So I figured I would share my DeadFish PHP library that implements adaptive hashes using blowfish and it’s algorithm’s keying schedule. Library is fairly simple to use while allowing users to customize it, via a simple options array.

Example / Demo: http://epicgeeks.net/deadfish/demo.php

Source: https://bitbucket.org/jnewing/deadfish-lib

<?php

/**
 * DeadFish Library
 * The DeadFish library is used for making a safe (or safer) storable hash of a user password. We attempt to make storing a password hash
 * a little more secure by creating an adaptive hash using blowfish and it's algorithm’s keying schedule.
 *
 * @author      Joseph Newing (jnewing [at] gmail [dot] com)
 * @copyright   Joseph Newing 2011 - 2012
 * @link        https://bitbucket.org/jnewing/deadfish-lib
 * @link        http://epicgeeks.net
 * @version     1.4
 *
 * *************************************************************************************************************************
 *
 * DeadFish lib has several options users can set to customize this library.
 *
 * Options:
 *      min_length          - the minamum required length of a user password
 *      strict_password     - require the password to follow "strict" rules (see rules below)
 *                              o min length required
 *                              o require alpha and numeric values
 *                              o require both upper and lower case values
 *      work_factor         - the work factor
 *
 * Within this class there are both static function users can use for fast access as
 * well as none static ones, see examples below.
 *
 * Static Usage Examples:
 *
 * static function example:
 * $hash = DeadFish::computeHash('some password');      // would compute a hash with default work factor
 *
 * static function check and existing hash
 * $bool = DeadFish::verifyHash('some password', 'matching hash');
 *
 * Object Usage Example:
 *
 * example with default options:
 *
 * $df = new DeadFish();
 * $df->set_password('some_password');
 * $hash = $df->hash();
 * ...
 * if ($df->verify('some_password', 'some_hash'))
 *  do stuff...
 *
 * example with diff options:
 *
 * $options = array(
 *      'min_length'        => 5,       // make the min password length 5
 *      'strict_password'   => TRUE     // use strict passwords
 * );
 *
 * $df = new DeadFish($options);
 * $hash = $df->hash('some_password')
 *
 */

class DeadFish
{

// ======================================================================================
//  class consts
// ======================================================================================

    const DEFAULT_WORK_FACTOR   = 9;

// ======================================================================================
//  public variables
// ======================================================================================

    /**
     * minimum lenght the password must be
     */
    public $min_length          = 8;

    /**
     * strict password must be at least ^ min length (see above)
     * alpha numeric and contain at least one uppercase and one lower case character
     */
    public $strict_password     = FALSE;

    /**
     * our work factor
     */
    public $work_factor         = 9;

// ======================================================================================
//  private variables
// ======================================================================================

    /**
     * user password
     */
    private $password            = NULL;

// ======================================================================================
//  public functions
// ======================================================================================

    /**
     * constructor - Sets some default PHash prefs.
     *
     * the constructor can be passed an array of config values however this is not
     * needed unless you wish to do some customization of your own.
     */
    public function __construct($options = FALSE)
    {
        if ($options)
            $this->init($options);
    }

    // --------------------------------------------------------------------

    /**
     * initialize our prefs.
     *
     * @access  public
     * @param   array
     * @return  void
     */
    public function init($options)
    {
        // setup our default options
        if (is_array($options))
        {
            foreach ($options as $key => $val)
                $this->{$key} = $val;
        }
    }

    // --------------------------------------------------------------------

    /**
     * set_password function will set the class password while doing
     * the required checks.
     *
     * @access  public
     * @param   string
     * @return  void
     */
    public function set_password($password)
    {
        // we are forcring the user to set a strong password
        // password rules:
        //  - min length required
        //  - require alpha and numeric values
        //  - require both upper and lower case values
        if ($this->strict_password)
        {
            if (preg_match('/\A(?=[\x20-\x7E]*?[A-Z])(?=[\x20-\x7E]*?[a-z])(?=[\x20-\x7E]*?[0-9])[\x20-\x7E]{' . $this->min_length . ',}\z/', $password))
            {
                // set the password
                $this->password = $password;

                // return
                return;
            }
            else
                throw new Exception('Password did not meat minamum security requirements.');
        }

        // if we are not forcing the user to a strict password then we should at the very least
        // make it a min. length
        if (strlen($password) >= $this->min_length)
        {
            // set our password
            $this->password = $password;

            // return
            return;
        }

        throw new Exception('Password did not meat minamum security requirements.');
    }

    // --------------------------------------------------------------------

    /**
     * set the work factor for the class
     *
     * @access  public
     * @param   int
     * @return  void
     */
    public function set_work($work)
    {
        // make sure work fact. is between 4 and 31, if not we error.
        if ($work < 4 || $work > 31)
            throw new Exception('Work factor must be between 4 and 31.');

        // if we are good set it
        $this->work_factor = $work;
    }
    // --------------------------------------------------------------------

    /**
     * hash function allows users to hash a password using the initialized class this will look to
     * $this->password (hopefully set by set_password or has been passed to this function)
     *
     * @access  public
     * @param   string (optional)
     * @return  string
     */
    public function hash($password = FALSE)
    {
        // if the user passed our password here lets try and set it
        if ($password)
            $this->set_password($password);

        // make sure we have a password to hash
        if (empty($this->password))
            throw new Exception('Missing a password?');

        // lets hash
        return self::computeHash($this->password, $this->work_factor);
    }

    // --------------------------------------------------------------------

    /**
     * verify function allows the user to verify a password and hash match, simply returns a bool value
     * user can then do what they like with the result.
     *
     * @access  public
     * @param   string (optional)
     * @param   string (optional)
     * @return  bool
     */
    public function verify($password = FALSE, $hash = FALSE)
    {
        if ($password)
            $this->password = $password;

        if ($hash)
            $this->hash = $hash;

        // make sure we have a password and hash to work with
        if (empty($this->password) || empty($this->hash))
            throw new Exception('Missing password or hash?');

        // compair and return
        return self::verifyHash($this->password, $this->hash);
    }

    // --------------------------------------------------------------------

// ======================================================================================
//  public static functions
// ======================================================================================

    /**
     * compute the hash of the password using the specified work factor value, if no work factor is
     * specified then default (8) will be used
     *
     * @access  public
     * @param   string
     * @param   int
     * @return  string
     */
    public static function computeHash($password, $work = 0)
    {
        // declair our salt
        $salt = NULL;

        // define our work fact.
        $work = ($work < 4 || $work > 31) ? self::DEFAULT_WORK_FACTOR : $work;

        // random pseudo bytes
        if (function_exists('openssl_random_pseudo_bytes'))
            $random_bytes = substr(strtr(base64_encode(openssl_random_pseudo_bytes(16)), '+', '.'), 0, 22);
        else
            $random_bytes = self::gen_random();

        // gen our salt
        $salt = '$2a$' . str_pad($work, 2, '0', STR_PAD_LEFT) . '$' . $random_bytes;

        // return our hash
        return crypt($password, $salt);
    }

    // --------------------------------------------------------------------

    /**
     * verify the password and hash passed to this function
     *
     * @access  public
     * @param   string
     * @param   string
     * @return  bool
     */
    public static function verifyHash($password, $hash)
    {
        // if this is not a blowfish hash we can just error as we don't
        // understand how to deal with it
        if (substr($hash, 0, 4) != '$2a$')
            throw new Exception('Unknown or invalid hash format.');

        // crypt compair and return
        return crypt($password, $hash) === $hash;
    }

    // --------------------------------------------------------------------

// ======================================================================================
//  private functions
// ======================================================================================

    /**
     * gen_random function is to be used in place of the openssl_random_pseudo_bytes function,
     * we would rather use that function however not all system will have that available so this is
     * used as a fallback
     *
     * @access  public
     * @param   int (optional)
     * @return  string
     */
    private static function gen_random($length = 22)
    {
        $ascii_array = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./';
        $random_string = '';

        for ($x = 0; $x < $length; $x++)
            $random_string .= $ascii_array[ rand(0, 63) ];

        return $random_string;
    }

    // --------------------------------------------------------------------

}

?>

It’s quite simple, select the target file you wish to patch and select a .dif file with the patches you wish to make. Note: the .dif files produced by IDA need to either have their first 4 lines removed or simply add a ; to the lines with text (turning them into what my patcher sees as a comment and ignores) otherwise it expects a format of:

Example Dif File

;This difference file has been created by IDA Pro
;
;some file.dll
;
; this is just a sample comment that can be placed inside a .dif file
00005031: 03 17
00005035: 03 17
00005872: 28 00
00005873: 58 00
00005874: 01 00
00005876: 06 00
00005C3A: 18 17
00010F56: 06 16

As you can see above this .dif file would make 8 bytes changes within the specified target file.

Hands down this plugin has been wonderful to use in every way, the only think I found it lacked (that I personally wanted) was the ability to pop code out of my blog into a another window, as you can see this blog is very thin and makes for lack luster code reading. After a quick contact with the plugin’s author low and behold the same day he build the feature into the plugin. How’s that for service!

Finally I built my own theme, for here at epicgeeks.net however I’ve made this theme available for download here: Epicgeeks Crayon Theme (425)

There are several methods to doing this, and one way is using public, private key-pair cryptography. In the example below I’ve shown a PHP script that is able to talk to a C# application using an openssl public, private key-pair.

In this post I’ve included the source to everything in a .rar file listed for download at the bottom.

Openssl Class

<?php


/**
 ******************************************************************************************
 * OpenSSL                                                                    * synmuffin *
 ******************************************************************************************
 * 
 * OpenSSL class that was designed to work with C/C++/C# applications. This class allows
 * users who want to build a secure API to Rx/Tx data from the web (website or server)
 * through to their end users application.
 * 
 *
 * author: synmuffin
 * email: synmuffin@savelab.net
 * version: 1.0
 * date:
 *
 */
class OpenSSL {
	
	/*
	|================================================================================
	| PUBLIC VARS
	|================================================================================
	*/


	/*
	|================================================================================
	| PRIVATE VARS
	|================================================================================
	*/
	
	
	/**
	 * $publicKey
	 * Public key instance used throughout the class. This must be initialized via the
	 * LoadPublicKey() function.
	 */
	private $publicKey 		= NULL;
	
	
	/**
	 * $privateKey
	 * Private key instance used throughout the class. This must be initialized via the
	 * LoadPrivateKey() function.
	 */
	private $privateKey 	= NULL;


	/**
	 * $padding
	 * Padding, currently not in use as it seems to not work.
	 */
	private $padding 		= NULL;		// OPENSSL_PKCS1_PADDING, OPENSSL_SSLV23_PADDING, OPENSSL_PKCS1_OAEP_PADDING, OPENSSL_NO_PADDING.

    
    /**
     * Class constructor, currently no paramaters are needed.
     */
    public function __construct($params = FALSE)
    {
        if (!$params)
            return;
        
        if (array_key_exists('public_key', $params))
        {
            if (file_exists($params['public_key']))
                $this->LoadPublicKey($params['public_key']);
            else
                trigger_error("Unable to find Public key file {$params['public_key']}.", E_USER_ERROR);
        }

        if (array_key_exists('private_key', $params))
        {
            if (file_exists($params['private_key']))
                $this->LoadPrivateKey($params['private_key']);
            else
                trigger_error("Unable to find Private key file {$params['private_key']}.", E_USER_ERROR);
        }
    }
    // ---------------------------------------------------------------------


    /*
	|================================================================================
	| PUBLIC FUNCTIONS
	|================================================================================
	*/

    
    /**
     * public LoadPrivateKey(string $privkey_path [, string $privkey_pass])
     *
     * Function will load a private key via the passed string file location of $privkey_path. This fucntion also
     * takes and optional second paramter that will allow for private keys locked with a DES passphrase to be used.
     *
     * @param string $privkey_path	- Path to the private key file.
     * @param string $privkey_pass	- Private key passphrase.
     *
     * @return none
     */
    public function LoadPrivateKey($privkey_path, $privkey_pass = FALSE)
    {
    	if (!$privkey_pass || $privkey_pass == NULL)
    	{
    		if (!($this->privateKey = openssl_get_privatekey('file://' . $privkey_path)))
    			trigger_error("Unable to load private key from file {$privkey_path}.", E_USER_ERROR);
    	}
    	else
    	{
    		if (!($this->privateKey = openssl_get_privatekey('file://' . $privkey_path, $privkey_pass)))
    			trigger_error("Unable to load private key from file {$privkey_path}.", E_USER_ERROR);
    	}
    }
    // ---------------------------------------------------------------------


    /**
     * public LoadPublicKey(string $pubkey_path)
     *
     * Function will load a public key via the passed string file location of $pubkey_path.
     *
     * @param string $pubkey_path 	- Path to public key file.
     *
     * @return none
     */
    public function LoadPublicKey($pubkey_path)
    {
    	if (!($this->publicKey = openssl_get_publickey('file://' . $pubkey_path)))
    		trigger_error("Unable to load public key from file {$pubkey_path}.", E_USER_ERROR);
    }
    // ---------------------------------------------------------------------

    
    /**
     * public PrivateKeyEncrypt(string $raw_data [, bool $base64 = TRUE])
     *
     * Function will try and encrypte the passed string $raw_data using the loaded (hopefully) $this->privateKey
     * resource. This function also takes an optional second paramter allowing the user to spepcified if they wish
     * to have the encrypted data returned base64 encoded, be default this is set to true.
     *
     * @param string $raw_data	- Raw data to be encrypted.
     * @param bool $base64 		- Bool value to return data base64 encoded.
     *
     * @return string $encrypted_data
     */
    public function PrivateKeyEncrypt($raw_data, $base64 = TRUE)
    {
    	if ($this->privateKey == NULL)
    		trigger_error("Private key has not been sepcified.", E_USER_ERROR);
		
    	if (!openssl_private_encrypt($raw_data, $encrypted_data, $this->privateKey))
    		trigger_error("Unable to encrypt data.", E_USER_ERROR);

    	return ($base64) ? base64_encode($encrypted_data) : $encrypted_data;
    }
    // ---------------------------------------------------------------------

    
    /**
     * public PrivateKeyDecrypt(string $raw_data [, bool $base64 = TRUE])
     *
     * Function will try and decrypt the passed $raw_data using the loaded (hopefully) $this->privateKey resource. This
     * function, much like it's counter-part, takes an optional second paramter specifiing whether or not the $raw_data
     * is base64 encoded. By default is assumes it is.
     *
     * @param string $raw_data 	- Raw data to be decrypted.
     * @param bool $base64 		- Bool value to assume $raw_data is base64 encoded.
     *
     * @return string $decrypted_data
     */
    public function PrivateKeyDecrypt($raw_data, $base64 = TRUE)
    {
		if ($this->privateKey == NULL)
			trigger_error("Private key has not been specified.", E_USER_ERROR);

    	
    	if (!openssl_private_decrypt(($base64) ? base64_decode($raw_data) : $raw_data, $decrypted_data, $this->privateKey, $this->padding))
    			trigger_error("Unable to decrypt data.", E_USER_ERROR);

    	return $decrypted_data;
    }
    // ---------------------------------------------------------------------

    
    /**
     * public PublicKeyEncrypt(string $raw_data [, bool $base64 = TRUE])
     *
     * Function will try and encrypte the passed string $raw_data using the loaded (hopefully) $this->publicKey
     * resource. This function also takes an optional second paramter allowing the user to spepcified if they wish
     * to have the encrypted data returned base64 encoded, be default this is set to true.
     *
     * @param string $raw_data	- Raw data to be encrypted.
     * @param bool $base64 		- Bool value to return data base64 encoded.
     *
     * @return string $encrypted_data
     */
    public function PublicKeyEncrypt($raw_data, $base64 = TRUE)
    {
    	if ($this->publicKey == NULL)
    		trigger_error("Public key has not been specified.", E_USER_ERROR);

    	if (!openssl_public_encrypt($raw_data, $encrypted_data, $this->publicKey))
    		trigger_error("Unable to encrypt data.", E_USER_ERROR);

    	return ($base64) ? base64_encode($encrypted_data) : $encrypted_data;
    }
    // ---------------------------------------------------------------------

    
    /**
     * public PublicKeyDecrypt(string $raw_data [, bool $base64 = TRUE])
     *
     * Function will try and decrypt the passed $raw_data using the loaded (hopefully) $this->privateKey resource. This
     * function, much like it's counter-part, takes an optional second paramter specifiing whether or not the $raw_data
     * is base64 encoded. By default is assumes it is.
     *
     * @param string $raw_data 	- Raw data to be decrypted.
     * @param bool $base64 		- Bool value to assume $raw_data is base64 encoded.
     *
     * @return string $decrypted_data
     */
    public function PublicKeyDecrypt($raw_data, $base64 = TRUE)
    {
    	if ($this->publicKey == NULL)
    		trigger_error("Public key has not been specified.", E_USER_ERROR);
    	
    	if (!openssl_public_decrypt(($base64) ? base64_decode($raw_data) : $raw_data, $decrypted_data, $this->publicKey))
    		trigger_error("Unable to decrypt data.", E_USER_ERROR);
    	
    	return $decrypted_data;
    }
    // ---------------------------------------------------------------------


    /*
	|================================================================================
	| PRIVATE FUNCTIONS
	|================================================================================
	*/
	

}
?>

Web usage example

<?php
	// include the lib
	require_once('../lib/OpenSSL.php');

	// now to keep this nice and secure this should always be done and called
	// over a a HTTPS layer for added security. However in this example I've provided
	// a way to turn this check off just in case you want to run soem quick http tests.
	//
	// Simply comment out the next two lines if you wish to run http NOT https.
	
	if ($_SERVER['HTTPS'] != 'on')
		exit("You should use HTTPS not HTTP.");

	// in this example I'm going to use the $raw_data variable and just stick some text data in it,
	// however in a RWS this would be sensitive data that I've returned via a call or check from
	// a database or something along those lines.
	//
	// More to the point I want to pass something back to my application here, as encrypted data.
	$raw_data = "This is my data that I want to keep a secret!";

	// next we init our class
	$ssl = new OpenSSL();

	// load our private key
	$ssl->LoadPrivateKey('/home/your/path/to/privatekey.key');

	// now we can encrypt our data (provided the key was valid)
	// note: with default optiosn like this it will return the data base64 encoded
	$encrypted_data = $ssl->PrivateKeyEncrypt($raw_data);

	// now we are just going to print this data (assuming this was our C# app that made this call)
	// we print the data right to output buffer, so we can use things like HTTP_GET requests.
	print $encrypted_data;
?>

Using the above example in conjunction with the C# application you can demo how this would work. Download the attached file to get a copy of all .php files as well as a full C# application.

This all kind of came into play as decided I wanted to learn more about STFS and what better way to make a quick and clean rehash /resigner its written in C++ and should work on all platforms.

This does not come with any official support but I’d be happy to try and answer any question you may have.

Also here is now a binary for Intel Mac

Updates on the Fallout Qt front, well it’s ready to keep it short, however I’m not releasing it yet as there are a few things to add, tweak and play with. This is in progress and with that I realize that there are currently no nice rehash/resigners for Linux and Mac. I’m working on a solution to this. I’ve not yet named my project but I’ve created a rehash/resigner for CON files currently it’s running on Windows, and Mac I’ve not looked at Linux yet but that will be coming.

I would like the release of this CON file rehash/resigner to coincide with FalloutQt for obvious reasons. As both projects will compliment each other nicely.

[youtube]http://www.youtube.com/watch?v=6cErrH2b_ac[/youtube]

So each data block is stored in the data_blocks List withing the STFS class and that data blocks corresponding hash is stored within the hash_blocks List. (eg: data_block[0] would be a unsigned char[0x1000] and its corresponding unsigned char[0x18] hash would be in hash_blocks[0]) remembering that the hash block is 0×18 bytes long where as the hash itself is only the first 0×14 bytes.

stfs.h

#ifndef STFS_H
#define STFS_H

#include <QList>
#include <QByteArray>
#include <QString>
#include <QFile>
#include <QDebug>
#include <QCryptographicHash>
#include <QChar>

#define BLOCK 0x1000
#define HASH_BLOCK 0x18
#define HASH 0x14
#define DATA_START 0xC000
#define TABLE0 0xA000
#define TABLE1 0xB8000
#define MASTER_TABLE 0xB6000    // master table

class STFS
{
public:
    QByteArray origional;
    QList<QByteArray> stfs_blocks, data_blocks, hash_blocks, master_table;

    STFS();
    STFS(const QByteArray& stfsdata);

    ~STFS();

    void Init(const QByteArray& stfsdata);
    void ValidBlock(int xBlock);
    void ValidMaster();
    QByteArray ReadBlock(int xBlock);
    void FixBlockHash(int xBlock);
    bool isHashBlock(int xBlock);
    void BlockPadding(QByteArray& blockdata);
    QByteArray ExtractFile(const char* filename);
    QByteArray ReplaceFile(const QByteArray& filedata);

private:

};

#endif // STFS_H

stfs.cpp

#include "stfs.h"

STFS::STFS()
{
}

STFS::STFS(const QByteArray &stfsdata)
{
    Init(stfsdata);
}

STFS::~STFS()
{
}

void STFS::Init(const QByteArray &stfsdata)
{
    // make a copy of the origional data
    origional = stfsdata;

    // Break the file into blocks
    for (int x = 0xC; x < (stfsdata.size() / BLOCK); x++)
    {
        stfs_blocks.push_back( stfsdata.mid((x * BLOCK), BLOCK) );
    }

    // read table 0 into hashs
    for (int x = 0; x < (BLOCK / HASH_BLOCK); x++)
    {
        hash_blocks.push_back( stfsdata.mid((x * HASH_BLOCK) + TABLE0, HASH_BLOCK) );
    }

    // remove crap and leave DATA BLOCKS ONLY
    for (int x = 0; x < stfs_blocks.size(); x++)
    {
        if (isHashBlock(x))
        {
            if ((x * BLOCK) + DATA_START != MASTER_TABLE)
            {
                for (int y = 0; y < (BLOCK / HASH_BLOCK); y++)
                {
                    hash_blocks.push_back( stfs_blocks[x].mid((y * HASH_BLOCK), HASH_BLOCK) );
                }
            }

            x++;
        }
        else
        {
            data_blocks.push_back(stfs_blocks[x]);
        }
    }

    // read the master table
    for (int x = 0; x < (BLOCK / HASH_BLOCK); x++)
    {
        master_table.push_back( stfsdata.mid((x * HASH_BLOCK) + MASTER_TABLE, HASH_BLOCK) );
    }
}

void STFS::ValidBlock(int xBlock)
{

    QByteArray calcd_hash = QCryptographicHash::hash(data_blocks[xBlock], QCryptographicHash::Sha1);

    qDebug() << "Block: " << hex << (xBlock + 0xC) << " Offset: " << hex << ((xBlock) * BLOCK) + DATA_START;
    qDebug() << "Current Hash: " << hash_blocks[xBlock].mid(0, 0x14).toHex();
    qDebug() << "Cacled Hash: " << calcd_hash.toHex();

    if (calcd_hash == hash_blocks[xBlock].mid(0, 0x14))
        qDebug() << "Valid: TRUE";
    else
        qDebug() << "Valid: FALSE";

    qDebug();
}

void STFS::ValidMaster()
{
    // hash calc the block
    QByteArray pblock;

    for (int x = 0; x < (BLOCK / HASH_BLOCK); x++)
        pblock.append(hash_blocks[x]);

    // pad out the pblock
    BlockPadding(pblock);

    QByteArray hash = QCryptographicHash::hash(pblock, QCryptographicHash::Sha1);

    qDebug() << "Caled Hash: " << hash.toHex();
    qDebug() << "Master Table: " << master_table[0].left(0x14).toHex();
}

QByteArray STFS::ReadBlock(int xBlock)
{
    return data_blocks.at(xBlock);
}

void STFS::FixBlockHash(int xBlock)
{
    hash_blocks[xBlock].append( QCryptographicHash::hash(data_blocks[xBlock], QCryptographicHash::Sha1) );
}

bool STFS::isHashBlock(int xBlock)
{
    int block_offset = (xBlock * BLOCK) + DATA_START;

    if (block_offset == MASTER_TABLE)
        return TRUE;

    if (xBlock % 0xAC == 0 && xBlock > 0)
    {
        return TRUE;
    }

    return FALSE;
}

void STFS::BlockPadding(QByteArray &blockdata)
{
    int npadding = BLOCK - blockdata.size();

    for (int x = (BLOCK - npadding); x < BLOCK; x++)
        blockdata.append(QChar(0x00));

}

• SMC
• KeyVault
• BootLoaders (CB, CD, CE, CF, CG)
• Flash Filesystem etc…

For testing purposed I checked all my extracts against the ones created by 360 Flash Tool v0.97 (created by Robinsod, TheSpecialist and SeventhSon) every one matched byte for byte except my damn CD :s for some reason my CD  the first 0xf0 bytes matched exactly then the next 0×110 would be different, however then the next 0xf0 would match again etc.. this continues on until EOF is reached (as witch the last 0xf0 bytes are matching :s)

My only guess is this has something to do with me not breaking the file down into 0×4000 byte sections and treating each 0×4000 bytes as a data block. Nands are nasty little creatures! If anyone knows anything about the layout of the XBOX 360 nand image please feel free to comment me on here as I would like to hear from you.

So far I’ve been able to extract and decrypt the SMC (Southbridge) that was interesting! If people are interested I would be happy to post the code. Also if anyone has any advice or knows what they are doing drop me a line if you don’t mind answering some questions.