»
首页
|
手机数码
|
汽车资讯
|
游戏硬件
|
评测专题
|
手机壁纸
|
海淘值得买
|
度假
|
求职招聘
|
广告联系
» 您尚未登录:请
登录
|
注册
|
标签
|
帮助
|
小黑屋
|
TGFC Lifestyle
»
经典游戏怀旧专区
» 求一份大神游的皮角教程
发新话题
发布投票
发布商品
发布悬赏
发布活动
发布辩论
发布视频
打印
[硬件改造]
求一份大神游的皮角教程
wood
混世魔头
帖子
3170
精华
0
积分
25452
激骚
1373 度
爱车
主机
相机
手机
注册时间
2008-2-18
发短消息
加为好友
当前离线
1
#
大
中
小
发表于 2019-3-25 11:21
只看该作者
国内神游吧的教程试过了,是不完全皮角,一旦彻底断电,就需要重新运行马力欧医生皮角。不知道是目前皮角的现状,还是哪里出错了。所以想求一份权威的教程。
UID
98848
帖子
3170
精华
0
积分
25452
交易积分
0
阅读权限
40
在线时间
17120 小时
注册时间
2008-2-18
最后登录
2024-11-30
查看详细资料
TOP
AIex
侠客
帖子
323
精华
0
积分
2206
激骚
2 度
爱车
主机
相机
手机
注册时间
2010-9-7
发短消息
加为好友
当前离线
2
#
大
中
小
发表于 2019-3-25 11:25
只看该作者
这还不算完全皮角?人家辛辛苦苦把最新皮角教程汉化写出来分享还不满足。
不知道皮角现状就不要乱问了。
UID
171409
帖子
323
精华
0
积分
2206
交易积分
0
阅读权限
30
在线时间
876 小时
注册时间
2010-9-7
最后登录
2023-12-24
查看详细资料
TOP
dfg1101
魔王撒旦
帖子
9403
精华
0
积分
26062
激骚
92 度
爱车
主机
相机
手机
注册时间
2005-12-1
发短消息
加为好友
当前离线
3
#
大
中
小
发表于 2019-3-25 12:01
只看该作者
posted by wap, platform: iPhone
我操。
UID
50565
帖子
9403
精华
0
积分
26062
交易积分
0
阅读权限
40
在线时间
7302 小时
注册时间
2005-12-1
最后登录
2024-11-25
查看详细资料
TOP
wood
混世魔头
帖子
3170
精华
0
积分
25452
激骚
1373 度
爱车
主机
相机
手机
注册时间
2008-2-18
发短消息
加为好友
当前离线
4
#
大
中
小
发表于 2019-3-25 12:04
只看该作者
这是一份比较详尽的教程,但一些关键的文件找不到,贴一下给需要的同好吧。
A complete guide to hacking the iQue Player, from stock to cipher block-jack and recrypt.sys stuff
Prerequisites
This guide assumes that you are familiar with the Windows command processor (or the equivalent on your OS of choice), have access to either a virtual machine or secondary PC running Windows XP 32 bit, have the iQue@Home drivers installed on Windows XP and are familiar with connecting your iQue Player to Windows XP using a USB cable. In addition, familiarising yourself with transferring files between Windows XP and your main OS will be helpful. Finally, download and install a hex editor such as HxD (Windows) and familiarise yourself with its use. Note: step 4 of the process requires Python 3 on your main OS. Please visit python.org to download and install it, if your main OS does not already have it installed.
Process breakdown
The process can be broken down into several steps:
Initially achieving code execution on the console through Stuckpixel’s ique_cbc_attack program
Dumping your console’s keys and related information with an eSKape payload, as well as your console’s ticket.sys file to be edited
Inspecting your console’s firmware version and selecting and installing a System Menu patcher payload accordingly
Editing your console’s ticket.sys file with the software to be installed on the system
This guide will work through each step, one at a time. It is assumed that, before following a step, you have correctly followed each preceding step. It is recommended to read the guide through at least once before proceeding.
Step 1: Initial code execution
In this step, we will use Stuckpixel’s ique_cbc_attack program to patch Dr. Mario (马力欧医生) to achieve code execution.
Before following this step, please ensure that Dr. Mario has been transferred to your console and has been opened at least once.
In this step, your save data for Dr. Mario will be overwritten. Follow this guide (which hasn’t been written yet) to back it up if it is important to you.
Instructions for some parts of this step are specifically intended for Windows 10 64 bit. You may need to change some things for the process to work correctly on your OS of choice.
Connect your iQue Player to Windows XP, turn it on and open ique_diag. Enter B to initialise the connection.
Enter 3 005d1870.rec to dump Dr. Mario’s encrypted game file to Windows XP.
Copy 005d1870.rec to your main OS, into the folder containing ique_cbc_attack.
On your main OS, open a command prompt window and navigate to the folder containing ique_cbc_attack and 005d1870.rec and run this command:
ique_cbc_attack -p 3C088001350818E03C09000135298ED0 -r 005d1870.rec -d 081F0000000000000000000000000000 -o 1000
You should see this:
AES-CBC attack, by stuckpixel
successfully injected 1 blocks!
Copy 005d1870.rec from the folder containing ique_cbc_attack to the folder containing ique_diag on Windows XP.
In ique_diag, enter 4 005d1870.rec to write the modified Dr. Mario encrypted game file back to your console.
On your main OS, rename v2_dump.sta to 005d1870.sta.
Copy 005d1870.sta from your main OS to the folder containing ique_diag on Windows XP.
In ique_diag, enter 4 005d1870.sta to write the key dumper payload to your console.
In ique_diag, enter Q to close the connection to the console while keeping ique_diag open.
Turn off your console and disconnect it from your Windows XP PC.
Step 2: Dumping your console’s keys
Turn the console back on (without a USB cable inserted) to boot to the main iQue Menu.
Open Dr. Mario (马力欧医生) from the games list (‘游戏’ on the main menu). The game should boot to a black screen.
After a few seconds, press the power button on the console once to return to the iQue Menu. When the main menu loads, press the power button on the console once to turn the console off.
Connect your console back to your Windows XP PC with a USB cable and turn it on.
In ique_diag, enter B to initialise the connection, then enter 3 005d1870.sta to dump the save file containing your console’s keys to Windows XP.
Copy 005d1870.sta from the folder containing ique_diag on Windows XP to your main OS, and open it in a hex editor.
Copy the bytes from 0x600 to 0x700 to a new file. Save it as V2.bin or similar in a known location on your main OS.
In ique_diag on Windows XP, enter 3 ticket.sys to dump your console’s ticket file.
Copy ticket.sys from the folder containing ique_diag on Windows XP to a known location your main OS.
Step 3: Installing Jbop’s HackIt Menu patcher
There are several ways to determine your console’s firmware version. For the purposes of this guide, it is assumed that you have not made a NAND backup. There are exactly two SKSA versions that support USB. Both have the iQue@Home logo displayed in the top left of the main menu, in Chinese (神游在线). If the main menu of your console does not have this logo, it is not compatible with iQue@Home.
Rename hackit_patcher.sta to 005d1870.sta.
Copy 005d1870.sta to the folder containing ique_diag on Windows XP
In ique_diag, enter 4 005d1870.sta to write the System Menu patcher to your console.
Step 4: Editing your console’s ticket.sys file
On your main OS, open ticket.sys_editor.py (using Python).
Click File, Open file, then navigate to the ticket.sys file dumped from your console earlier, and click Open.
As an initial test, choose 塞尔达的传说 from the list on the left. Click the Ticket data tab, then press Ticket ID: to bring up the ticket ID editor. Uncheck the box next to Is trial ticket:, then close the ticket ID editor window.
Click File, Save as, then navigate to a known directory on your main OS, enter hackit.sys as the filename, then press Save to save the edited file.
Copy hackit.sys from your main OS to the folder containing ique_diag on Windows XP.
In ique_diag, enter 4 hackit.sys to write the modified file to your console, then enter Q to close the connection to your console while keeping ique_diag open.
Turn off your console and disconnect it from your Windows XP PC.
Turn the console back on (without a USB cable inserted) to boot to the main iQue Menu.
Open Dr. Mario (马力欧医生) from the games list (‘游戏’ on the main menu). The game should boot to a black screen.
After a few seconds, press the power button on the console once to return to the iQue Menu. When the main menu loads, enter the games list (‘游戏’ on the main menu), and scroll down until you reach The Legend of Zelda: Ocarina of Time (塞尔达传说:时光之笛). Near the right-hand edge of the screen, the small box between the block indicator (114) and the icon displaying whether the game is on the console or PC should be red, indicating that the game is no longer a trial. This demonstrates that the patcher worked and the system menu’s signatures have successfully been patched.
At this point, your console has successfully been hacked. You are now free to use ticket.sys_editor.py and iQueCrypt to add software to your console
UID
98848
帖子
3170
精华
0
积分
25452
交易积分
0
阅读权限
40
在线时间
17120 小时
注册时间
2008-2-18
最后登录
2024-11-30
查看详细资料
TOP
控制面板首页
密码修改
积分交易
积分记录
公众用户组
基本概况
版块排行
主题排行
发帖排行
积分排行
交易排行
在线时间
管理团队
管理统计