Xbox One:Dumping Games with Durango Dumplings v2: Difference between revisions

From ConsoleMods Wiki
Jump to navigation Jump to search
(WIP)
 
No edit summary
 
(24 intermediate revisions by the same user not shown)
Line 1: Line 1:
[[File:Durango_Dumplings_v2_Run_Menu.png|thumb|Durango Dumplings v2 Run Menu]]
{{Warning|Ensure that your network is setup to prevent the Xbox from reaching the internet. It's recommended to block your Xbox's MAC addresses from accessing the WAN in your router settings, to turn off auto-updates, and to set the DNS setting on the Xbox to 127.0.0.1.}}
{{Warning|Ensure that your network is setup to prevent the Xbox from reaching the internet. It's recommended to block your Xbox's MAC addresses from accessing the WAN in your router settings, to turn off auto-updates, and to set the DNS setting on the Xbox to 127.0.0.1.}}
This page will walk you through dumping Xbox One/Series games on a compatible firmware device.
This page will walk you through dumping Xbox One/Series, Xbox 360, and original Xbox games on a compatible firmware Xbox One/Series device. A video tutorial can be found on [https://www.youtube.com/watch?v=G4n4jh_A4i4 Modded Warfare's YouTube channel].


Credit to InvoxiPlayGames/Emma and XboxOneResearch for most of these tools, BirdonWheels for the [https://www.xbox-scene.info/forums/topic/532-how-to-dump-xbox-oneseries-games-with-gamescript-and-vermintide-2-durango-dumplings-v2-monosodium-glutamate-edition/ original guide] which was used as the basis for this page, and burninrubber0 from the Xbox Scene Discord for the dump_gamesaves.bat script. A video tutorial can be found on [https://www.youtube.com/watch?v=rqZSudPJ31s KsAmJ Gaming & Tech's YouTube channel], though it does not use the pre-packaged dumping pack.
<u>Credit to</u>:
* carrot_c4k3 and landaire for the Collateral Damage exploit
* InvoxiPlayGames/Emma and XboxOneResearch for most of these tools
* BirdonWheels for the [https://www.xbox-scene.info/forums/topic/532-how-to-dump-xbox-oneseries-games-with-gamescript-and-vermintide-2-durango-dumplings-v2-monosodium-glutamate-edition/ original guide] which was used as the basis for this page
* [[User:Derf]] and RolyPoly for the run.ps1 script
* Various people from the Xbox Scene Discord


== Dumping Games ==
== Pre-requisites ==
 
=== Pre-requisites ===


* Xbox One / Series firmware version 4478, 4908, or 4909.
* Xbox One / Series firmware version 4478, 4908, or 4909.
Line 13: Line 17:
** Disc copy will allow you to dump a digital game
** Disc copy will allow you to dump a digital game
* The game you are dumping must be installed on your Internal Storage.
* The game you are dumping must be installed on your Internal Storage.
** You can follow [[Xbox_One:Adding_New_Games_to_Offline_Console|this guide]] to add games to your console, provided you had previously launched it on the console before or it is a disc-based game.
* The game you are dumping must be able to be launched while offline.
* The game you are dumping must be able to be launched while offline.
** "Check your connection" - This error will show if it successfully launched, but the game requires an internet connection. These games can be dumped.
** "Check your connection" - This error will show if it successfully launched, but the game requires an internet connection. These games can be dumped.
** "To start this game or app you need to be signed in to the Xbox network." - You do not have a valid license for the game. It either was purchased and never launched or an expired Game Pass game. You cannot dump these games.
** "To start this game or app you need to be signed in to the Xbox network." - You do not have a valid license for the game or the disc is not inserted (if it's a disc based game). You cannot dump these games if it was a digital game that was purchased and never launched while online. If it's an expired Game Pass game, you may be able to set your system clock to a time in which the expired license was valid.
** "Use this Xbox regularly? Make it your home Xbox so you can play games you own, even offline." - Displayed when you attempt to launch a game licensed to an account that does not have this Xbox set as the home Xbox. You cannot dump these games.
** "Use this Xbox regularly? Make it your home Xbox so you can play games you own, even offline." - Displayed when you attempt to launch a game licensed to an account that does not have this Xbox set as the home Xbox. You cannot dump these games.
* Backup the game you want to dump, as the original copy will break. Copy the game to a USB flash drive via the Xbox dashboard.
* Preferably connect your Xbox via ethernet, as Wi-Fi connections have been shown to drop files out of dumps.
* Preferably connect your Xbox via ethernet, as Wi-Fi connections have been shown to drop files out of dumps.
* Preferably a static IP on your PC, as you will be hardcoding an IP address in multiple config files.
== Initial Setup ==


=== PC Preparation ===
=== PC Preparation ===


# Download the [[File:Xbox_One_Game_Dumping_Pack_v2.0.zip|Xbox One Game Dumping Pack v2.0]] and extract it to your PC. This contains everything you need (except copyrighted files) to dump games.
# Download the [[File:Xbox_One_Game_Dumping_Pack_v2.0.zip|Xbox One Game Dumping Pack v2.1]] and extract it to your PC. This contains everything you need to dump games except copyrighted files.
//////////////////////////
# Download the [https://dotnet.microsoft.com/en-us/download/dotnet/thank-you/sdk-6.0.424-windows-x64-binaries .NET 6.0.424 SDK x86_64 Binary for Windows] and extract dotnet-sdk-6.0.424-win-x64.zip into the `\Copy to Flash Drive\dotnet\` folder.
# Download the [https://dotnet.microsoft.com/en-us/download/dotnet/thank-you/sdk-6.0.424-windows-x64-binaries .NET 6.0.424 SDK x86_64 Binary for Windows].
# Download [https://github.com/PowerShell/PowerShell/releases/tag/v7.2.3 PowerShell-7.2.3-win-x64.zip] and extract the contents into the `\Copy to Flash Drive\pwsh\` folder.
# Format a USB flash drive as NTFS.
# Format a USB flash drive as NTFS and copy the contents of the `Copy to Flash Drive` folder to the root of your USB flash drive and safely eject the flash drive.
# Extract dotnet-sdk-6.0.424-win-x64.zip into the `\Copy to Flash Drive\dotnet\` folder.  
# Open the htdocs folder and edit gamescript_autosave_network.txt. Replace `YOUR IP HERE` with the IP address of the PC you are going to run the exploit from.
# Copy the contents of the `Copy to Flash Drive` folder to the root of your USB flash drive and safely eject the flash drive.
# Open the TwoDump folder and open `stage2.lua` and replace `YOUR IP HERE` with the IP of your PC.
# Open the OneDumpgame folder and open `dumpgame.lua` in Notepad. Replace the IP address near the top with the IP of your PC and save.
# Open the collateral_damage_v1_remote folder and edit gamescript_autosave_network.txt. Replace `YOUR IP HERE` with the IP address of the PC you are going to run the exploit from.
# In the LuaFFI-CE folder, edit `stage1.lua` and replace "YOUR IP HERE" in `local serverIp = "YOUR IP HERE"` with your PC's IP address.
# In the LuaFFI-CE folder, edit `stage2.lua` and replace "YOUR IP HERE" in `local serverIp = "YOUR IP HERE"` with your PC's IP address.


=== Game Script Reverse Shell (SystemOS) ===
=== Game Script Reverse Shell ===
[[File:Collateral Damage Shell.jpeg|thumb|A successful execution of Collateral Damage for Xbox One/Series, returning a reverse shell.]]
[[File:Collateral Damage Shell.jpeg|thumb|A successful execution of Collateral Damage for Xbox One/Series, returning a reverse shell.]]
Perform the Collateral Damage Game Script exploit as detailed below to obtain a reverse shell.
Perform the Collateral Damage Game Script exploit as detailed below to obtain a reverse shell.
Line 40: Line 43:
# Run miniweb.exe. If it asks for permissions to run, check both boxes and select "Allow Access". A command prompt window should open.
# Run miniweb.exe. If it asks for permissions to run, check both boxes and select "Allow Access". A command prompt window should open.
#* Note the IP address and port listed, e.g. `192.168.1.77:8000`.
#* Note the IP address and port listed, e.g. `192.168.1.77:8000`.
# On your Xbox, open Microsoft Edge and enter the full IP address and port into the address bar (e.g. `192.168.1.77:8000`). It should list the file present in the `htdocs` folder on your PC.
# On your Xbox, open Microsoft Edge and enter the full IP address and port into the address bar (e.g. `192.168.1.77:8000`). It should list the files present in the `htdocs` folder on your PC.
# Select `gamescript_autosave_network.txt`. It should display the contents of the script. Hover your cursor before the very first character, then hold A and drag the left stick down to highlight all of the text. Let go of A and then select "Copy" from the small menu that opens up.  
# Select `gamescript_autosave_network.txt`. It should display the contents of the script. Hover your cursor before the very first character, then hold A and drag the left stick down to highlight all of the text. Let go of A and then select "Copy" from the small menu that opens up.  
# Launch the Game Script app. Use the D-PAD to highlight "Paste code" and press A to paste the contents of the file you copied. Press B to close the keyboard.
# Launch the Game Script app. Use the D-PAD to highlight "Paste code" and press A to paste the contents of the file you copied. Press B to close the keyboard.
# Double-click `gamescript_reverse_shell.bat`. It will open a window for the server process with the last line being "Server listening..." and a second window running NetCat with the text "listening on [any] 7070 ...".
# Double-click `gamescript_reverse_shell_remote.bat`. It will open a window for the server process with the last line being "Server listening..." and a second window running NetCat with the text "listening on [any] 7070 ...".
#* It may ask multiple times for permission to run on the network, check both boxes and select "Allow Access".
#* It may ask multiple times for permission to run on the network, check both boxes and select "Allow Access".
# On your Xbox, open the Game Script app if not already there. Hold X and press RB to select "Windows", then let go of X.
# On your Xbox, open the Game Script app if not already there. Hold X and press RB to select "Windows", then let go of X.
# Using the D-PAD, select "Show Code Run window" and press A. On the new window that pops up, highlight the "Run code once" button and press A.
# Using the D-PAD, select "Show Code Run window" and press A. On the new window that pops up, highlight the "Run code once" button and press A.
#* After about 10-60 seconds, some traffic will appear on the payload and NetCat command windows, and if successful, you will have a reverse shell on the NetCat command window to be able to run commands against the Xbox.
#* After about 10-60 seconds, some traffic will appear on the payload and NetCat command windows, and if successful, you will have a reverse shell on the NetCat command window to be able to run commands against the Xbox.
#* If the Game Script app or the NetCat window closes, re-launch them and try again. If after multiple attempts it is still crashing, go to Settings > General > Power Options > Shutdown now, then turn your console back on and try again.
#* If the Game Script app or the NetCat window closes, re-launch them and try again. If after multiple attempts it is still crashing, go to Settings > General > Power Options > Shutdown now, then turn your console back on and try again. It may take a few tries until it is successful, but the following optional steps will replace the entry method to make it successful every time.
# Enter `U` to select the option to upgrade your Game Script reverse shell and provide your PC's IP address when prompted and press .
# Once you receive a success message, quit Game Script, run `gamescript_reverse_shell.bat` on your PC, re-open Game Script, and run the code as before. If it connects, the shell has been successfully upgraded to the "local" version.
 
From now on, you can obtain a reverse shell by running `gamescript_reverse_shell.bat` on your PC and executing the code in Game Script.


=== Modifying the Vermintide Game Save ===
=== Modifying the Vermintide Game Save ===
Line 54: Line 61:
These steps will guide you through modifying your Vermintide game save to be able to run the game dumper.
These steps will guide you through modifying your Vermintide game save to be able to run the game dumper.


<ol>
# In the reverse shell, enter `D:\pwsh` and then `.\run.ps1` to open the run menu.
<li> In the reverse shell, enter the following commands:
#* If you get an error related to signing, run the command `Set-ExecutionPolicy Unrestricted`.
<pre>
# Enter `1` to mount your save game storage.
set DOTNET_CLI_TELEMETRY_OPTOUT=1
# Enter `3` to back up your licenses to your USB flash drive.
D:\dotnet\dotnet.exe msbuild D:\mount_connectedstorage.xml
# Enter `6` to copy LicenseState.txt to your USB flash drive.
</pre>
# Enter `I` to inject the modified game save into Warhammer Vermintide 2. It will prompt you to enter your PC's IP address. Press Enter to accept the default port number.
</li>
# Optionally, enter `2`, `4`, and `5` to take backups of your game saves, registry, and XBFS (5GB free space required). This is not necessary for game dumping, but good to keep safe.
<ul><li> The previous command will output the Harddisk# where your saves are located (e.g. `XVD Mounted to \\?\GLOBALROOT\Device\Harddisk16\Partition1` indicates it is on Harddisk16). The rest of this guide will use Harddisk16 as an example.</li></ul>
# Enter `1` to unmount your save game storage.
<li> In the reverse shell, enter the following command, substituting your own Harddisk#, and your game saves and licenses will be dumped: </li>
<ul><pre>
mklink /j T:\connectedStorage "\\?\GLOBALROOT\Device\Harddisk16\Partition1\"
T:
cd connectedStorage
D:\dump.bat
mkdir D:\Licenses
copy S:\Clip D:\Licenses
</pre></ul>
<li> When it completes, unplug your USB flash drive and plug it into your PC. </li>
<li> On the flash drive, navigate to `\xb1\saves\connectedStorage\u_################_C05F0100-EAC5-49EB-943F-1A0E3C108361\`. This is your save for Warhammer Vermintide 2. Open the sole folder and there should be two files, one of them has a unique ID and the other is named "container". Open the unique ID file with notepad, delete all of the contents, and then paste the entire contents of `LuaFFI-CE\stage1.lua` into it and save. </li>
<li> Write down the path to this game save for future use, e.g. `\xb1\saves\connectedStorage\u_1111111111111111_C05F0100-EAC5-49EB-943F-1A0E3C108361\{AABBCCDD-EEFF-GGHH-IIJJ-KKLLMMNNOOPP}`. </li>
<li> Safely Eject your USB flash drive and plug it into your Xbox. </li>
<li> In the reverse shell, enter the following command, substituting your own path, and type "All" when prompted to overwrite: </li>
<ul>
<pre>
copy D:\xb1\saves\connectedStorage\{AABBCCDD-EEFF-GGHH-IIJJ-KKLLMMNNOOPP}  T:\connectedStorage\u_1111111111111111_C05F0100-EAC5-49EB-943F-1A0E3C108361\{AABBCCDD-EEFF-GGHH-IIJJ-KKLLMMNNOOPP}
</pre>
</ul>
</ol>


=== Finding your License File ===
== Dumping Games ==
Assuming all of the above steps were completed once, and your PC's IP address has not changed, you only need to follow the below instructions to dump games.
 
=== Loading your License File ===


==== Digital Game ====
==== Digital Game ====


<ol>
<div class="mw-collapsible mw-collapsed">
<li> On your PC, copy the contents of the `Licenses` folder on the flash drive into the `\LicenseClipFinder\Clips\` folder.
<li> Double click `run_license_clip_finder.bat` to start LicenseClipFinder. It will output a "Licenses.txt" file which will contain the '''content ID''' and '''license path''' associated with all of your games.
<ul><li> If you do not have a recent enough .NET version, it may prompt you with a link to download it from Microsoft. Install it and try again. </ul>
<li> If not already done, copy the game you wish to dump to a USB flash drive, as the dumping process will break the game and it will be useful to have a backup.
</ol>


==== Disc Game ====
Follow this process if the game you are dumping is a digital game.


<ol>
# In the reverse shell, enter D:\pwsh and then `.\run.ps1` to open the run menu.
<li> In your the reverse shell, enter the following command:
# If you've added the license for the game you wanted to dump since the last time you've dumped your LicenseState.txt, enter `6` to copy LicenseState.txt to your USB flash drive.
<ul>
# Enter `7`. You will be prompted to select your desired game license from the list. Note the '''content ID''' for later.
<pre>
type O:\MSXC\Metadata\catalog.js
</pre>
<li> The '''content ID''' of the game will be listed, e.g. ` 7049126b-609b-4d08-b5cb-0d407e8dfec1`. It may be spaced out, so you will need to copy the value after "content ID" and remove the spaces. Note this information for later.
</ul>
<li> In your the reverse shell, enter the following command:
<ul>
<pre>
dir O:\Licenses\
</pre>
<li> Note the name of the file it reports back, e.g. `O:\Licenses\License0.xml`. Note this '''license path''' for later.
</ul>
</ol>


=== Dumping your Game ===
</div>


The next steps will walk you through setting up the server that will receive the game dump(s).
==== Xbox One/Series Disc Game ====
 
<div class="mw-collapsible mw-collapsed">
 
Follow this process if the game you are dumping is a disc-based Xbox One/Series game. Ensure that the disc is inserted at this point.
 
# In the reverse shell, enter D:\pwsh and then `.\run.ps1` to open the run menu.
# Enter `8` to load the disc license. Note the '''content ID''' for later.
 
</div>


<ol>
==== Original Xbox or Xbox 360 Games ====
<li> Reboot your Xbox. This is required to unlink `T:\connectedStorage`.
<li> Start Warhammer Vermintide 2. Press the Xbox (home) button, then on the Warhammer icon press Start and choose "Quit".
<li> Plug your flash drive into the Xbox.
<li> On your PC, run `gamescript_reverse_shell.bat` again.
<li> Open the Game Script app and run the exploit again by holding X and pressing RB to select window, selecting "Show Code Run window", and clicking "Run code once" to obtain a reverse shell again.
<li> In the reverse shell, enter:
<ul>
<pre>
D:\dotnet\dotnet.exe msbuild D:\get_tempxvd_owners.xml
</pre>
</ul>
<li> Temporary XVD(s) will be listed. Note the value listed for "Vermintide2", e.g. `00`. Avoid launching any games on your system from this point onward, as it may change this value.
<li> Plug your flash drive into your PC and edit prepare_gamedump.xml. Search for `/* EDIT ME */` and you will find a marked section toward the bottom with three lines that you will need to edit:
<ul>
<li>Replace the `00` in `temp00` with the value found in the last step (if it's not 00)
<li>Replace `PUT-CONTENT-ID-OF-GAME-HERE` with the '''content ID''' for the game you want to dump. This was listed in your Licenses.txt file (digital game) or identified earlier when looking at your O: drive (disc game).
<li>Replace `S:\Clip\PUT-LICENSE-FILE-NAME-HERE` with the '''license path''' of the game you want to dump. This was listed in your Licenses.txt file (digital game) or identified earlier when looking at your O: drive (disc game).
<li>If using a Series console, change `XTE` to `XUC` in this line as follows: `const string TEMP_XVD_PATH = @"[XUC:]\temp00"; // Replace with temp<NUM> of exploited game`
</ul>
<li> Plug your USB flash drive back into your Xbox.
<li> In the reverse shell, enter:
<ul>
<pre>
D:\dotnet\dotnet.exe msbuild D:\prepare_gamedump.xml
</pre>
</ul>
<li> If successful, it will stream the files into the temp XVD for Warhammer Vermintide 2 and constantly update the status. When complete, it will show "License file loaded".
<ul><li> If the game is >39GB, it may fail out and show the error "There is not enough space on the disk". </ul>
<li> Double-click `dump_game.bat`. It will open another NetCat instance and a second window showing "Waiting for connection...".
<ul><li> It may ask multiple times for permission to run on the network, check both boxes and select "Allow Access". </ul>
<li> Launch Warhammer Vermintide 2 and press "A" on the title screen. If everything was done correctly, the game should freeze and you should see traffic in one of the command prompt windows and the files being written to `.\OneDumpgame\tx\`.
<ul><li> If anything appears wrong, see the troubleshooting section below. You can always close Warhammer Vermintide 2 and re-open it, repeating this step. </ul>
<li> It's highly recommended to copy the contents of `.\OneDumpgame\tx\` to another folder and dump the game again. Afterwards, check the file size of both folders to make sure they exactly match, verifying that you had a good dump.
</ol>


== Optional Steps ==
<div class="mw-collapsible mw-collapsed">


=== Restoring Games after Dumping ===
Follow this process if the game you are dumping is a disc-based original Xbox game. Ensure that the disc is inserted at this point.


You may notice that your game might not start after successfully running prepare_gamedump.xml, and it will be stuck in an updating state.  
# In the reverse shell, enter D:\pwsh and then `.\run.ps1` to open the run menu.
# If you've added the license for the game you wanted to dump since the last time you've dumped your LicenseState.txt, enter `6` to copy LicenseState.txt to your USB flash drive.
# Enter `9`. You will be prompted to select your desired game license from the list. Note the '''content ID''' for later.


# Uninstall the game from the internal storage. The Xbox may appear to be stuck when attempting to uninstall the game, but be patient and if reboot until the game is gone from Internal Storage.
</div>
# Copy the game over from USB External Storage to the Internal Storage via the Storage Devices option in Settings.
# Use Game Script to obtain a reverse shell. Copy the license for game from USB flash drive to S:\Clip.
# Reboot Xbox, then start the game. It will get the game ready and then launch.


=== Warhammer Reverse Shell (GameOS) ===
=== Starting the Dump ===


In the event that you want to see what files were streamed to the Warhammer XVD, you can open up a reverse shell into Warhammer.
The next steps will walk you through setting up the server that will receive the game dump(s).


# Double-click `warhammer_reverse_shell.bat`. It will open a NetCat instance and a second window showing "Waiting for connection...".
# In the reverse shell, enter D:\pwsh and then `.\run.ps1` to open the run menu, if not already open.
# Launch Warhammer Vermintide 2 and press "A" on the title screen. You should now have a reverse shell.  
# Open the TwoDump folder and open `stage2.lua` and replace the characters in targetXvdPath with the '''content id''' found earlier and save.
# Enter `T:` to change to the T: drive and enter `dir` to see the contents streamed over from your chosen game. All contents of this folder will be uploaded to your PC if you exit and run the `dump_game.bat` instead.
# Double-click `warhammer_dump_game.bat`. It will open three command prompt windows.
#* It may ask multiple times for permission to run on the network, check both boxes and select "Allow Access".
# Launch Warhammer Vermintide 2 and press "A" on the title screen. If everything was done correctly, the game should freeze and you should see each command prompt window activate and files will start to be written to `\TwoDump\tx\`.
#* If anything appears wrong, see the troubleshooting section below. You can always close Warhammer Vermintide 2 and re-open it, repeating this step.
#* It's highly recommended to copy the contents of `\TwoDump\tx\` to another folder and dump the game again. Afterwards, check the file size of both folders to make sure they exactly match, verifying that you had a good dump.
#* If you dumped an original Xbox game, check the `Tx\Mount\SystemPartition\Compatibility` folder and [https://emn178.github.io/online-tools/sha1_checksum.html check the SHA-1 hashes] of the xefu.xex and xefutitle.xex files. If it does not match an [[Xbox_360:Xenon_Fusion_Emulator#Xbox_One_/_Series_Files|known xefu or xefutitle]], please contact [[User:Derf]].


== Troubleshooting ==
== Troubleshooting ==


* Cannot find the file specified error: <pre>The "PrepareGameDump" task failed unexpectedly. System.IO.FileNotFoundException: The system cannot find the file specified (0x80070002)</pre>
* ERROR:XCrdMount failed with error 0x80070002, returned handle: [cdata (deleted)]
** Make sure the game is installed on the Xbox's Internal Storage. </li></li>
** This occurs if the game you are dumping is installed on external storage. Copy it to internal storage and try again.  
** In prepare_gamedump.xml, check if the content ID and license file paths in the "edit me" section match the desired game as specified in your Licenses.txt file.  
* ERROR:XCrdMount failed with error 0x80070570, returned handle: [cdata (deleted)]
* There is not enough disk space error: <pre> D:\prepare_gamedump.xml(529,7): error MSB4018: The "PrepareGamedump" task failed unexpectedly. D:\prepare_gamedump.xml(529,7): error MSB4018: System.Runtime.InteropServices.COMException (0x80070070): There is not enough space on the disk. (0x80070070) </pre>
** This occurs if you made a typo in the content ID in `TwoDump\stage2.lua` or do not have a proper license for a game.
** This means that the Temp content partition on your Xbox is too small, it must be resized. Likely, this indicates that the game is >39GB in size. A guide has not yet been written for how to resize this partition.
* ERROR:XCrdMount failed with error 0x80070715, returned handle: [cdata (deleted)].
* Only one file is dumped:
** Unknown. Some content may be dumped.
** This occurs if you do not have a proper license for a game. It will dump a plaintext appxmanifest.xml successfully and then attempt to dump the next file but it will be 0 bytes and hang. If it's a disc based game, ensure that the disc is inserted and you configured prepare_gamedump.xml to point to the license on the disc (O: drive).
* No files are dumped:
** Sometimes, it will hang on the first file. Re-run `dump_game.bat` and open Warhammer Vermintide 2 to try again.
** Some games, such as Tony Hawk's Pro Skater 1+2 seem to not be compatible. This generally happens if the file streaming portion of the process completes extremely quickly (e.g. 10 seconds), as it did not stream files to the temporary XVD. You can use the Warhammer reverse shell section above to check if any files were loaded into the temporary XVD.
* The Xbox never connects to the PC:
* The Xbox never connects to the PC:
** If no connection is ever made from your Xbox, check your firewall rules. If you only select "Private network" when prompted to add exclusions for the programs, double check that your network is set to Private instead of Public. Also check that your PC's IP address has not changed from what you configured in the text files.
** If no connection is ever made from your Xbox, check your firewall rules. If you only select "Private network" when prompted to add exclusions for the programs, double check that your network is set to Private instead of Public. Also check that your PC's IP address has not changed from what you configured in the text files.
** Check in your Xbox network settings to verify that it is set to "online" mode (i.e. you can see the "Go offline" button), as it will not communicate on your network otherwise.
* Text not displaying on screen / shell session appears hung
** Occasionally, text does not properly output in the command prompt. Select the window and press Enter to force it to catch up. This happens most frequently if using the background shell feature.

Latest revision as of 15:50, 6 October 2024

Durango Dumplings v2 Run Menu
Exclamation-triangle-fill.svgEnsure that your network is setup to prevent the Xbox from reaching the internet. It's recommended to block your Xbox's MAC addresses from accessing the WAN in your router settings, to turn off auto-updates, and to set the DNS setting on the Xbox to 127.0.0.1.


This page will walk you through dumping Xbox One/Series, Xbox 360, and original Xbox games on a compatible firmware Xbox One/Series device. A video tutorial can be found on Modded Warfare's YouTube channel.

Credit to:

  • carrot_c4k3 and landaire for the Collateral Damage exploit
  • InvoxiPlayGames/Emma and XboxOneResearch for most of these tools
  • BirdonWheels for the original guide which was used as the basis for this page
  • User:Derf and RolyPoly for the run.ps1 script
  • Various people from the Xbox Scene Discord

Pre-requisites

  • Xbox One / Series firmware version 4478, 4908, or 4909.
  • A copy of Warhammer Vermintide 2:
    • Digital copy will allow you to dump a disc OR digital game
    • Disc copy will allow you to dump a digital game
  • The game you are dumping must be installed on your Internal Storage.
    • You can follow this guide to add games to your console, provided you had previously launched it on the console before or it is a disc-based game.
  • The game you are dumping must be able to be launched while offline.
    • "Check your connection" - This error will show if it successfully launched, but the game requires an internet connection. These games can be dumped.
    • "To start this game or app you need to be signed in to the Xbox network." - You do not have a valid license for the game or the disc is not inserted (if it's a disc based game). You cannot dump these games if it was a digital game that was purchased and never launched while online. If it's an expired Game Pass game, you may be able to set your system clock to a time in which the expired license was valid.
    • "Use this Xbox regularly? Make it your home Xbox so you can play games you own, even offline." - Displayed when you attempt to launch a game licensed to an account that does not have this Xbox set as the home Xbox. You cannot dump these games.
  • Preferably connect your Xbox via ethernet, as Wi-Fi connections have been shown to drop files out of dumps.
  • Preferably a static IP on your PC, as you will be hardcoding an IP address in multiple config files.

Initial Setup

PC Preparation

  1. Download the Xbox One Game Dumping Pack v2.1 and extract it to your PC. This contains everything you need to dump games except copyrighted files.
  2. Download the .NET 6.0.424 SDK x86_64 Binary for Windows and extract dotnet-sdk-6.0.424-win-x64.zip into the \Copy to Flash Drive\dotnet\ folder.
  3. Download PowerShell-7.2.3-win-x64.zip and extract the contents into the \Copy to Flash Drive\pwsh\ folder.
  4. Format a USB flash drive as NTFS and copy the contents of the Copy to Flash Drive folder to the root of your USB flash drive and safely eject the flash drive.
  5. Open the htdocs folder and edit gamescript_autosave_network.txt. Replace YOUR IP HERE with the IP address of the PC you are going to run the exploit from.
  6. Open the TwoDump folder and open stage2.lua and replace YOUR IP HERE with the IP of your PC.

Game Script Reverse Shell

A successful execution of Collateral Damage for Xbox One/Series, returning a reverse shell.

Perform the Collateral Damage Game Script exploit as detailed below to obtain a reverse shell.

  1. If you haven't already, launch Warhammer Vermintide 2, press A to start game, and choose "Use Offline". This will create a game save on your hard drive.
  2. Run miniweb.exe. If it asks for permissions to run, check both boxes and select "Allow Access". A command prompt window should open.
    • Note the IP address and port listed, e.g. 192.168.1.77:8000.
  3. On your Xbox, open Microsoft Edge and enter the full IP address and port into the address bar (e.g. 192.168.1.77:8000). It should list the files present in the htdocs folder on your PC.
  4. Select gamescript_autosave_network.txt. It should display the contents of the script. Hover your cursor before the very first character, then hold A and drag the left stick down to highlight all of the text. Let go of A and then select "Copy" from the small menu that opens up.
  5. Launch the Game Script app. Use the D-PAD to highlight "Paste code" and press A to paste the contents of the file you copied. Press B to close the keyboard.
  6. Double-click gamescript_reverse_shell_remote.bat. It will open a window for the server process with the last line being "Server listening..." and a second window running NetCat with the text "listening on [any] 7070 ...".
    • It may ask multiple times for permission to run on the network, check both boxes and select "Allow Access".
  7. On your Xbox, open the Game Script app if not already there. Hold X and press RB to select "Windows", then let go of X.
  8. Using the D-PAD, select "Show Code Run window" and press A. On the new window that pops up, highlight the "Run code once" button and press A.
    • After about 10-60 seconds, some traffic will appear on the payload and NetCat command windows, and if successful, you will have a reverse shell on the NetCat command window to be able to run commands against the Xbox.
    • If the Game Script app or the NetCat window closes, re-launch them and try again. If after multiple attempts it is still crashing, go to Settings > General > Power Options > Shutdown now, then turn your console back on and try again. It may take a few tries until it is successful, but the following optional steps will replace the entry method to make it successful every time.
  9. Enter U to select the option to upgrade your Game Script reverse shell and provide your PC's IP address when prompted and press .
  10. Once you receive a success message, quit Game Script, run gamescript_reverse_shell.bat on your PC, re-open Game Script, and run the code as before. If it connects, the shell has been successfully upgraded to the "local" version.

From now on, you can obtain a reverse shell by running gamescript_reverse_shell.bat on your PC and executing the code in Game Script.

Modifying the Vermintide Game Save

These steps will guide you through modifying your Vermintide game save to be able to run the game dumper.

  1. In the reverse shell, enter D:\pwsh and then .\run.ps1 to open the run menu.
    • If you get an error related to signing, run the command Set-ExecutionPolicy Unrestricted.
  2. Enter 1 to mount your save game storage.
  3. Enter 3 to back up your licenses to your USB flash drive.
  4. Enter 6 to copy LicenseState.txt to your USB flash drive.
  5. Enter I to inject the modified game save into Warhammer Vermintide 2. It will prompt you to enter your PC's IP address. Press Enter to accept the default port number.
  6. Optionally, enter 2, 4, and 5 to take backups of your game saves, registry, and XBFS (5GB free space required). This is not necessary for game dumping, but good to keep safe.
  7. Enter 1 to unmount your save game storage.

Dumping Games

Assuming all of the above steps were completed once, and your PC's IP address has not changed, you only need to follow the below instructions to dump games.

Loading your License File

Digital Game

Follow this process if the game you are dumping is a digital game.

  1. In the reverse shell, enter D:\pwsh and then .\run.ps1 to open the run menu.
  2. If you've added the license for the game you wanted to dump since the last time you've dumped your LicenseState.txt, enter 6 to copy LicenseState.txt to your USB flash drive.
  3. Enter 7. You will be prompted to select your desired game license from the list. Note the content ID for later.

Xbox One/Series Disc Game

Follow this process if the game you are dumping is a disc-based Xbox One/Series game. Ensure that the disc is inserted at this point.

  1. In the reverse shell, enter D:\pwsh and then .\run.ps1 to open the run menu.
  2. Enter 8 to load the disc license. Note the content ID for later.

Original Xbox or Xbox 360 Games

Follow this process if the game you are dumping is a disc-based original Xbox game. Ensure that the disc is inserted at this point.

  1. In the reverse shell, enter D:\pwsh and then .\run.ps1 to open the run menu.
  2. If you've added the license for the game you wanted to dump since the last time you've dumped your LicenseState.txt, enter 6 to copy LicenseState.txt to your USB flash drive.
  3. Enter 9. You will be prompted to select your desired game license from the list. Note the content ID for later.

Starting the Dump

The next steps will walk you through setting up the server that will receive the game dump(s).

  1. In the reverse shell, enter D:\pwsh and then .\run.ps1 to open the run menu, if not already open.
  2. Open the TwoDump folder and open stage2.lua and replace the characters in targetXvdPath with the content id found earlier and save.
  3. Double-click warhammer_dump_game.bat. It will open three command prompt windows.
    • It may ask multiple times for permission to run on the network, check both boxes and select "Allow Access".
  4. Launch Warhammer Vermintide 2 and press "A" on the title screen. If everything was done correctly, the game should freeze and you should see each command prompt window activate and files will start to be written to \TwoDump\tx\.
    • If anything appears wrong, see the troubleshooting section below. You can always close Warhammer Vermintide 2 and re-open it, repeating this step.
    • It's highly recommended to copy the contents of \TwoDump\tx\ to another folder and dump the game again. Afterwards, check the file size of both folders to make sure they exactly match, verifying that you had a good dump.
    • If you dumped an original Xbox game, check the Tx\Mount\SystemPartition\Compatibility folder and check the SHA-1 hashes of the xefu.xex and xefutitle.xex files. If it does not match an known xefu or xefutitle, please contact User:Derf.

Troubleshooting

  • ERROR:XCrdMount failed with error 0x80070002, returned handle: [cdata (deleted)]
    • This occurs if the game you are dumping is installed on external storage. Copy it to internal storage and try again.
  • ERROR:XCrdMount failed with error 0x80070570, returned handle: [cdata (deleted)]
    • This occurs if you made a typo in the content ID in TwoDump\stage2.lua or do not have a proper license for a game.
  • ERROR:XCrdMount failed with error 0x80070715, returned handle: [cdata (deleted)].
    • Unknown. Some content may be dumped.
  • The Xbox never connects to the PC:
    • If no connection is ever made from your Xbox, check your firewall rules. If you only select "Private network" when prompted to add exclusions for the programs, double check that your network is set to Private instead of Public. Also check that your PC's IP address has not changed from what you configured in the text files.
    • Check in your Xbox network settings to verify that it is set to "online" mode (i.e. you can see the "Go offline" button), as it will not communicate on your network otherwise.
  • Text not displaying on screen / shell session appears hung
    • Occasionally, text does not properly output in the command prompt. Select the window and press Enter to force it to catch up. This happens most frequently if using the background shell feature.