Difference between revisions of "Exploits"

From xboxdevwiki
Jump to: navigation, search
m (some grammar fixing)
(Attack tested: I've mapped GP DSP scratch mem and DMA'd to X-mem; read it back using CPU: Memory repeats)
Line 99: Line 99:
 
|
 
|
 
* AC97: Lots of crashes / hangs. Sometimes crackling noise. Sometimes does not crash. Also can access some non-existing memory regions without any crashes. Data read from invalid addresses seemed to be 300 Hz square wave. While crashing the hardware output will have exponential falloff (measured on PCM line-out).
 
* AC97: Lots of crashes / hangs. Sometimes crackling noise. Sometimes does not crash. Also can access some non-existing memory regions without any crashes. Data read from invalid addresses seemed to be 300 Hz square wave. While crashing the hardware output will have exponential falloff (measured on PCM line-out).
* APU: Untested
+
* APU: Mapping GP DSP Scratch memory from 0x00000000 to 0x7FFFFFFF reveals mirrors of physical RAM. Setting the highest bit (addresses over 0x80000000) will result in a crash of the Xbox.
 
* OHCI: Untested
 
* OHCI: Untested
 
* Others: Untested
 
* Others: Untested

Revision as of 21:48, 29 August 2018

MCPX

LDT (Hypertransport) bus tap

See bunnie's adventures hacking the Xbox.

Visor hack

Exploits incorrect rollover of memory address.

MIST hack

Exploits error in xcode interpreter security check. There are at least 2 variations of this hack.

A20M# hack

A jumper wire hack to enable A20

Uses a legacy x86 feature.

RC4 attack (MCPX 1.0 only)

Microsoft uses the last bytes of the decrypted 2BL to check the integrity of the 2BL. However, RC4 does not have any feedback which means changes in the 2BL will not reflect in the last couple of bytes which are checked. As such, the 2BL can be freely modified, as long as the last couple of bytes still match what the MCPX ROM expects.

This can be used to take over the 2BL entry point.

When the attack happens, the MCPX ROM is still visible, making this a very powerful attack.

This attack is described by Michael Steil in his Google talk.

TEA attack (MCPX 1.1 only)

TEA, which is only used in MCPX 1.1, can not be used as a hash in Davies-Meyer mode [1][2]. And yet, Microsoft used it that way.

The original attack uses the 5 bytes at 0xffffd400 (FBL entry point) which are E9 83 01 00 00. This is jmp 0xffffd588 (which is a jump within the flash region).

When flipping the highest bit of the operand DWORD (at 0xffffd400, mind your endianess) this will become: E9 83 01 80 00. This is jmp 0x7fd588 (which is a jump into the RAM region). For the attack to be succssful, the highest bit in the DWORD at 0xffffd404 also has to be flipped.

The RAM can be controlled using the x-code command to write to RAM. So the idea is to copy a program from Flash to RAM using x-codes. Then the FBL / 2BL is modified to jump into said RAM region by flipping a bit of a jump operand (as described above). The 2 bit flips will not change the hash of FBL / 2BL as TEA is broken.

As such, the FBL verification will succeed, the MCPX ROM will hand control to the FBL which will then jump into the attacker controlled RAM.

When the attack happens, the MCPX ROM is still visible, making this a very powerful attack.

The TEA algorithm and exploit are also described in more detail in Bunnnies book (Page 109 and Page 142).

Dashboard

Audio hacks

Font hacks

Analysis of "Bert & Ernie" font-exploit.

Easter-egg exploit

Savegames

Savedgames can be used as an exploit method, but care must be taken for most games are verifying digital signatures of savedgames [citation needed] [3]

007: Agent Under Fire

Frogger Beyond

MechAssault

Tom Clancy's Splinter Cell

Tony Hawk's Pro Skater 4

Grimdoomer discovered a savegame exploit in THPS4, shared it on Discord and was later included with the Rocky5 softmod installer. a video demonstrating the game trigger (custom skatepark)

10-4-2017 it's just shell code I injected into the game save/ granted this save is slightly more complicated than the others and requires a small "loader" that is just a memcpy basically it's literally as simple as a buffer overflow...I just looked for null terminated strings and fuzzed them then when I got a crash I looked in teh xbe to figure out what was going on. yeah it's literally just a stack overflow - grimdoomer

another website talking about his exploit. xbmc4xbox.org.uk

Attack ideas

Purpose Author Description Status
Dumping the MCPX ROM JayFoxRox Partial system reset using 0xCF9 I/O register Only crashes so far, mostly untested
Dumping the MCPX ROM JayFoxRox Trying to find problems with the SMC reset chain. The SMC takes a couple of milliseconds to reset the system. Parts of the peripherals might stay alive for long enough. So chances (extremly unlikely) are, the peripherals could be programmed to do DMA where the DMA is only executed after the reboot. Untested
Unknown JayFoxRox Resetting from wrong address. The errata for the CPU states that a warm-reset might occur from the wrong address. Concept phase, needs more research
Dumping the MCPX ROM JayFoxRox Trying to access MCPX ROM through peripherals in the southbridge. If the address logic is broken, parts like the OHCI, APU or AC97 might be able to access it still.
  • AC97: Lots of crashes / hangs. Sometimes crackling noise. Sometimes does not crash. Also can access some non-existing memory regions without any crashes. Data read from invalid addresses seemed to be 300 Hz square wave. While crashing the hardware output will have exponential falloff (measured on PCM line-out).
  • APU: Mapping GP DSP Scratch memory from 0x00000000 to 0x7FFFFFFF reveals mirrors of physical RAM. Setting the highest bit (addresses over 0x80000000) will result in a crash of the Xbox.
  • OHCI: Untested
  • Others: Untested
Dumping Kernel INIT JayFoxRox INIT is free'd right before passing execution to the first XBE. Depending on what the XBE allocates, the INIT section might still be in memory when a dumper is run. Probably doesn't work. Would need the dumper to directly run after cold-boot. Softmods unfortunately reboot the Xbox and during this warm-boot the INIT section is (in at least most cases) lost.
Dumping Kernel INIT DaveX An extension to JayFoxRox dumping idea. Instead of running a dumper-XBE through a softmod, the softmod itself could do the dumping. This means creation of a custom softmod, just for dumping. This depends on the used softmod entry-point (font-explot, audio-exploit, ..) to gain execution as early as possible. This strategy might be slightly risky as harddisk contents have to be modified for the temporary softmod. WIP as of 2018-03-04
Homebrew entry point Community Some movie DVDs contain default XBEs signed to run on original Xbox from DVD-R[FIXME]. If we can find an exploit in one of them (loaded files), we could possibly take over the entire system and run homebrew from DVD-R.
Star Wars: Clone Wars - Volume Two

Battlefront II

Untested

Star Wars: Episode III - Revenge of the Sith (Widescreen Edition)

Battlefront II

Untested

Star Wars Trilogy (Widescreen Edition with Bonus Disc)

Battlefront

Untested

Star Wars Trilogy DVD with Demo

Lego Star Wars 2

Untested

Star Wars: Clone Wars - Volume One

Battlefront

Untested

The Chronicles of Riddick (Widescreen Unrated Director's Cut)

Chronicles of Riddick

Untested

Doom (Unrated Widescreen Edition)

Doom 3

Untested

Hulk (Special Edition)

Hulk

Untested

King Arthur - The Director's Cut (Widescreen Edition)

King Arthur

Untested

Robots (Widescreen Edition)

Robots

Untested

Van Helsing (Widescreen Edition)

Van Helsing

Untested

Clone Wars Volume 1

Republic Commando

Untested

Notes