The Original Xbox was a total disaster from a security point of view. It has been fully cracked relatively quickly, so it became possible to modify your system to disable the security checks and run the unsigned code: Linux, homebrew, game backups - you name it.

For making that possible for the end user, 2 modding methods have been created:

• Hardmod - requires soldering a modchip to the mainboard that contains the modified BIOS with security checks disabled and overrides the built-in flash memory. This is the most reliable and fool-proof method, but it requires modifying the hardware;
• Softmod - requires triggering a chain of exploits in software. Usually, a commercially available videogame with exploitable vulnerabilities in the savefile loading code is used as an entry point. Less reliable since the console can be bricked by doing something wrong (however, hardmod would fix it in any case), but doesn’t require any soldering iron involvement.

Even today, the softmod is a preferred method for a lot of people, so we’re going to take a look at how some parts of the softmod work, and create a brand new savefile exploit.

In this post, we’re going to dissect a very simple challenge from Hack the Box, “Behind the Scenes”. We’ll also look at how to work with Unix signals and how to skip illegal instructions in executables. Buckle up!

Originally posted in Akvelon Blog

While working on one of the apps, we faced the need to trim the recorded audio files. We were working with 32-bit float WAV files, and we had the following requirements:

• the output file should have the exact same format as the input file;
• no processing should be applied to the audio data, audio samples should be copied as-is;
• there should be an ability to add silence to the output file.

My first guess was to use AVAssetExportSession, but it has limited options for exporting the audio, and it’s not possible to be sure what it does with the audio under the hood. A no-go.

Secondly, I took a look at the requirements again. “Audio samples should be copied as-is”. That was exactly what we needed - to open the input file for reading, the output one for writing, calculate the range of audio samples to copy, and perform the actual copying. Fortunately, it was completely possible with AVAudioFile - it can be read into AVAudioPCMBuffer and written from one’s contents.

A story about reverse engineering and way too smart FTP client

Some time ago, I decided to swap HDD in my Original Xbox. It already has been upgraded with a 40 Gb IDE drive, but I had a spare 160 Gb SATA drive laying around and wanted to have some more storage in the system. I bought a SATA to IDE converter, swapped the drives, installed the system software, and transferred all the content back. To my utmost disappointment, savefiles for some games were corrupted. One of them was Black, where I had a decent amount of played hours. I did some basic troubleshooting but wasn’t able to find the source of the problem. At that moment it was obvious to me that the problem lay in the new hard drive.

While implementing audio playback with AVAudioPlayer, you may need to display the playback progress with UIProgressView, or even to synchronize the state of the player with UISlider. AVAudioPlayer doesn’t have any functionality to get periodically notified about the current playback position. However, it has 2 aptly named properties that represent the time of the current playback position and the duration of the audio file: currentTime and duration respectively.

I’ve accomplished this little project back in 2016 when I had two Xbox 360 wireless controllers and a huge desire to use them with a PC. To do so, you have to have a wireless receiver, and there were 2 mainstream options on the market:

• a genuine one - the best option, but costs around $60;
• an unofficial replica - can be found for $10-15, but reliability and driver support were quite questionable.

At that moment, I was short of money to get the first one and didn’t want to try luck with the second. Fortunately, if you dive a bit deeper into the topic and doesn’t afraid to do some soldering, there’s a third option - using an RF module from a broken Xbox 360 (later in the text I’ll refer to it just as “RF module”).

When the whole world was switching to streaming services, I bought an iPod Classic 5.5th generation. An independent device with locally stored music in lossless quality and decent audio codec was, and still is quite appealing for me. And as for me, its design is everlasting, a 14 y/o device still feels great and gets a lot of attention.

The only drawback was storage capacity - mine one had a 30 GB HDD, and although it was possible to find a unit with 80 gigs, it also wouldn’t be sufficient. Another option was to get a 6/7 generation one with 160 GB HDD, but I wanted to stay with the 5.5th gen unit.

Initially, I wrote this article for Distillery Tech Blog back in 2018. I decided to copy it here for the further preservation.

Nowadays, everyone values privacy and security. That’s why it wasn’t surprising when, recently, we needed to use an encryption library on one of the projects.

For the project in question, the decision was made to use libsignal. Originally developed for Signal Private Messenger, libsignal has a good reputation among security specialists.

Using libsignal

At the end of July 2018, there were implementations of libsignal in C, Java, and JavaScript. There was also an implementation in Objective-C called SignalProtocolKit, but at that time it had already been deprecated.

Our goal was to use the library in an iOS app written in Swift. To keep everything up to date, we had to use the one written in C, for which the source code is stored here. Lucky for us, Swift can interact with C code very smoothly, at minimum because some of Apple’s low-level libraries are written in C. The tricky part was to add the library to the project correctly.