stfschk 0.2

Built for .NET 4.7.2

stfschk is an STFS filesystem checker/verifier, used to check the validity of Xbox 360 XContent packages, which may be useful if the packages were dumped from deleted filesystems or unknown sources.

By design STFS was made to allow verification of the file contents, where each 4096-byte part is hashed seperately into one of the many hash tables stored throughout the file.
Hash table data also gets hashed into higher-level hash tables, with the top-level hash-table hash stored inside the files header.
An RSA signature is then made of this header, either signed by Microsoft, an Xbox360 console, or an SDK (devkit) key.

stfschk allows the verification of the hashes/signature, along with making sure file entries & metadata looks valid.

Usage

Usage:
  stfschk.exe <path\to\package.file>

Batch mode:
  stfschk.exe <path\to\folder>

Batch mode checks all packages in a folder, creating a <filename>.bad file for packages detected as bad
The .bad file contains info about why the file was marked as bad
Only files with valid XContent magic signature CON/LIVE/PIRS are checked when using batch mode

Alternatively, drag & drop an STFS file into the stfschk.exe.

Scans

stfschk supports verification of the following:

• header signature (supporting LIVE/PIRS retail & devkit keys)
• metadata hash (aka "content ID")
• hash tables/blocks
• data blocks
• directory entries (checks that block counts are valid & sane, and the block-chain looks valid)
• directory blocks (make sure directory blocks are defined correctly)
• package size (checks for truncation & extra unused bytes)
• metadata values (content size, metadata version, volume descriptor flags)

The result of these checks should give you a reasonable idea of the validity of a package.
More checks will hopefully be added later on.