Reverse Engineering The Saboteur game for Xbox360 with Linux – part 4

Questo articolo è stato scritto oltre 1 years, il contenuto potrebbe essere datato.

This is a story of a defeat. A long battle but I want to share the updates of the last months.

The previous episode of the story is available there so to keep reading is important to check the previous episodes.

Xbox 360 Patcher

On the previous episodes we saw that the game code check if the lua packaged version are available otherwise loads the lua files without bytecode. The difference between PC and Xbox was important because on PC putting the files and remove the packaged stuff works so you can run custom code too!
In Xbox instead this doesn’t work and the game crashes also if the code is the same something is different. Testing in the past with Xenia (xbox 360 emulator) didn’t helped on investigating what is happening.

My idea was to pach the xex binary so I can force the check of the lua packaged file as false, as it seems that crash because a low I/O operation of the xbox kernel that didn’t worked when this file is missing.
So I patched the xex version of the game so I used the PPC documentation to change the assembly code.

Turned out that xex binary files are signed, so it is not possible to change them like I did with GameBoy Advance rom as example, so also if I changed the code the game crashed.

WarrantyVoider, the big boss, started working on a runtime patcher of the game to change the result of the function so it was capable to turned off and read the files without bytecode.

You can find the original code also compiled on GitHub.

This patcher didn’t worked, so I waited for my new laptop to be able to run a Windows machine and start hacking. This took some months and to configure a Windows 10 machine with Visual Studio 2010 and Xbox Neighboorhood. In this way I was able to compile the code as xex and to manually upload it in the console and run it.

I used the WarrantyVoider tool to debug the console. It is a different interface to VS that uses the xbox protocols (that you need to enable in your RGH console). As you can see in the screens is a complete tool to see the memory, a log, a file manager and a screenshot tool.

So the workflow was to edit the code, build the new binary, move to the Linux host machine to upload it on the console and run it from this tool.

On this screens you can see the Patcher running but the game crash.

So I tried also patching the C++ code as in the screen, without changing a memory address using this time an hook to change the function executed.
The game crashed anyway…

Looking with the tool it was clear that the memory address content was changed but to me the timing was the issue. My idea was that the game starts, the patcher starts too and set that content before that the function is executed. For this reason I tried with an hook, to replace the function of the game at all.

I studied a bit the kernel.h file used in the patcher and also other source code of Xbox 360 trainer that I found on GitHub. Those were very complex and to me (not so skilled with C++) it was very hard to understand those things. I tried with various tools like a Cheat Engine version for Xbox 360 without any new hints about how to do it.


It is clear that the patcher is the only way but in my experience this world is too much hard. I use to have a book or tutorial and code to read about something that is working. Instead in the homebrew world of Xbox 360 everything is hard, documentation is not easy to find, there are tons of old threads on internet incomplete or with links that don’t works anymore. The worst part is code as it is not easy to find it at all.

As example as user I want to read the trainer code of all the Aurora Trainers but it wasn’t released at the time…
It is like that the devs were afraid to share their knowledge and in this way is dead as today.

At same time I am not busy with other things and it is clear that I don’t have the knowledge to finish this project.
Also on computer everything works so the mod scene of saboteur still will keep on and maybe someone in the future will find a way to patch the game also for the consoles.

My other solution to have a lua bytecode compiler for PPC didn’t worked probably for the same reasons. When I started the project the idea was simple, get the lua bytecode and replace it something that I can do but not with all this obstacles.
The series of articles started as a way on how to edit games on Linux, without use windows or windows tools but for Xbox 360 everything require Windows. I tried on creating tools that unpack, compile etc but didn’t worked for other reasons, not because of the operative system.

This episode is very short compared with the others but there aren’t many other things to discuss if not change the behavior of those functions so it can run custom lua files with no bytecode.

If someone else want to work on this, can start from the GitHub project from WV that is the best starting point.

Thanks to WarrantyVoider for the mentoring/help, I did my best on this.

Liked it? Take a second to support Mte90 on Patreon!
Become a patron at Patreon!

Leave a Reply

Your email address will not be published. Required fields are marked *