Stories
Slash Boxes
Comments

SoylentNews is people

Xbox One Exploit Proof of Concept Released, Based on Chakra Exploit

posted by cmn32480 on Tuesday April 04 2017, @01:37PM   Printer-friendly
from the feeling-exploited dept.

Arthur T Knackerbracket has found the following story:

Developer unknownv2 has released a proof of concept exploit for the Xbox One. The exploit leverages a series of known vulnerabilities in the Microsoft Edge Browser (CVE-2016-7200 and CVE-2016-7241). We have not confirmed if this exploit works here at wololo.net (yup, I still don't have an Xbox One...).

The Xbox One uses Microsoft's Edge browser. Pretty much the same browser that you used once on Windows 10, to download google Chrome.

In November last year, several critical vulnerabilities were found in the Edge browser, and disclosed by Microsoft as they patched them. A proof of concept was released for these vulnerabilities by developer Brian Pak, demonstrating how to use them in an exploit. This is known as the Chakra exploit, and a good read on the topic can be found here.

Hacker unknownv2 has built his Xbox One exploit on top of Brian Pak's proof of concept. In the developer's words:

The POC itself was mostly complete, but the first bug (CVE-2016-7200) it used was patched on the console. I used Json.Parse bug (CVE-2016-7241) to leak addresses instead and after a bit of tweaking with the values, I was able to get the correct address for the chakra.dll. From there, I modified the POC by changing the code addresses for the gadgets and the VirtualProtect function call to make the shellcode executable.

This is a userland exploit, similar to webkit exploits that many of us are familiar with.

-- submitted from IRC

Original Submission

 
This discussion has been archived. No new comments can be posted.
Xbox One Exploit Proof of Concept Released, Based on Chakra Exploit | Log In/Create an Account | Top | 15 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Interesting) by BenJeremy on Tuesday April 04 2017, @05:11PM (2 children)

    by BenJeremy (6392) on Tuesday April 04 2017, @05:11PM (#488704)

    Ugh. Some people might remember me from the glory days of Xbox hacking... I wrote a little program called "MXM" and moderated scene sites like Xbox-Scene.

    An exploit is nice, but honestly, if I can't run my own code, right off of bootup, it's not worthwhile. Userland is just a momentary distraction.

    They've got consoles pretty well buttoned up. Microsoft and Sony can thank the hackers for that. Every iteration has gotten more difficult to crack (well, except for Nintendo) as the holes we discovered were patched and forever gone in future generations. It is simple - pardon the term here - Evolution.

    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3  

  • (Score: 2) by bob_super on Tuesday April 04 2017, @05:48PM (1 child)

    by bob_super (1357) on Tuesday April 04 2017, @05:48PM (#488731)

    Microsoft managing to make anything script-kiddie-proof is a definite improvement for the whole web.
    It's a shame that it happens just as IoT idiots make bot armies trivial again.

    • (Score: 2) by kaszz on Wednesday April 05 2017, @02:29AM

      by kaszz (4211) on Wednesday April 05 2017, @02:29AM (#488969) Journal

      Which is why IoT devices should be locked down to local non-internet networks. Perhaps even with a switch that lock MAC addresses so IoT stuff only can't communicate with each other.