C++

Forum

 
Identifier not found?

Apr 22, 2012 at 12:34am
just logged on (3)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
 
// xechallengedump.cpp : Defines the entry point for the application.
//


#include "stdafx.h"
#define XBOX_KRNL
#define DbgPrint
#define resolveFunct
#define XECRYPT_RC4_STATE
#define rc4
#define XeCryptRc4Ecb
#define XeCryptRc4Key
#define MmGetPhysicalAddress
#define XeCryptHmacSha


typedef DWORD (*XEKEYSEXECUTE)(BYTE* chalData, DWORD size, BYTE* HVSalt, UINT64 krnlBuild, UINT64 r7, UINT64 r8);
// Catching call to XeKeysExecute in XAM
// Directing it to this function instead of actual Kernel function
DWORD XeKeysExecuteHook(BYTE* chalData, DWORD size, BYTE* HVSalt, UINT64 krnlBuild, UINT64 r7, UINT64 r8)
{
	    XEKEYSEXECUTE XeKeysExecute=(XEKEYSEXECUTE)resolveFunct(XBOX_KRNL 607);
		SYSTEMTIME LocalSysTime; GetLocalTime( &LocalSysTime);
		

		DbgPrint("Entering Xbox Live Challenge hook\n");
		DbgPrint("SystemTime: %d-%d-%d\t%d:%d:%d\n", LocalSysTime.wMonth, LocalSysTime.wDay,LocalSysTime.wYear, LocalSysTime.wHour, LocalSysTime.wMinute, LocalSysTime.wSecond);
		DbgPrint("r3 = 0x%08X, r4 = 0x%08X, r5 = 0x%08X\n",
				chalData, size, HVSalt);
		DbgPrint("r6 = 0x%016I64X, r7 = 0x%016I64X, r8 = 0x%016I64X\n",
				krnlBuild, r7, r8);

		// Decrypt the challenge data
		// Seems to share the same header as a bootloader
		// char[2] Magic
		// short Version
		// int Flags
		// int EntryPoint
		// int Size
		// byte[0x10] HMAC Hash -> RC4 Key
		
		
		DWORD dataSize = *(DWORD*)(chalData + 0xC);
		if(!DecryptChallenge(chalData, dataSize))




Error 1 error C3861: 'DecryptChallenge': identifier not found line 44

Any help with this would be great I only have this 1 error and its driving me crazy.
Last edited on Apr 22, 2012 at 12:35am
Apr 22, 2012 at 3:06am
cantide5ga (61)
Do you know where DecryptChallenge is defined in the program?
Apr 22, 2012 at 4:11am
just logged on (3)
Here is the full source 3/4 down is DecryptChallenge



1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
 
// xechallengedump.cpp : Defines the entry point for the application.
//


#include "stdafx.h"
#define XBOX_KRNL
#define DbgPrint
#define resolveFunct
#define XECRYPT_RC4_STATE
#define rc4
#define XeCryptRc4Ecb
#define XeCryptRc4Key
#define MmGetPhysicalAddress
#define XeCryptHmacSha


typedef DWORD (*XEKEYSEXECUTE)(BYTE* chalData, DWORD size, BYTE* HVSalt, UINT64 krnlBuild, UINT64 r7, UINT64 r8);
// Catching call to XeKeysExecute in XAM
// Directing it to this function instead of actual Kernel function
DWORD XeKeysExecuteHook(BYTE* chalData, DWORD size, BYTE* HVSalt, UINT64 krnlBuild, UINT64 r7, UINT64 r8)
{
	    XEKEYSEXECUTE XeKeysExecute=(XEKEYSEXECUTE)resolveFunct(XBOX_KRNL 607);
		SYSTEMTIME LocalSysTime; GetLocalTime( &LocalSysTime);
		

		DbgPrint("Entering Xbox Live Challenge hook\n");
		DbgPrint("SystemTime: %d-%d-%d\t%d:%d:%d\n", LocalSysTime.wMonth, LocalSysTime.wDay,LocalSysTime.wYear, LocalSysTime.wHour, LocalSysTime.wMinute, LocalSysTime.wSecond);
		DbgPrint("r3 = 0x%08X, r4 = 0x%08X, r5 = 0x%08X\n",
				chalData, size, HVSalt);
		DbgPrint("r6 = 0x%016I64X, r7 = 0x%016I64X, r8 = 0x%016I64X\n",
				krnlBuild, r7, r8);

		// Decrypt the challenge data
		// Seems to share the same header as a bootloader
		// char[2] Magic
		// short Version
		// int Flags
		// int EntryPoint
		// int Size
		// byte[0x10] HMAC Hash -> RC4 Key
		
		
		DWORD dataSize = *(DWORD*)(chalData + 0xC);
		if(!DecryptChallenge(chalData, dataSize))
{
				DbgPrint("Error decrypting challenge :(\n");
				int HalReturnToFirmware(6);
		}

		// Create HV Salt file
		HANDLE hvSalt = CreateFile("hdd:\\XeKeysExecute_HVSalt.bin", GENERIC_WRITE,
		FILE_SHARE_WRITE, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
		if( hvSalt == INVALID_HANDLE_VALUE)
		{
				DbgPrint("Error Creating HV Salt File\n");
		    	int	HalReturnToFirmware(6);
		}
		DbgPrint("File Created\n");



		// Get the HV salt
		DWORD saltOut = 0;
		if (WriteFile( hvSalt, HVSalt, 0x10, &saltOut, NULL))
				DbgPrint("Saved HV Salt\n");
		else DbgPrint("Could not save HV Salt  :(\n");

		
		// Close our HV Salt handle
		CloseHandle( hvSalt );

		DbgPrint("Dumping resp\n");
		
		
		// Execute the challenge
		BYTE* physSalt = (BYTE*)MmGetPhysicalAddress(HVSalt); // Do what we patched
		XeKeysExecute(chalData, size, physSalt, krnlBuild, r7, r8); // go to actual kernel function

		HANDLE chalResp = CreateFile("hdd:\\XeKeysExecute_resp.bin", GENERIC_WRITE,
		FILE_SHARE_WRITE, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
		if( chalResp == INVALID_HANDLE_VALUE)
		{
				DbgPrint("Error Creating Response File\n");
				int HalReturnToFirmware(6);
		}
		DbgPrint("Response File Created\n");

		// Save the challenge response
		DWORD respOut = 0;
		if (WriteFile( chalResp, chalData, size, &respOut, NULL))
				DbgPrint("Saved response data\n");
		else DbgPrint("Could not save response data  :(\n");

		// Close our challange response dump
		CloseHandle( chalResp );	  

		// We dumped the challange data -> reboot
		DbgPrint("Dumped Challenge - Rebooting System\n");
		int HalReturnToFirmware(6);
		return (0);
}

void patchPhysicalAddr()
{
		DbgPrint("Patching MmGetPhysicalAddress in challenge function so we can grab the HV Salt\n");
		UINT32* addr = (UINT32*)(0x81677EE4); // 14719
		addr[0] = 0x60000000;
}

BOOL DecryptChallenge(BYTE* data, DWORD fileSize)
{
		DbgPrint("Decrypting XeKeysExecute Challenge Data\n");
	    XECRYPT_RC4_STATE rc4;
		BYTE* decChalData = (BYTE*)XPhysicalAlloc(fileSize, MAXULONG_PTR, 0, PAGE_READWRITE);
		memcpy(decChalData, data, fileSize);
		BYTE* rc4Key = (BYTE*)XPhysicalAlloc(0x10, MAXULONG_PTR, 0, PAGE_READWRITE);
		BYTE key[0x10] = {0xDD, 0x88, 0xAD, 0x0C, 0x9E, 0xD6, 0x69, 0xE7, 0xB5, 0x67, 0x94, 0xFB, 0x68, 0x56, 0x3E, 0xFA}; // found in HV
		XeCryptHmacSha((BYTE*)key, 0x10, decChalData + 0x10, 0x10, 0, 0, 0, 0, rc4Key, 0x10);
		XeCryptRc4Key(&rc4 rc4Key, 0x10);
		XeCryptRc4Ecb(&rc4 decChalData + 0x20, fileSize - 0x20);
		HANDLE hFile;
		DWORD size;
		hFile = CreateFile("hdd:\\XeKeysExecute_chalData_dec.bin", GENERIC_WRITE,
				FILE_SHARE_WRITE, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
		if( hFile != INVALID_HANDLE_VALUE)
       {
				DbgPrint("Created Challenge File\n");
				if(WriteFile(hFile, decChalData, fileSize, &size, NULL)) 
				
						CloseHandle(hFile);
						XPhysicalFree(decChalData);
						XPhysicalFree(rc4Key);
						DbgPrint("Decrypted challenge data saved\n");
						return true; 
				}
		else
						return false;
		}
Apr 22, 2012 at 4:16am
firedraco (6245)
Well the problem is that the compiler doesn't know what DecryptChallenge is until after you have used it. You need to put a prototype or something before you use it so the compiler knows what it is.
Apr 22, 2012 at 9:58am
just logged on (3)
Done that now im recieving the Error 1 error LNK1181: cannot open input file 'xapilibd.lib(xapi0.obj)' C:\Users\Phill\Documents\Visual Studio 2010\Projects\xechallengedump\xechallengedump\LINK xechallengedump
e
Topic archived. No new replies allowed.