[jackjackk0]

Just recently bumped into a podcast on the xbox hacker scene (https://darknetdiaries.com/episode/45/) and was really fascinated by the dedication, ingenuity and talent of these people. I am also amazed that you don't hear often enough stories of them receiving job offers from the companies they targeted/"hacked".

[14]

I used to follow he Xbox 360 hacking scene and the number of things these guys did would blow your mind away. Most notable when Microsoft increased the size of their games from the standard 7.5gb to something like 8gb. There were no 8gb DVD’s on market where you could burn the games. Initially hackers truncated the games and it worked for a bit with unnecessary buffer data removed but Microsoft got wise to this and found out how to detect it and banned a bunch of people using truncated games. What happened next was amazing. Hackers found a way to flash the DVD burner drive of certain models to actually burn 8gb on. 7.5gb disc! The outside edge of the disc is actually not entirely used the disc writing software would leave it alone I believe reason being it is inconsistent in quality at the very edge and you may get a bad write if you use it. Well hackers didn’t care if you may get a bad write you may also get a good one. They hacked certain DVD drives I believe the one I ended up buying was a lite-on drive with certain firmware. I then flashed its firmware and was now able to write on the outer edge of the disc doing the previously impossible. That is only one scene form the Xbox hacking days I fondly remember. Genius if you ask me.

[SV_BubbleTime]

I always thought the best cat and mouse example was the Xbox 360 drive firmware angle tests.

The drive would report via some “secure” firmware if the disc passed detection or not. So the hackers made a firmware that reported good on a failure, ways to flash the drives over SATA, etc.

But either Microsoft was very clever or the hackers made a mistake… the drive would report the angle of the disc during certain movements. It would do some operation and report it went from 20degrees to 223 degrees. Well, the hackers and MS disagreed on an angle integer rollover.

The original drive would report 0-359degrees, but the hacked drive rolled over different and reported 0-360degrees or vice versa, I don’t remember. So iirc, MS listened for awhile, if a drive ever reported 360 degrees or whatever the wrong indication was, MS added it to a list.

One day, the drop the hammer banned the lot of them. It took the hackers awhile to figure out how they were getting caught. In the meantime, I now had an Offline-Only 360.

[Scoundreller]

It’s like overclocking “what if I told the cpu to… just go faster?”

[jjoonathan]

For real. The talent in the game industry is insane. Recently, I got my mind blown by the Unreal Nanite team:

https://www.youtube.com/watch?v=eviSykqSUUw

The core of it is a respectably sophisticated LOD building algorithm, as you might expect, but the sheer amount of engineering horsepower they put into driving it into production just boggles the mind.

[TaylorAlexander]

Oh cool talk! I was impressed by that system when it was announced and I had no idea they had released an explainer!

[MaxBarraclough]

If you haven't seen it, there's a great talk on YouTube on the Xbox One's security. Surprisingly, it's from a senior Microsoft engineer.

Guarding Against Physical Attacks: The Xbox One Story — Tony Chen, Microsoft - https://www.youtube.com/watch?v=U7VwtOrwceo

Discussion: https://news.ycombinator.com/item?id=21325421

[sph]

What's great is that it's mostly done for the street cred. To show off how cool you are, you need to work in the public, and present your results for all to see, for free.

"This is how cool I am. I have cracked it before everybody else."

They're positioned on the complete opposite of the modern corporate, capitalist Internet, keeping computers open and still cool. For that, I salute them.

[__alexs]

While I'm sure street cred plays a factor there is also good money in being able to break the protections to enable piracy.

[bri3d]

I don't think this is true anymore, having had experience in this space.

In the "bad old days," you could make a moderate (nothing like Silicon Valley engineer money) sum by selling exploits to modchip manufacturers, as they'd then use this to drive their hardware sales - pretty simple model. The last one of these I remember being particularly popular was the PS3 "True Blue" dongle.

These days, exploits aren't particularly useful to drive hardware sales as they're mostly hardware free. So there's not a ton of monetary value - yes, you could try to sell a "custom firmware" for a few months, but once the exploit is reversed, it's game over for your income stream.

Cheating is probably the only major revenue stream left in console exploitation, and as far as I know it's not popular enough to drive high prices for console exploits. Compared to phone exploits (wanted by nation-level actors and shady security firms for mostly evil purposes), ECU exploits (easier to protect and worth more per install), and PC exploit bug bounties, I think console hacking is pretty low on the lucrative scale, which is why so much more of it is done in the open.

[deelowe]

There seems to be some suspicion that there is a cottage industry forming around undetectable cheats for streamers... Not sure how true this is.

[bri3d]

This is absolutely true in the PC space, cheating is a growing business.

There was a thread on HN about this the other day - at the most advanced end, bus mastering DMA devices are used to dump game memory for direct inspection, or to recover ephemeral / session negotiated keys used to secure client<->server traffic, and then dump or inject network traffic on a separate machine. PCIe FPGA cards are the most popular tool for this, but there are other approaches given anything with DMA mastering can be employed to sneak data out without the OS or user land knowing much about it.

There's also a big middle ground which is just a software cat and mouse game between detectability and effect - just like antivirus, anti-cheat is an uphill battle on machines where users can run whatever code they'd like.

Many of these cheating services are subscription based so they're pretty lucrative for the authors.

But, I'm not aware of as much (or really, any) of this going on in the console space. There aren't that many competitive console streamers to start with, and console eSports events generally use tournament-provided hardware. So, the possible revenue stream doesn't really reach the massive undertaking that would be required to break modern console security on anything but the Switch.

[KennyBlanken]

This wouldn't surprise me in the least, in shooting games. People don't like watching someone getting their ass kicked.

Also, to succeed as a streamer you have to stream ~40 hours a week or more, and there's something called "aim fatigue". After an hour or so without breaks, your aim goes downhill. Anyone who maintains amazing aim for hours of continuous play is cheating. That's why you see experienced, successful streamers taking breaks, or interspersing "hang out time" or a non-aim-based game, etc.

Stream framerates / compression can make it difficult to tell what's going on, and using a controller means it's nearly impossible to see whether their controller movement matches on-screen movement. But controller aim assist is so strong in many games these days that if you have experience with a controller you can easily dominate all but the top mouse and keyboard players.

Shooting-based games just aren't fun these days. Between the cheaters and the streamers you get your ass handed to you pretty regularly, except when matchmaking throws you an easy game to keep you from rage-quitting.

[R0b0t1]

They haven't been fun for a long time. I realized ages ago performance was mostly ping based. You had to have skill if your ping was OK, but if you didn't have a good ping, no amount of skill would help you.

[tentacleuno]

> But controller aim assist is so strong in many games these days that if you have experience with a controller you can easily dominate all but the top mouse and keyboard players.

Man, that's so weird to see.

I've always been told by fellow gamers that a keyboard and mouse is the competitive option, while controllers are for the less experienced.

[throwaway09223]

Are you sure? How exactly would this be monetized?

By publishing the exploit they lose any market advantage.

[guiambros]

Darknet Diaries is one of my favorite podcasts. The episode Money Maker [1], about a guy counterfeiting money, is just a fantastic story.

[1] https://darknetdiaries.com/episode/102/

[MayeulC]

How coincidental, I was reading this two hours ago after finding it in my documents while sorting trough them.

I can really recommend this, if only as a cautionary tale against password reuse.