- Dec 6, 2020
- Donations
- £1,000.48
- 51
- 42
- 18
- AGName
- stuntpenguin
- AG Join Date
- 2009
Is anyone interested in original Xbox exploit development?
I hacked together an Xbox kernel fuzzer a few years ago. It's pretty trash and I had no clue what I was doing. I still don't, but there are definitely improvements to be made.
Thanks to XQEMU, it should be possible to fuzz the Xbox kernel with kAFL. I'd like to target XBE loading, the network stack, or local Xbox Live services (since this can be partially replicated). The goal is for people to be able to easily get code running on their retail consoles. Most everyone has a router and two Ethernet cables. Blank CDs / DVDs and disc burners are becoming harder to find in the common household so XBE loading might be off the table. At some point, I had an idea of exploiting signed games (demos) capable of running off of CD / DVD but IIRC all resources were packed into the executable for games signed like that. Even so, a SHA1 collision would put us in business. Those have been getting cheaper and cheaper to obtain. I think the current computing power is around 100k USD for a reasonably timed collision.
Some version of kernel sources are also "in the wild" although, I'm not sure if we talk about those.
If anyone is interested, hit me up. I can probably do the kAFL porting. To use it you'd need some version of Ubuntu (planning on making this more generic Linux), and an Intel processor supporting "Processor Trace". Even if you don't have these things, you can still do binary analysis, come up with your own tactics, or just toss around ideas.
edit:
Can any mod give clarification on kernel source? Is talk permitted?
I hacked together an Xbox kernel fuzzer a few years ago. It's pretty trash and I had no clue what I was doing. I still don't, but there are definitely improvements to be made.
Thanks to XQEMU, it should be possible to fuzz the Xbox kernel with kAFL. I'd like to target XBE loading, the network stack, or local Xbox Live services (since this can be partially replicated). The goal is for people to be able to easily get code running on their retail consoles. Most everyone has a router and two Ethernet cables. Blank CDs / DVDs and disc burners are becoming harder to find in the common household so XBE loading might be off the table. At some point, I had an idea of exploiting signed games (demos) capable of running off of CD / DVD but IIRC all resources were packed into the executable for games signed like that. Even so, a SHA1 collision would put us in business. Those have been getting cheaper and cheaper to obtain. I think the current computing power is around 100k USD for a reasonably timed collision.
Some version of kernel sources are also "in the wild" although, I'm not sure if we talk about those.
If anyone is interested, hit me up. I can probably do the kAFL porting. To use it you'd need some version of Ubuntu (planning on making this more generic Linux), and an Intel processor supporting "Processor Trace". Even if you don't have these things, you can still do binary analysis, come up with your own tactics, or just toss around ideas.
edit:
Can any mod give clarification on kernel source? Is talk permitted?
Last edited: