Xbox One:Dumping Games: Difference between revisions

This guide is very WIP. Please do not touch it, as I (Derf) am planning on packaging it up to be simpler for end users.

A great video tutorial can be found on KsAmJ Gaming & Tech's YouTube channel.

Credit to BirdonWheels for the original guide, adapted here with permission.

Credit to burninrubber0 from the Xbox Scene Discord for the dump.bat script.

Pre-requisites

• Works on Xbox One / Series firmware version 4478.
  • Not working on firmware 4908 or 4909, as the Temp Drive is 0 bytes
  • Edit this if it works for you on other firmware!
• A copy of Warhammer Vermintide 2:
  • Digital copy will allow you to dump a disc OR digital game
  • Disc copy will allow you to dump a digital game
• The game you are dumping must be installed on your Internal Storage.
• Backup the game you want to dump. Copy the game to a USB flash drive via the Xbox dashboard.
• Games that are less than 2GB, or larger than 39GB might not be able to be dumped via this method.
• Certain games can't be dumped using this method. The known issue games are:
  • Minecraft
  • Undertale

Later backup your license files in S:\Clip to a USB flash drive!*

PC Preparation

1. Download the .NET 6.0 SDK x86_64 Binary for Windows.
2. Format a USB flash drive as NTFS (????????????????????????????????).
3. Extract dotnet-sdk-6.0.424-win-x64.zip to a new folder named dotnet. Copy the dotnet folder to the root of your USB flash drive. For example, if your flash drive is E:, move it so it display as E:\dotnet.
4. Download the following three XML files and copy them to the root of the USB flash drive:
   • get_tempxvd_owners.xml
   • mount_connectedstorage.xml
   • prepare_gamedump.xml
5. Open Notepad and paste the below code. Save the file as dump.bat, making sure to set "Save as Type" to "All Files" when saving. Copy dump.bat to the root of your USB flash drive:

for /R /D %%d in (.\*) do (
    mkdir D:\xb1\saves%%~pnxd
)
for /R %%f in (.\*) do (
    copy %%f D:\xb1\saves%%~pnxf
)

1. Safely Eject the USB flash drive.

First Exploitation

A successful execution of Collateral Damage for Xbox One/Series, returning a reverse shell.

Perform the Collateral Damage Game Script exploit as detailed below.

1. If you haven't already, launch Warhammer Vermintide 2, press A to start game, and choose "Use Offline". This will create a game save on your hard drive.
2. Download and extract miniweb to your PC.
3. Download the latest Collateral Damage zip file and extract it into miniweb/htdocs.
4. Open the collateral_damage_v1_remote folder and edit gamescript_autosave.txt. Replace YOUR IP HERE with the IP of the PC you are going to run the exploit from.
5. Run miniweb.exe. If it asks for permissions to run, check both boxes and select "Allow Access". A command prompt window should open.
   • Note the IP address and port listed, e.g. 192.168.1.77:8000.
6. On your Xbox, open Microsoft Edge and enter the full IP address and port into the address bar (e.g. 192.168.1.77:8000). It should list all of the files present in the htdocs folder on your PC.
7. Select the collateral_damage_v1_remote folder and then gamescript_autosave.txt. It should display the contents of the script. Hover your cursor before the very first character, then hold A and drag the left stick down to highlight all of the text. Let go of A and then select "Copy" from the small menu that opens up.
8. Launch the Game Script app. Use the D-PAD to highlight "Paste code" and press A to paste the contents of the file you copied. Press B to close the keyboard.
9. On your PC, double-click start_payload_server.bat. If it asks for permissions to run, check both boxes and select "Allow Access". It will open a window with the last line being "Server listening...".
10. Download NetCat (nc.exe) and place it in the collateral_damage_v1_remote folder.
    • Note that most anti-viruses will flag NetCat as a virus.
11. Double-click start_netcat.bat and a window should open with the text "listening on [any] 7070 ...".
12. On your Xbox, open the Game Script app if not already there. Hold X and press RB to select "Windows", then let go of X.
13. Using the D-PAD, select "Show Code Run window" and press A. On the new window that pops up, highlight the "Run code once" button and press A.
    • After about 10-30 seconds, some traffic will appear on the payload and NetCat command windows, and if successful, you will have a reverse shell on the NetCat command window to be able to run commands against the Xbox.
14. In the reverse shell, enter the following commands:

set DOTNET_CLI_TELEMETRY_OPTOUT=1
D:\dotnet\dotnet.exe msbuild D:\mount_connectedstorage.xml

1. • The previous command will output the Harddisk# where your saves are located (e.g. XVD Mounted to \\?\GLOBALROOT\Device\Harddisk16\Partition1 indicates it is on Harddisk16). The rest of this guide will use Harddisk16 as an example.
2. In the reverse shell, enter the following command, substituting your own Harddisk#, and your game saves will be dumped:

mklink /j T:\connectedStorage "\\?\GLOBALROOT\Device\Harddisk16\Partition1\"
T:
cd connectedStorage
D:\dump.bat

1. When it completes, unplug your USB flash drive and plug it into your PC.
2. Navigate to \xb1\saves\connectedStorage\u_################_C05F0100-EAC5-49EB-943F-1A0E3C108361\. This is your save for Warhammer Vermintide 2. Open the sole folder and there should be two files, one of them has a unique ID and the other is named "container". Open the unique ID file with notepad.

///////////// WIP Derf (talk) 22:30, 7 August 2024 (UTC) 9. On your pc download this Github repo: https://github.com/xboxoneresearch/LuaFFI-CE. Open the stage1.lua in notepad, *change the IP address to your PC's IP ADDRESS*, copy everything in there, and put the code into your Vermintide 2 save (using notepad). Be sure to replace everything in the save with this code!

10. Put your updated save on your USB flash drive, then copy the save to where it should be in the Warhammer save folder.

Everybody's unique id will be different. 
My location is:

T:\connectedStorage\u_2535434839607031_C05F0100-EAC5-49EB-943F-1A0E3C108361\{F1997DC1-51FF-49CB-A9BA-59D042BB4AFB}

The command I used to copy the my save is below. both the name of your save file and the folder it's in will be different than mine.:

copy D:\{7621630A-3FAC-4645-8136-873124F4768C} T:\connectedStorage\u_2535434839607031_C05F0100-EAC5-49EB-943F-1A0E3C108361\{F1997DC1-51FF-49CB-A9BA-59D042BB4AFB} Type "Yes" When Prompted to Overwrite

⭐10-1/2. Reboot your Xbox. You will need to reboot to unlink T:\connectedStorage.

B. Dumping with Warhammer:

For these next steps, we will get the dumping server set up, along with a tool that'll show you what license belongs to which game. Credits to Invoxiplaygames/Emma for making these super useful tools!

https://github.com/InvoxiPlayGames/LicenseClipFinder https://github.com/InvoxiPlayGames/OneDumpgame

(You can either compile these, or use these binaries that I compiled for my windows PC: https://qiwi.gg/file/82Zc3209-CompiledDumpTools)

11. You will need your license files on your PC. If you have them, proceed to next step. If not, then in Collateral Damage's reverse shell on your PC, type these commands:

mkdir D:\Licenses copy S:\Clip D:\Licenses

12. Back on the PC, go to the LicenseClipFinder.exe that you compiled or downloaded. Copy your license folder next to the exe, make sure the folder is named Clips
Run the LicenseClipFinder.exe in command prompt and it should show you the content id and license file associated with all of your games.

12-1/2. *If you didn't back up your game (copy it to a usb flash drive via the dashboard, do so now!).*

13. Downloaded these two msbuild xmls and put on the root of your usb flash drive:

https://github.com/xboxoneresearch/Interop/blob/main/msbuild_tasks/get_tempxvd_owners.xml https://github.com/xboxoneresearch/Interop/blob/main/msbuild_tasks/prepare_gamedump.xml

14. On your Xbox, start up Warhammer Vermintide 2. Hit the Xbox (home) button, then on the Warhammer icon press 'start' then 'quit'.

15. Open up Game Script, do the GS/Collateral Damage exploit. Plug your USB flash drive in your Xbox and run this command:

D:\dotnet\dotnet.exe msbuild D:\get_tempxvd_owners.xml 16. It'll give you the temp XVD number for Warhammer. This should stay the same if you don't open up other games for now.

17. Put the USB flash drive in your PC, and edit prepare_gamedump.xml. Towards the bottom of the xml there's a portion for you to edit.

Change the temp XVD to your temp XVD number for Warhammer, and the content and license file name to what LicenseClipFinder showed you in step 12.

17-1/2. *Last chance to make sure your game and licenses are backed up. If you haven't, copy game via the dash, copy the S:\Clip folder to your PC.*

18. Plug your USB flash drive back into your Xbox. Then in the Game Script/Collateral Damage reverse shell on your pc, type in this command:

D:\dotnet\dotnet.exe msbuild D:\prepare_gamedump.xml 19. If it works, you will see the files streamed into the temp XVD for Warhammer Vermintide 2.

20. Once it's finished and says license loaded, on your PC go to the OneDumpgame folder. Open dumpgame.lua and change the IP to your PC's IP address. 21. Open a terminal/command prompt in the same folder as dumpgame.lua. Once you're in the same directory, use this command:

cat dumpgame.lua | nc64.exe -w 1 -lvp 8123

• If prompted to allow for the firewall, hit allow*

22. Open a terminal/command prompt as Administrator in the same folder as DumpgameServer.exe. Once you're in the same directory, use this command

.\DumpgameServer.exe

• If prompted to allow for the firewall, hit allow*

22-1/2. If you compiled OneDumpgame, make a folder named tx the same folder as DumpgameServer.exe. This is where the games will dump to, and the program won't dump if the folder is missing.

23. Start Warhammer Vermintide 2, hit "A", if everything goes right you should see the files being transferred to your PC in the terminal window running DumpgameServer.exe. If the DumpgameServer.exe exits with no files transferred, then maybe your game wasn't compatible.

C. Restoring Games after Dumping

You may notice that your game might not start after successfully running prepare_gamedump.xml, and it will be stuck in an updating state.

1. Uninstall the game from the internal storage. The Xbox may appear to be stuck when attempting to uninstall the game, but be patient and if reboot until the game is gone from Internal Storage.

2. Copy the game over from USB External Storage to the Internal Storage via the Storage Devices option in Settings.

3. Do Collateral Damage/Game Script exploit. Copy license for game from USB flash drive to S:\Clip

4. Reboot Xbox, then start the game. It will get the game ready and then launch.

Troubleshooting

🛠️Cannot find the file specified error:

The "PrepareGameDump" task failed unexpectedly System.IO.FileNotFoundException: The system cannot find the file specified (0x80070002) I. Make sure the game is installed on the Xbox's Internal Storage.

II. In prepare_gamedump.xml, check if the content id of the game matches the XVC file.

To verify, copy game to USB drive via the dash.

Then on a PC use Xbox One External Storage Device Converter (https://digiex.net/threads/xbox-one-external-usb-storage-device-converter-xbox-one-formatted-usb-drives-on-pc.13583/)

Convert drive to PC format. The games will be named after the content ID. If you have multiple games on the drive, you can use the file size to determine which is the XVC of the game you want (won't have a file extension but it's a XVC). III. Check that you're using the right license for the game.

🛠️There is not enough disk space error:

D:\prepare_gamedump.xml(529,7): error MSB4018: The "PrepareGamedump" task failed unexpectedly. D:\prepare_gamedump.xml(529,7): error MSB4018: System.Runtime.InteropServices.COMException (0x80070070): There is not enough space on the disk. (0x80070070) This means that the Temp Content Partition on your Xbox is too small, it must be resized.

Edited Thursday at 01:20 AM by BirdonWheels