Ryan M
@Grimdoomer
Followers
4K
Following
1K
Media
224
Statuses
1K
I like video games and cars, arcade lover, console and game hacker, coffee enthusiast. All tweets represent my own opinions.
Joined September 2010
Hitachi/Samsung HDDs I can write the fw image but can't read it (or find it online), and it uses a TSSOP chip I can't find the pinout for so I can't dump it myself. I don't have any Seagates I'm willing to mess with. Gonna keep going once parts show up tomorrow.
0
0
15
I was able to get JTAG access but can't debug MCU, not sure why. Samsung SSDs I can write the fw image and wrote an IDA loader for it, but I haven't determined if the drives I have have hashes/signatures on the fw. Waiting on parts to try JTAG debugging to figure that out. .
1
0
21
After several days of trying to hack every HDD I have here's the results. Western Digital I can read/write flash image (and RAM), wrote a tool to un/repack fw image and a full IDA loader for it. Unfortunately the code I want to modify is not in the fw but somewhere else.
4
4
119
Well getting the firmware wasn't too bad, now I just need to figure out their hashing scheme and I think I'll be all set.
1
0
14
Anyone know of a 2.5" sata HDD you can modify the firmware on? I need an HDD I can make some modifications to for something I'm trying to exploit.
7
3
52
RT @carrot_c4k3: finally got around to writing up my windows exploit from pwn2own vancouver 2024! (plus some notes about using it on xbox)….
0
93
0
Thanks to kmx360 (Mate Kukri) BadUpdate v1.2 is now available on my GitHub with significant improvements in exploit time and success rate. The dreaded race condition now takes at best a few seconds and at worst a few minutes.
7
29
229
I wrote this nifty reflection class that lets me access internal types in Unity that aren't exposed. I wrapped the curve editor class and visualize the curves that represent the transmission shift up/down points in my game. No idea why they don't just expose this by default
0
0
13
When I hit a year of play time in the Halo 2 MCC Mod tools they should just give me the source code
3
2
68
A canary build of Prometheus is now available with support for converting MCC tags to Xbox. It's recommended you have some experience with the HEK tools to use it. Here's street sweeper after importing, the shader conversion process has come a long way since I started.
4
7
86
Then you could most likely exploit this on Xbox and get RCE via ROP. I would wager that you could do exactly this on PS4 right now. Also fwiw a game using dedicated servers doesn't necessarily mean your IP is safe, I've found many games that will still share client IPs.
1
0
19
Not wrong but not entirely correct either. The reason this doesn't affect Xbox is because the game isn't crossplay and (afaik) Xbone doesn't have a way for an attacker to run arbitrary code required to send the malicious network messages to other clients. If either were true. .
I'm seeing a lot of misinformation and confusion from video game nerds regarding this video. As is tradition, I'll provide a high-level overview explaining what is (probably) occurring. Note that I am writing "probably" because without forensic evidence (data logs, debug data,.
1
0
33
If you're a game studio looking for security audits/pen-testing of your game HMU. Experienced with: .- RCE on Windows and gaming consoles.- Windows security internals.- Compiling old/legacy code bases. I'll also accept Japan working visa sponsorship or gacha pulls as payment.
- kernel level anticheat.- games never been SAST scanned, no ssdlc, no security tooling nor budget.- bespoke pipelines built by a single wizard (vanished into the nether).- no appetite to fix findings .- some game devs have astronomically big egos and say things like “remove the.
0
7
55
Small Prometheus update: I finally have the UI done for Halo 2 MCC -> Xbox tag conversions and worked through most of the shader conversion issues. It's still experimental but I plan on getting a canary build out soon for people to test
4
12
94
Game hackers have been copying the homework of malware devs for the past 10 years, but sure whatever you think.
Game hackers have defined the bleeding edge of low-level security innovation for the past 10 years. Infosec will never give us the respect we deserve, but for the people who actually follow our tutorials, it has a profound impact on their lives.
3
1
60
My vision is declining at such a rapid rate that I feel like I'm on a speed run to reaching legally blind status and will achieve it in less than 10 years at the rate I'm going.
3
0
30
On today's episode of who the fuck is using all my VRAM we have Discord with ~2TB of leaked memory. Amazing, incredible even.
15
18
311
I guess they think people are using windows kernel EoPs to try and cheat/bypass anti-cheat? Not a bad idea but I feel like it'd be much easier to just go custom hypervisor route than to write new EoP entries every few months.
2
1
14