To quote: As a first step toward a "release", I've committed the tool to build an image suitable for the hack, as well as some additional information and a description of "how it works".
I understand that not all of the required binaries are available right now, but we'll work on provider ways to derive them from nand dumps. But those of you who are able to recover the required binaries should be able to build an image which boots right into xell.
There are 3 things that we have to take care about:
• The 1920+ CB/CD. If somebody has a 1920 box, just do the timing attack, extract your cpu key, add that cpukey into "decrypt_CD", and use that image. You'll get the decrypted CB/CD in your "output"-directory. I'll then describe how to build the 1921 and the other CDs from that.
• the hacked SMC for kicking off the read. You basically need to add writing to the nand command...