1. XVMM

    XVMM Advanced Member
    Newcomer

    Joined:
    Sep 9, 2018
    Messages:
    80
    Country:
    Afghanistan
    This has been possible from day one with the Developer Mode. Anyone can do it on both retail and Dev Mode. It's most definitely real. I may have to update the wiki but we did show and demonstrate how to do it:

    https://xosft.dev/wiki/setup-dev-mode/

    Read the bottom.

    Also to answer this specific question: the main operating system files that are interesting are outside the system apps are more so system services, libraries and drivers.

    They are not encrypted when they are mounted and accessed at runtime. This can depend on your application and user privileges and also depending on what flags the target Xbox Virtual Drive is given.
     
    Last edited by XVMM, Jul 29, 2020
  2. hullpop

    hullpop Newbie
    Newcomer

    Joined:
    Jul 30, 2020
    Messages:
    6
    Country:
    United States
    How Do you run it do you have to run it on dev mode?
     
    Last edited by hullpop, Jul 30, 2020
  3. MeAndHax

    MeAndHax Impolite person with some modding knowledge.
    Member

    Joined:
    Feb 7, 2017
    Messages:
    592
    Country:
    Germany
    Can you replace them with other files tho? Probably not, right?
     
    Last edited by MeAndHax, Jul 30, 2020
  4. XVMM

    XVMM Advanced Member
    Newcomer

    Joined:
    Sep 9, 2018
    Messages:
    80
    Country:
    Afghanistan
    No, any executable or any data located on a read-only mounted XVD cannot be tampered. Only temporary data. This can't be bypassed normally and would, as usual, require a much more lower-level exploit.
     
    hullpop and MeAndHax like this.
  5. hullpop

    hullpop Newbie
    Newcomer

    Joined:
    Jul 30, 2020
    Messages:
    6
    Country:
    United States
    Do you know any exploits that can bypass a read only mounted partition and make it a writable partition?
     
  6. XVMM

    XVMM Advanced Member
    Newcomer

    Joined:
    Sep 9, 2018
    Messages:
    80
    Country:
    Afghanistan
    It's not possible. There's a "bug" within Developer Mode to trick Windows to mount another disk on the same volume but ultimately, there's nothing. Again, without any low-level exploit you can't.
     
  7. hullpop

    hullpop Newbie
    Newcomer

    Joined:
    Jul 30, 2020
    Messages:
    6
    Country:
    United States
    Have you looked tho any of the files yet maybe you can find something wait does this mean dev mode is not sandbox?
     
  8. hullpop

    hullpop Newbie
    Newcomer

    Joined:
    Jul 30, 2020
    Messages:
    6
    Country:
    United States
    and one more thing there maybe a vulnerability in the hardware that might allow you to flash files but I think that is unlikely especially if it's unsigned code.
     
  9. XVMM

    XVMM Advanced Member
    Newcomer

    Joined:
    Sep 9, 2018
    Messages:
    80
    Country:
    Afghanistan
    I've been reversing a lot of the OS when I can and sometimes I might come across a couple minor exploits but it's difficult to pull off in retail scenarios. Also, Developer Mode is essentially sandboxed. While it can use the same host, system and game OS XVD's, they use a separate set of other XVD's for storing other temporary data. Sure, it's a little bit more open but it also has certain limited capabilities - even more so limited in retail except certain scenarios.

    You can modify your flash but there are certain critical, encrypted and signed data such as: host.xvd, system,xvd, boot.bin and more. Some files are readable and some are not.
     
  10. hullpop

    hullpop Newbie
    Newcomer

    Joined:
    Jul 30, 2020
    Messages:
    6
    Country:
    United States
    Try to find a buffer overflow exploit best case scenario in my opinion.

    — Posts automatically merged - Please don't double post! —

    Maybe you can dump the hypervisor sorry if I don't know what I'm talking about but I'm only use to the ps3 system I was one of the first ones to flash a patched nand to my ps3 system.

    Is the kernel readable?
     
    Last edited by hullpop, Aug 1, 2020
  11. XVMM

    XVMM Advanced Member
    Newcomer

    Joined:
    Sep 9, 2018
    Messages:
    80
    Country:
    Afghanistan
    It's not quite as simple. Even with execution in System OS, you now have to find another exploit in Host. Even then, it becomes more diluted.
     
    hullpop likes this.
  12. rommy667

    rommy667 GBAtemp Advanced Fan
    Member

    Joined:
    Mar 21, 2008
    Messages:
    562
    Country:
    Looks like the old onesise is going to make it through the 8th gen unblemished well done M$ but id sure still love to brew the dam thing.
     
Draft saved Draft deleted
Loading...

Hide similar threads Similar threads with keywords - retrieved, system, files