search

superg / redumper

Low level CD dumper utility
GNU General Public License v3.0
236 stars 21 forks source link

Feature Request - XGD Dumping Support #58

Open mnadareski opened 1 year ago

mnadareski commented 1 year ago

Both Kreon firmware and 0800-connected drives allow users to dump XGD (Xbox and X360) discs. Having the ability to dump XGD discs would be useful for the future.

Xbox uses XGD1 discs. X360 uses XGD2 and XGD3 discs.

tbejos commented 1 year ago

Info on Kreon Commands: https://web.archive.org/web/20230727211530/https://www.xbins.org/nfo.php?file=xboxnfo1645.nfo Just the command portion has been copied here with minor formatting changes for brevity

edit: whitespace changed to reduce need to horizontally scroll

Command set additions found in this firmware..
AD 00 FF 02 FD FF FE 00 08 00 xx C0      This is the well known SS extract commands from the xtreme firmware.

FF 08 01 01     Enable Unlock 1 (xtreme) state' as we already know it from the 360 xtreme modded drives.
                This command is supported for legacy reasons only. Custom applications should use the
                new 'Set lock state' instead.

FF 08 01 11 xx      'Set Lock State'
                xx=00 - Drive locked (no unlock state)
                xx=01 - Unlock State 1 (xtreme) enabled
                xx=02 - Unlock state 2 (wxripper) enabled

FF 08 01 10     'Get Feature List'
                This command will return a list of the additional features supported by the drive.
                All values returned are 16 bit values, and the list is terminated with null (0x0000)
                The two first words of the returned list always reads as 0xA55A 0X5AA5 in order to 
                guarantee that a reply from a drive not supporting this command correctly isn't 
                mistaken for a feature list.

                An example feature list could be:
                0xA55A, 0x5AA5, 0x0100, 0xF000, 0xF001, 0x0000

                This list would indicate that the drive supports XBOX360 Unlock 1, Lock and Error Skip,
                as it can be seen from the values defined below:

                XBOX 360 related features..
                0x0100 : The drive supports the unlock 1 state (xtreme)
                0x0101 : The drive supports the unlock 2 state (wxripper)
                0x0120 : The drive can read and decrypt the SS
                0x0121 : The drive has full challenge response functionality

                XBOX related features..
                0x0200 : The drive supports the unlock 1 state (xtreme)
                0x0201 : The drive supports the unlock 2 state (wxripper)
                0x0220 : The drive can read and decrypt the SS
                0x0221 : The drive has full challenge response functionality

                General drive features..
                0xF000 : The drive supports the lock (cancel any unlock state) command
                0xF001 : The drive supports error skipping

                This is the complete list of defined features at the moment.
                If you're working on a custom application you might want to 
                contact me in order to get the latest list.
tbejos commented 1 year ago

Info on 0800 Commands: https://web.archive.org/web/20230727211555/https://www.xbins.org/nfo.php?file=xboxnfo1718.nfo Just the command portion has been copied here for brevity (in Jungle Flasher and online there are references to a v3 that do not contain a command set in the documentation, as of now I am not sure if there are any differences but hopefully this is a good start)

ix16 0800 Commands
-----------------
AD 00 FF 02 FD FF FE 00 08 00 00 C0 - SS/CPRMAI 

AD 00 FF 02 FD FF FE 00 08 00 ID C0 - SS Challenge ID

12 00 00 00 30 C0 00 00 00 49 58 01 - ix Cmd 1 - Dumps key and rev 0x30 bytes

12 00 00 00 24 C0 00 xx xx 49 58 02 - ix Cmd 2 - Output 0x800 bytes from ram address

12 00 00 00 24 C0 00 00 00 49 58 03 - ix Cmd 3 - Toggles Lock/UnLock Game partition

Update: After some testing I can confirm that in 0800 v3 I observed the SS/CPRMAI, SS Challenge ID, and ix Cmd 3 commands, I did not observe ix Cmd 1 or ix Cmd 2 but they likely remain the same and I did not capture the full dump so it possibly happens later on

tbejos commented 3 months ago

Kreon XGD support in https://github.com/superg/redumper/pull/181

tbejos commented 3 weeks ago

Kreon support is adding in builds 438+

I think there will be some challenges integrating 0800 as it looks like the profile/type detection doesn't work so by querying the drive it doesn't indicate that it is a DVD

=== 2024-10-26 17:06:47 ========================================================
error: failed to query current profile, SCSI (SC: CHECK CONDITION, SK: ILLEGAL REQUEST, ASC: 81)

we could likely force it through but I wonder if there are other normal command we expect to use that aren't accepted. It is also possible that is a Linux issue and maybe it works correctly on Windows

Deterous commented 3 weeks ago

I can confirm on my DG-16D2S (via SATA-USB adaptor), I get the following message on WIndows: error: failed to query current profile, SCSI (SC: CHECK CONDITION, SK: ILLEGAL REQUEST, ASC: 81)

This occurs regardless of disc type (tried XGD, DVD, CDDA)