Tuesday, May 25, 2010

Xbox 360 Forensics

Lately my blogging energies have been redirected into my study, namely a communications plan and a research proposal.

The communication plan was for a persuasive communications class and the aim was to be able to devise a plan that could realistically alter the attitudes (and hopefully the behaviour) of an audience, it was a fascinating exercise that I don't plan on repeating any time soon. It turns out that I'm not much of a public relations hand and while I think I grasped the theory writing up a viable strategy for a hypothetical situation was harder than I expected.

More relevantly the research proposal is for my upcoming final project (dissertation?) and it involves creating a tool to automate the extraction of useful information from an Xbox 360. Seriously I didn't come up with the topic —my supervisor suggested it— isn't that awesome? So I've been spending a lot of my time reading xbox modding forums and reading the few bits and pieces in academia on the topic.

Things that I learnt:

  • The xbox 360 is easier to access than the original due to a lack of ATA security lock down
  • There is an xbox file system that is mostly just a clean up of FAT
  • The xbox 360 uses a big-endian version of this operating system due to its PowerPC architecture
  • People go to great lengths to install homebrew operating systems and play pirated games
  • There is a lot of information that might be accessible via someone's xbox
  • Most Windows users use a defunct program called Xplorer360 to read/write to xbox 360 file systems
  • For Linux the choices are a BSD example implementation uxtaf.c or x360 a GPLv3 FUSE driver
  • Actually there's a kernel driver available too if you're into that kind of thing
So next semester I'm going to be messing around with a whole bunch of xboxes, it's amazing what you can do and still get course credit. I'll keep you all updated as it unfolds.

In the mean time, watch this Google Tech talk about the Xbox and Xbox 360 security systems:


  1. I'd be interested in hearing about whether credit card information is retrievable after the user profile has been deleted from the machine. It's a common question on a forum I frequent, from people who are considering selling their 360s.

  2. This is certainly something I'm going to look into.

    There's the question as to what profile data is actually stored on the 360 and what is located on Microsoft's servers. Even if everything is stored server side there's the question of whether or not the profile's credentials can be extracted from the device or recovered if deleted.