XBE Dumper 0.4---------------by franz@caos.at, based on the original XBE   Dumper by Michael Steil (mist@c64.org)The XBE dumper is now in the process of being enhanced to performthe same crypto operations on the XBE file as the Xbox kernel itself,using the same algorithms.The XBE signing process is in two stages.  In Stage one, a SHA-1 hash ofthe contents of each XBE section is made and the hash stored in a tablein the XBE header section.  In stage 2, a single SHA-1 hash is made ofthe header region (including the section hashes and a signer certificate),the resulting single hash is then itself encrypted with strong 2048-bitRSA public/private key encryption and the resulting encrypted single hash''signature'' stored near the start of the final, signed XBE file.In this release, the action of the first& second stage is implemented, so thatthe software is able to compute and store in the header SHA-1 hashesfor each section in the unsigned XBE.  It is also able to confirm thatthe hashes stored in the header are correct for the corresponding sectioncontents.  Work has started to implement Stage two, although this will bequite hard to fully complete without having the private key :-)However, the intention is to at least be able to have a functional modelof the xbox validation actions, so that the correctness of any attempt tocreate a signed XBE can be reliably and rapidly assessed without usingany Microsoft code.  In the other direction, it is intended to have provenall of the code needed to sign XBEs given a valid signer certificate andthe correct private key (which we of course lack at the moment).Additionally, this Software gives us the oportunity to make "cleaner" xbe'sas the patching of Kernel (done by mod_chips) is reduced, and only the realVerify signature has to be "adapted".There are 2 additional key's in the source, these are key's build with my computer.The keys are test keys and do not work on "real" xboxes.We have agreed not to publish the MS$ public key in the CVS, as this would be a copyrightproblem. You have to copy a decryped and decompressed flash to the same directory, the programm is working in.Please refeer to the Help in the programm itself for operations.Installation------------The app relies on the OpenSSL libraries fromhttp://www.openssl.org/sourceHere are the steps for installation: 1) download and unpack the openssl sources somewhere 2) enter the openssl-0.9.6g (<-- or whatever) directory 3) ./config 4) make 5) make test (should end with some version info, no explicit OK) 6) su (<-- make yourself root) 7) make install  (<--- installs SSL stuff into /usr/local/ssl) 8) exit (<-- make yourself normal user again) 9) cd to where xbe dumper sources are10) make (<--- should be no errors or warnings)One note, it was found that there are bogus link errors with theGCC 3.2 version shipped with Redhat 8.0 beta, if you experiencethese bogus "undefined reference to `__gxx_personality_v0'"errors uncomment the definition of this symbol in xbe.c andremake.Changelog---------0.2b Franz has added code to verify the signature0.2a Franz started on adding crypto structure code0.3a Mismatch of Andy and Franz checking, now learned to work with CVS0.3b Checking the RSA signature + update sections hashes0.3c Generation of a "custom signature" implemented(this document by andy@warmcat.com & franz@caos.at)