# Can the BD-JB Blu-ray Disc Java Sandbox Escape by TheFlow be used on the xbox one



## XboxModder2 (Nov 5, 2022)

I saw on his presentation months ago that the xbox one is also affected by it, so any hope for a jailbreak with this?


----------



## Kopimist (Nov 6, 2022)

brouh said:


> I saw on his presentation months ago that the xbox one is also affected by it, so any hope for a jailbreak with this?


In theory, it could work for booting backups burnt to a disc but I don't believe anyone has managed to pull it off. As far as leading to an actual jailbreak of the console for homebrew outside of dev mode, it's not likely


----------



## Torus (Nov 12, 2022)

brouh said:


> I saw on his presentation months ago that the xbox one is also affected by it, so any hope for a jailbreak with this?



The tech is available on the Xbox One. We would need to dump the interpreter's binary and look for vulnerabilities.


----------



## XboxModder2 (Nov 18, 2022)

Torus said:


> The tech is available on the Xbox One. We would need to dump the interpreter's binary and look for vulnerabilities.



how does someone start with doing this


----------



## lolki (Nov 22, 2022)

Torus said:


> The tech is available on the Xbox One. We would need to dump the interpreter's binary and look for vulnerabilities.



Xbox Series X too?


----------



## XboxModder2 (Nov 23, 2022)

lolki said:


> Xbox Series X too?


yes im pretty sure


----------



## Torus (Nov 27, 2022)

brouh said:


> how does someone start with doing this



Using this image: https://www.mediafire.com/file/6a6aexvvm36o3t3/Doom-BluPlay.iso/file (by Shykelit above, who sent me the image months ago at the time of the Tweet). This is just executing Java code contained in the bluray disc.

More info:
https://en.wikipedia.org/wiki/BD-J

A list of homebrew games you can play through this method:
https://www.blu-play.com/links

As for reversing & exploiting the interpreter: it's very easy to obtain the binaries from a dev-mode console nowadays, so it isn't a far-fetched idea to maybe look up for vulns. If anyone wants to look into it feel free to ping me btw


----------



## lolki (Nov 27, 2022)

brouh said:


> yes im pretty sure


It's cool.


Torus said:


> Using this image: (by Shykelit above, who sent me the image months ago at the time of the Tweet). This is just executing Java code contained in the bluray disc.
> 
> More info:
> 
> ...


Xbox Series X too works?


----------



## Torus (Nov 27, 2022)

lolki said:


> It's cool.
> 
> Xbox Series X too works?



I'd think so. But I haven't checked myself


----------



## XboxModder2 (Nov 27, 2022)

Torus said:


> I'd think so. But I haven't checked myself


So realistically speaking, this is the only method someone can make a way to hack an xbox one


----------



## M4x1mumReZ (Nov 27, 2022)

Wonder if it will be possible to transfer over the contents of the Xbox One's memory to a PC via FTP with this method in mind?


----------



## XboxModder2 (Nov 27, 2022)

M4x1mumReZ said:


> Wonder if it will be possible to transfer over the contents of the Xbox One's memory to a PC via FTP with this method in mind?


We should do some testing and post the results, its dire in the xbox one scene lol

	Post automatically merged: Nov 28, 2022



Torus said:


> Using this image: https://www.mediafire.com/file/6a6aexvvm36o3t3/Doom-BluPlay.iso/file (by Shykelit above, who sent me the image months ago at the time of the Tweet). This is just executing Java code contained in the bluray disc.
> 
> More info:
> https://en.wikipedia.org/wiki/BD-J
> ...


I am interested in finding  some vulnerabilities but i have no idea how to and where to look lol, i already have dev mode and everything


----------



## lolki (Nov 30, 2022)

Torus said:


> I'd think so. But I haven't checked myself


When you test it could you come here and let us know the result? Very thanks.


----------



## XboxModder2 (Nov 30, 2022)

Torus said:


> I'd think so. But I haven't checked myself


I got my xbox one ready and dev mode too also with bdjb, so how do i start looking for vulns


----------



## sudeki300 (Nov 30, 2022)

brouh said:


> I got my xbox one ready and dev mode too also with bdjb, so how do i start looking for vulns


read post number #7 of this thread.


----------



## XboxModder2 (Nov 30, 2022)

sudeki300 said:


> read post number #7 of this thread.


yeah the only thing that was said related to it is "so it isn't a far-fetched idea to maybe look up for vulns.", never mentioned where to look for the vulns or how we can do it lol


----------



## sudeki300 (Nov 30, 2022)

brouh said:


> yeah the only thing that was said related to it is "so it isn't a far-fetched idea to maybe look up for vulns.", never mentioned where to look for the vulns or how we can do it lol


ah, sorry buddy totally misread the post, apologies.


----------



## Tomato123 (Nov 30, 2022)

BD-J and BD-JB are not the same thing. BD-J is a standard feature on all Bluray players which follow the standard properly. It allows java code execution in a sandboxed environment. BG-JB specifically targets the PS4/5 implementation of BD-J to allow for full userland code execution. While possible that Microsoft made a similar mistake with their implementation, it's extremely unlikely to be 1:1. Though it is a possible entry point to start looking for vulnerabilities.


----------



## XboxModder2 (Nov 30, 2022)

sudeki300 said:


> ah, sorry buddy totally misread the post, apologies.


no worries

	Post automatically merged: Nov 30, 2022



Tomato123 said:


> BD-J and BD-JB are not the same thing. BD-J is a standard feature on all Bluray players which follow the standard properly. It allows java code execution in a sandboxed environment. BG-JB specifically targets the PS4/5 implementation of BD-J to allow for full userland code execution. While possible that Microsoft made a similar mistake with their implementation, it's extremely unlikely to be 1:1. Though it is a possible entry point to start looking for vulnerabilities.


ah i see, thanks, so bdjb is the only way forward right?

	Post automatically merged: Nov 30, 2022



Tomato123 said:


> BD-J and BD-JB are not the same thing. BD-J is a standard feature on all Bluray players which follow the standard properly. It allows java code execution in a sandboxed environment. BG-JB specifically targets the PS4/5 implementation of BD-J to allow for full userland code execution. While possible that Microsoft made a similar mistake with their implementation, it's extremely unlikely to be 1:1. Though it is a possible entry point to start looking for vulnerabilities.



this video shows that the  BD-J exploit works though


----------



## Tomato123 (Nov 30, 2022)

brouh said:


> this video shows that the  BD-J exploit works though



Because BD-J is not an exploit. It's a feature of the Bluray standard. Easiest way I can try explain is imagine you have BD-J which is like 10% of the system's functionality unlocked (But planned like that by Sony/Microsoft/etc). BD-JB exploits the already unlocked 10% to unlock an extra 40% of that functionality, which is the exploit part of this all. (The percentages are just arbitrary numbers with no real meaning other than to portray my point.)

The names do cause a lot of confusion, but there is a big difference between the two.


----------



## XboxModder2 (Nov 30, 2022)

Tomato123 said:


> Because BD-J is not an exploit. It's a feature of the Bluray standard. Easiest way I can try explain is imagine you have BD-J which is like 10% of the system's functionality unlocked (But planned like that by Sony/Microsoft/etc). BD-JB exploits the already unlocked 10% to unlock an extra 40% of that functionality, which is the exploit part of this all. (The percentages are just arbitrary numbers with no real meaning other than to portray my point.)
> 
> The names do cause a lot of confusion, but there is a big difference between the two.


Ah alright, so lets say i wanna look for vulns considering we already have the binaries with dev mode and everyone, where do i start looking, or rather how


----------



## Tomato123 (Nov 30, 2022)

brouh said:


> Ah alright, so lets say i wanna look for vulns considering we already have the binaries with dev mode and everyone, where do i start looking, or rather how


If your entry point is via BD-J, then you need to look at the java environment which is running on the Xbox. I don't own an Xbox One anymore so unfortunately I can't give any detailed info.


----------



## XboxModder2 (Nov 30, 2022)

Tomato123 said:


> If your entry point is via BD-J, then you need to look at the java environment which is running on the Xbox. I don't own an Xbox One anymore so unfortunately I can't give any detailed info.


Alright thank you!


----------



## Torus (Dec 1, 2022)

Basically what @Tomato123 said:


BD-J: Feature that consists in basically including very limited Java code in BluRay discs, for the readers to execute. This code is, again, Java bytecode, not native bytecode. In other words, it runs in a (sort of) VM. And has a very limited set of capabilities. All modern consoles support this (xbox one, xbox series X presumably - i have not tested it and I'm not interested in researching the Series X/S -, PS3, PS4 and PS5)
BD-JB: Name of the exploit for the BD-J implementation of the PS4/PS5. Very surely, the same vulnerability does not exist in the Xbox one.



Looking for vulns @brouh :

BD-JB in the PS4/PS5 basically manages to "escape" the VM that executes the Java code, and (without going into details) gets to run native code. Then it also exploits a kernel vulnerability to gain more privileges if I recall correctly.

What I was suggesting in earlier posts is that, the VM application in the Xbox One, which executes the Java code, could *theoretically *have vulnerabilities. Hence it would be interesting to investigate. But that application is not the same one that runs on the PS4/PS5, it is probably a custom one made by Microsoft for the Xbox one. So the vulns (if any) would be different.

You'll likely need to do static reverse engineering of that application, using tools like Ghidra, IDA Pro, or radare2.
To do that, you first also need to find the application itself in your devmode console, and extract it to your PC. *Where can you find the binary in charge of executing BD-J in the xbox one?* Honestly no idea. I took a quick look at the drivers in C:\Windows\System32 in the Xb1 to see if I could quickly identify something related to ODD, BD, BluRay but I saw nothing. I'll let you know if I stumble upon it, or, if someone knows where to look into, don't hesitate to share w/ all of us


----------



## XboxModder2 (Dec 1, 2022)

Torus said:


> Basically what @Tomato123 said:
> 
> 
> BD-J: Feature that consists in basically including very limited Java code in BluRay discs, for the readers to execute. This code is, again, Java bytecode, not native bytecode. In other words, it runs in a (sort of) VM. And has a very limited set of capabilities. All modern consoles support this (xbox one, xbox series X presumably - i have not tested it and I'm not interested in researching the Series X/S -, PS3, PS4 and PS5)
> ...


I do think @Mezone0 on twitter is the guy that knows where to look, he shared this 11 months ago 
 
Not sure if he's still active though


----------

