Hacking [Info] Xbox One - Getting somewhat started

[ploggy]

UPDATES!

Flash reading/Dumping is now a thing thanks to XRF! Probably doesn't mean much for your average end user but no doubt will help Devs tinker with the inner workings of the Xbox One, which will in turn be good for said end user. SAVVY!?


LINK: https://github.com/xboxoneresearch/XRF

 

[Deleted User]

UPDATES!

Flash reading/Dumping is now a thing thanks to XRF! Probably doesn't mean much for your average end user but no doubt will help Devs tinker with the inner workings of the Xbox One, which will in turn be good for said end user. SAVVY!?


LINK: https://github.com/xboxoneresearch/XRF

Yep! There's a lot more that will be added and extended upon. Currently focused on figuring other relative things out. Keep in mind that those operations do require an elevated user. But they do work!

 

[m3hh]

I know it’s way too early, but are you guys developing/targeting a certain dashboard version?

 

[Deleted User]

I know it’s way too early, but are you guys developing/targeting a certain dashboard version?

Nope! I'm actually in the Xbox Preview Beta Ring while I develop and test everything. Some others may be in older dashboards but I like to keep my eyes on the preview builds.
I would suggest to keep your console in the main public builds just in case.

 

[Joom]

So to what extent are we allowed with win32 applications? The reason I'm asking is because I'm wondering if primitive malware can be executed. Nothing glamorous, but I'm wondering if a basic RAT could be ran. There are some written in pure ASM and C++ that I imagine could at least create a back connect. If this is possible, it could lead to some interesting stuff.

Also, I'm a NetWire beta tester (a native, cross-platform commercial RAT), so I can generate PEs for testing.

 

[FR0ZN]

Yep! There's a lot more that will be added and extended upon. Currently focused on figuring other relative things out. Keep in mind that those operations do require an elevated user. But they do work!

Is there a public way to use an elevated user? Or does it require an exploit to gain elevated privileges ?

 

[Deleted User]

So to what extent are we allowed with win32 applications? The reason I'm asking is because I'm wondering if primitive malware can be executed. Nothing glamorous, but I'm wondering if a basic RAT could be ran. There are some written in pure ASM and C++ that I imagine could at least create a back connect. If this is possible, it could lead to some interesting stuff.

Also, I'm a NetWire beta tester (a native, cross-platform commercial RAT), so I can generate PEs for testing.

Would require quite a bit of modifications since the Xbox One SystemOS isn't a pure Win10 build. It's got quite a bit missing unfortunately. The extent of "Win32" would allow people to eventually write their own services and command-line applications, of course for services it would require an exploit of sorts (mainly priv-esc) but would be useful. Nothing graphical will happen with Win32 without patching some critical parts. I could be wrong.

Is there a public way to use an elevated user? Or does it require an exploit to gain elevated privileges ?

No and not really. There is a few ways to achieve it but I can't help with that at the moment. I might see if I can do something else that would help out.

 

[FR0ZN]

No and not really. There is a few ways to achieve it but I can't help with that at the moment. I might see if I can do something else that would help out.

Nice!

Can I ask since when gligli is involved? Been ages since I heard this name and I kinda got hyped tbh

 

[Deleted User]

Nice!

Can I ask since when gligli is involved? Been ages since I heard this name and I kinda got hyped tbh

He made a few contributions to a few private related tools last year. XRF is a stripped down version of a project he had some contributions towards.

 

[FR0ZN]

He made a few contributions to a few private related tools last year. XRF is a stripped down version of a project he had some contributions towards.

Hope to see good things coming out of that

 

[Max4life]

Hello everyone.
Will something like a SPI Emulator be able to hack the drive if connected to points SOMI, SIMO, and SCLK in the picture? After all those are SPI connection points.
Or maybe the teensy 3.6 might work?

 

[FR0ZN]

Hello everyone.
Will something like a SPI Emulator be able to hack the drive if connected to points SOMI, SIMO, and SCLK in the picture? After all those are SPI connection points.
Or maybe the teensy 3.6 might work?

The very last 360 drives needed cloned drive PCBs with writeable ICs on it to make bavkups work (LTU2). I'd be surprised if the XBO drive would have weaker security meassures.

Afaik the FW is readable tho.

 

[Max4life]

The very last 360 drives needed cloned drive PCBs with writeable ICs on it to make bavkups work (LTU2). I'd be surprised if the XBO drive would have weaker security meassures.

Afaik the FW is readable tho.

Has anyone manage to get the firmware?
Also do you know if there is a key in the chip?

 

[FR0ZN]

Has anyone manage to get the firmware?
Also do you know if there is a key in the chip?

There is a raw dump of the drive FW.
And the drive definitly has a key which pairs it to the console.

 

[Max4life]

There is a raw dump of the drive FW.
And the drive definitly has a key which pairs it to the console.

Can you tell me how to dump the FW please. I am a noob.
Also, if the firmware is dump. How comes there are no custom firmware yet?
Sorry for all the questions.

 

[FR0ZN]

Can you tell me how to dump the FW please. I am a noob.
Also, if the firmware is dump. How comes there are no custom firmware yet?
Sorry for all the questions.

- I can't tell you how to dump the firmware because I don't know how to do it myself.

- Dumping a ODD FW does not mean you can just patch it or even write it. There are hardware write locks in place that need to be circumvented first.

 

[Max4life]

- I can't tell you how to dump the firmware because I don't know how to do it myself.

- Dumping a ODD FW does not mean you can just patch it or even write it. There are hardware write locks in place that need to be circumvented first.

Thank you so much, I will be tinkering with my drive and hope I don't break it. Have a good night.

 

[FR0ZN]

Thank you so much, I will be tinkering with my drive and hope I don't break it. Have a good night.

You might want to try messing with an easier drive. Or something that hasn't been done yet like the PS3 drives.
Look how hard the 360 slim drives were to hack. I don't want to discourage you, you gotta start somewhere right?
But think of all the talent in the scene who hasn't yet managed to fuzz with the XBO drive, there probably won't be any hope for you to succeed as a noob - as you call yourself.
If you realy want to get into this stuff, try to replicate the hacks that have been done with the different 360 drives in the past and maybe you'll get a grasp of what it might take to attack the XBO drive.

Best of luck!

 

[Max4life]

You might want to try messing with an easier drive. Or something that hasn't been done yet like the PS3 drives.
Look how hard the 360 slim drives were to hack. I don't want to discourage you, you gotta start somewhere right?
But think of all the talent in the scene who hasn't yet managed to fuzz with the XBO drive, there probably won't be any hope for you to succeed as a noob - as you call yourself.
If you realy want to get into this stuff, try to replicate the hacks that have been done with the different 360 drives in the past and maybe you'll get a grasp of what it might take to attack the XBO drive.

Best of luck!

I have done RGH on my Xbox 360 slim and flash the drive on a Zephyr. I made my own probe by following tutorial. I tried to activate Dev mode on my console, I use my school email and still didn't get to activate it. Not sure why.

 

[EmulateLife]

I have an Xbox One but haven't bought a game for it in almost 2 years. Not sure much would change if it was hacked except I guess ripping the games. Microsoft has been really dropping the ball lately with Xbox One IMO other than Forza but a racing game is a racing game.