Hacking SX Gear - possible to boot straight into Hekate ?

WadsRUs

Well-Known Member
OP
Member
Joined
Jun 12, 2009
Messages
225
Trophies
0
XP
1,012
Country
United Kingdom
Brilliant, many thanks, that worked just great. :D

Incidentally, any idea how many injections the SX Gear should be able to do? I only seem to get a few from mine after being plugged into my PC's USB port.
 

danielfmo

New Member
Newbie
Joined
Feb 16, 2021
Messages
2
Trophies
0
Age
34
XP
24
Country
Portugal
Hi,

Someone knows if there is a backup/mirror of SX files? I'm looking for SX_Gear, SXOS and the firmware flashing tool.

As SX_Gear zip file isn't available at the moment, I went with the Spacecraft-NX route on my Mariko switch. Though I get a black screen with a static green LED.
I appreciate any help.
 

Draxzelex

Well-Known Member
Member
Joined
Aug 6, 2017
Messages
17,934
Trophies
1
Age
27
Location
New York City
XP
11,859
Country
United States
Hi,

Someone knows if there is a backup/mirror of SX files? I'm looking for SX_Gear, SXOS and the firmware flashing tool.

As SX_Gear zip file isn't available at the moment, I went with the Spacecraft-NX route on my Mariko switch. Though I get a black screen with a static green LED.
I appreciate any help.
How is your SD card formatted?
 

Spider_Man

Well-Known Member
Member
Joined
May 28, 2015
Messages
3,650
Trophies
0
Age
36
XP
4,399
Country
United States
Yes. Use their gear boot.dat which loads payload.bin from your SD card. This way, you can rename hekate to payload.bin and it should load it.
hi, im currently trying to do this but it only boots to sx os, not sure how to get it to boot into hekate to run atmos
 

White_Raven_X

Hack everything, hack the world!
Member
Joined
Sep 23, 2019
Messages
510
Trophies
0
Age
43
XP
994
Country
Canada
hi, im currently trying to do this but it only boots to sx os, not sure how to get it to boot into hekate to run atmos
Read Post #2 just above. You can also search on here how to do that. I'm pretty sure it's listed.

Found this with the search:
lol no that won't work. The boot.dat is not a payload.
You need their SX Loader payload.bin instead (and leave the boot.dat as it is on your SD root).
Then rename that SX Loader payload to whatever you want (for example sxos.bin) and place it in sd:/bootloader/payloads/
Then add this entry to your sd:/bootloader/hekate_ipl.ini:
Code:
[SX OS]
payload=bootloader/payloads/sxos.bin

Don't really know how this works with modchips like your SX Gear though.

Here's a link to someone's full tutorial:

https://gbatemp.net/threads/latest-sd-setup-for-moving-from-sxos-to-atmosphere.581237/

Also found this which is more helpful if you want to use sxos:

Hack SXOS License (no spoof)
the purpose of this script is to change the license decryption key. which will allow you to create your own license. you will need to run sxos for the first time to create a license-request.dat file which you will then retrieve from the SD. then you copied it to a folder containing the boot.dat file (unmodified) and the script. you run the script that will modify the boot.dat file to replace the license key and create a license that matches your license-request.dat. copied license.dat and boot.dat to your SD card. and admired the work.



My script was updated by @mrdude and he fix the cheat support and some mistake i made on my first script, @b&nder for his help about the reverse engineering and many thing, @chronoss for his great collaboration a sacrifice for his sx licence :rofl2:, @Zoria , @hexkyz, Shadow and Darkstorm.​


Key payload80 sxos 2.9.5
sxos v2.9.3 v2.9.4 v2.9.5

payload80000000.bin

Code:
from Crypto.Cipher import AES
from Crypto.Util import Counter
import os
import struct

def aes_ctr_dec(buf, key, iv):
    ctr = Counter.new(128, initial_value=long(iv.encode('hex'), 16))
    return AES.new(key, AES.MODE_CTR, counter=ctr).encrypt(buf)

#Addr: 0x84E0    size: 0x900
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "23C4758625E917742377AFEA7B01F4AA"

#Addr: 0x8DE0      size: 0x2A00
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "1C7B21915F911F5C9E7DDFA976E89ECB"

#Addr: 0xB7E0      size: 0x79780
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "2A9536AA2DFFB168D4F047372D90AACC"

#Addr: 0x84F60   size: 0xEA0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "E62CF9BE86E89FDED329CD894DDFEB32"

#Addr: 0x85E00   size: 0x1D0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "AF1380B9EAD8DB49B92A4FF663F123E9"

#Addr: 0x85FD0   size: 0x11F0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "7B72429908850206D81DCFFB916D1CDE"

#Addr: 0x871C0   size: 0x1040
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "CDEAFB612E2D684D994C9EB77546F9C3"

#Addr: 0x88200   size: 0x4410
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "46EAB8827D792795848AC2963ACCEC93"

#Addr: 0x8C610    size: 0xC20
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "38790F87C2CCEF575623980066E7B993"

#Addr: 0x8D230    size: 0x2960
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "09EDF6AAE33ADFBA3ED728379DA7B950"

#Addr: 0x8FB90    size: 0x2A0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "8986E6366FF02FB480BC16FB303FA412"

#Addr: 0x8FE30    size: 0x910
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "7F7CBCED6F45EB318E16A0939DD46444"

#Addr: 0x90740    size: 0x10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "7CD795905F39146120615E2B140ADE5A"

#Addr: 0x90750    size: 0x11B0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "F94BA9E8FB07717F905E226A0E9D9362"

#Addr: 0x91900   size: 0xF20
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "D1B9EE93463D59E36A3705DF1BEA7FB4"

#Addr: 0x92820   size: 0x160
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "0DF6D2FBEF9890FCD0F2B80E051BB1C4"

#Addr: 0x92980   size: 0x11D0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "67F07E1D1CBA6C8777E55E04B0E53CC8"

#Addr: 0x93B50   size: 0x800
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "AB5145E920085B47903088431B93FE70"

#Addr: 0x94350   size: 0x1150
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "6E93E123C40A45138B650A83ECECBEA5"

#Addr: 0x954A0    size: 0xEB0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "FE15F6F72F80AFFC6C754AD30F6873EA"

#Addr: 0x96350    size: 0xF30
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "A064A9DBA0898A9BE41FA28150A6DDB6"

#Addr: 0x97280    size: 0x1150
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "DF85B68B238735EB347F73D04DC93C03"

#Addr: 0x983D0    size: 0x200
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "307D0916213CF345A75F605EC600180C"

#Addr: 0x985D0    size: 0x4E0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "92823A34CD4D2C9DB22B18E76375EDB4"

#Addr: 0x98AB0    size: 0x8D0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "D40A3937867C86B1651992808E6D683D"

#Addr: 0x99380    size: 0x10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "0B62FE1C369975FB523D5E0A073C8415"

#Addr: 0x99390    size: 0x8D0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "F37C3BFE78857EF2D8527BA2361CCA35"

#Addr: 0x99C60    size: 0x2120
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "6720C40AEC49402781EF3E1159F933A6"

#Addr: 0x9BD80    size: 0x550
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "44DB793CF04AC42C4E19491C7EF0A510"

#Addr: 0x9c2D0  size: 0x10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "EF3E77E9942A9257CDB67E2FBA7A429E"

#Addr: 0x9c2e0  size: 0xF90
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "8EBB8BDA00880A154D69AEF408DFA7EC"

#Addr: 0x9D270  size: 0x1A60
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "97E1B83B22DE39025AE7D55EB26850D0"

#Addr: 0x9ECB0    size: 0x20 ???
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = ""

#Addr: 0x9ECD0    size: 0x1030
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "DB5FEAE3F1291C9E62C7180803AA2ED6"

#Addr: 0x9FD00    size: 0xC0 ???
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = ""

#Addr: 0x9FDC0    size: 0x1e0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "D96F01AEBEC99A866A951D7E05FC660D"

#Addr: 0x9FFA0    size: 0x500
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "E1BE093E09E15F281BD987D10188CA92"

#Addr: 0xA04A0    size: 0x10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "609D2775183FDE9DD5B8420F4E36AFA5"

#Addr: 0xA04B0    size: 0xF30 ???
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = ""

#Addr: 0xA13E0    size: 0x3C20
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "70CA9253F81722B848C61A6B1838EC52"

#Addr: 0xA5000    size: 0x2BE0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "C1BB824BCA3F7395E9C423A502430517"

#Addr: 0xA7BE0    size: 0xC50 ???
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = ""

#Addr: 0xA8830    size: 0x14A0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "76B8BC721ED4301E6AA35436822556AF"

#Addr: 0xA9CD0    size: 0x10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "4BF1329218C7853F8316447B20AC67C9"

#Addr: 0xA9CE0    size: 0x10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "53F8147D113F1F9030718726944095E7"

#Addr: 0xA9CF0    size: 0x10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "7B117D2C943311F125EBE4CD6C2C756E"

#Addr: 0xA9D00    size: 0x2140
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "B3572BAD1665259B9C68897369762412"

#Addr: 0xABE40    size: 0x1B10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "B74E2CA5B2BDBED6194503651C5903FB"

#Addr: 0xAD950    size: 0x8C0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "A797BC58D08D8326DAB96EA9B2E01B08"

#Addr: 0xAE210    size: 0xF10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "FFED61C2CF143AD186A5E83900773E99"

#Addr: 0xAF120    size: 0x11F0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "62A9221F850152BFF0CBA217F82B246E"

#Addr: 0xB0310    size: 0x3600
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "D28E70B8F637A3F2BABCA80EF6097D18"

#Addr: 0xB3910    size: 0x1D0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "E2EC8964BA8F828E74F9ECF4F68E7899"

#Addr: 0xB3AE0    size: 0x48B0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "A31943AC553D1098D01D8E55ABE6C1DD"

#Addr: 0xB8390    size: 0xCA0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "B22F1D3F621525E7F71AF5E26BAD8ECD"

#Addr: 0xB9030    size: 0x550 ???
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = ""

#Addr: 0xB9580    size: 0x1C10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "25BCB61C715FE3361800E3BB5E27261B"

#Addr: 0xBB190    size: 0x10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "3EF6B9A216F68275A4A95550F0E7367D"

#Addr: 0xBB1A0    size: 0x20
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "08B1E8A8EAF97EC7779EB4891ED06F16"

#Addr: 0xBB1C0    size: 0xF40
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "7BAFC2D19F25DC7A6FDAC079D92CC7BA"

#Addr: 0xBC100   size: 0xF40 ???
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = ""

#Addr: 0xBD040   size: 0xE0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "290C110580C3E0DAC10347E071CB268A"

#Addr: 0xBD120  size: 0x74950
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "                    "

#Addr: 0x131A70   size: 0x6D0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "D9AE3BC1BCBC02F4C5FF616DBD936C2D"

#Addr: 0x132140   size: 0xD0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "6A3EEB913484B6788FEA75797890750B"

#Addr: 0x132210  size: 0x310
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "03F52F148BC344FADB3CED21E93C3B31"

#Addr: 0x132520    size: 0x70
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "94031E43C8786088A66C66BBD6DD1E3B"

#Addr: 0x132590    size: 0x10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "47024D938410E178097692558836CD56"

#Addr: 0x1325A0    size: 0x850
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "0C0F92D93D3A88915CADBA875AB5E923"

#Addr: 0x132DD0   size: 0x20
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = ""

#Addr: 0x132DF0   size: 0xCC0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "A522EAF0A0E6FB33DE4CFB1CAEBC1036"

#Addr: 0x133AB0    size: 0x10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "802A0636F2F4CF6BD3E795D4BD0A11A3"

#Addr: 0x133AC0    size: 0x10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "2C25FEB2918D96996A393767F264AF1E"

#Addr: 0x133AD0    size: 0xC0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "342E0237CAB7B25DE1B882293E6C0022"

#Addr: 0x133B90    size: 0x1A40
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "9D07201C9816C6CA3A0FE95AA433341B"

#Addr: 0x1355D0    size: 0x10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "24FF2947714B5B5BAAA431AF87205D01"

#Addr: 0x1355E0    size: 0x190
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "DDF2B4703A66E08345B0A8DE43B99266"

#Addr: 0x135770    size: 0x9120 ???
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = ""

#Addr: 0x13E890  size: 0x1E0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "8A177CEE1860839EEE5CEB1F90076824"

#Addr: 0x13EA70  size: 0x20
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "4B51A716AB1C4C35D11B93DBFC2A508E"

#Addr: 0x13EA90  size: 0x1D50
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "71AACB3F51D36860EEB848753C3E2D63"

#Addr: 0x1407e0   size: 0x50
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "35921578DB997A41774FC736B951320F"

#Addr: 0x140830   size: 0x10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "674FEEA3F132A38D45253C9914AAB859"

#Addr: 0x140840   size: 0x1D0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "0F8446D6795EC74550BAB70DF50A30E3"

#Addr: 0x140A10   size: 0x1310
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "0A915AC245154C79FF9E473F6D8F0253"

#Addr: 0x141D20   size: 0x4C0 ???
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = ""

#Addr: 0x1421E0   size: 0x100
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "2587D5BFF345DD82D7AF9DCA2523CC4B"

#Addr: 0x1422E0    size: 0x10E90 ???
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = ""

#Addr: 0x153170    size: 0x820
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "52EB3E173E40C8714B3AD4B3D12653A1"

#Addr: 0x153990    size: 0x10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "CA4E0C4C6EF0FC0B9F52EC6BE0837F7E"

#Addr: 0x1539A0    size: 0x1720
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "284991136961ADB3C5B37DA713C80BB4"

#Addr: 0x1550C0    size: 0x1230
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "A304951A4A93D4176D9DB2C434C7FB82"

#Addr: 0x1562F0  size: 0x260
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "E617C0E0576391EBC1ACDBED1EC78ED0"

#Addr: 0x156550  size: 0x60
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "52D26B059EB83D1E025351999A79C59F"

#Addr: 0x1565B0  size: 0x10
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "C2945D9407F0EB48F56D2D93DB55C981"

#Addr: 0x1565C0  size: 0x1750
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "91871C8C80792D24FC4C38921C697019"

#Addr: 0x157D10    size: 0xC0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "37A68FF460A624FBB64E747AE05939B0"

#Addr: 0x157DD0    size: 0x980
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "62F6E70C55C06D4312A0420855B5D876"

#Addr: 0x158750   size: 0xB0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "603562127CF092A9E23D9EB1350B8523"

#Addr: 0x158800   size: 0x20
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "113349E7659F24390146027FB43753B5"

#Addr: 0x158820   size: 0x20
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "5F4062820DC428C3FC39BFE07AFD5301"

#Addr: 0x158840   size: 0x4C0 ???
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = ""

#Addr: 0x158CE0   size: 0x1CC0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "007F23589EF73257A73FBE983FD17B4D"

#Addr: 0x15A9A0   size: 0x4A0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "378E40706BB52E7B33E35E2848527CCD"

#Addr: 0x15AE40   size: 0x1B0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = ""

#Addr: 0x15AFF0   size: 0xC20
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "BBF5295D90A3EFEE6CB82A27B37322AB"

#Addr: 0x15BC10    size: 0x20
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = ""

#Addr: 0x15BC30    size: 0x1610
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "CF1169E5E7621B115531B9E148EFE8BC"

#Addr: 0x15D240    size: 0x150
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "695653409E3EFE4DBC39A3B13845EEE9"

#Addr: 0x15D390    size: 0x1F0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "A07AC2136C9FB4B2AD3F2D6CAA3098FA"

#Addr: 0x15D580    size: 0x2A00
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "E76C8D79563EBA142A966DEF474840D2"

#Addr: 0x15FF80    size: 0xB40
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "D8FE824EF12CC0128D636BDC70BEDEAC"

#Addr: 0x160AC0    size: 0xEB0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "3F65A7ED5EEF4C24A79CD2601BAA0E37"

#Addr: 0x161970    size: 0x3090
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "986431EC00A1C1BC6CB816DDB12AB7DE"

#Addr: 0x164A00    size: 0xD0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "62120C09CDD68F0CE1A3A968AC4D88CE"

#Addr: 0x164AD0    size: 0x240
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "7B9F5E813423C2E750E6B7882779F7C8"

#Addr: 0x164D10    size: 0xE0 ???
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = ""

#Addr: 0x164DF0    size: 0x4D0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "A41C644EC04FA1950F3D1E32128935A7"

#Addr: 0x1652C0    size: 0x1AC0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "96ED8BAC6F841332F4A6CF3618D23980"

#Addr: 0x166D80    size: 0x110
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "1EEA482DAFA24B3A261754E55FA30379"

#Addr: 0x166E90    size: 0x1740
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "6CD02E5D10E6952E320DA3A8C59D860D"

#Addr: 0x1685D0  size: 0x1A0
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "8BFD3EB02BC89D7DB24242D750A49361"

#Addr: 0x168770  size: 0x350
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "3539B3D4E16456EC82C9C7A9C69022AC"

#Addr: 0x168AC0  size: 0x1680 ???
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = ""

#Addr: 0x16A140  size: 0x240
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "56F121113CA4189A0176A6022AF514A1"

#Addr: 0x16A380  size: 0x2310
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "7B691B6AFC0C5CC5378B67C34A48835B"

#Addr: 0x16C690    size: 0x90
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "B5711B05C2673A555D5D9EA0730637FF"

#Addr: 0x16C720    size: 0x70
#key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0"
#ctr = "BE666322ED70DB7FF5AB5342D9175118"

key = "C46F64F4BEC6FC861BCF2ADFFBE76FA0".decode("hex")
ctr = "C2945D9407F0EB48F56D2D93DB55C981".decode("hex")

# Open binary (encrypted)
f = open("test.bin", "rb")
d = f.read()
f.close()

# Decrypt binary
f = open("test.enc.bin", "wb")
f.write(aes_ctr_dec(d, key, ctr))
f.close()

PAYLOAD90000000.BIN

Code:
from Crypto.Cipher import AES
from Crypto.Util import Counter
import os
import struct

def aes_ctr_dec(buf, key, iv):
    ctr = Counter.new(128, initial_value=long(iv.encode('hex'), 16))
    return AES.new(key, AES.MODE_CTR, counter=ctr).encrypt(buf)

#PAYLOAD 0X90000000


#Addr: 0x3630    size: 0x2410
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "2F283C3663660CD4EC5F562B37D561BA"

#Addr: 0x5A40    size: 0x850
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "F97D1D75866C329FA7B30E26457BABAE"

#Addr: 0x6290    size: 0x11D0
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "716970E2B6933E56CECE47B5E91B6423"

#Addr: 0x7460    size: 0x2600
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "1F735BF0986CF4FF3A9FE5B99FFF59EC"

#Addr: 0x9A60    size: 0x1760
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "82175C30E03586CC0F78363A2F6971F4"

#Addr: 0xB2A0    size: 0xC0
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "23E0C76BC7E1BBF55D329567246AD253"

#Addr: 0xB360    size: 0xB3C0
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "CE7A6123937FACD0F1CFCF9F5FCCA369"

#Addr: 0xB480    size: 0x1220
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "0FB2DA05864E06CE59C2786F698B4712"

#Addr: 0xC6A0    size: 0xB0
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "96FBF2C16E50AE9CE32E5D5957C98D78"

#Addr: 0xF7A0    size: 0x1CB0
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "034DCF6143413C84DF2AC11DA3D71351"

#Addr: 0x11530    size: 0x260
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "E363581D59590587AAF7DA795B4245F2"

#Addr: 0x118A0    size: 0x260
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "3296749064CC56E9FB5E4971FD6856A3"

#Addr: 0x173B0    size: 0x3C10
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "B3423B5398CE05BCDE096CB186C663B5"

#Addr: 0x1AFC0    size: 0xAD230
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "D6BF9303BAEAFAA03A1A35EE258480EB"

#Addr: 0xC81F0    size: 0x80
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "211EF838B441C761ED04D1BBE6C536B3"

#Addr: 0xC8270    size: 0x59C0
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "5FCD22045AB445D6006B65D58C16161A"

#Addr: 0xCDD20    size: 0x100
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "4095A2017C1EB9B0877A027F4C626B9F"

#Addr: 0xCDE20    size: 0xF0
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "F7D2B67160A6A31B24897B042DBBC57C"

#Addr: 0xCDF10    size: 0x250
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "18CBFB627D7791E46AA55251E0546668"

#Addr: 0xCE160    size: 0x250
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "EC2AB9F7DA2B35D1730C8727347D9504"

#Addr: 0xCE3B0    size: 0x9E0
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "3FAF9992BF2213B8CD82AD57BC5A5F80"

#Addr: 0xCED90    size: 0x160
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "E0A2E7301B13E5FDF787C1D1332431BD"

#Addr: 0xCF750    size: 0x10a0
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "9479BCAA841C3AE71d2fee2da34f9893"

#Addr: 0xD07F0    size: 0xD08B0
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "F0C5B599519350DB98C2106C64E64EB4"

#Addr: 0xD08B0    size: 0xD1ED0
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "BD2775CB738DFFDA94B146A9E55380E8"

#Addr: 0xD1ED0    size: 0xF20
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "E9A6E2E6E4C78796CCA90674A78B7CE0"

#Addr: 0xD2DF0    size: 0x250
#key = "287DADDA997A1B0E23DD4C86A1F34E49"
#ctr = "A4722CFF459EF1DE8613CBF9B9146E0F"

key = "287DADDA997A1B0E23DD4C86A1F34E49".decode("hex")
ctr = "716970E2B6933E56CECE47B5E91B6423".decode("hex")

# Open binary (encrypted)
f = open("test.bin", "rb")
d = f.read()
f.close()

# Decrypt binary
f = open("test.enc.bin", "wb")
f.write(aes_ctr_dec(d, key, ctr))
f.close()
Fingerprint.txt + boot.dat + script = boot.dat spoof
Boot.dat + script = license.dat + boot.dat spoof
License-request.dat + boot.dat + script = license.dat + boot.dat hack licence

Download script , image rommenu 1280x768 or 1280x720 size max 180 kb .jpg



I hope that helps.
 
Last edited by White_Raven_X,
  • Like
Reactions: Supreme23
General chit-chat
Help Users
    KenniesNewName @ KenniesNewName: https://youtube.com/shorts/796gA35N11I?feature=share