Xbox:ENDGAME: Difference between revisions

From ConsoleMods Wiki
Jump to navigation Jump to search
(WIP)
No edit summary
Line 9: Line 9:
|source = [https://github.com/XboxDev/endgame-exploit GitHub Repo]
|source = [https://github.com/XboxDev/endgame-exploit GitHub Repo]
|download = [https://github.com/XboxDev/endgame-exploit GitHub Repo]
|download = [https://github.com/XboxDev/endgame-exploit GitHub Repo]
}}
}}[https://github.com/XboxDev/endgame-exploit ENDGAME] is a dashboard exploit for the Original Xbox that allows you to execute habibi-signed XBE payloads from a memory card. This exploit is compatible with all retail kernel and dashboard versions and, unlike other softmod methods, does not require a game or even a working DVD drive — only a memory card.
[https://github.com/XboxDev/endgame-exploit ENDGAME] is a dashboard exploit for the Original Xbox that allows you to execute habibi-signed XBE payloads from a memory card. This exploit is compatible with all retail kernel and dashboard versions and, unlike other softmod methods, does not require a game or even a working DVD drive — only a memory card.


ENDGAME was developed by Markus Gaasedelen (gaasedelen) with credit to shutterbug2000 for the initial discovery of the exploit vector and first proof of concept and to xbox7887 for minor contributions.
ENDGAME was developed by Markus Gaasedelen (gaasedelen) with credit to shutterbug2000 for the initial discovery of the exploit vector and first proof of concept and to xbox7887 for minor contributions. The Xbox Softmodding Tool by Rocky5 utilizes this exploit to run the softmod installer.


== Usage ==
== Softmodding your Xbox ==
Copy the contents of the generated ENDGAME/ directory to a Xbox memory card such that the root directory of the memory card has the following structure, where payload.xbe can be any habibi-signed XBE of your choosing:


<pre>
===Materials Needed===
/helper/
* A Female USB to Xbox controller port adapter such as [https://chimericsystems.com/products/console-usb-adapter this one from ChimericSystems] or [https://www.amazon.com/gp/product/B07FCFGG8Y/ this one from Amazon] OR an Xbox memory card with another modded Xbox or GameShark/Action Replay to load the softmod installer onto the card.
/trigger/
* A USB flash drive that is 4GB or smaller ([[Xbox:USB Device Compatibility List|USB Compatibility List]]) or an Android device using [[Xbox:DriveDroid|DriveDroid]]. You do not need either if you are using a memory card.
/payload.xbe
</pre>


To trigger the exploit, plug the memory card into a controller and navigate to it while in the dashboard.
=== Running the Exploit ===
# Download the [https://drive.google.com/drive/folders/1Gs_yYVotDxAxtHZeHUVr_ts7KeMgqEmQ Xbox Softmodding Tool.zip], open it, open the Softmod Package folder, and extract the contents of Endgame.zip. It should be a folder named `helper`, a folder named `trigger`, and a file called `payload.xbe`.
# Copy the helper folder, trigger folder, and `payload.xbe` to the root of your flash drive or memory unit.
# Plug the memory device into your controller and turn on the Xbox. Select "Memory", then click your memory device. It will freeze for a minute and then the LED ring on the front of your Xbox should cycle colors before booting into the softmod installer.
#* If it does not boot into the softmod installer within a minute after cycling the LED ring colors, turn off your Xbox and try again.
# Press A to install the softmod. Read the prompts that come up and press A to acknowledge them. Your Xbox will reboot.
# The tool will finish setting up. You will be left on the Xbox Softmodding Tool dashboard, which is just a skinned UnleashX dashboard. You can change the skin under System → Skins.
# ('''''Optional'')''' After you have softmodded the Xbox, you may optionally "null" or "uno" the HDD key. Only do this step '''''BEFORE''''' registering your console to any Xbox Live replacement service and only if you wish to swap hard drives between multiple Xbox consoles or know you will be unable to keep a backup of your Xbox EEPROM information. This will change the Xbox's unique thirty-two digit HDD key to 11111111111111111111111111111111 (thirty-two ones). This will allow you to always know what your HDD key is and it will make it easier to rescue the Xbox from HDD failure in the future. All you will need to build a new hard drive is another Xbox that also has an all 1 HDD key or FatXplorer. To null your Xbox's HDD key, launch NKPatcher Settings from the Applications menu, go to EEPROM > Advanced Features > Hard Drive > Change EEPROM HDD Key.


After a few seconds, the system should begin cycling the front LED to green/orange/red to indicate success. This is followed by it launching the payload.xbe placed on the memory card.
* If you softmodded with an installer other than Rocky5's Xbox Softmodding Tool, make sure you upgrade to the Xbox Softmodding Tool before you null your HDD key, otherwise you may end up getting [[Xbox:Error Codes#Error Code 06|error code 06]], due to older softmods using a virtual EEPROM.
* Previous versions of the Softmodding Tool set the HDD key to thirty-two zeros. Starting with v1.1.8, it has now been changed to use all number ones, this to be ready for Insignia's release, because the thirty-two zeros wouldn't work with that system. Both thirty-two ones or thirty-two zeros will null, however, if one wants to be ready for Insignia use all 1’s or 31 zeros and a 1; just as long as it’s not all zeros. Either way, one should be aware that both a null of all 1s or null of all 0s may exist in the wild.


== FAQ ==
* "Nulling" or "Unoing" your HDD key is not a substitute for keeping good backups of your Xbox EEPROM information. Your eeprom.bin and other relevant information are located in the E:\Backups folder on your Xbox. Ensure the folder includes an eeprom.bin file, then back up the folder to your PC and preferably to some form of cloud storage as well, as it is critical for building a new hard drive for your Xbox.
<pre>
* "Nulling", "Unoing" or changing your your HDD key in any way will break the signature for many saved games as well as all DLC and Title Updates installed on your console. Some of the games with signed saves can be re-signed using tools found on [[Xbox:Games with Non-Roamable (EEPROM-Locked) Saves|this page about EEPROM-locked saves.]] DLC and Title Updates can be re-signed with FeudalNate's [https://github.com/feudalnate/Content-Recovery-Tool Content Recovery Tool].
Q: Is this a softmod?
A: No, by itself, ENDGAME is not a softmod. But it will make softmodding significantly more accessible as the community integrates it into existing softmod solutions.
 
Q: What is new about this exploit?
A: This exploit will enable people to softmod any revision of the original Xbox without needing a specific game. It will also allow people to easily launch a homebrew XBE (such as the Insignia setup assistant, or content scanning tools) by simply inserting a memory card into an unmodded Xbox.
 
Q: I don't have a memory card, can I use something else?
A: Yes, any FATX-formatted compatible USB device and controller port dongle should work.
 
Q: Why am I getting Error 21 after placing my own XBE on the memory card?
A: Your XBE must be signed using the habibi key. Several tools can do this, xbedump being the most popular.
 
Q: Why does my habibi-signed XBE result in a black screen with ENDGAME but not on a modded xbox?
A: The most common explanation is that your XBE may be using the Debug/XDK kernel thunk & entry point XOR keys rather than the retail ones, resulting in a crash.
 
Q: I triggered ENDGAME but my system quickly rebooted to the dash rather than my XBE...
A: While this should be uncommon, it means the exploit probably crashed. It's recommended to navigate straight to the memory card on a cold boot for successful exploitation.
 
Q: My XBE requires multiple files and external assets to run, will it work with ENDGAME?
A: No. Currently, ENDGAME is only structured to copy & execute a standalone XBE.
 
Q: How does this exploit work?
A: The exploit targets an integer overflow in the dashboard's handling of savegame images. When the dash attempts to parse the specially crafted images on the memory card, ENDGAME obtains arbitrary code execution.
</pre>

Revision as of 06:30, 6 March 2024

ENDGAME

Endgame.png

Information
Author gaasedelen
Type Dashboard Exploit
Version v1.0
License MIT License
Links
Website GitHub Repo
Source GitHub Repo
Download(s) GitHub Repo

ENDGAME is a dashboard exploit for the Original Xbox that allows you to execute habibi-signed XBE payloads from a memory card. This exploit is compatible with all retail kernel and dashboard versions and, unlike other softmod methods, does not require a game or even a working DVD drive — only a memory card.

ENDGAME was developed by Markus Gaasedelen (gaasedelen) with credit to shutterbug2000 for the initial discovery of the exploit vector and first proof of concept and to xbox7887 for minor contributions. The Xbox Softmodding Tool by Rocky5 utilizes this exploit to run the softmod installer.

Softmodding your Xbox

Materials Needed

Running the Exploit

  1. Download the Xbox Softmodding Tool.zip, open it, open the Softmod Package folder, and extract the contents of Endgame.zip. It should be a folder named helper, a folder named trigger, and a file called payload.xbe.
  2. Copy the helper folder, trigger folder, and payload.xbe to the root of your flash drive or memory unit.
  3. Plug the memory device into your controller and turn on the Xbox. Select "Memory", then click your memory device. It will freeze for a minute and then the LED ring on the front of your Xbox should cycle colors before booting into the softmod installer.
    • If it does not boot into the softmod installer within a minute after cycling the LED ring colors, turn off your Xbox and try again.
  4. Press A to install the softmod. Read the prompts that come up and press A to acknowledge them. Your Xbox will reboot.
  5. The tool will finish setting up. You will be left on the Xbox Softmodding Tool dashboard, which is just a skinned UnleashX dashboard. You can change the skin under System → Skins.
  6. (Optional) After you have softmodded the Xbox, you may optionally "null" or "uno" the HDD key. Only do this step BEFORE registering your console to any Xbox Live replacement service and only if you wish to swap hard drives between multiple Xbox consoles or know you will be unable to keep a backup of your Xbox EEPROM information. This will change the Xbox's unique thirty-two digit HDD key to 11111111111111111111111111111111 (thirty-two ones). This will allow you to always know what your HDD key is and it will make it easier to rescue the Xbox from HDD failure in the future. All you will need to build a new hard drive is another Xbox that also has an all 1 HDD key or FatXplorer. To null your Xbox's HDD key, launch NKPatcher Settings from the Applications menu, go to EEPROM > Advanced Features > Hard Drive > Change EEPROM HDD Key.
  • If you softmodded with an installer other than Rocky5's Xbox Softmodding Tool, make sure you upgrade to the Xbox Softmodding Tool before you null your HDD key, otherwise you may end up getting error code 06, due to older softmods using a virtual EEPROM.
  • Previous versions of the Softmodding Tool set the HDD key to thirty-two zeros. Starting with v1.1.8, it has now been changed to use all number ones, this to be ready for Insignia's release, because the thirty-two zeros wouldn't work with that system. Both thirty-two ones or thirty-two zeros will null, however, if one wants to be ready for Insignia use all 1’s or 31 zeros and a 1; just as long as it’s not all zeros. Either way, one should be aware that both a null of all 1s or null of all 0s may exist in the wild.
  • "Nulling" or "Unoing" your HDD key is not a substitute for keeping good backups of your Xbox EEPROM information. Your eeprom.bin and other relevant information are located in the E:\Backups folder on your Xbox. Ensure the folder includes an eeprom.bin file, then back up the folder to your PC and preferably to some form of cloud storage as well, as it is critical for building a new hard drive for your Xbox.
  • "Nulling", "Unoing" or changing your your HDD key in any way will break the signature for many saved games as well as all DLC and Title Updates installed on your console. Some of the games with signed saves can be re-signed using tools found on this page about EEPROM-locked saves. DLC and Title Updates can be re-signed with FeudalNate's Content Recovery Tool.
Retrieved from "https://consolemods.org/wiki/index.php?title=Xbox:ENDGAME&oldid=40780"