Ah alright, so lets say i wanna look for vulns considering we already have the binaries with dev mode and everyone, where do i start looking, or rather how
Can the BD-JB Blu-ray Disc Java Sandbox Escape by TheFlow be used on the xbox one
- Thread starter XboxModder2
- Start date
- Views 3,942
- Replies 24
- Likes 1
If your entry point is via BD-J, then you need to look at the java environment which is running on the Xbox. I don't own an Xbox One anymore so unfortunately I can't give any detailed info.
Basically what @Tomato123 said:
Looking for vulns @brouh :
BD-JB in the PS4/PS5 basically manages to "escape" the VM that executes the Java code, and (without going into details) gets to run native code. Then it also exploits a kernel vulnerability to gain more privileges if I recall correctly.
What I was suggesting in earlier posts is that, the VM application in the Xbox One, which executes the Java code, could theoretically have vulnerabilities. Hence it would be interesting to investigate. But that application is not the same one that runs on the PS4/PS5, it is probably a custom one made by Microsoft for the Xbox one. So the vulns (if any) would be different.
You'll likely need to do static reverse engineering of that application, using tools like Ghidra, IDA Pro, or radare2.
To do that, you first also need to find the application itself in your devmode console, and extract it to your PC. Where can you find the binary in charge of executing BD-J in the xbox one? Honestly no idea. I took a quick look at the drivers in C:\Windows\System32 in the Xb1 to see if I could quickly identify something related to ODD, BD, BluRay but I saw nothing. I'll let you know if I stumble upon it, or, if someone knows where to look into, don't hesitate to share w/ all of us
- BD-J: Feature that consists in basically including very limited Java code in BluRay discs, for the readers to execute. This code is, again, Java bytecode, not native bytecode. In other words, it runs in a (sort of) VM. And has a very limited set of capabilities. All modern consoles support this (xbox one, xbox series X presumably - i have not tested it and I'm not interested in researching the Series X/S -, PS3, PS4 and PS5)
- BD-JB: Name of the exploit for the BD-J implementation of the PS4/PS5. Very surely, the same vulnerability does not exist in the Xbox one.
Looking for vulns @brouh :
BD-JB in the PS4/PS5 basically manages to "escape" the VM that executes the Java code, and (without going into details) gets to run native code. Then it also exploits a kernel vulnerability to gain more privileges if I recall correctly.
What I was suggesting in earlier posts is that, the VM application in the Xbox One, which executes the Java code, could theoretically have vulnerabilities. Hence it would be interesting to investigate. But that application is not the same one that runs on the PS4/PS5, it is probably a custom one made by Microsoft for the Xbox one. So the vulns (if any) would be different.
You'll likely need to do static reverse engineering of that application, using tools like Ghidra, IDA Pro, or radare2.
To do that, you first also need to find the application itself in your devmode console, and extract it to your PC. Where can you find the binary in charge of executing BD-J in the xbox one? Honestly no idea. I took a quick look at the drivers in C:\Windows\System32 in the Xb1 to see if I could quickly identify something related to ODD, BD, BluRay but I saw nothing. I'll let you know if I stumble upon it, or, if someone knows where to look into, don't hesitate to share w/ all of us
I do think @Mezone0 on twitter is the guy that knows where to look, he shared this 11 months agoBasically what @Tomato123 said:
- BD-J: Feature that consists in basically including very limited Java code in BluRay discs, for the readers to execute. This code is, again, Java bytecode, not native bytecode. In other words, it runs in a (sort of) VM. And has a very limited set of capabilities. All modern consoles support this (xbox one, xbox series X presumably - i have not tested it and I'm not interested in researching the Series X/S -, PS3, PS4 and PS5)
- BD-JB: Name of the exploit for the BD-J implementation of the PS4/PS5. Very surely, the same vulnerability does not exist in the Xbox one.
Looking for vulns @brouh :
BD-JB in the PS4/PS5 basically manages to "escape" the VM that executes the Java code, and (without going into details) gets to run native code. Then it also exploits a kernel vulnerability to gain more privileges if I recall correctly.
What I was suggesting in earlier posts is that, the VM application in the Xbox One, which executes the Java code, could theoretically have vulnerabilities. Hence it would be interesting to investigate. But that application is not the same one that runs on the PS4/PS5, it is probably a custom one made by Microsoft for the Xbox one. So the vulns (if any) would be different.
You'll likely need to do static reverse engineering of that application, using tools like Ghidra, IDA Pro, or radare2.
To do that, you first also need to find the application itself in your devmode console, and extract it to your PC. Where can you find the binary in charge of executing BD-J in the xbox one? Honestly no idea. I took a quick look at the drivers in C:\Windows\System32 in the Xb1 to see if I could quickly identify something related to ODD, BD, BluRay but I saw nothing. I'll let you know if I stumble upon it, or, if someone knows where to look into, don't hesitate to share w/ all of us
Not sure if he's still active though
Similar threads
