thpstrcpy_twitter-470x140.png

Over the years those following the hacking scene have exploited many games to run code and support soft mode game consoles. Cubic Ninja’s QR code reader was exploited to install the homebrew launcher on the Nintendo 3DS, and a modified file of Tom Clancy’s Splinter Cell for the original Xbox could execute a payload that softened the system. will give A member of the Xbox scene by the name of Grimdoomer wanted to put his skills to the test, and see if he could discover any new exploits for older consoles. To see what exploits could be done in Tony Hawk’s Pro Skater 4 for the Xbox, Grimdomer has managed to create and release an RCE exploit that allows not only one console, but the PlayStation 2, GameCube Can also hack, and surprisingly, Xbox 360.

I

Named Tony Hawk’s Pro Strcpy, this exploit is present in Tony Hawk’s Pro Skater 3, Tony Hawk’s Pro Skater 4, Tony Hawk’s Underground 1, Tony Hawk’s Underground 2, and Tony Hawk’s American Wasteland. The hack is a pre-made save file you can load for your console of choice, which uses the game’s Create-A-Park level builder to allow remote code execution.

Fast forward to the present day (2024) and I finally got around to cleaning up and releasing all of Tony Hawk’s exploits. However, since I’m probably retiring from game console hacking I wanted to leave an absolute banner of a release so I ported the exploit to some other game consoles that are vulnerable to it. The Big Tony Hawk video game series has existed in 5 different iterations across multiple game consoles and handhelds. No one is safe from Tony Hawk’s Pro Strcpy. Since you’re probably tired of me talking about the same strcpy bug over and over again I’m just going to provide some brief details on what platforms I’ve exploited for which games and which consoles. It may or may not make it easy to hack.

Grimdoomer has a very detailed blog post that goes into depth about how the strcpy bug works, and how to implement it. They also released the exploit available on GitHub, with supporting versions of Tony Hawk’s American Wasteland for Xbox 360, Tony Hawk’s Pro Skater 4 for GameCube, Xbox and PlayStation 2. He also noted that the PC version of Tony Hawk’s Underground, which has a community built around the game’s fan patch and has network play, is also beneficial, and players should be careful. Should.

And there you have it, the first software exploit for Xbox 360 only. It’s kind of ironic that it did the same thing as the save game exploits for the original Xbox: overflowing the stack buffer from a strcpy call on existing data. You can copy the save game file to your console using a memory card. You can use the strcpy bug to get ROP execution on any Xbox 360 OS version, but you’ll only be able to get full hypervisor code execution on the 4548 kernel version. If a new hypervisor bug is discovered, it can be easily patched to work on a new kernel version. I still have some hope that there might be an exploitable bug that will let you execute hypervisor code on newer versions of the kernel. But I highly doubt it will be some kind of CPU or MMU bug rather than a bug in the hypervisor code.

arrows: Source
:download: GitHub release



Source link