Xbox 360 ISO/Remote Recoveries & SDKs

Discussion in 'File Downloads - Share and Request' started by XeDK, May 18, 2016.

  1. Falcon

    Falcon psilocybin <3

    Joined:
    Feb 9, 2017
    Messages:
    80
    Likes Received:
    17
    I was replying to the general discussion.
     
  2. im twizt3d 24 7

    im twizt3d 24 7 Rising Member

    Joined:
    Jun 20, 2017
    Messages:
    61
    Likes Received:
    24
  3. acabey

    acabey Rising Member

    Joined:
    Aug 2, 2017
    Messages:
    66
    Likes Received:
    21
    Who was this directed at? Who is "releasing" RGloader? What is a Domo?
     
  4. im twizt3d 24 7

    im twizt3d 24 7 Rising Member

    Joined:
    Jun 20, 2017
    Messages:
    61
    Likes Received:
    24
    XDK XamPatchData

    //v17511

    const BYTE PATCH_DATA_KXAM_DEVKIT[480] = {


    0x80, 0x04, 0x04, 0x60, 0x00, 0x00, 0x00, 0x01, 0x44, 0x67, 0x00, 0x00,

    0x80, 0x04, 0x04, 0x68, 0x00, 0x00, 0x00, 0x01, 0x07, 0x60, 0x00, 0x00,

    0x81, 0xAB, 0xD3, 0x80, 0x00, 0x00, 0x00, 0x01, 0x38, 0x60, 0x00, 0x01,

    0x81, 0xB4, 0x88, 0x5C, 0x00, 0x00, 0x00, 0x01, 0x60, 0x00, 0x00, 0x00,

    0x81, 0xB4, 0x88, 0x70, 0x00, 0x00, 0x00, 0x01, 0x60, 0x00, 0x00, 0x00,

    0x81, 0xAB, 0xD3, 0x34, 0x00, 0x00, 0x00, 0x01, 0x38, 0x60, 0x00, 0x01,

    0x81, 0x73, 0x68, 0x20, 0x00, 0x00, 0x00, 0x01, 0x60, 0x00, 0x00, 0x00,

    0x81, 0xCB, 0x8B, 0x58, 0x00, 0x00, 0x00, 0x01, 0x38, 0xC0, 0x44, 0x67,

    0x81, 0x74, 0x43, 0x34, 0x00, 0x00, 0x00, 0x01, 0x38, 0xC0, 0x44, 0x67,

    0x81, 0x68, 0xA4, 0xEC, 0x00, 0x00, 0x00, 0x01, 0x78, 0x6F, 0x73, 0x63,

    0x81, 0x68, 0xA5, 0x12, 0x00, 0x00, 0x00, 0x01, 0x78, 0x6F, 0x73, 0x63,

    0x81, 0x72, 0xBD, 0xC8, 0x00, 0x00, 0x00, 0x01, 0x60, 0x00, 0x00, 0x00,

    0x81, 0x82, 0x0E, 0x4C, 0x00, 0x00, 0x00, 0x01, 0x60, 0x00, 0x00, 0x00,

    0x81, 0x82, 0x0E, 0x78, 0x00, 0x00, 0x00, 0x01, 0x60, 0x00, 0x00, 0x00,

    0x81, 0x82, 0x11, 0x20, 0x00, 0x00, 0x00, 0x01, 0x60, 0x00, 0x00, 0x00,

    0x81, 0xD2, 0x33, 0x50, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,

    0x80, 0x0A, 0xF5, 0xCC, 0x00, 0x00, 0x00, 0x01, 0x60, 0x00, 0x00, 0x00,

    0x80, 0x09, 0xFE, 0x50, 0x00, 0x00, 0x00, 0x01, 0x60, 0x00, 0x00, 0x00,

    0x81, 0x75, 0xC8, 0xEC, 0x00, 0x00, 0x00, 0x01, 0x48, 0x00, 0x00, 0x10,

    0x81, 0x88, 0x00, 0xB8, 0x00, 0x00, 0x00, 0x02, 0x38, 0x60, 0x00, 0x04,

    0x4B, 0xD7, 0x06, 0x3D, 0x81, 0xD2, 0x75, 0xA4, 0x00, 0x00, 0x00, 0x01,

    0x44, 0x67, 0x00, 0x00, 0x81, 0x82, 0x33, 0x10, 0x00, 0x00, 0x00, 0x02,

    0x60, 0x00, 0x00, 0x00, 0x39, 0x60, 0x44, 0x67, 0x81, 0x7B, 0xE3, 0x60,

    0x00, 0x00, 0x00, 0x01, 0x60, 0x00, 0x00, 0x00, 0x81, 0x7B, 0xE3, 0x94,

    0x00, 0x00, 0x00, 0x01, 0x48, 0x00, 0x00, 0x48, 0x81, 0x6B, 0x6F, 0x12,

    0x00, 0x00, 0x00, 0x01, 0x37, 0x35, 0x30, 0x32, 0x81, 0x73, 0x42, 0x04,

    0x00, 0x00, 0x00, 0x01, 0x48, 0x00, 0x00, 0x14, 0x81, 0x73, 0x3A, 0xCC,

    0x00, 0x00, 0x00, 0x01, 0x4B, 0xFF, 0xFF, 0x04, 0x81, 0x74, 0x45, 0x9C,

    0x00, 0x00, 0x00, 0x01, 0x2B, 0x3F, 0x44, 0x67, 0x81, 0xAC, 0xCC, 0xE0,

    0x00, 0x00, 0x00, 0x01, 0x48, 0x00, 0x03, 0x58, 0x81, 0x75, 0x67, 0x4C,

    0x00, 0x00, 0x00, 0x01, 0x48, 0x00, 0x00, 0x28, 0x81, 0x7A, 0x80, 0xE8,

    0x00, 0x00, 0x00, 0x01, 0x39, 0x60, 0x00, 0x01, 0x81, 0x7A, 0x81, 0x54,

    0x00, 0x00, 0x00, 0x01, 0x39, 0x60, 0x00, 0x01, 0x81, 0x7A, 0x81, 0x5C,

    0x00, 0x00, 0x00, 0x01, 0x39, 0x60, 0x00, 0x01, 0x81, 0x7A, 0x81, 0x48,

    0x00, 0x00, 0x00, 0x01, 0x39, 0x60, 0x00, 0x01, 0x81, 0x7B, 0x3A, 0x14,

    0x00, 0x00, 0x00, 0x01, 0x60, 0x00, 0x00, 0x00, 0x81, 0x96, 0xB6, 0x64,

    0x00, 0x00, 0x00, 0x01, 0x48, 0x00, 0x00, 0x38, 0x81, 0x94, 0xF1, 0x64,

    0x00, 0x00, 0x00, 0x01, 0x48, 0x00, 0x00, 0x18, 0x81, 0x96, 0xBB, 0x08,

    0x00, 0x00, 0x00, 0x01, 0x48, 0x00, 0x00, 0x3C, 0x81, 0x78, 0xA5, 0xB0,

    0x00, 0x00, 0x00, 0x01, 0x60, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF

    };
    /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
    Patch HV FOR XDK

    #define hvExecuteRc4 0x6148

    #define hvExecuteSig 0x617C

    VOID patchHVExecute(void) {

    if (!IsDevkit) {

    //==============================================================


    HvPeekBytes(0x0000000200010040, hvRandomData, 0x80);

    //==============================================================


    DWORD bl1KeyPtr = 0;//pull 1bl key from 1bl


    //==============================================================


    HvPeekBytes(0x80000200000000FC, &bl1KeyPtr, 0x4);

    bl1KeyPtr += 0x148;

    //==============================================================


    BYTE testBuffer[0x10];

    //==============================================================


    HvPeekBytes(0x8000020000000000 + (QWORD)bl1KeyPtr, testBuffer, 0x10);

    HvPokeBytes(0x200016390, testBuffer, 0x10);

    //==============================================================


    *(DWORD*)&testBuffer[0] = 0xCE1CE2CD;

    *(DWORD*)&testBuffer[4] = 0xCABDB8A5;

    *(DWORD*)&testBuffer[8] = 0xE459CD43;

    *(DWORD*)&testBuffer[12] = 0xF87C56B5;

    //


    HvPokeBytes(0x80000102000100F0, testBuffer, 0x4);

    HvPokeBytes(0x80000102000100F4, testBuffer + 4, 0x4);

    HvPokeBytes(0x80000102000100F8, testBuffer + 8, 0x4);

    HvPokeBytes(0x80000102000100FC, testBuffer + 12, 0x4);

    //==============================================================


    *(DWORD*)&testBuffer[0] = 0x409AFFC4;

    *(DWORD*)&testBuffer[4] = 0x409AFFB0;

    //


    HvPokeBytes(0x80000106000304E8, testBuffer, 0x4);

    HvPokeBytes(0x80000106000304FC, testBuffer + 4, 0x4);

    //==============================================================


    *(DWORD*)&testBuffer[0] = 0x419AFF40;

    //


    HvPokeBytes(0x800001060003089C, testBuffer, 0x4);

    //==============================================================


    *(DWORD*)&testBuffer[0] = 0x817F0008;

    *(DWORD*)&testBuffer[4] = 0x7F0BE040;

    *(DWORD*)&testBuffer[8] = 0x4199FF34;

    //


    HvPokeBytes(0x80000106000308A0, testBuffer, 0x4);

    HvPokeBytes(0x80000106000308A4, testBuffer + 4, 0x4);

    HvPokeBytes(0x80000106000308A8, testBuffer + 8, 0x4);

    //==============================================================


    *(DWORD*)&testBuffer[0] = 0x480038DB;

    //


    HvPokeBytes(0x80000104000264F0, testBuffer, 0x4);

    //==============================================================


    *(DWORD*)&testBuffer[0] = 0x41980220;

    //


    HvPokeBytes(0x800001040002AA8C, testBuffer, 0x4);

    //==============================================================


    *(DWORD*)&testBuffer[0] = 0x4198022C;

    //


    HvPokeBytes(0x800001040002AA80, testBuffer, 0x4);

    ////==============================================================


    *(DWORD*)&testBuffer[0] = 0x2F030000;

    *(DWORD*)&testBuffer[4] = 0x409A00C0;

    HvPokeBytes(0x800001040002A30C, testBuffer, 0x4);

    HvPokeBytes(0x800001040002A310, testBuffer + 4, 0x4);



    memset((BYTE*)0x8E038780, 0, 0x14);

    //==============================================================


    *(PDWORD)((DWORD)ResolveFunction(NAME_XAM, 0x1C8) + 0x16C) = 0x60000000; // Nop MmGetPhysicalAddr to get the salt


    *(PDWORD)((DWORD)ResolveFunction(NAME_XAM, 0x212) + 0x140) = 0x39600001; // Gold Spoofing


    *(PDWORD)((DWORD)ResolveFunction(NAME_XAM, 0x212) + 0x1A0) = 0x39600001; // Gold Spoofing


    *(PDWORD)((DWORD)ResolveFunction(NAME_XAM, 0x212) + 0x1AC) = 0x39600001; // Gold Spoofing


    *(PDWORD)((DWORD)ResolveFunction(NAME_XAM, 0x212) + 0x1B4) = 0x39600001; // Gold Spoofing


    //==============================================================


    }

    }

    DWORD ApplyPatches(CHAR* FilePath, const VOID* DefaultPatches = NULL) {


    DWORD patchCount = 0;

    MemoryBuffer mbPatches;

    DWORD* patchData = (DWORD*)DefaultPatches;

    if (FileExists(FilePath)) {

    if (!CReadFile(FilePath, mbPatches))

    return patchCount;


    patchData = (DWORD*)mbPatches.GetData();

    }

    if (patchData == NULL) {

    return 0;


    }

    while (*patchData != 0xFFFFFFFF) {


    BOOL inHvMode = (patchData[0] < 0x40000);

    QWORD patchAddr = inHvMode ? (0x200000000 * (patchData[0] / 0x10000)) + patchData[0] : (QWORD)patchData[0];

    if (inHvMode)

    HvPokeBytes(patchAddr, &patchData[2], patchData[1] * sizeof(DWORD));

    else


    SetMemory((VOID*)patchData[0], &patchData[2], patchData[1] * sizeof(DWORD));


    patchData += (patchData[1] + 2);

    patchCount++;

    }

    return patchCount;


    }

    HRESULT Initialize() {

    if ((XboxHardwareInfo->Flags & 0x20) == 0x20) {

    if (CreateSymbolicLink(DRIVE_HDD, DEVICE_NAME_HDD,TRUE) != ERROR_SUCCESS) {

    return E_FAIL;


    }

    } else {

    if (CreateSymbolicLink(DRIVE_USB, DEVICE_NAME_USB, TRUE) != ERROR_SUCCESS) {

    return E_FAIL;


    }

    RunningFromUSB = TRUE;

    }

    IsDevkit = *(DWORD*)0x8E038610 & 0x8000 ? FALSE : TRUE;
    };

    //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////


    AND THERE IS LITTLE ODDS AND ENDS STILL BUT THIS IS THE BIGGEST PART.
     
    Blob and Falcon like this.
  5. peekpoke

    peekpoke Member

    Joined:
    Jun 26, 2017
    Messages:
    23
    Likes Received:
    11
    Can someone put .17 SDK back online?

    Thanks

    Not in the S7 club...
     
  6. acabey

    acabey Rising Member

    Joined:
    Aug 2, 2017
    Messages:
    66
    Likes Received:
    21
    Can you explain what's actually going on here? No one learns anything from this random code snippet. It's a compiled KXAM patch set. What are the patches doing?
     
  7. im twizt3d 24 7

    im twizt3d 24 7 Rising Member

    Joined:
    Jun 20, 2017
    Messages:
    61
    Likes Received:
    24
    its simple if you have a xbls source then add the XamPatchData to a txt doc and save it named "PatchData.h
    the hv patch data goes in the Main.cpp of the source. then build it using Microsoft VS.
     
  8. acabey

    acabey Rising Member

    Joined:
    Aug 2, 2017
    Messages:
    66
    Likes Received:
    21
    That does not help. I don't want to know how do use it, I want to know what it's doing on a technical level. I appreciate you having shared the source, but if it is just leaked stuff from XBLS or whoever and you don't actually understand it, no one is gaining anything here.
     
  9. fate6

    fate6 Haha, I killed a Pumpkin!

    Joined:
    May 16, 2013
    Messages:
    973
    Likes Received:
    351
    I think what that's doing is patching something in XAM so the XDK can go on ProdNet/XBL.
    Probably reporting and answering to challenges as a retail.

    IDK :/
     
  10. acabey

    acabey Rising Member

    Joined:
    Aug 2, 2017
    Messages:
    66
    Likes Received:
    21
    On XBLS/Ninja the console does not reply to the challenges, that is done by the server in order to protect the challenge response data.
     
  11. im twizt3d 24 7

    im twizt3d 24 7 Rising Member

    Joined:
    Jun 20, 2017
    Messages:
    61
    Likes Received:
    24
    U WONT FIND THAT CODE IN A LEAKED SOURCE.
     
  12. acabey

    acabey Rising Member

    Joined:
    Aug 2, 2017
    Messages:
    66
    Likes Received:
    21
    Did you write it? If so, I would appreciate if you explained what it is doing. I don't mean to be confrontational, but it is as simple as that.

    If you did not write it, it was leaked.
     
  13. im twizt3d 24 7

    im twizt3d 24 7 Rising Member

    Joined:
    Jun 20, 2017
    Messages:
    61
    Likes Received:
    24
    it was explained and no I did not write it but it has not been leaked either...It simply patches the answers in the chall resp.bin and XamPatchFile.bin serverside as a retail. someone asked how one would do it I posted code to do just that. leaked yes when I dropped it here.
     
  14. mb2010

    mb2010 Member

    Joined:
    Jan 17, 2013
    Messages:
    13
    Likes Received:
    7
    Can someone re-up the .17 sdk. Thanks
     
  15. Be4stElectrjc

    Be4stElectrjc Active Member

    Joined:
    Oct 24, 2016
    Messages:
    38
    Likes Received:
    1
    Can a good soul re-up the .17 SDK?
     
  16. tempsorryhadtopost

    tempsorryhadtopost Stupid dumb Idiot

    Joined:
    Jan 4, 2018
    Messages:
    33
    Likes Received:
    17
    Fresh new .17 SDK link as requested. If anyone has any unreleased or obscure recovery images/remotes ranging anywhere from blades to Kinect I would greatly appreciate that. Specifically interested in Pre-NXE as well as Kinect era.

    You will be able to find what you're looking for somewhere in this page;
    https://pastebin.com/0E8fCrwJ

    Wii U, Xbox 360, Playstation 4, Playstation, 3DS - No content from any games released in the past four (4) years. Officially released (press or promo) files are allowed. No direct download links to SDK files. Linking to another site with SDK files or with a link to your MEGA is fine. Do not directly link to your MEGA folder, you must not be able to click on a link on this site and get a file. Example: Assemblergames.com --> 2nd site with links --> get file or mega link. Any other tools released by a 3rd party are allowed, as long as they are free and aren't solely designed for backups.
     
    Last edited: Jan 8, 2018
  17. Johnny

    Johnny Gran Turismo Freak and Site Supporter 2013,2015

    Joined:
    Mar 14, 2004
    Messages:
    6,230
    Likes Received:
    397
    Edited the previous post to remove the direct link.
     
  18. tempsorryhadtopost

    tempsorryhadtopost Stupid dumb Idiot

    Joined:
    Jan 4, 2018
    Messages:
    33
    Likes Received:
    17
    Gotcha, thanks. Sorry for the violation, I'll be sure to correct that later tonight.
     
    CodeAsm and Johnny like this.
  19. Digital-B

    Digital-B CavePotato

    Joined:
    Feb 15, 2018
    Messages:
    4
    Likes Received:
    2
    can you please re upload the link is dead. :(
     
  20. Traace

    Traace Rapidly Rising Member

    Joined:
    Nov 22, 2016
    Messages:
    85
    Likes Received:
    64
    PM dropped ;)
     
    Digital-B likes this.

Share This Page