What's new

Discussion Here is where to start now that the Xbox One SDK has been leaked

  • Thread starter Chr0m3 x MoDz
  • Start date
  • Views 621,669

Flapdoodle

Newbie
Messages
13
Reaction score
4
Guys I know this is super far fetched but I find it to be the tiniest bit possible so I figured I would share it anyway. On Microsoft's website they say that they give 2 free dev kits to game developers. With social engineering it's barely plausible that the stupid employees at Microsoft could send someone the devkits if they fill out the application saying they are a game developer. I looked at the application and it wants things like studio name and such which is what would make it hard but it is free so maybe someone wants to look into it and give it a try.
 

V7X3

Worship the Digital Age
Messages
825
Reaction score
488
Guys I know this is super far fetched but I find it to be the tiniest bit possible so I figured I would share it anyway. On Microsoft's website they say that they give 2 free dev kits to game developers. With social engineering it's barely plausible that the stupid employees at Microsoft could send someone the devkits if they fill out the application saying they are a game developer. I looked at the application and it wants things like studio name and such which is what would make it hard but it is free so maybe someone wants to look into it and give it a try.
It's already been tried and tested, even by actual indie devs. I wouldn't waste your time trying..
 

V7X3

Worship the Digital Age
Messages
825
Reaction score
488
Now that I don't believe.
The [email protected] team, at the moment, are still looking for actual companies. The problem with his hypothesis is simply the fact that each and every application submitted isn't simply glanced over by a bot. Attempting to Social Engineer a very meticulous application process isn't favorable. Even if someone were to enable the "Yes, my game is ready, I need the XDK(s) now" option, there's still heaps more to it then simply applying for them.
 

no3dead

Enthusiast
Messages
62
Reaction score
19
The [email protected] team, at the moment, are still looking for actual companies. The problem with his hypothesis is simply the fact that each and every application submitted isn't glanced over by a bot. Attempting to Social Engineer a very meticulous application process isn't favorable. Even if someone were to enable the "Yes, my game is ready, I need the XDK(s) now", there's still heaps more to it then simply applying for them.
[email protected] does not give you dev kits, they give you retails which are able to be enabled for devkit access. That's if you need extra if you already have an Xbox One they just enable your Xbox to use the devkit system and allow you to sideload apps, including the access to the system.
 

V7X3

Worship the Digital Age
Messages
825
Reaction score
488
[email protected] does not give you dev kits, they give you retails which are able to be enabled for devkit access. That's if you need extra if you already have an Xbox One they just enable your Xbox to use the devkit system and allow you to sideload apps, including the access to the system.
Yes, that's what it's boiled down to, Retail kits with the dev cert on them, although I highly doubt they'd allow that for standard ordinary home kits. I think they'd rather send out the cert-enabled kits with QR codes on the top as that would give them the upper-hand in the case of someone going rogue.
 

no3dead

Enthusiast
Messages
62
Reaction score
19
Yes, that's what it's boiled down to, Retail kits with the dev cert on them, although I highly doubt they'd allow that for standard ordinary home kits. I think they'd rather send out the cert-enabled kits with QR codes on the top as that would give them the upper-hand in the case of someone going rogue.
I've been put into [email protected] but I'm not fully in yet but they want the game and your Xbox ID.

Gonna assume doing that will get them your Console ID whitelisting that and your xbox at the same time.
 

Flapdoodle

Newbie
Messages
13
Reaction score
4
I've been put into [email protected] but I'm not fully in yet but they want the game and your Xbox ID.

Gonna assume doing that will get them your Console ID whitelisting that and your xbox at the same time.
As far as the game part that they want, i'm pretty sure that people have released some basic games for free using Unreal Engine 4. I just googled UE4 free game, and some FPS popped up with a download link that looked okay. Even if you send them something that's absolute garbage they would still accept it and you could just say it's in the alpha, or it's a game preview or some other lie. I have seen many 360 indie games published that I could have done a better job developing, so I think they are only looking for a game that runs.
 

The404Spartan

Enthusiast
Messages
225
Reaction score
95
Would anyone happen to know about the .hash files stored within updater.xvds?
Are they just hashes that are encrypted, are they un-encrypted hashes or use some unknown method?

I've tried re-creating the hashes that are stored in the xvds but have failed.
So my best guess is that they're encrypted in some way.

I've probably just answered my question, (hashes are encrypted) but I just need someone to scratch my itch if they would
like to confirm it.
 

Stakzz00

Newbie
Messages
3
Reaction score
0
You don't have a decrypted era.xvd. We don't have the key to decrypt such things at the moment.
Not sure if this helps but before the SDK was leaked and all the information known in this post, i was digging around in an Xbox One System Update File (late 2014).

What lead me to this file?
I was unable to play new games on my Xbox One (NBA 2K15 & GTA V) offline, even though i had the disc, i still could not play these games due to the fact that there were some important bit of information not allowing the discs to be run/read properly. I did not have Internet access so i was running a old version of the Xbox one firmware.

How did i fix it?
Xbox One Offline Update Tool (Google It). Allows you to download the Xbox one update to a usb and install it to your Xbox one.

Why does this matter?
From what i remember with Xbox 360, not all games used the same encryption method throughout the entire lifetime of the 360. The keys you seek may not have been on the Xbox one from day one, but maybe they found an easy access point for hackers so they made some changes because day one Xbox One discs worked amazingly vs. The newer ones that did not work on my Xbox. The keys you seek could be in a update more importantly is that the Xbox One like the PS3 allows for offline update installation... if this could be the entry point, i wonder if there's any lines of defense in the Xbox one offline update installer. If not then a softmod could be out as soon as we get the keys needed.

I just wanna run unsigned code. I managed to run an snes emulator on the Xbox one but that was just a simple media player exploit.

If anyone can check out that offline update file found on M$ website plz keep me updated because the last time i looked at it i was too eager to get into gta so i just stopped looking for anything that could be of value.
 

Stakzz00

Newbie
Messages
3
Reaction score
0
Currently I'm doing a bit of modding for android games that support online,, just for petty cash to obtain another Xbox one to do my testing on. Im staying away from the devkit and I'm focusing on modifying some of these offline update files. With the default web browser changing to edge, i wonder if i can find and modify that in the update files. If i can locate it i will rename it and if all works then i guess we can get someone working on some sort of content that the Xbox one could run without any extra permissions since we have yet to make it that far.

I'm just throwing out some ideas so ppl can get moving with the offline update tool since there really would be no way the Xbox one could verify the content in the package, just as long as it doesn't brick the Xbox, it should install fine right? But again I'm thinking for us to actually modify those new applications like edge and the new music player, we'd have to decrypt it and yet we still need those keys

"I'm in [email protected] so im gonna message my case manager like":
 

The404Spartan

Enthusiast
Messages
225
Reaction score
95
The updater.xvd dlls have been known about for quite some time. There isn't any keys in them. Everything else is basically encrypted. The xvd needs its read-only flag disabled as well.

If you want to live on the edge, try re-creating the hashes inside the updater.xvd and replace a vital xvd file or tweak the dll(s).
(Don't actually do this if you haven't backed your nand up. I'm not held responsible for any of your actions.)
 
Last edited:

Stakzz00

Newbie
Messages
3
Reaction score
0
The updater.xvd dlls have been known about for quite some time. There isn't any keys in them. Everything else is basically encrypted. The xvd needs its read-only flag disabled as well.

If you want to live on the edge, try re-creating the hashes inside the updater.xvd and replace a vital xvd file or tweak the dll(s).
(Don't actually do this if you haven't backed your nand up. I'm not held responsible for any of your actions.)
Correct me if I'm wrong, but the updater.xvd is part of the files inside of the leaked sdk we have... im talking specifically about a group of files that microsoft allows anyone to download from their website. These files will update your Xbox ones firmware...

The reason I'm clarifying this is because if you guys are looking for specific keys, they have to be inside one of the offline updates because if you were to take a newer game like "The Division" and try to play it on a non updated Xbox, it will not run it for some odd reason... there was some important update to the Xbox one prior to 2015 that added a file to the Xbox that allowed it to play newer games...

My experiences were NBA 2K15 and GTA V so if you look at their release dates and go to the offline update tool site, you can actually download the update and maybe it will contain the keys ppl are looking for here.



EDIT: Microsoft employees don't even know about the file that the update contained because at the time i was on the phone with microsoft support for a week, uninstalling and installing the two games trying to get them to read, replacing discs and everything else they recommend so maybe it was something so valuable they couldn't tell their ground support team about it...
 

Sketch

Enthusiast
Messages
526
Reaction score
478
We'd have to have access to most files within the u
Correct me if I'm wrong, but the updater.xvd is part of the files inside of the leaked sdk we have... im talking specifically about a group of files that microsoft allows anyone to download from their website. These files will update your Xbox ones firmware...

The reason I'm clarifying this is because if you guys are looking for specific keys, they have to be inside one of the offline updates because if you were to take a newer game like "The Division" and try to play it on a non updated Xbox, it will not run it for some odd reason... there was some important update to the Xbox one prior to 2015 that added a file to the Xbox that allowed it to play newer games...

My experiences were NBA 2K15 and GTA V so if you look at their release dates and go to the offline update tool site, you can actually download the update and maybe it will contain the keys ppl are looking for here.



EDIT: Microsoft employees don't even know about the file that the update contained because at the time i was on the phone with microsoft support for a week, uninstalling and installing the two games trying to get them to read, replacing discs and everything else they recommend so maybe it was something so valuable they couldn't tell their ground support team about it...
I'm not going to waste my time as I would be repeating myself again. To simply answer you: No.

"But maybe..." No.
 

reluctantego

Newbie
Messages
1
Reaction score
0
Has anyone considered Van Eck phreaking?

I would need some help to attempt this. We would need datasheets on the xb1 cpu/coprocessor, i believe.

tau. * ac.il * /~tromer * /papers * /acoustic-20131218.pdf REMOVE SPACES AND * TO ACCESS THE PDF LINK OF THEIR PAPER REGARDING THE TECHNIQUE - spam filter wont allow me to post an unmolested link

reading further into the paper, the requirements are much more than just datasheets. we would need to run decryption against a known volume over several thousand iterations, unless i am misreading the paper.


edit; yeah, not going to work unless i seriously misunderstand the encryption scheme of the xb1

"The key extraction attack requires the target device to decrypt ciphertexts that are adaptively chosen by the attacker. The OpenPGP file format [CDF+07], and the GnuPG software [Gnu], are used in numerous communication, file transfer and backup applications, many of which indeed allow an attacker to cause decryption of chosen ciphertexts. As one example, we consider an attack via encrypted email."
 
Last edited:

HEX1A4

1A4 = ?
Messages
247
Reaction score
69
Me, and him are working to get it running in a VM or natively (VM first).

It'll take us awhile but we are hopeful.
I've seen someone run the dev operating system, I guess C Chr0m3 x MoDz calls it "alpha", in a virtual machine, so its possible...
 
Last edited:

no3dead

Enthusiast
Messages
62
Reaction score
19
Yeah I'm talking about more updated stuff which resembles the xbone os.
 
Top Bottom