Controllers get disconnected because they fail an authentication check that Microsoft broke at some point in time. Some people are unable to obtain newer recoveries because they simply do not have contacts or access to a GDN account, and are stuck on one of these broken recoveries
Patch RgcSecAuthenticateDeviceAsyncStateMachine + 0x704 (should be a bge instruction, where if cr6 -- the result of r11 >= r10 -- then the authentication succeeds) so that this always branches to the "successful" block of code leaving the auth fail code as simply dead, unreachable code.
The address of this method of course changes from build to build, so you'll have to use a static address. I'm not sure what recovery/kernel revision I originally wrote this code for (I think 15574.0 kernel?) and I'm too lazy to find out for sure, but it should be enough to get you going:
void PatchControllerDisconnect()
{
int branch = 0x4800008C;
// some macro function that calls XbdmSetMem or whatever
SetMemory((LPVOID)0x80127D04, (LPCVOID)&branch, 4);
}
The above code was originally a part of LaunchCode