I’ve been interested in retro consoles lately, doing a lot of emulating and I have an old Xbox original here that I was curious to see if I could play games I own but only via ISO or img to preserve the discs 😉
To mod it, I need to have a copy of a game called 007: Agent Under Fire (or a few select others) and an original save on the Xbox of that game, plus a flash drive with mod software to copy on it. The real save is replaced by the mod ‘save’ file and it does its thing and a new OS is installed (well, that’s the quick version).
Either in the console case or in general, how would a similar vulnerability work on any hardware, how does the mod get access to write to the protected code that controls the copy protection in this or any similar scenario?
Did this particular game just simply have a security flaw which allowed someone to find and change the encryption key (that’s as far as I could understand)?
Or perhaps did they do it another way like by deleting encryption or bypassing it altogether to install a new OS if thats possible?
Please Note: I am not planning on infringing any copyrights, I am just curious and like learning about electronics and software.
In: Technology
[Here is a full rundown of how the OG Xbox security works and how it was defeated](https://www.youtube.com/watch?v=XuOm-RTQxVU).
***************************
> Did this particular game just simply have a security flaw which allowed someone to find and change the encryption key […] or bypassing it altogether
In the case of 007, that’s basically what happened. Games on the Xbox run with full privileges, so arbitrary unsigned code can be uploaded to memory and run by exploiting a vulnerability in the game save loading system (Explained at 9:20 in the video). Since this code has full access to the console it can modify files on disk and hijack the OS (which requires an other exploit, also explained in the video).
You can’t just run any software you want on a video game console. It needs to be an approved program with the right key. So if you want to do anything to your xbox you gotta trick an approved program to do it. This usually means making a real game crash and then load a file and write it to memory or disk in a way that does what you wanted to do instead of you doing it yourself.
I must have soft modded over 100 Xbox consoles. I used the 007 game save mod. Had to cut the end of a controller connector cable and wire a USB plug on it, so I could copy the save game over to the memory card from my PC. I don’t remember the exact procedure but it was something like –
Load game
Load save game, this made the console run the software on the card which basically was a FTP server
FTP in from my PC, erase HD and copy modded software over
Reboot console and it loaded the modded interface
Mostly did it for people to unlock the R2 dvd lock, as we where all into DVD movies and the Xbox was region locked.
Games don’t expect their saves to be modified, especially maliciously. Since there’s unexpected and unchecked values the code will be ‘wrong’ and bugs will occur. The bugs can be something like writing data to the wrong place or going to the wrong part of the game. More bugs can occur and if you get the data right you can end up tricking the game to run your own code. Once your code is running on the xbox it can run an installer and do what it needs to do to
Here’s a very fun 3 minute video of someone using a tool assist controller to get super mario world to run code [https://www.youtube.com/watch?v=JxgEXDnXD6M](https://www.youtube.com/watch?v=JxgEXDnXD6M)
Latest Answers