|
|
|
|
|
|
by sprado
68 days ago
|
|
|
Thanks for the comment. No, it is not AI generated. It was based on my research. I think there is a mix-up here between Atari home consoles and Atari home computers. In that section I was talking about early console platforms such as the Atari 2600, where the cartridge interface itself had no lockout/authentication mechanism comparable to what Nintendo later did with the 10NES. That is why third-party cartridges could exist and Atari’s main response was legal rather than technical. What you describe for the Atari 800 is real, but it belongs to a different context: the Atari 8-bit computer line, especially floppy-disk software, where copy-protection tricks such as intentional bad sectors and timing-based checks were indeed common. So I agree that Atari computer software often used copy protection, but that does not contradict the point I was making about the early console era. |
|
|
I'm a former Xbox hacker, then former Microsoft employee, and (long after) leaving Microsoft helped with the Collateral Damage post-exploitation payload.
The design of the Xbox One security predates me, but Microsoft has always known that SystemOS would be a weak link that would almost guaranteed to be compromised and shoved most of their attack surface that can be trivially attacked in there. The system shell, 3rd-party apps, guide, etc. all run in SystemOS.
The key things they focused on though were:
1. Extremely strong defense-in-depth
2. Making full or partial exploitation not economical
3rd party apps and the web browser were seen as being obviously untrusted _and_ needed JIT because they'd mostly be based on .NET or the JS VM. But practically speaking there should be nothing interesting in that VM: its compromise shouldn't enable piracy/cheating and ideally shouldn't leak game plaintext.
What some others found though was that for some reason plaintext was actually visible to SystemOS, but didn't enable piracy on console. You can take those games though and run them on PC using XWine1: https://github.com/xwine1
Technically speaking there's no reason why Collateral Damage couldn't have happened waayyyyy earlier in the Xbox One's lifecycle except for motivation. Even still you could probably take some Hyper-V N-day and compromise HostOS through.
Over there years there have been other "exploits" too: some folks have managed to tamper with gamesaves via cloud connected storage and other shenanigans, XSS in the system shell (some of these apps are JS), etc., but most of this was relatively benign and easily patchable. And there has been a very, very small group of people with similar but less capable exploits to Collat.
Collat allowed compromise of plaintext.
Bliss breaks everything :)