Feature Request - XGD Dumping Support

[mnadareski]

Both Kreon firmware and 0800-connected drives allow users to dump XGD (Xbox and X360) discs. Having the ability to dump XGD discs would be useful for the future.

Xbox uses XGD1 discs. X360 uses XGD2 and XGD3 discs.

[tbejos]

Info on Kreon Commands: https://web.archive.org/web/20230727211530/https://www.xbins.org/nfo.php?file=xboxnfo1645.nfo Just the command portion has been copied here with minor formatting changes for brevity

edit: whitespace changed to reduce need to horizontally scroll

Command set additions found in this firmware..
AD 00 FF 02 FD FF FE 00 08 00 xx C0      This is the well known SS extract commands from the xtreme firmware.

FF 08 01 01     Enable Unlock 1 (xtreme) state' as we already know it from the 360 xtreme modded drives.
                This command is supported for legacy reasons only. Custom applications should use the
                new 'Set lock state' instead.

FF 08 01 11 xx      'Set Lock State'
                xx=00 - Drive locked (no unlock state)
                xx=01 - Unlock State 1 (xtreme) enabled
                xx=02 - Unlock state 2 (wxripper) enabled

FF 08 01 10     'Get Feature List'
                This command will return a list of the additional features supported by the drive.
                All values returned are 16 bit values, and the list is terminated with null (0x0000)
                The two first words of the returned list always reads as 0xA55A 0X5AA5 in order to 
                guarantee that a reply from a drive not supporting this command correctly isn't 
                mistaken for a feature list.

                An example feature list could be:
                0xA55A, 0x5AA5, 0x0100, 0xF000, 0xF001, 0x0000

                This list would indicate that the drive supports XBOX360 Unlock 1, Lock and Error Skip,
                as it can be seen from the values defined below:

                XBOX 360 related features..
                0x0100 : The drive supports the unlock 1 state (xtreme)
                0x0101 : The drive supports the unlock 2 state (wxripper)
                0x0120 : The drive can read and decrypt the SS
                0x0121 : The drive has full challenge response functionality

                XBOX related features..
                0x0200 : The drive supports the unlock 1 state (xtreme)
                0x0201 : The drive supports the unlock 2 state (wxripper)
                0x0220 : The drive can read and decrypt the SS
                0x0221 : The drive has full challenge response functionality

                General drive features..
                0xF000 : The drive supports the lock (cancel any unlock state) command
                0xF001 : The drive supports error skipping

                This is the complete list of defined features at the moment.
                If you're working on a custom application you might want to 
                contact me in order to get the latest list.

[tbejos]

Info on 0800 Commands: https://web.archive.org/web/20230727211555/https://www.xbins.org/nfo.php?file=xboxnfo1718.nfo Just the command portion has been copied here for brevity (in Jungle Flasher and online there are references to a v3 that do not contain a command set in the documentation, as of now I am not sure if there are any differences but hopefully this is a good start)

ix16 0800 Commands
-----------------
AD 00 FF 02 FD FF FE 00 08 00 00 C0 - SS/CPRMAI 

AD 00 FF 02 FD FF FE 00 08 00 ID C0 - SS Challenge ID

12 00 00 00 30 C0 00 00 00 49 58 01 - ix Cmd 1 - Dumps key and rev 0x30 bytes

12 00 00 00 24 C0 00 xx xx 49 58 02 - ix Cmd 2 - Output 0x800 bytes from ram address

12 00 00 00 24 C0 00 00 00 49 58 03 - ix Cmd 3 - Toggles Lock/UnLock Game partition

Update: After some testing I can confirm that in 0800 v3 I observed the SS/CPRMAI, SS Challenge ID, and ix Cmd 3 commands, I did not observe ix Cmd 1 or ix Cmd 2 but they likely remain the same and I did not capture the full dump so it possibly happens later on

[tbejos]

Kreon XGD support in https://github.com/superg/redumper/pull/181