I know hacked xors are easy enough to make; there were plenty of them with region hacks when cps2 was first emulated. But you're missing the point, it appears that the hacked xors are being used to run revisions that haven't been decrypted yet (using encrypted program roms that have yet to be decrypted by Raz). As Malice pointed out, this may not mean they have any real understanding of the encryption itself....but it might mean that different revisions of the same game have the same or similar encryption key.

> I'm not in the know, but as far as I can imagine this is what happens.
>
> An emulator needs the decrypted rom to run. So it eats the encrypted rom and the
> xor file, and does this:
>
> decryptedrom = encryptedrom XOR xorfile
>
> But actually the xorfile is thus produced by Razoola:
>
> xorfile = encryptedrom XOR decryptedrom
>
> The encrypted rom is dumped off the chips. The decrypted rom is ripped by
> Razoola's trojan via the coin led or something.
>
> Now, if you know how to change the decrypted rom in order to switch region and
> make your character's skin blue instead of yellow, all you have to do is
>
> l337xorfile = encryptedrom XOR h4xx0reddecryptedrom
>
> As you can see, the encrypted rom is still the same everybody uses, you just
> have to craft a different decrypted rom (which is hackable machine code) and
> produce a new xor file via the above procedure. Where is CPS2 encryption
> involved?
>
> BTW, it looks like every game has a different method, so bruteforcing a game's
> "key" (if it's really a key and not an algo) wouldn't work for other games. As
> if they hadn't tried already.
>
> My 2 cents.
>
>