Comment by charcircuit
6 hours ago
It wasn't unhackable and decrypted versions of games already have been dumped. There was even a public exploit published years ago.
https://github.com/exploits-forsale/collateral-damage
What's new here is that this compromises the entire system security giving access to the highest privilege level.
Thanks for the mention! I helped with the collateral damage exploit (wrote the PE loader).
I didn't ask but Emma -- who wrote the kernel-mode exploit -- and I would probably agree that Collat is not really what we would consider a proper hack of the console since it didn't compromise HostOS. Neither of us really expected game plaintext to be accessible from SRA mode though.
And the plaintext stuff by the way was a great effort by some other folks running https://xboxoneresearch.github.io/
I think it was tuxuser, Torus, and Billy(?) who accomplished that. Hopefully not forgetting anyone critical.
It’s worth noting that the person responding to you - landr0id - is a former criminal hacker who only narrowly avoided going to prison for his attacks on Microsoft/game developers during the life span of the Xbox 360, which is more than I can say for many of his friends - they were less fortunate. His behavior included hacking into developers networks to steal unreleased games and source code as well as attacks on the Xbox Live service, which he oddly (and proudly) writes about on his blog. He was involved in attacks on the 360 platform security, but the goal was always piracy - not furthering security. He was around things that were much more impactful - like the entire Dylan Wheeler saga - the two of them knew each other and traveled in the same circles. So Lander’s behavior was really bad, but his friends did much worse, so they were the ones who went down.
People in the know find it pretty offensive for Lander to continue to attack these systems or do so much as speak to anyone who is. They should work on remorse and seek forgiveness rather than repeating a variant of the same behavior that defined their past. Maybe learn from the other person involved who avoided ‘issues’ and went to the other side of this exact security equation.
I guess harassing War Thunder players is not compatible with that more respectable lifestyle or something.
I also enjoy their earlier HN posts. Especially the one about how the initial system compromise happened, where they pretend to speculate about how the HV dump happened/how it could have happened/how important it was when they know full well exactly who obtained and sold the internal prototype hardware that was used to extract that plain text.
They aren’t responsible for that, they weren’t involved in that, but they know.