1421E0   size: 0x100
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "2587D5BFF345DD82D7AF9DCA2523CC4B"

#Addr: 0x1422E0    size: 0x10E90 ???
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = ""

#Addr: 0x153170    size: 0x820
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "52EB3E173E40C8714B3AD4B3D12653A1"

#Addr: 0x153990    size: 0x10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "CA4E0C4C6EF0FC0B9F52EC6BE0837F7E"

#Addr: 0x1539A0    size: 0x1720
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "284991136961ADB3C5B37DA713C80BB4"

#Addr: 0x1550C0    size: 0x1230
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "A304951A4A93D4176D9DB2C434C7FB82"

#Addr: 0x1562F0  size: 0x260
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "E617C0E0576391EBC1ACDBED1EC78ED0"

#Addr: 0x156550  size: 0x60
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "52D26B059EB83D1E025351999A79C59F"

#Addr: 0x1565B0  size: 0x10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "C2945D9407F0EB48F56D2D93DB55C981"

#Addr: 0x1565C0  size: 0x1750
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "91871C8C80792D24FC4C38921C697019"

#Addr: 0x157D10    size: 0xC0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "37A68FF460A624FBB64E747AE05939B0"

#Addr: 0x157DD0    size: 0x980
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "62F6E70C55C06D4312A0420855B5D876"

#Addr: 0x158750   size: 0xB0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "603562127CF092A9E23D9EB1350B8523"

#Addr: 0x158800   size: 0x20
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "113349E7659F24390146027FB43753B5"

#Addr: 0x158820   size: 0x20
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "5F4062820DC428C3FC39BFE07AFD5301"

#Addr: 0x158840   size: 0x4C0 ???
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = ""

#Addr: 0x158CE0   size: 0x1CC0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "007F23589EF73257A73FBE983FD17B4D"

#Addr: 0x15A9A0   size: 0x4A0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "378E40706BB52E7B33E35E2848527CCD"

#Addr: 0x15AE40   size: 0x1B0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = ""

#Addr: 0x15AFF0   size: 0xC20
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "BBF5295D90A3EFEE6CB82A27B37322AB"

#Addr: 0x15BC10    size: 0x20
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = ""

#Addr: 0x15BC30    size: 0x1610
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "CF1169E5E7621B115531B9E148EFE8BC"

#Addr: 0x15D240    size: 0x150
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "695653409E3EFE4DBC39A3B13845EEE9"

#Addr: 0x15D390    size: 0x1F0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "A07AC2136C9FB4B2AD3F2D6CAA3098FA"

#Addr: 0x15D580    size: 0x2A00
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "E76C8D79563EBA142A966DEF474840D2"

#Addr: 0x15FF80    size: 0xB40
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "D8FE824EF12CC0128D636BDC70BEDEAC"

#Addr: 0x160AC0    size: 0xEB0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "3F65A7ED5EEF4C24A79CD2601BAA0E37"

#Addr: 0x161970    size: 0x3090
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "986431EC00A1C1BC6CB816DDB12AB7DE"

#Addr: 0x164A00    size: 0xD0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "62120C09CDD68F0CE1A3A968AC4D88CE"

#Addr: 0x164AD0    size: 0x240
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "7B9F5E813423C2E750E6B7882779F7C8"

#Addr: 0x164D10    size: 0xE0 ???
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = ""

#Addr: 0x164DF0    size: 0x4D0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "A41C644EC04FA1950F3D1E32128935A7"

#Addr: 0x1652C0    size: 0x1AC0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "96ED8BAC6F841332F4A6CF3618D23980"

#Addr: 0x166D80    size: 0x110
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "1EEA482DAFA24B3A261754E55FA30379"

#Addr: 0x166E90    size: 0x1740
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "6CD02E5D10E6952E320DA3A8C59D860D"

#Addr: 0x1685D0  size: 0x1A0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "8BFD3EB02BC89D7DB24242D750A49361"

#Addr: 0x168770  size: 0x350
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "3539B3D4E16456EC82C9C7A9C69022AC"

#Addr: 0x168AC0  size: 0x1680 ???
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = ""

#Addr: 0x16A140  size: 0x240
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "56F121113CA4189A0176A6022AF514A1"

#Addr: 0x16A380  size: 0x2310
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "7B691B6AFC0C5CC5378B67C34A48835B"

#Addr: 0x16C690    size: 0x90
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "B5711B05C2673A555D5D9EA0730637FF"

#Addr: 0x16C720    size: 0x70
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "BE666322ED70DB7FF5AB5342D9175118"

key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0".decode("hex")
ctr = "C2945D9407F0EB48F56D2D93DB55C981".decode("hex")

# Open binary (encrypted)
f = open("test.bin", "rb")
d = f.read()
f.close()

# Decrypt binary
f = open("test.enc.bin", "wb")
f.write(aes_ctr_dec(d, key, ctr))
f.close()

PAYLOAD90000000.BIN

Code:
from Crypto.Cipher import AES
from Crypto.Util import Counter
import os
import struct

def aes_ctr_dec(buf, key, iv):
    ctr = Counter.new(128, initial_value=long(iv.encode('hex'), 16))
    return AES.new(key, AES.MODE_CTR, counter=ctr).encrypt(buf)

#PAYLOAD 0X90000000


#Addr: 0x3630    size: 0x2410
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "2F283C3663660CD4EC5F562B37D561BA"

#Addr: 0x5A40    size: 0x850
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "F97D1D75866C329FA7B30E26457BABAE"

#Addr: 0x6290    size: 0x11D0
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "716970E2B6933E56CECE47B5E91B6423"

#Addr: 0x7460    size: 0x2600
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "1F735BF0986CF4FF3A9FE5B99FFF59EC"

#Addr: 0x9A60    size: 0x1760
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "82175C30E03586CC0F78363A2F6971F4"

#Addr: 0xB2A0    size: 0xC0
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "23E0C76BC7E1BBF55D329567246AD253"

#Addr: 0xB360    size: 0xB3C0
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "CE7A6123937FACD0F1CFCF9F5FCCA369"

#Addr: 0xB480    size: 0x1220
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "0FB2DA05864E06CE59C2786F698B4712"

#Addr: 0xC6A0    size: 0xB0
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "96FBF2C16E50AE9CE32E5D5957C98D78"

#Addr: 0xF7A0    size: 0x1CB0
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "034DCF6143413C84DF2AC11DA3D71351"

#Addr: 0x11530    size: 0x260
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "E363581D59590587AAF7DA795B4245F2"

#Addr: 0x118A0    size: 0x260
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "3296749064CC56E9FB5E4971FD6856A3"

#Addr: 0x173B0    size: 0x3C10
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "B3423B5398CE05BCDE096CB186C663B5"

#Addr: 0x1AFC0    size: 0xAD230
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "D6BF9303BAEAFAA03A1A35EE258480EB"

#Addr: 0xC81F0    size: 0x80
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "211EF838B441C761ED04D1BBE6C536B3"

#Addr: 0xC8270    size: 0x59C0
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "5FCD22045AB445D6006B65D58C16161A"

#Addr: 0xCDD20    size: 0x100
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "4095A2017C1EB9B0877A027F4C626B9F"

#Addr: 0xCDE20    size: 0xF0
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "F7D2B67160A6A31B24897B042DBBC57C"

#Addr: 0xCDF10    size: 0x250
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "18CBFB627D7791E46AA55251E0546668"

#Addr: 0xCE160    size: 0x250
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "EC2AB9F7DA2B35D1730C8727347D9504"

#Addr: 0xCE3B0    size: 0x9E0
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "3FAF9992BF2213B8CD82AD57BC5A5F80"

#Addr: 0xCED90    size: 0x160
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "E0A2E7301B13E5FDF787C1D1332431BD"

#Addr: 0xCF750    size: 0x10a0
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "9479BCAA841C3AE71d2fee2da34f9893"

#Addr: 0xD07F0    size: 0xD08B0
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "F0C5B599519350DB98C2106C64E64EB4"

#Addr: 0xD08B0    size: 0xD1ED0
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "BD2775CB738DFFDA94B146A9E55380E8"

#Addr: 0xD1ED0    size: 0xF20
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "E9A6E2E6E4C78796CCA90674A78B7CE0"

#Addr: 0xD2DF0    size: 0x250
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "A4722CFF459EF1DE8613CBF9B9146E0F"

key = "287DADDA997A1B0E23DD4C86A1F34E49".decode("hex")
ctr = "716970E2B6933E56CECE47B5E91B6423".decode("hex")

# Open binary (encrypted)
f = open("test.bin", "rb")
d = f.read()
f.close()

# Decrypt binary
f = open("test.enc.bin", "wb")
f.write(aes_ctr_dec(d, key, ctr))
f.close()
Fingerprint.txt + boot.dat + script = boot.dat spoof
Boot.dat + script = license.dat + boot.dat spoof
License-request.dat + boot.dat + script = license.dat + boot.dat hack licence

Download script , image rommenu 1280x768 or 1280x720 size max 180 kb .jpg
 

Attachments

  • GFX_sxos.7z
    28.7 KB · Views: 849
  • generator_license_Sx_License_Hack.7z
    1.3 KB · Views: 819
  • SX_License_Hack_Spoof.7z
    179.5 KB · Views: 654
Last edited by Reacher17,

flowlapache

Well-Known Member
Member
Joined
Sep 7, 2010
Messages
150
Trophies
0
Age
36
Website
Visit site
XP
685
Country
France
hack the licence code and the xci loader...a lot of people is losing their hair on it since 3 years no? But if you do it and free it; I think you'll have some "popular" thanks from the community ;-)
 
  • Like
Reactions: scroeffie1984

Reacher17

Well-Known Member
OP
Member
Joined
Sep 18, 2019
Messages
128
Trophies
0
XP
729
Country
France
>#Add: 0x1685D0 size: 0x1A0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "8BFD3EB02BC89D7DB24242D750A49361"
#Add: 0x1562F0 size: 0x260
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "E617C0E0576391EBC1ACDBED1EC78ED0"

#Add: 0x0xBD120 size: 0x74950
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "1F32F9E4915B9BDB46ABA8859D266CAB"
#Add: 0xBB1A0 size: 0x20
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "08B1E8A8EAF97EC7779EB4891ED06F16"
#Add: 0x132210 size: 0x310
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "03F52F148BC344FADB3CED21E93C3B31"
#---------------
#Add: 0x9c2e0 size: 0xF90
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "8EBB8BDA00880A154D69AEF408DFA7EC"


#---------------
#Add: 0x91900 size: 0xF20
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "D1B9EE93463D59E36A3705DF1BEA7FB4"

#Add: 0x132140 size: 0xD0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "6A3EEB913484B6788FEA7579789074F0"

#-------------------------------
#Add: 0x13EA70 size: 0x20
#Add: 0x85e00 size: 0x1D0
#Add: 0x158800 size: 0x20
#Add: 0x158820 size: 0x20
#Add: 0x156550 size: 0x60
#Add: 0x92820 size: 0x160
#Add: 0x13E890 size: 0x1E0
#Add: 0x15D240 size: 0x150
#Add: 0x15D390 size: 0x1F0
#Add: 0x164AD0 size: 0x240
#Add: 0x140840 size: 0x1D0
#Add: 0x16A140 size: 0x240

#???
 

Reacher17

Well-Known Member
OP
Member
Joined
Sep 18, 2019
Messages
128
Trophies
0
XP
729
Country
France
[QUOTE = "linuxares, post: 9377850, membre: 93429"] https://gist.github.com/MarioMasta64/9e27532dfc237c3106385cb18caa3771

Ce script est capable de décrypter TX depuis toujours.

En voici un autre: https://gist.github.com/hexkyz/f9425a34057d17bba98a048f78d8711e [/ QUOTE]

what you did not understand is that it is not the keys that hexkyz found

--------------------- MERGED ---------------------------

the addresses I give with the size are for decrypting the code parts of the payload_80000000.bin

--------------------- MERGED ---------------------------

to decrypting the license check
 
Last edited by Reacher17,

Reacher17

Well-Known Member
OP
Member
Joined
Sep 18, 2019
Messages
128
Trophies
0
XP
729
Country
France
[QUOTE = "leerpsp, post: 9391391, membre: 345755"] vous savez pourquoi je n'ai rien de mieux à faire aujourd'hui Si vous avez la preuve que sx-os fonctionne après l'avoir piraté, je vais le tester et faire savoir à tout le monde si ils doivent vous faire confiance ou non. [/ QUOTE]
:rofl:

I only have the keys for the moment.
But I'm working on it. : nayps3:
 
  • Like
Reactions: leerpsp
General chit-chat
Help Users
    The Real Jdbye @ The Real Jdbye: :angry: