forked from Byrom90/XeUnshackle
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathXeUnshackle.cpp
More file actions
467 lines (385 loc) · 17.4 KB
/
XeUnshackle.cpp
File metadata and controls
467 lines (385 loc) · 17.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
//==========================================================================================================================
//
// - XeUnshackle BETA -
// A simple app designed to apply a full set of freeboot/xebuild kernel & HV patches to a running system
// after running the Xbox360BadUpdate HV exploit. Sets up & loads a version of launch.xex (Dashlaunch)
// designed to run from hdd or usb root rather than flash (nand).
//
// Created by: Byrom
//
// Credits:
// grimdoomer - Xbox360BadUpdate exploit.
// cOz - Dashlaunch, xeBuild patches and much more.
// Visual Studio / GoobyCorp
// Diamond
// InvoxiPlayGames - FreeMyXe, Usbdsec patches, RoL restore and general help.
// Jeff Hamm - https://www.youtube.com/watch?v=PantVXVEVUg - Chain break video
// ikari - freeBOOT
// Xbox360Hub Discord #coding-corner
// Anyone else who has contributed anything to the 360 scene. Apologies if any credits were missed.
//
// Notes:
// This is basically what I came up with during initial testing so could prob be simplified & improved a lot.
//==========================================================================================================================
#include "stdafx.h"
FLOAT APP_VERS = 1.02;
const CHAR* g_strMovieName = "embed:\\VID";
// Get global access to the main D3D device
extern D3DDevice* g_pd3dDevice;
DWORD YellowText = 0xFFFFFF00;
DWORD WhiteText = 0xFFFFFFFF;
BOOL bShouldPlaySuccessVid = FALSE;
WCHAR wTitleHeaderBuf[100];
WCHAR wCPUKeyBuf[150];
WCHAR wDVDKeyBuf[50];
WCHAR wConTypeBuf[50];
//--------------------------------------------------------------------------------------
// Name: class Sample
// Desc: Main class to run this application. Most functionality is inherited
// from the ATG::Application base class.
//--------------------------------------------------------------------------------------
class XeUnshackle : public ATG::Application
{
// Pointer to XMV player object.
IXMedia2XmvPlayer* m_xmvPlayer;
// Structure for controlling where the movie is played.
XMEDIA_VIDEO_SCREEN m_videoScreen;
// Tell XMV player about scaling and rotation parameters.
VOID InitVideoScreen();
// Buffer for holding XMV data when playing from memory.
VOID* m_movieBuffer;
// XAudio2 object.
IXAudio2* m_pXAudio2;
ATG::Timer m_Timer;
ATG::Font m_Font;
ATG::Help m_Help;
BOOL m_bDrawHelp;
BOOL m_bFailed;
private:
virtual HRESULT Initialize();
virtual HRESULT Update();
virtual HRESULT Render();
};
//--------------------------------------------------------------------------------------
// Name: Initialize()
// Desc: This creates all device-dependent display objects.
//--------------------------------------------------------------------------------------
HRESULT XeUnshackle::Initialize()
{
m_xmvPlayer = 0;
m_movieBuffer = 0;
// Initialize the XAudio2 Engine. The XAudio2 Engine is needed for movie playback.
UINT32 flags = 0;
#ifdef _DEBUG
flags |= XAUDIO2_DEBUG_ENGINE;
#endif
HRESULT hr = XAudio2Create(&m_pXAudio2, flags);
if (FAILED(hr))
ATG::FatalError("Error %#X calling XAudio2Create\n", hr);
IXAudio2MasteringVoice* pMasteringVoice = NULL;
hr = m_pXAudio2->CreateMasteringVoice(&pMasteringVoice);
if (FAILED(hr))
ATG::FatalError("Error %#X calling CreateMasteringVoice\n", hr);
// Create the font
if (FAILED(m_Font.Create("embed:\\FONT")))
return ATGAPPERR_MEDIANOTFOUND;
// Confine text drawing to the title safe area
m_Font.SetWindow(ATG::GetTitleSafeArea());
m_bFailed = FALSE;
return S_OK;
}
//--------------------------------------------------------------------------------------
// Name: InitVideoScreen()
// Desc: Adjust how the movie is displayed on the screen. Horizontal and vertical
// scaling and rotation are applied.
//--------------------------------------------------------------------------------------
VOID XeUnshackle::InitVideoScreen()
{
const int width = m_d3dpp.BackBufferWidth;
const int height = m_d3dpp.BackBufferHeight;
const int hWidth = width / 2;
const int hHeight = height / 2;
// Parameters to control scaling and rotation of video.
float m_angle = 0.0;
float m_xScale = 1.0;
float m_yScale = 1.0;
// Scale the output width.
float left = -hWidth * m_xScale;
float right = hWidth * m_xScale;
float top = -hHeight * m_yScale;
float bottom = hHeight * m_yScale;
float cosTheta = cos(m_angle);
float sinTheta = sin(m_angle);
// Apply the scaling and rotation.
m_videoScreen.aVertices[0].fX = hWidth + (left * cosTheta - top * sinTheta);
m_videoScreen.aVertices[0].fY = hHeight + (top * cosTheta + left * sinTheta);
m_videoScreen.aVertices[0].fZ = 0;
m_videoScreen.aVertices[1].fX = hWidth + (right * cosTheta - top * sinTheta);
m_videoScreen.aVertices[1].fY = hHeight + (top * cosTheta + right * sinTheta);
m_videoScreen.aVertices[1].fZ = 0;
m_videoScreen.aVertices[2].fX = hWidth + (left * cosTheta - bottom * sinTheta);
m_videoScreen.aVertices[2].fY = hHeight + (bottom * cosTheta + left * sinTheta);
m_videoScreen.aVertices[2].fZ = 0;
m_videoScreen.aVertices[3].fX = hWidth + (right * cosTheta - bottom * sinTheta);
m_videoScreen.aVertices[3].fY = hHeight + (bottom * cosTheta + right * sinTheta);
m_videoScreen.aVertices[3].fZ = 0;
// Always leave the UV coordinates at the default values.
m_videoScreen.aVertices[0].fTu = 0;
m_videoScreen.aVertices[0].fTv = 0;
m_videoScreen.aVertices[1].fTu = 1;
m_videoScreen.aVertices[1].fTv = 0;
m_videoScreen.aVertices[2].fTu = 0;
m_videoScreen.aVertices[2].fTv = 1;
m_videoScreen.aVertices[3].fTu = 1;
m_videoScreen.aVertices[3].fTv = 1;
// Tell the XMV player to use the new settings.
// This locks the vertex buffer so it may cause stalls if called every frame.
m_xmvPlayer->SetVideoScreen(&m_videoScreen);
}
//--------------------------------------------------------------------------------------
// Name: Update()
// Desc: Called once per frame, the call is the entry point for animating the scene.
// The movie is played from here.
//--------------------------------------------------------------------------------------
HRESULT XeUnshackle::Update()
{
// Get the current gamepad state
ATG::GAMEPAD* pGamepad = ATG::Input::GetMergedInput();
if (m_xmvPlayer)
{
// 'B' means cancel the movie.
if (pGamepad->wPressedButtons & XINPUT_GAMEPAD_B)
{
m_xmvPlayer->Stop(XMEDIA_STOP_IMMEDIATE);
}
}
else
{
// Play the movie if required
if (bShouldPlaySuccessVid) //(pGamepad->wPressedButtons & XINPUT_GAMEPAD_A)
{
XMEDIA_XMV_CREATE_PARAMETERS XmvParams;
ZeroMemory(&XmvParams, sizeof(XmvParams));
// Use the default audio and video streams.
// If using a wmv file with multiple audio or video streams
// (such as different audio streams for different languages)
// the dwAudioStreamId & dwVideoStreamId parameters can be used
// to select which audio (or video) stream will be played back
XmvParams.dwAudioStreamId = XMEDIA_STREAM_ID_USE_DEFAULT;
XmvParams.dwVideoStreamId = XMEDIA_STREAM_ID_USE_DEFAULT;
// Play the movie if required
//if (bShouldPlaySuccessVid) //(pGamepad->wPressedButtons & XINPUT_GAMEPAD_A)
//{
bShouldPlaySuccessVid = FALSE; // Reset so we don't play again
// Start a movie playing from a file.
m_bFailed = FALSE;
// Set the parameters to load the movie from a file.
//XmvParams.createType = XMEDIA_CREATE_FROM_FILE;
//XmvParams.createFromFile.szFileName = g_strMovieName;
// Create from embedded resource
VOID* pSectionData;
DWORD dwSectionSize;
HMODULE hModule = GetModuleHandle(NULL);
if (XGetModuleSection(hModule, "VID", &pSectionData, &dwSectionSize))
{
XmvParams.createType = XMEDIA_CREATE_FROM_MEMORY;
XmvParams.createFromMemory.pvBuffer = pSectionData;
XmvParams.createFromMemory.dwBufferSize = dwSectionSize;
/// Additional fields can be set to control how file IO is done.
HRESULT hr = XMedia2CreateXmvPlayer(m_pd3dDevice, m_pXAudio2, &XmvParams, &m_xmvPlayer);
if (SUCCEEDED(hr))
{
InitVideoScreen();
}
else
{
m_bFailed = TRUE;
}
}
else
m_bFailed = TRUE;
}
if (!DisableButtons)
{
if (pGamepad->wPressedButtons & XINPUT_GAMEPAD_BACK)
{
XLaunchNewImage(XLAUNCH_KEYWORD_DEFAULT_APP, 0);
}
else if (pGamepad->wPressedButtons & XINPUT_GAMEPAD_X)
{
SaveConsoleDataToFile();
}
else if (pGamepad->wPressedButtons & XINPUT_GAMEPAD_Y)
{
Dump1blRomToFile();
}
}
}
return S_OK;
}
//--------------------------------------------------------------------------------------
// Name: Render()
// Desc: Sets up render states, clears the viewport, and renders the scene.
//--------------------------------------------------------------------------------------
HRESULT XeUnshackle::Render()
{
// Draw a gradient filled background
//ATG::RenderBackground(0xff0000ff, 0xff000000);
// If we are currently playing a movie.
if (m_xmvPlayer)
{
// If RenderNextFrame does not return S_OK then the frame was not
// rendered (perhaps because it was cancelled) so a regular frame
// buffer should be rendered before calling present.
HRESULT hr = m_xmvPlayer->RenderNextFrame(0, NULL);
// Reset our cached view of what pixel and vertex shaders are set, because
// it is no longer accurate, since XMV will have set their own shaders.
// This avoids problems when the shader cache thinks it knows what shader
// is set and it is wrong.
m_pd3dDevice->SetVertexShader(0);
m_pd3dDevice->SetPixelShader(0);
m_pd3dDevice->SetVertexDeclaration(0);
if (FAILED(hr) || hr == (HRESULT)XMEDIA_W_EOF)
{
// Release the movie object
m_xmvPlayer->Release();
m_xmvPlayer = 0;
// Movie playback changes various D3D states, so you should reset the
// states that you need after movie playback is finished.
m_pd3dDevice->SetRenderState(D3DRS_VIEWPORTENABLE, TRUE);
// Free up any memory allocated for playing from memory.
if (m_movieBuffer)
{
free(m_movieBuffer);
m_movieBuffer = 0;
}
}
}
else
{
ATG::RenderBackground(0xFF000032, 0xFF000032);
m_Font.Begin();
m_Font.SetScaleFactors(1.5f, 1.5f);
m_Font.DrawText(0, 0, YellowText, wTitleHeaderBuf);
// Pre-Release Build Identifier
//m_Font.DrawText(840, 0, WhiteText, L"[TEST BUILD]");
//
m_Font.SetScaleFactors(1.0f, 1.0f);
// General info
m_Font.DrawText(0, 70, YellowText, currentLocalisation->MainInfo);
// Dashlaunch Info
m_Font.DrawText(0, 290, YellowText, wDLStatusBuf);
if (bDLisLoaded)
{
m_Font.DrawText(0, 320, YellowText, currentLocalisation->MainScrDL);
}
// Console Info
m_Font.DrawText(0, 460, YellowText, wConTypeBuf);
m_Font.DrawText(0, 490, YellowText, wCPUKeyBuf);
m_Font.DrawText(0, 520, YellowText, wDVDKeyBuf);
m_Font.DrawText(0, 570, YellowText, L"https://github.com/Byrom90/XeUnshackle");
m_Font.DrawText(0, 600, YellowText, L"https://byrom.uk");
// User input with buttons - Make these white so they display correctly and stand out to the user
m_Font.DrawText(840, 530, WhiteText, currentLocalisation->MainScrBtnSaveInfo);// X button icon with text
m_Font.DrawText(840, 560, WhiteText, currentLocalisation->MainScrBtnDump1BL);// Y button icon with text
m_Font.DrawText(840, 600, WhiteText, currentLocalisation->MainScrBtnExit);// Back button icon with text
m_Font.End();
}
// Present the scene
m_pd3dDevice->Present(NULL, NULL, NULL, NULL);
return S_OK;
}
//--------------------------------------------------------------------------------------
// Name: main()
// Desc: Entry point to the program
//--------------------------------------------------------------------------------------
VOID __cdecl main()
{
SetLocale(); // Set the correct locale so text will be displayed in the correct language
// Part 1 - We apply the HV patches here (if required)
if (!Hvx::CheckPPExpHVAccess()) // If we have pp access then assume we have done this previously
{
if (!Hvx::DisableExpChecks()) // Stage 1 - Apply HV patches to disable checks on expansions. If this fails do not proceed
{
cprintf("[XeUnshackle] Stage 1 failed!");
ShowErrorAndExit(1);
}
cprintf("[XeUnshackle] Stage 1 success!");
if (!Hvx::SetupPPExpHVAccess()) // Stage 2 - Install the peek poke expansion. If this fails do not proceed
{
cprintf("[XeUnshackle] Stage 2 failed!");
ShowErrorAndExit(2);
}
cprintf("[XeUnshackle] Stage 2 success!");
if (!Hvx::CheckPPExpHVAccess()) // Stage 3 - Check if we now have HV access via Peek Poke expansion. If this fails do not proceed
{
cprintf("[XeUnshackle] Stage 3 failed!");
ShowErrorAndExit(3);
}
cprintf("[XeUnshackle] Stage 3 success!");
if (!ApplyFreebootHVPatches())
{
cprintf("[XeUnshackle] Stage 4 failed!");
ShowErrorAndExit(4);
}
cprintf("[XeUnshackle] Stage 4 success!");
//cprintf("[XeUnshackle] Relaunching before proceeding with Stage 5!"); // NO LONGER REQUIRED
//RelaunchApp();
// No more relaunching
cprintf("[XeUnshackle] Calling KeFlushEntireTb");
KeFlushEntireTb(); // This is called in XexpTitleTerminateNotification. Maybe this is why relaunching works???
}
// Part 2 - We end up here if part 1 succeeded in gaining HV access via expansions
cprintf("[XeUnshackle] Checking kernel patch state");
if (*(DWORD*)0x80108E70 != 0x48003134) // This is the last freeboot kernel patch applied. This determines whether we have applied them yet
{
if (!ApplyFreebootKernPatches())
{
cprintf("[XeUnshackle] Stage 5 failed!");
ShowErrorAndExit(5);
}
ApplyAdditionalPatches(); // Other patches for general fixes
RestoreRoL(); // Restore the default RoL state
cprintf("[XeUnshackle] Calling KeFlushEntireTb");
KeFlushEntireTb();
cprintf("[XeUnshackle] Stage 5 success!");
}
// Part 3 - We should only ever begin here for any subsequent launches of the app
// If Dashlaunch loaded successfully we can revert the patches done by BadUpdate.
// Needs to be like this due to Dashlaunch fixing Retail signed xex files that have been patched.
// BadUpdate patches also allow this but prevent the Freeboot patches from functioning correctly
// IMPORTANT NOTE: Dashlaunch doesn't appear to load the plugins until you exit to dash aka the next executable load.
// 0 = FAILED
// 1 = SUCCESS
// 2 = Already loaded
if (SysLoadDashlaunch() == 1) // We always call this here since it also sets up the wchar buffer to display in the app for Dashlaunch load status
{
RevertBadExploitPatches(); // Restore changes made by the exploit
}
cprintf("[XeUnshackle] All patches have been applied! Proceeding to init the ui...");
// Grab some stuff for display in the ui
ZeroMemory(wTitleHeaderBuf, sizeof(wTitleHeaderBuf));
swprintf_s(wTitleHeaderBuf, L"%ls XeUnshackle v%.2f BETA %ls", GLYPH_RIGHT_TICK, APP_VERS, GLYPH_LEFT_TICK);
// Motherboard type
ZeroMemory(wConTypeBuf, sizeof(wConTypeBuf));
swprintf_s(wConTypeBuf, L"Console type: %S", GetMoboByHWFlags().c_str());
// cpu key
QWORD fuse3 = Hvx::HvGetFuseline(3);
QWORD fuse5 = Hvx::HvGetFuseline(5);
ZeroMemory(wCPUKeyBuf, sizeof(wCPUKeyBuf));
swprintf_s(wCPUKeyBuf, L"CPUKey: %08X%08X%08X%08X", fuse3 >> 32, fuse3 & 0xffffffff, fuse5 >> 32, fuse5 & 0xffffffff);
// dvd key
BYTE DVDKeyBytes[16];
QWORD kvAddress = Hvx::HvPeekQWORD(0x00000002000163C0);
Hvx::HvPeekBytes(kvAddress + 0x100, DVDKeyBytes, 16);
ZeroMemory(wDVDKeyBuf, sizeof(wDVDKeyBuf));
swprintf_s(wDVDKeyBuf, L"DVDKey: %08X%08X%08X%08X", *(DWORD*)(DVDKeyBytes), *(DWORD*)(DVDKeyBytes + 4), *(DWORD*)(DVDKeyBytes + 8), *(DWORD*)(DVDKeyBytes + 12));
BackupOrigMAC(); // This will cause a notify to pop before the video has played completely but only if it hasn't been dumped previously
// Run the ui portion of the app with video etc...
XeUnshackle atgApp;
// For movie playback we want to synchronize to the monitor.
atgApp.m_d3dpp.PresentationInterval = D3DPRESENT_INTERVAL_ONE;
ATG::GetVideoSettings(&atgApp.m_d3dpp.BackBufferWidth, &atgApp.m_d3dpp.BackBufferHeight);
bShouldPlaySuccessVid = TRUE;
atgApp.Run();
}