In 2016, the author set out to improve their exploit development skills by hacking the original Xbox using game save hacks. By exploiting buffer overflows in games like THPS4 and THPS3, they were able to execute unsigned code on the console. They discovered a vulnerable gap name string in THPS4 that allowed them to overwrite stack data for full code execution. They also found a similar exploit in THPS3 by manipulating a custom memory allocator. Despite encountering stack cookies in THUG that halted their exploit, they continued to analyze the game for potential vulnerabilities, showcasing their persistence in overcoming challenges. Unique findings include the use of the “habibi” key to disable signature enforcement and run unsigned code on the console.
https://icode4.coffee/?p=954