Print

[Xeero]

XDXDXD

The long thread was confusing people, so here are instructions for patching - put simply.

All new games are confirmed to have the media check in them. By "new" I mean those games signed by MS after February 2003 or so. If they were signed earlier and mass-produced later, the check will not show up.

If you are running an X2 BIOS 4975 or above, you do not need to be concerned about patching games.  This is intended only for those running older BIOSes or mod chips that cannot be flash updated.

You can download the automatic patching tools from the following links:
XBE/ISO Media Patcher v2.0 by Copyhaunters
XBEMIDP2 by L!M!T
ADR Patcher 0.5 Xbox Media Check Fix by ADR-UK
Craxtion v2.1 by LepPpeR

NOTE: XBEMIDP2, Craxtion and ADR Patcher 0.5 Xbox Media Check Fix* contain updated code, so they can patch newer games, including Return to Castle Wolfenstein.  XBE/ISO Media Patcher v2.0 can patch games with release dates of Feb 2003 - May 2003.

All the listed utilities can patch both XBE files and ISO files.  While ISO patching expectedly takes longer, it is recommended.  Patching ISOs ensure that every file in the game is inspected for a media check and if one is found, it is nullified accordingly.

Also, you may prefer to manually patch the file.  This is obviously more flexible as you can adjust what string to search for.  This can be done with a standard hexediting utility.  Simply search the file (either XBE or ISO) for the hex string:
74 4B E8 CA FD FF FF 85 C0 7D 06 33 C0 50 50 EB 44 F6 05
and replace it with
74 4B E8 CA FD FF FF 85 C0 EB 06 33 C0 50 50 EB 44 F6 05
effective changing that blue 7D byte to EB.

Some newer games are showing shorter strings.  You may also want to try replacing
E8 CA FD FF FF 85 C0 7D
with
E8 CA FD FF FF 85 C0 EB
Because this is a much shorter string, it is not yet confirmed whether a search for this string will yield false positives and negatively affect the game.  Apply this hexedit with caution.  *To use this checking routine with ADR's tool, download an updated patch.data file here and overwrite the one in the same folder as ADR's tool.

Although this thread is meant to support others in patching games, it is here so you will read it.  Do not ask questions that have already been answered previously in the thread.  Also, do not ask where to download the patching tools (linked above), hex editors, or any BIOS image.  Due to the excessive length of this thread, any new post that does not abide by the following mandates will be deleted.  I will not reply to it, thereby increasing the length of the thread, and I will not ignore it, which would confuse new readers.  It will simply be deleted.

Thanks to Xbox-Saves.com for hosting ADR's Patcher and the updated patch.data file.

[HSDEMONZ]

Interesting... can't wait to see the follow-up to this...

[palmeiro]

Jesus, one freaking byte.  We came so far with the modchips and one byte stood in the way.  I hope it really is just one byte.  That I can handle.

Now my question is that you never had to patch your copy of the game.  So how come that one byte didn't stop you from booting it properly on your XBox?  Any technical answer for that?  I'm hoping I can fix my system to follow yours.  Thanks for researching it though.  At least I can sleep at night now.

[Xeero]

FIRST AND SECOND POSTS MERGED SO CURRENT PROCESS CAN REMAIN IN FIRST POST WHEN VIEWING THREAD.  HOPEFULLY THIS WILL MAKE IT EASIER TO UNDERSTAND.

----------------------------------------------------------------------------------------------------------------------------

Here's my take on this new "copy protection".  I've been examining these "cracked" default.xbe files and comparing them to the originals, and the only difference seems to be one byte (aside from Riot arbitrarily placing the string "FUCK" in the file), which doesn't seem like much as far as copy-protection circumvention goes.  However, I'm now starting to think that developers have moved the media flag.
Every XBE has a media flag, which determines which media on which it can be run.  The following is taken from the XDK:

XBEIMAGE_MEDIA_TYPE_HARD_DISK         0x00000001
XBEIMAGE_MEDIA_TYPE_DVD_X2              0x00000002
XBEIMAGE_MEDIA_TYPE_DVD_CD              0x00000004
XBEIMAGE_MEDIA_TYPE_CD                       0x00000008
XBEIMAGE_MEDIA_TYPE_DVD_5_RO          0x00000010
XBEIMAGE_MEDIA_TYPE_DVD_9_RO          0x00000020
XBEIMAGE_MEDIA_TYPE_DVD_5_RW          0x00000040
XBEIMAGE_MEDIA_TYPE_DVD_9_RW          0x00000080

Note that Xbox game discs are a different type of media and have a different flag.  At retail, MS signs all Xbox games to run from Xbox game disc only.  Not only does the mod chip allow the Xbox to run unsigned code, but it also circumvents this media flag - but only because it knows where the media flag is.  I'm theorizing that after moving the media flag, the mod doesn't know how to circumvent it.

I think these "cracks" are a simple hexedit that any one of us could do manually.  I'm guessing the hexedit is even simpler from the old 02 00 00 -> FF FF FF job to make the game run on Enigmah Betas - instead of changing 3 bytes we're changing 1.  I'm guessing that the media flag will be in the same location in all the new XBEs, so it should be easy to make a universal patcher if that's the case.  I'll post more on the topic.

-------------------------------------------------------------------------------------------------------------------

I think I found the catch here.  The media flags definitely appear to have moved.  I examined both High Heat Baseball 2004 and All-Star Baseball 2004 and there is a clear consistency here.  Though the byte offset is not always in the same location, it is easily identifiable.  Both original XBE files contain the following hex string:
74 4B E8 CA FD FF FF 85 C0 7D 06 33 C0 50 50 EB 44 F6 05

In the modified XBE files, the same byte changed.  The strings were changed to
74 4B E8 CA FD FF FF 85 C0 EB 06 33 C0 50 50 EB 44 F6 05

As a funny sidenote, Riot's FUCK string replaced bytes 214-217, which WAM had changed to FF FF FF FF.  This, of course, was the location of the old media flag.

I'm quite certain this will work on all newer games.  Anyone good at programming feel like making an XBE patcher for newer games?  LepPpeR??  Any other takers?

This post has been edited by Xeero on Apr 16 2003, 06:10 PM

[Xeero]

Also, as clarification, I had never actually tested the games when I previously stated no patches were necessary.  I've been listening to n00bs shout about copy protection for months now, and it usually ends up being some stupid mistake on their part or on the part of xISO, so I had waved it off.  I did check the XBE files before, but when I only noticed one byte of difference (aside from the FUCK string), I didn't deem it as a copy-protection workaround.  I figured it was RIOT fixing a corrupt WAM release.  I apologize to all those that were misled by my speculations, especially CZECH.  My mistake, and I'm sorry.

[Xeero]

I just confirmed the above with Rayman3 as well.

This post has been edited by Xeero on Apr 5 2003, 05:13 PM

[palmeiro]

Man, great job.  No more searching for patch for me.  Hopefully future version of EvoX will fix this problem.

Again, thanks.

[solidfood]

Xeero, a question

Is there hope that a new dashboard or new bios will fix this "sort of a copy-protection" thing with these new games? Or will we be patching and editing things from now on?

[Xeero]

Well, considering that it is the BIOS that handles the media flag workaround, I see no reason why the next version of the X2 BIOS, for example, couldn't have the workaround built-in.  For the time being, it's up to us to patch it ourselves, which is very easy.  That's what Enigmah Beta users have been doing the entire time; now the rest of us are in the same boat for the moment.

I don't know too too much about how the dashboard affects applications run from it, but I don't think it's likely that this workaround would be built into EvoX or any other dashboard.  The application (game, in these cases) manually checks the media from which it's being run.  I don't know that the dashboard would be able to hide that it's being run from the hard drive.

Once again, if anyone knows a bit about programming, I would think a small patching app would be easy to make.  I myself know very little about programming, so I am unable to make one myself.  The premises would be simple: 1) Find this 20-byte sequence; 2) Change the 11th byte.

*Also, my posts thus far have all been my own theorizing.  I just ran High Heat Baseball 2004 from the HD, no-go.  I hexedited the original default.xbe according to the above specifications, and it ran fine.

[majik655]

DUDE YOU ROCK!

where were you when I was asking these questions    eheh  just kidding..

Anyway THANK YOU!!
I knew it was a simple hex edit .. but I know nothing about finding those problems

THANK YOU THANK YOU!!

Now no more wondering!

[Goggens]

Maybe a silly quiz..
But do i use a special app to edit hex in the .XBE
(Never done it before)

Thanks  

It's good to know.

[Xeero]

Nope, any hex editor will do.  Just search for one...they're freely available for download.

[Goggens]

Thanks  

It's good to know

[HSDEMONZ]

Good stuff XEERO...

PINNED!

Question.. with the current RETAIL releases needing to be PATCHED in this method.. which new titles fall in this category?  A list of these few games (and sure to grow in the future) that need this new media descriptor HEX EDIT would be very helpful!

This post has been edited by HSDEMONZ on Mar 14 2003, 01:48 PM

[Xeero]

So far, All-Star Baseball 2003, World Series Baseball 2004, High Heat Baseball 2004, and Rayman3 all need to be patched.  I'm guessing it's going to be this way with all upcoming releases.

On a sidenote, I just wrote a quick batch file using a command-line version of Hexedit 0.5 that will automate the process of locating and modifying the new media flag.  I guess I'll host it for now, but all I can do is an ftp, so any testers/hosters would be appreciated.

EDIT:  Took my link out of here.  Nobody needs a batch file when there are better tools.

This post has been edited by Xeero on Mar 30 2003, 01:07 PM