What's new

Offline System Update Diagnostic Tool.

  • Thread starter Lemon Chief
  • Start date
  • Views 3,010
L

Lemon Chief

Newbie
Messages
24
Reaction score
7
Hi, I'm Lemon.

I don't know much about coding or exploits or anything but I found this:

http://support.xbox.com/en-US/xbox-one/system/offline-system-update-diagnostic-tool


There's a link to download a "offline system update" and they explain how to run it.
I know the sdk has been leaked…

So it got me thinking, we have an sdk, update files and how to get the console to run it offline
isn't there a possibility for an exploit ?

I mean, it looks like a "dfu mode" on iPhone, the xBox probably has a jtag interface...
Can't we look at what the console is doing when entering that mode then look for a possible exploit ?
I mean that mode basically runs the code straight out of the usb stick.

Like I said, I don't know anything about exploit, I'm just trying to share ideas and I'd love to know more about the subject.
I don't know how a software is signed and that's probably the problem but this looks promising to me, idk...

Your opinion ?
Anyway, thx for reading this turd and see you later o/

Edit: Here is something that appears on that page:
"
About the buttons and beeps
Pressing the BIND and EJECT buttons at the same time forces the console to look for the USB drive update, as the console will not look for a USB drive unless it needs it. This helps to decrease console start times for all startups when this step is not needed.

The first power-up tone will occur approximately 10 seconds after powering up. This indicates that a USB update has been detected. The second power-up tone indicates that the update file has been copied and mounted. This is important, as it confirms you have a compatible Xbox One system update based on your current build. This informs the system which build is currently installed on the console, and whether the update is compatible with that build.
"
 
L

Luca24hr

Enthusiast
Messages
165
Reaction score
14
I saw this and thought the same and posted it and people said that it would not match other files or something like that
 
C

Custom Obama

Enthusiast
Messages
482
Reaction score
130
Hi, I'm Lemon.

I don't know much about coding or exploits or anything but I found this:

http://support.xbox.com/en-US/xbox-one/system/offline-system-update-diagnostic-tool


There's a link to download a "offline system update" and they explain how to run it.
I know the sdk has been leaked…

So it got me thinking, we have an sdk, update files and how to get the console to run it offline
isn't there a possibility for an exploit ?

I mean, it looks like a "dfu mode" on iPhone, the xBox probably has a jtag interface...
Can't we look at what the console is doing when entering that mode then look for a possible exploit ?
I mean that mode basically runs the code straight out of the usb stick.

Like I said, I don't know anything about exploit, I'm just trying to share ideas and I'd love to know more about the subject.
I don't know how a software is signed and that's probably the problem but this looks promising to me, idk...

Your opinion ?
Anyway, thx for reading this turd and see you later o/

Edit: Here is something that appears on that page:
"
About the buttons and beeps
Pressing the BIND and EJECT buttons at the same time forces the console to look for the USB drive update, as the console will not look for a USB drive unless it needs it. This helps to decrease console start times for all startups when this step is not needed.

The first power-up tone will occur approximately 10 seconds after powering up. This indicates that a USB update has been detected. The second power-up tone indicates that the update file has been copied and mounted. This is important, as it confirms you have a compatible Xbox One system update based on your current build. This informs the system which build is currently installed on the console, and whether the update is compatible with that build.
"
Nope Xbox does a lot of CRC checks and md5 hash checks to confirm that the updates aren't modified.
 
S

Se7enthGuest

Newbie
Messages
16
Reaction score
2
What he said..but too bad they were not actually CRC and MD5 (both cracked pretty easily), the XVD format uses AES-128 encryption, SHA-256 hashes, and RSA-3 signing. We need keys..
 
L

Lemon Chief

Newbie
Messages
24
Reaction score
7
I thought about something else.
We don't have to crack the encryption key !
The xBox already executes unsigned code !
You can plug an usb key with media files such as pictures !
That's the thing, you can use a bmp or jpeg or what ever file and make it on a binary level look at first like an image (just enough to execute it) then you have a huge byte playground to make the console read the code.
Knowing that we have the xdk, there must be a way there to make the console execute just enough unsigned code to launch a software update.

I guess hackers already looked at buffer overflow but that's also a potential source of exploits.
 
H

HexDecimal

Getting There
Messages
439
Reaction score
172
Still needs to be an exploit in the picture reader on the xbox for that to work.
 
L

Lemon Chief

Newbie
Messages
24
Reaction score
7
Still needs to be an exploit in the picture reader on the xbox for that to work.
I know. I'm just saying it looks like an interesting approach to maybe at least get the xBox to read the bytes we want it to read.
That alone, except if there is an exploit in the software wouldn't work. But you'll never know if there is one if you don't try first.
 
H

HexDecimal

Getting There
Messages
439
Reaction score
172
I know. I'm just saying it looks like an interesting approach to maybe at least get the xBox to read the bytes we want it to read.
That alone, except if there is an exploit in the software wouldn't work. But you'll never know if there is one if you don't try first.

It could be useful in the future. It could only load a few bytes, but that could be a small program that allows us to load even more.
 
Top Bottom