The Original Xbox was a total disaster from a security point of view. It has been fully cracked relatively quickly, so it became possible to modify your system to disable the security checks and run the unsigned code: Linux, homebrew, game backups - you name it.

For making that possible for the end user, 2 modding methods have been created:

• Hardmod - requires soldering a modchip to the mainboard that contains the modified BIOS with security checks disabled and overrides the built-in flash memory. This is the most reliable and fool-proof method, but it requires modifying the hardware;
• Softmod - requires triggering a chain of exploits in software. Usually, a commercially available videogame with exploitable vulnerabilities in the savefile loading code is used as an entry point. Less reliable since the console can be bricked by doing something wrong (however, hardmod would fix it in any case), but doesn’t require any soldering iron involvement.

Even today, the softmod is a preferred method for a lot of people, so we’re going to take a look at how some parts of the softmod work, and create a brand new savefile exploit.

A story about reverse engineering and way too smart FTP client

Some time ago, I decided to swap HDD in my Original Xbox. It already has been upgraded with a 40 Gb IDE drive, but I had a spare 160 Gb SATA drive laying around and wanted to have some more storage in the system. I bought a SATA to IDE converter, swapped the drives, installed the system software, and transferred all the content back. To my utmost disappointment, savefiles for some games were corrupted. One of them was Black, where I had a decent amount of played hours. I did some basic troubleshooting but wasn’t able to find the source of the problem. At that moment it was obvious to me that the problem lay in the new hard drive.

I’ve accomplished this little project back in 2016 when I had two Xbox 360 wireless controllers and a huge desire to use them with a PC. To do so, you have to have a wireless receiver, and there were 2 mainstream options on the market:

• a genuine one - the best option, but costs around $60;
• an unofficial replica - can be found for $10-15, but reliability and driver support were quite questionable.

At that moment, I was short of money to get the first one and didn’t want to try luck with the second. Fortunately, if you dive a bit deeper into the topic and doesn’t afraid to do some soldering, there’s a third option - using an RF module from a broken Xbox 360 (later in the text I’ll refer to it just as “RF module”).