First, lets take a look at how this system shows up in an nmap scan. It turns out that we only have one network port listening on the network; tcp port 2869. nmap wasn’t able to recognize the service, but some hunting around online appears to indicate that this is related to UPnP or media sharing. I’ll be looking at that closer in another post. The operating system detected was something that I was interested in. nmap returns this as running Windows 7, Windows 2008 or Windows 8. You can download the .nmap file of the scan here. All together this isn’t too exciting, but it is interesting to see that the Xbox One has enough similar network behavior to come back as a Windows OS. It was something I had expected, but I was curious to see if Microsoft had gone a different route with the console.
The traffic analysis has been taking quite a bit of time. So far I’ve captured several gigabytes of data with the Xbox One in different conditions. The states of I’ve looked at are:
- Initial startup and configuration
- Registering the device with Xbox Live
- During an OS update
- Xbox One powered down over night
- Startup and shutdown
- While changing settings and watching trailers
Jason Wood is a Principal Security Consultant at Secure Ideas. If you are in need of a penetration test or other security consulting services you can contact him at firstname.lastname@example.org or visit the Secure Ideas – Professionally Evil site for services provided.