fabi/xex2tractor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4ed8fadd4ced871b383a2776790cb70b52de1763
xex2tractor/README.md
MechaCat02 475e1d555c feat: add PE verification and complete extraction pipeline (M6) 
Add PE header verification (MZ signature, PE signature, POWERPCBE
machine type) to the extraction pipeline. Implement master key trial
with validation for encrypted files. Update CLI extract command to
show encryption/compression info. Update README with extract usage.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-28 21:51:52 +01:00

101 lines
2.2 KiB
Markdown
Raw Blame History

# xex2tractor
A tool for extracting and inspecting Xbox 360 XEX2 executable files, written in Rust.
## Usage
### Inspect
Display XEX2 file information (headers, security info, etc.):
```sh
xex2tractor inspect <file.xex>
```
#### Example Output
```
=== XEX2 Header ===
Magic: XEX2 (0x58455832)
Module Flags: 0x00000001 [TITLE]
Header Size: 0x00003000 (12288 bytes)
Reserved: 0x00000000
Security Offset: 0x00000090
Header Count: 15
=== Optional Headers (15 entries) ===
[ENTRY_POINT] 0x824AB748
[IMAGE_BASE_ADDRESS] 0x82000000
[DEFAULT_STACK_SIZE] 0x00080000 (524288 bytes)
[SYSTEM_FLAGS] 0x00000400 [PAL50_INCOMPATIBLE]
[EXECUTION_INFO]
Media ID: 0x2D2E2EEB
Title ID: 0x535107D4
Version: 0.0.0.2
...
[FILE_FORMAT_INFO]
Encryption: Normal (AES-128-CBC)
Compression: Normal (LZX)
Window Size: 0x8000 (32 KB)
...
=== Security Info ===
Header Size: 0x00000F34 (3892 bytes)
Image Size: 0x00920000 (9568256 bytes)
RSA Signature: 2C94EBE6...11A6E8AA (256 bytes)
Image Flags: 0x00000008 [XGD2_MEDIA_ONLY]
Load Address: 0x82000000
Region: 0xFFFFFFFF [ALL REGIONS]
Allowed Media Types: 0x00000004 [DVD_CD]
...
```
### Extract
Extract the decrypted and decompressed PE image from a XEX2 file:
```sh
xex2tractor extract <file.xex> [output.exe]
```
If no output path is given, defaults to the input filename with `.exe` extension.
#### Example
```sh
$ xex2tractor extract default.xex default.exe
Encryption: Normal (AES-128-CBC)
Compression: Normal (LZX)
Extracted PE image (9568256 bytes) -> default.exe
```
Supports:
- AES-128-CBC decryption (retail, devkit, and XEX1 master keys)
- No compression, basic (zero-fill), and normal (LZX) decompression
- PE header verification (MZ signature, PE signature, POWERPCBE machine type)
## Building
```sh
cargo build --release
```
## Testing
Place a sample XEX2 file at `tests/data/default.xex`, then run:
```sh
cargo test
```
## Documentation
See [doc/xex2_format.md](doc/xex2_format.md) for the XEX2 file format specification.
## License
This project is licensed under the MIT License. See [LICENSE](LICENSE) for details.
Reference in New Issue View Git Blame Copy Permalink