Applications

Applications I have developed and released publicly.
Developed: Since 2009
Cost: $25, free trial available
Tech Stack: C#, .NET, WinForms, DevExpress components, CBFS Connect
Platform: Windows Desktop
FATXplorer Screenshot

FATXplorer is an Xbox storage device explorer. With it, it is possible to mount any type of Xbox storage natively in Windows through a file system driver. Also featured are formatting tools, recovery tools, and much more. In active development since 2009 and still selling copies worldwide.

Callback Technologies Case Study

DevTool

Developed: 2012-2013
Cost: Free
Tech Stack: C#, .NET Framework, WinForms, DevExpress components
Platform: Windows Desktop
DevTool Screenshot

Once-private Xbox 360 development PC companion. Publicly released July 2015.

XePatch

Developed: 2011
Cost: Free
Tech Stack: C#, .NET Framework, WinForms, DevExpress components
Platform: Windows Desktop
XePatch Screenshot

An Xbox 360 patch viewer and editor.

Banjo-Kazooie Nuts and Bolts Mod Tool

Developed: 2009
Cost: Free
Tech Stack: C#, .NET Framework, WinForms, DevExpress components
Platform: Windows Desktop
Banjo-Kazooie Nuts and Bolts Mod Tool Screenshot

The first free application I ever created and released publicly. It was an Xbox 360 save editor gamers could use to give their in-game character an edge.

Security

My cybersecurity-related discoveries, analyses, and reports.

Microsoft Xbox Pre-Production Dev Forums Access

Type: Security issue, report
Reported to vendor: May 22, 2015
Public disclosure: Coming soon

In May 2015 Microsoft accidentally disclosed years worth of private Xbox game developer forum posts. The incident was responsibly disclosed to Microsoft/Xbox and remedied 24 hours later.

MBUSA Dealer Help Center website data exfiltration

Type: Security issue, report
Reported to vendor: June 20, 2019
Public disclosure: December 19, 2019
Mercedes-Benz Dealer Confidential Notice
The header of one of the downloaded PDFs. Don't worry, you are allowed to read this post.😉

Downloading confidential information from Mercedes-Benz USA's Dealer Help Center website was possible due to missing authentication on downloads. The incident was responsibly disclosed to Daimler and fixed after a lengthy back-and-forth.

Cloudflare Access Bypass

Type: Security issue, report
Reported to vendor: December 12, 2017
Public disclosure: December 12, 2017

It was possible to bypass Cloudflare Access authentication by appending a query parameter to protected URLs. Details were shared with a Cloudflare employee over email, and a Cloudflare t-shirt was awarded.

Reverse engineering and removing Pokémon GO's certificate pinning

Type: Analysis
Published: July 31, 2016
Pokémon GO opened in The Interactive Disassembler
Relevant Pokémon GO ARM subroutine in The Interactive Disassembler.

An analysis of Pokémon GO on Android's certificate pinning, and removing it to allow HTTPS request inspection. Made the front page of Hacker News.

Hacks & Mods

Game and console-related hack/mod projects.

Large Xbox 360 USB Storage

Released: December 27, 2012

Back when Microsoft added USB storage support to Xbox 360 consoles, it was only possible to use up to 32 GB of space. Through a comprehensive kernel patch and a custom formatting tool, the 32 GB limit was broken and extended to 2 TB.

Floodout

Released: April 29, 2008
Floodout Screenshot

Halo 2 mod for the Lockout map. The map has been "floodified" with grimy textures, modified weapons with new projectiles & effects, a retextured player biped, and scary ambient background sounds. Winner of a Halomods.com mod-of-the-month competition.🏆