Requirements: - Modified console (Jtag/Rgh/Xdk) - The .XEX you want to modify. - Xextool - IDA (Look for a BAN-ME-PLEASE if you don't have it) - IDA Plugins - HXD Step 1: - Once you installed xextool, you now want to search in your bar for "cmd" and then copy it and paste it in your xextool folder. - Copy and paste your .XEX into the folder. So your folder should like this: Step 2: - You now want to open cmd in Administrator mode. - Now you want to copy this into cmd to remove all media protection: Code: xextool -r a default_mp.xex - Click and enter the next command: Code: xextool -e d default_mp.xex If you've done it all correctly it will say: Code: XexTool v5.2 - xorloser 2006-2008 Successfully wrote altered xex to default_mp.xex default_mp.xex is retail unencrypted uncompressed. So now, you have an un-encrypted xex with no medi or region protection, the same process can be used to patch and decrypt the default.xex, you just need to change the "default_mp.xex" to "default.xex". The next step is to load the file into IDA. Step 3: - Open IDA It should look like this: - Click new and then change the file type to "all files" and select your .xex. - You now want to make sure in the top box "Xbox 360 xex file" is selected and change the processor type to "PowerPC" - Click ok and it should look like this: Now you want to change the dvars. I'll show you the basics dvars. So firstly we'are going to search for "jump_height" Step 4: - You should see something like that: Underneath the dvar the "float" which has a value of "39.0" is the value for the dvar, we're going to change the value to 999. To do this, we can't use IDA so you now want to open your .XEX into HXD, I will show you how after. - So you now want to find the hex location of the float, to do this click the value "39.0" and then change tab from "IDA view - a" to "Hex view - a". You should see that the hex version of the float is now highlighter, notice that it is 4 double characters long, this is always the case and if you change the float you need to change all 4 pairs of characters. - Now highlight the hex characters and the 4 after it so it is easier to search for them in HXD, in this case I would copy: 42 1C 00 00 3F 26 66 66 Step 5: - You now want to open up HXD and open your .xex, search for the value you highlighted and make sure you change it to search for hex: - You should see: We can now change the first 4 characters (42 1C 00 00) to another value, if you can't find a converter here are some hex value's for floats for you: Code: 360.0 - 43 B4 00 00 15.0 - 41 70 00 00 0.001 - 3A 83 12 6F 4.0 - 40 80 00 00 800.0 - 44 48 00 00 999.0 - 44 79 C0 00 - In this case we're going to change the value to 999.0, so change the "4C 1C 00 00" to "44 79 C0 00". Step 6: - Now you can simply save it and put the .xex back into your modified console and you should see some differences. - I suggest you to edit fall damage because you will die if you don't. Thanks for reading and I hope it helps you.
Thanks buddy. If you guys are having problems with this, just comment and I will get back to you. By the way if you need me to convert float values for you let me know.
Nice tut. Never done anything like this will give it a go when i get home Sent from my GT-N7000 using Tapatalk 2
I thought it would help some people if I posted this. So if you guys want to convert the float value to hex value to put it in your .XEX, simply click on that link: http://babbage.cs.qc.cuny.edu/IEEE-754/ You put the desired value in the "Value to analyse" box and then it will appear in "Binary32". For example, let's say you want to put 999.0, so it would look like that: Hope it helps you guys. If you still not understanding, just drop me a PM
Hi, I have a problem with ome games when I try to put them in iso2god. It sais that "could not locate default.xex or default.xbe". What should I do? Thanks
Remember guys, you cant enable/disable every dvar from the .xex, some of them reset to default when the game loads. also it i think the topics name should be "How to edit dvar values from .xex"
The xexloader for IDA isn't as good as extracting the base file and using the ida script to load the file. xextool -b basefile.exe -i idascript.idc default_mp.xex