Reverse Engineering: Software and Hardware Used by the Dark Wizards of Hacking
Reverse engineering for me has always been interesting, to say the least. One might start learning the basics of a programming language like C or Python, maybe brush up on how memory works with respects to the OS that the program ran on, and finally learn all the tools whether it be hardware or software to access that lower level of programming. Today I want to highlight a recent article I read about hacking the original Xbox in 2023, and where to start possibly in reverse engineering.
Hacking the Xbox in 2023: What’s the point?
Marcus Gaasedelen on August 9, 2023, released an article titled: “JTAG ‘Hacking’ the Original Xbox in 2023”. Marcus wanted to show that old hardware can still teach the next generation of cyber security professionals, programmers, and computer engineers, about security both on the hardware and software level in 2023. “Over the course of its lifetime, the Xbox was unilaterally hacked through a broad range of both hardware and software attacks. But at 20 years old, this intel-based Pentium III system holds up as an amazing platform to learn or explore a plethora of security and computer system engineering topics that are still relevant to this day (Gaasedelen, 2023).” Because Microsoft made the Xbox almost completely like the architecture of a PC, developers of PC video games and hackers of the PC world didn't have to learn anything different when it came to the architecture and memory of the original Xbox's system, making it an easy target to exploiting the Xbox to do things that weren't part of its original purpose.
I Have the Key!
The original Xbox relied on a “secret” 512 byte bootrom, this secret was hidden in the Xbox’s NVIDIA MCPX Southbridge, creating a chain of trust.
3 months later, this key would later be dumped by the Xbox hacker Andrew “bunnie” Huang.
This now opened the door to hackers as well that regularly hacked PCs, with the secret exposed, Xbox hacking was born.
There’s a lot more with Gaasedelen’s post, which you can read here if you’d like. The point of the article is that reverse engineering has never been easier due to the history and legacy of old hardware that has grown over time, making it easier for people to get into reverse engineering.
(If you want to learn more about the Xbox getting hacked, check out EP45 and EP46 on Darknet Diaries titled "Xbox Underground." But be warned, these episodes can get pretty dark...)
So where do I start?
Now with our inspiration in hand, here’s a list of 2 sites, 3 books, and a few tools to start their reverse engineering journey:
Sites:
a. Pwn.College – https://pwn.college/dojos – Pwn.college is an incredible site to get started in reverse engineering, it includes a “dojo” tiered system that one can simply begin in the white belt section moving on to becoming a blue belt.
b. Pwnable.kr - https://pwnable.kr/play.php – A site I’ve been using for a while, this is a collection of videos, tutorials by the creators, and just a great theme to reverse engineering that reminds many people of Pokémon.
Books:
a. The Hardware Hacking Handbook - This book was welcomed due to hardware hacking being a bit more difficult to get into because of the cost and time of finding old hardware to reverse engineer. But this book helps beginners wanting to reverse engineer anything from their smart toaster to identifying vulnerabilities on a common original Xbox motherboard that can be used to exfiltrate sensitive data.
b. Blue Fox: Arm Assembly Internals and Reverse Engineering – This is a recent book that was released by author Maria Markstedter the founder of Azeria Labs. I haven’t read it but from what I heard on reviews and fellow reverse engineers it’s a great primer for learning arm assembly with regards to reverse engineering.
c. The Ghidra Book by Chris Eagle – A book all about learning Ghidra, this can introduce you to a tool made by the NSA. Packed with a bunch features, Ghidra is a tool that has been utilized by many reverse engineers.
Tools:
a. Ghidra – (Desc. From their Readme) – A SRE (Software Reverse Engineering) framework created and maintained by the NSA. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of more features.
b. BinWalk – Used for searching a given binary image for embedded files and executable code. Binwalk is designed to identify files and code with the libmagic library, making it compatible with magic signatures for the Unix file utility.
c. IDA Pro – Developed by Hex-Rays, IDA Pro is the most comprehensive reverse engineering software available. Supporting multiple executable formats. Sadly this is one of the most expensive tools that one could buy, so stick with the free stuff until you decide to go pro with IDA Pro.
d. ChipWhisperer-Husky – “The newest and most robust addition to the line of ChipWhisperer capture hardware for working with side-channel power analysis and fault injection.” This tool along with some other hardware hacking tools mentioned here can help one learn to attack the hardware of the most used devices such as laptops, phones, and even motherboards to popular gaming consoles like the Xbox.
Notable mentions:
If you want live-action hardware hacking, check out one of the original hackers who testified in front of Congress on what hacking really was back in the 80s. Joe Grand or “Kingpin” has some really great videos on hardware hacking crypto-wallets and parking meters.
Summary:
Whether you’re just beginning to learn cyber security, computer science, or programming in general. Reverse Engineering helps everyone learn exactly how computers compile code from when it was human-readable down to the very zero and the ones that make up the popular applications we use today. Reverse engineering helps those who truly understand the purpose and scope of applications we might not fully trust. I hope this article was helpful and you begin your reverse engineering journey with the right foot forward.