HowTo non-genuine microsoft xbox360 gamepad and Gimx 0.30

Talk About Anything XBOX 360 here
Post Reply
jane8re
Posts: 11
Joined: Wed Mar 28, 2012 6:58 pm

HowTo non-genuine microsoft xbox360 gamepad and Gimx 0.30

Post by jane8re » Mon Apr 23, 2012 8:42 am

To test the gimx_usb adapter with my xbox 360, I bought a cheap wired gamepad for 19€ in the nearest supermarcket. It's a Madcatz gamepad for xbox quite similar to this one

Thanks to Saund098's post, I found a way to use it with Gimx.
This HowTo should work with any other non-genuine xbox 360 gamepad.

I) Tools

You need wxGTK, bluez, glib, libxml2, libxi and libusb to compile Gimx software.
You need avr-gcc and avr-libc to compile the firmware for the Gimx_usb adapter.

II) Getting the sources

You need the sources of gimx software. In a terminal, do
You also need the firmware sources for the Gimx_usb adapter.
III) The gamepad

We must now get some informations about our gamepad. Connect it to your computer and do
$ lsusb
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 005 Device 008: ID 1bad:f016 Harmonix Music # ok, this is my gamepad # with ID's 1bad:f016
So our gamepad vendor ID is "1bad" and its product ID is "f016". Now we want more verbosity about it. We are looking for the bcdDevice version number and for four strings of numbers corresponding to the unrecognized interfaces descriptors that depend on the bcdDevice version. Actually, only the first three ones should vary as the last one stands for the microsoft xbox gamepad security checking.

Code: Select all

$ lsusb -v -d 1bad:f016

Bus 005 Device 008: ID 1bad:f016 Harmonix Music 
Device Descriptor:
  bLength                18
  bDescriptorType         1
  bcdUSB               2.00
  bDeviceClass          255 Vendor Specific Class
  bDeviceSubClass       255 Vendor Specific Subclass
  bDeviceProtocol       255 Vendor Specific Protocol
  bMaxPacketSize0         8
  idVendor           0x1bad Harmonix Music	# We already know	
  idProduct          0xf016			# these ID's			 
  bcdDevice            4.90	# This is the version number of bcdDevice
				# we will need it
  iManufacturer           1 Mad Catz, Inc.
  iProduct                2 MadCatz GamePad
  iSerial                 3 026B03EC
  bNumConfigurations      1
  Configuration Descriptor:
    bLength                 9
    bDescriptorType         2
    wTotalLength          153
    bNumInterfaces          4
    bConfigurationValue     1
    iConfiguration          0 
    bmAttributes         0xa0
      (Bus Powered)
      Remote Wakeup
    MaxPower              500mA
    Interface Descriptor:		# first interface
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        0
      bAlternateSetting       0
      bNumEndpoints           2
      bInterfaceClass       255 Vendor Specific Class
      bInterfaceSubClass     93 
      bInterfaceProtocol      1 
      iInterface              0 
      ** UNRECOGNIZED:  11 21 10 01 01 25 81 14 03 03 03 04 13 02 08 03 03 # first 										# unknown 										# descriptor
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x81  EP 1 IN
        bmAttributes            3
          Transfer Type            Interrupt
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0020  1x 32 bytes
        bInterval               4
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x02  EP 2 OUT
        bmAttributes            3
          Transfer Type            Interrupt
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0020  1x 32 bytes
        bInterval               8
    Interface Descriptor:			
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        1
      bAlternateSetting       0
      bNumEndpoints           4
      bInterfaceClass       255 Vendor Specific Class
      bInterfaceSubClass     93 
      bInterfaceProtocol      3 
      iInterface              0 
      ** UNRECOGNIZED:  1b 21 10 01 01 01 83 40 01 04 20 16 85 00 00 00 00 00 00 16 05 00 00 00 00 00 00		# second unknown
				# descriptor
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x83  EP 3 IN
        bmAttributes            3
          Transfer Type            Interrupt
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0020  1x 32 bytes
        bInterval               2
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x04  EP 4 OUT
        bmAttributes            3
          Transfer Type            Interrupt
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0020  1x 32 bytes
        bInterval               4
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x85  EP 5 IN
        bmAttributes            3
          Transfer Type            Interrupt
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0020  1x 32 bytes
        bInterval              64
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x05  EP 5 OUT
        bmAttributes            3
          Transfer Type            Interrupt
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0020  1x 32 bytes
        bInterval              16
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        2
      bAlternateSetting       0
      bNumEndpoints           1
      bInterfaceClass       255 Vendor Specific Class
      bInterfaceSubClass     93 
      bInterfaceProtocol      2 
      iInterface              0 
      ** UNRECOGNIZED:  09 21 10 01 01 22 86 07 00		# third unknown 								# descriptor
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x86  EP 6 IN
        bmAttributes            3
          Transfer Type            Interrupt
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0020  1x 32 bytes
        bInterval              16
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        3
      bAlternateSetting       0
      bNumEndpoints           0
      bInterfaceClass       255 Vendor Specific Class
      bInterfaceSubClass    253 
      bInterfaceProtocol     19 
      iInterface              4 Xbox Security Method 3, Version 1.00, � 2005 Microsoft Corporation. All rights reserved.
      ** UNRECOGNIZED:  06 41 00 01 01 03	# last one which is always the same for 						# every xbox compatible gamepad 
Device Status:     0x0000
  (Bus Powered)
Nice, we got everything we need.
Vendor ID is : 1bad
Product ID is : f016
bcdDevice version is : 490
1° unknown descriptor is : 11 21 10 01 01 25 81 14 03 03 03 04 13 02 08 03 03
2° unknown descriptor is : 1b 21 10 01 01 01 83 40 01 04 20 16 85 00 00 00 00 00 00 16 05 00 00 00 00 00 00
3° unknown descriptor is : 09 21 10 01 01 22 86 07 00
4° unknown descriptor is : 06 41 00 01 01 03


IV) Modifying source code

A) gimx-serial
In a text editor, open the file ~/GIMX/core/utils/usbspoof.c
Line 33, change
#define VENDOR 0x045e
#define PRODUCT 0x028e
to your gamepad ID's, in my exemple
#define VENDOR 0x1bad
#define PRODUCT 0xf016
To get debug info automatically, line 56 you may also change
static int spoof = 0;
static int debug = 0;
static int verbose = 0;
static int libusb_debug = 0;
to
static int spoof = 0;
static int debug = 1;
static int verbose = 1;
static int libusb_debug = 0;
Save and compile as explained here.


B) GIMX_usb firmware
In a text editor, open ~/EMU360/Descriptors.c
Around line 55, change
.VendorID = 0x045e,
.ProductID = 0x028e,
.ReleaseNumber = 0x0110,
to
.VendorID = 0x1bad,
.ProductID = 0xf016,
.ReleaseNumber = 0x0490,
Then, around line 155, change

Code: Select all

	.UnkownDescriptor1 =
		{
		  0x11, 0x21, 0x10, 0x01, 0x01, 0x25, 0x81, 0x14, 0x03, 0x03, 0x03, 0x04, 0x13, 0x02, 0x08, 0x03, 0x03
		},
		
  .UnkownDescriptor2 =
    {
      0x1b, 0x21, 0x00, 0x01, 0x01, 0x01, 0x83, 0x40, 0x01, 0x04, 0x20, 0x16, 0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
    },

  .UnkownDescriptor3 =
    {
      0x09, 0x21, 0x00, 0x01, 0x01, 0x22, 0x86, 0x07, 0x00
    },

  .UnkownDescriptor4 =
    {
      0x06, 0x41, 0x00, 0x01, 0x01, 0x03
    },
to your gamepad unrecognized descriptor, in my exemple

Code: Select all

	.UnkownDescriptor1 =
		{
		  0x11, 0x21, 0x10, 0x01, 0x01, 0x25, 0x81, 0x14, 0x03, 0x03, 0x03, 0x04, 0x13, 0x02, 0x08, 0x03, 0x03
		},
		
  .UnkownDescriptor2 =
    {
      0x1b, 0x21, 0x10, 0x01, 0x01, 0x01, 0x83, 0x40, 0x01, 0x04, 0x20, 0x16, 0x85, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
    },

  .UnkownDescriptor3 =
    {
      0x09, 0x21, 0x10, 0x01, 0x01, 0x22, 0x86, 0x07, 0x00
    },

  .UnkownDescriptor4 =
    {
      0x06, 0x41, 0x00, 0x01, 0x01, 0x03
    },
Save. In a terminal, place yourself in the EMU360 folder and compile
$ cd /way/to/.../EMU360
$ ./genall
Your new firmware is now in the ~/EMU360/firmwares folder. You can load it on your Teensy board.
Enjoy...

DindonDodu
Posts: 21
Joined: Fri Jun 22, 2012 3:08 am

Re: HowTo non-genuine microsoft xbox360 gamepad and Gimx 0.3

Post by DindonDodu » Fri Jul 06, 2012 11:00 pm

cannot stat 'x360pe.hex :(

DindonDodu
Posts: 21
Joined: Fri Jun 22, 2012 3:08 am

Re: HowTo non-genuine microsoft xbox360 gamepad and Gimx 0.3

Post by DindonDodu » Sun Jul 08, 2012 4:20 am

Does it work? i might buy a madcatz controller because my genuine is not working....

Post Reply