Xbox One:Dumping Games with Durango Dumplings v1: Difference between revisions

This guide is very WIP. Please do not touch it, as I (Derf) am planning on packaging it up to be simpler for end users.

A great video tutorial can be found on KsAmJ Gaming & Tech's YouTube channel.

Credit to BirdonWheels for the original guide, adapted here with permission.

Credit to burninrubber0 from the Xbox Scene Discord for the dump.bat script.

Pre-requisites

• Works on Xbox One / Series firmware version 4478.
  • Not working on firmware 4908 or 4909, as the Temp Drive is 0 bytes
  • Edit this if it works for you on other firmware!
• A copy of Warhammer Vermintide 2:
  • Digital copy will allow you to dump a disc OR digital game
  • Disc copy will allow you to dump a digital game
• The game you are dumping must be installed on your Internal Storage.
• Backup the game you want to dump. Copy the game to a USB flash drive via the Xbox dashboard.
• Games that are less than 2GB, or larger than 39GB might not be able to be dumped via this method.
• Certain games can't be dumped using this method. The known issue games are:
  • Minecraft
  • Undertale

Later backup your license files in S:\Clip to a USB flash drive!*

PC Preparation

1. Download the .NET 6.0 SDK x86_64 Binary for Windows.
2. Format a USB flash drive as NTFS.
3. Extract dotnet-sdk-6.0.424-win-x64.zip to a new folder named dotnet. Copy the dotnet folder to the root of your USB flash drive. For example, if your flash drive is E:, move it so it display as E:\dotnet.
4. Download the following three XML files and copy them to the root of the USB flash drive:
   • get_tempxvd_owners.xml
   • mount_connectedstorage.xml
   • prepare_gamedump.xml
5. Open Notepad and paste the below code. Save the file as dump.bat, making sure to set "Save as Type" to "All Files" when saving. Copy dump.bat to the root of your USB flash drive:

for /R /D %%d in (.\*) do (
    mkdir D:\xb1\saves%%~pnxd
)
for /R %%f in (.\*) do (
    copy %%f D:\xb1\saves%%~pnxf
)

1. Safely Eject the USB flash drive.

Obtaining a Reverse Shell

A successful execution of Collateral Damage for Xbox One/Series, returning a reverse shell.

Perform the Collateral Damage Game Script exploit as detailed below to obtain a reverse shell.

1. If you haven't already, launch Warhammer Vermintide 2, press A to start game, and choose "Use Offline". This will create a game save on your hard drive.
2. Download and extract miniweb to your PC.
3. Download the latest Collateral Damage zip file and extract it into miniweb/htdocs.
4. Open the collateral_damage_v1_remote folder and edit gamescript_autosave.txt. Replace YOUR IP HERE with the IP of the PC you are going to run the exploit from.
5. Run miniweb.exe. If it asks for permissions to run, check both boxes and select "Allow Access". A command prompt window should open.
   • Note the IP address and port listed, e.g. 192.168.1.77:8000.
6. On your Xbox, open Microsoft Edge and enter the full IP address and port into the address bar (e.g. 192.168.1.77:8000). It should list all of the files present in the htdocs folder on your PC.
7. Select the collateral_damage_v1_remote folder and then gamescript_autosave.txt. It should display the contents of the script. Hover your cursor before the very first character, then hold A and drag the left stick down to highlight all of the text. Let go of A and then select "Copy" from the small menu that opens up.
8. Launch the Game Script app. Use the D-PAD to highlight "Paste code" and press A to paste the contents of the file you copied. Press B to close the keyboard.
9. Download NetCat (nc.exe) and place it in the collateral_damage_v1_remote folder.
   • Note that most anti-viruses will flag NetCat as a virus.
10. Double-click start_exploit_server.bat. It may ask multiple times for permission to run on the network, check both boxes and select "Allow Access". It will open a window for the server process with the last line being "Server listening..." and a second window running NetCat with the text "listening on [any] 7070 ...".
11. On your Xbox, open the Game Script app if not already there. Hold X and press RB to select "Windows", then let go of X.
12. Using the D-PAD, select "Show Code Run window" and press A. On the new window that pops up, highlight the "Run code once" button and press A.
    • After about 10-60 seconds, some traffic will appear on the payload and NetCat command windows, and if successful, you will have a reverse shell on the NetCat command window to be able to run commands against the Xbox.
    • If the Game Script app crashes, re-launch it and try again.

Modifying the Vermintide Game Save

1. In the reverse shell, enter the following commands:

set DOTNET_CLI_TELEMETRY_OPTOUT=1
D:\dotnet\dotnet.exe msbuild D:\mount_connectedstorage.xml

1. • The previous command will output the Harddisk# where your saves are located (e.g. XVD Mounted to \\?\GLOBALROOT\Device\Harddisk16\Partition1 indicates it is on Harddisk16). The rest of this guide will use Harddisk16 as an example.
2. In the reverse shell, enter the following command, substituting your own Harddisk#, and your game saves and licenses will be dumped:

mklink /j T:\connectedStorage "\\?\GLOBALROOT\Device\Harddisk16\Partition1\"
T:
cd connectedStorage
D:\dump.bat
mkdir D:\Licenses
copy S:\Clip D:\Licenses

1. When it completes, unplug your USB flash drive and plug it into your PC.
2. Download LuaFFI-CE. Edit stage1.lua and replace the IP address in local serverIp = "192.168.123.1" with your PC's IP address.
3. On the flash drive, navigate to \xb1\saves\connectedStorage\u_################_C05F0100-EAC5-49EB-943F-1A0E3C108361\. This is your save for Warhammer Vermintide 2. Open the sole folder and there should be two files, one of them has a unique ID and the other is named "container". Open the unique ID file with notepad, delete all of the contents, and then paste the entire contents of stage1.lua into it and save.
4. Write down the path to this game save for future use, e.g. \xb1\saves\connectedStorage\u_1111111111111111_C05F0100-EAC5-49EB-943F-1A0E3C108361\{AABBCCDD-EEFF-GGHH-IIJJ-KKLLMMNNOOPP}.
5. Safely Eject your USB flash drive and plug it into your Xbox.
6. In the reverse shell, enter the following command, substituting your own path, and type "All" when prompted to overwrite:

copy D:\xb1\saves\connectedStorage\{AABBCCDD-EEFF-GGHH-IIJJ-KKLLMMNNOOPP}  T:\connectedStorage\u_1111111111111111_C05F0100-EAC5-49EB-943F-1A0E3C108361\{AABBCCDD-EEFF-GGHH-IIJJ-KKLLMMNNOOPP}

1. Reboot your Xbox. This is required to unlink T:\connectedStorage.

Dumping your Game

The next steps will walk you through setting up the server that will receive the game dump(s). /////// and OneDumpGame (source) by Invoxiplaygames/Emma.

1. Copy the contents of the Licenses folder on the flash drive into the \License Clip Finder\Clips\ folder on your PC.
2. Double click run_license_clip_finder.bat to start LicenseClipFinder (source). It will output a "Licenses.txt" file which will contain the content ID and license file associated with all of your games.
   • If you do not have a recent enough .NET version, it may prompt you with a link to download it from Microsoft. Install it and try again.
3. Copy the game you wish to dump to a USB flash drive, as the dumping process can go wrong and it will be useful to have a backup. //////////////////////////////////////////////////////////////
4. Start Warhammer Vermintide 2. Press the Xbox (home) button, then on the Warhammer icon press Start and choose "Quit".
5. Plug your flash drive into the Xbox.
6. On your PC, run start_exploit_server.bat again.
7. Open the Game Script app and run the exploit again by holding X and pressing RB to select window, selecting "Show Code Run window", and clicking "Run code once" to obtain a reverse shell again.
8. In the reverse shell, enter:

D:\dotnet\dotnet.exe msbuild D:\get_tempxvd_owners.xml

1. Temporary XVD(s) will be listed. Note the value listed for "Vermintide2", e.g. 00. Avoid launching any games on your system from this point onward, as it will change this value.
2. Plug your flash drive into your PC and edit prepare_gamedump.xml. Search for /* EDIT ME */ and you will find a marked section toward the bottom with three lines that you will need to edit:
   • Replace the 00 in temp00 with the value found in the last step (if it's not 00)
   • Replace PUT-CONTENT-ID-OF-GAME-HERE with the content ID listed for Vermintide 2 in your Licenses.txt file
   • Replace PUT-LICENSE-FILE-NAME-HERE with the name of the file listed for Vermintide 2 in your Licenses.txt file (numbers and letters following .\Clips\)
3. Plug your USB flash drive back into your Xbox.
4. In the reverse shell, enter:

D:\dotnet\dotnet.exe msbuild D:\prepare_gamedump.xml

//////////// WIP Derf (talk) 04:20, 9 August 2024 (UTC)

19. If it works, you will see the files streamed into the temp XVD for Warhammer Vermintide 2.

20. Once it's finished and says license loaded, on your PC go to the OneDumpgame folder. Open dumpgame.lua and change the IP to your PC's IP address. 21. Open a terminal/command prompt in the same folder as dumpgame.lua. Once you're in the same directory, use this command:

cat dumpgame.lua | nc64.exe -w 1 -lvp 8123

• If prompted to allow for the firewall, hit allow*

22. Open a terminal/command prompt as Administrator in the same folder as DumpgameServer.exe. Once you're in the same directory, use this command

.\DumpgameServer.exe

• If prompted to allow for the firewall, hit allow*

22-1/2. If you compiled OneDumpgame, make a folder named tx the same folder as DumpgameServer.exe. This is where the games will dump to, and the program won't dump if the folder is missing.

23. Start Warhammer Vermintide 2, hit "A", if everything goes right you should see the files being transferred to your PC in the terminal window running DumpgameServer.exe. If the DumpgameServer.exe exits with no files transferred, then maybe your game wasn't compatible.

C. Restoring Games after Dumping

You may notice that your game might not start after successfully running prepare_gamedump.xml, and it will be stuck in an updating state.

1. Uninstall the game from the internal storage. The Xbox may appear to be stuck when attempting to uninstall the game, but be patient and if reboot until the game is gone from Internal Storage.

2. Copy the game over from USB External Storage to the Internal Storage via the Storage Devices option in Settings.

3. Do Collateral Damage/Game Script exploit. Copy license for game from USB flash drive to S:\Clip

4. Reboot Xbox, then start the game. It will get the game ready and then launch.

Troubleshooting

🛠️Cannot find the file specified error:

The "PrepareGameDump" task failed unexpectedly System.IO.FileNotFoundException: The system cannot find the file specified (0x80070002) I. Make sure the game is installed on the Xbox's Internal Storage.

II. In prepare_gamedump.xml, check if the content id of the game matches the XVC file.

To verify, copy game to USB drive via the dash.

Then on a PC use Xbox One External Storage Device Converter (https://digiex.net/threads/xbox-one-external-usb-storage-device-converter-xbox-one-formatted-usb-drives-on-pc.13583/)

Convert drive to PC format. The games will be named after the content ID. If you have multiple games on the drive, you can use the file size to determine which is the XVC of the game you want (won't have a file extension but it's a XVC). III. Check that you're using the right license for the game.

🛠️There is not enough disk space error:

D:\prepare_gamedump.xml(529,7): error MSB4018: The "PrepareGamedump" task failed unexpectedly. D:\prepare_gamedump.xml(529,7): error MSB4018: System.Runtime.InteropServices.COMException (0x80070070): There is not enough space on the disk. (0x80070070) This means that the Temp Content Partition on your Xbox is too small, it must be resized.

Edited Thursday at 01:20 AM by BirdonWheels