Exploiting Xbox Game Frogger Beyond to Execute Arbitrary Unsigned Code
The Original Xbox was a total disaster from a security point of view. It has been fully cracked relatively quickly, so it became possible to modify your system to disable the security checks and run the unsigned code: Linux, homebrew, game backups - you name it.
For making that possible for the end user, 2 modding methods have been created:
- Hardmod - requires soldering a modchip to the mainboard that contains the modified BIOS with security checks disabled and overrides the built-in flash memory. This is the most reliable and fool-proof method, but it requires modifying the hardware;
- Softmod - requires triggering a chain of exploits in software. Usually, a commercially available videogame with exploitable vulnerabilities in the savefile loading code is used as an entry point. Less reliable since the console can be bricked by doing something wrong (however, hardmod would fix it in any case), but doesn’t require any soldering iron involvement.
Even today, the softmod is a preferred method for a lot of people, so we’re going to take a look at how some parts of the softmod work, and create a brand new savefile exploit.