Slashdot Mirror
Xbox Linux Made Possible Without a Modchip
An anonymous reader writes "Free-X have released an exploit for the Xbox that will let you get Linux on the machine without any hardware mods at all... Microsoft is already threatening them with legal action. Here's the Free-X statement. Free-X say they had been trying to contact MS for a month but were ignored, which is why they've released the exploit. Should be interesting to watch this one."
It seems we've had a lot of false and misinterpreted information about this team and their exploit. I don't have an x-box and only somewhat understand why their exploit would work (integer underflow..?), but it atleast sounds interesting. Anyone on slashdot who gets it working please post a verification.
As far as the team... I think they should have submitted their findings to a legal firm of some kind instead of this not-so-holy covert behavior. Their behavior will only lead to troubles in court.
Atleast they'll have $100,000 to help them out, I think they'll need it.
Rob
Microsoft is already threatening them with legal action.
Too late. Just ask AOL at trying to stop WASTE when it came out. Up for a day, and mirrored more times then they will ever be able to count.
Microsoft lost right at the point they decided to not talk to them beforehand. They can shut these people down, but it's out there now, game over.
SecondPageMedia - Wha
From the 'statement' link:
Since our attempts to contact Microsoft have become public knowledge our team has been accused of attempting to extort or blackmail Microsoft, this is not true as we have made every attempt possible to make contact with Microsoft to offer the following:
- A complete summary of all hacking technologies (many of these technologies have not been released).
- Source Codes.
- All attacks which have been developed but not yet released.
- To sign a Non-disclosure Agreement regarding our discoveries.
- Further research on exploits, which would be exclusive to Microsoft.
- Full names of all hackers involved upon agreement of legal protection from Microsoft.
- Assistance in the development of future security for the XBox by working with Microsoft.
For the exchange, we were requesting but not demanding the following:
- Complete access to all documentation (chipsets, video etc.) to assist in developing a better Linux for the XBox.
- A signed Linux loader.
- Protection from Microsoft or support if any organisation/government attempted to prosecute members of our team.
- Refunding of the cost occured during the agreement period.
Disclaimer, until a few weeks ago I was very active in Xbox Linux.
This just seems to me to be a cheap attempt to chisel money and personal advantage under the cover of pretending to be doing it for the benefit of Xbox Linux. "Assistance in the development of future security for the XBox by working with Microsoft" indeed!!!!
Anyone who has spent any time with the Xbox Linux project will immediately recognize the author of the "statement" by its novel spelling and tone. It'll be interesting to see just how what goes around is going to come around.
A popular opinion when they threatened to release this was "they're just blackmailing Microsoft, but they've got nothing".
Looks like a different situation now that they've laid their cards on the table.
Good work guys.
"Give me a break. Why would it make sense for Microsoft to encourage Linux installs on a product solely meant to play games and movies, when it doesn't even port it's cash cow software for the real desktop OS? "
To sell more xboxes?
Think about it, even if MS lost money on every one sold they would have bragging rights. They could go araound saying that the Xbox is most popular game system and spread FUD around like peanut butter on rye toast.
They have 40 billion in the bank and can afford to lose tens (if not hundreds) of millions dollars to gain a monoply on the game console market.
Also with each passing day the cost of a Xbox goes down and eventually they will actually make money on the thing.
War is necrophilia.
Actually, it is blackmail. Several of the things they request do have a quantifiable monetary value to them, and to others in similar situations. This includes the creation of an authorized product, refund of costs incurred, legal indemnification, and access to product designs and specs. It doesn't matter if they're willing to sign an NDA. Blackmail isn't limited to just the "give me X dollars or I will do something nasty you won't like." Any argument that Microsoft won't be harmed financially due to the release of this exploit is weak because Microsoft doesn't have to show actual financial damages from this. But that's just the civil suit. These guys will have more to worry about from the Justice Department in the criminal case.
This is not a step forward for the Linux community. It is an embarassing set back that could further strengthen arguments against using Linux and supporting the Linux community. It's just damn irresponsible of them.
They could force a fix a number of ways, including if you ever "go live" and connect to them on the internet, but they could also make all future games include a dashboard "update" that would install itself whenever the game is run. So as long as you only run Linux (and they don't sneak anything in through Linux software with a trojan), you might be safe, but if you or anyone else ever plays a game on the x-box that was manufacturered after this date, they could get you.
I'm an American. I love this country and the freedoms that we used to have.
It seems that eventually the modded exploit will become available as well. So you'll have Linux plus the ability to play Xbox titles.
As far as cheaters go, yes they suck.
Wouldn't you rather be able to run your own Xbox Live server though?
For free?
If any of you Opera users find the "Free-X Statement" link akin to a Spinal Tap album cover, the site hasn't been defaced or removed. Try another browser, Opera 7.0 appears not to render their page readably. Undoubtedly the site's fault, not Opera's, of course.
(me.)
~ Whence do you come, slayer of men, or where are you going, conqueror of space?
Patchable? :: Furthermore, Microsoft cannot permanently patch this hack through an Xbox Live update. Version 1, v1.2, & v1.3 Xboxes will always execute the current vulnerable code. Should they remotely update the dash; one would simply open the Xbox, write an old image to the hard drive, and reboot. In the process it would be trivial to add bert and ernie (the modified fonts). Xbox Live BIOS updates are not possible due to M$ imposed hardware limitations. Of course, third party BIOS updates are not a problem for those willing to open the case and get crazy with a little solder.
Availability? :: Legal or not, at this point it's not an issue for the end user. The base-64 posted by Mr. Esser isn't going away. Proof? Try this...
X-Prize? :: Probably not. This cannot be executed or copied from a third party memory card ala 007. So opening the box is required. Partial payment maybe.
.. I would *strongly* recommend that the Slashdot Community who's been all over this 'Linux on the XBOX' bs start doing something interesting with it, and I mean fast. It would look plenty embarrasing for MS if they went after them for releasing the exploit and then people started making good (and legitimate) use of it. If everybody just wants to play MAME on it with questionably legal ROMs, that won't help Free-X.
Might I suggest a DivX based media server that can rip DVDs? I know that seems to fly in the face of what I just said about MAME, however, its a good use for the XBOX, plus you'd only be ripping DVDs you own and with good reason. "I just wanted to have easy access to my library." Another suggestion would be to set up an XBOX as a TV based info center. It stays on-line all the time on Input 2 (or whatever channel your XBOX is on), when a commercial pops up, flip the channels and get your messages. Heck, set up a browser so that it cycles through your favorite news sites every 30 seconds and scrolls them or something.
At least with something like that, something that the XBOX is better at than a cheap-o PC, the case can be made for wanting to make these mods to the unit. That'll weaken MS's case (they'll probably try to say that copy protection is bypassed or something), plus it'll take a few pokes at the DMCA as well.
I hope are people listening. MS has got an army of lawyers.
"Derp de derp."
I think calling this blackmail is a little over the top.
These guys discovered a flaw in the XBOX that Microsoft was unaware of. They contacted Microsoft and informed them of the flaw. Microsoft was not interested. MS refused to discuss the flaw. It's clear from the statement that they tried to talk to MS. MS could have said "We want the information and we want you to sign an NDA and we wont even give you a thank you." But they didn't. Informed of the issue, they ignored it.
The information about the flaw is not Microsoft's property. Nor did Microsoft ever suggest otherwise. The people who discovered it can do whatever they like with the information. In this case, they released it to the public over the web. I don't see how this is blackmail as it is common practice to report bugs (and their exploits) publicly.
It breaks my pluginses, my precious!
I find this amusing and interesting. It's yet another example of the wild-wild-west type environment that the Information Age is in now. People come up with ways to beat the system, and corporate comes back with litigation (ie RIAA comes to mind). And every once in awhile litigation works, but other times it doesn't work, and thus people will continue to find cracks in the system. There are many analogies that can be drawn from this (and i know this isn't really new news, since the Xbox has been cracked for awhile now), but I'm wondering when these big companies will get tired of waging war through litigation and just start playing hardball with the rest of the Internet. At some point Microsoft has got to get tired of all the stuff they go through and deploy some hackers themselves, to protect their interests. And this idea isn't really too far-fetched. Just today, the US government put a bounty on Saddam's head. That is an outright act of desperation to get him. The gov'ment uses spies just like other countries to gain counterintelligence. And they do it in a sneaky way, making sure the press just reports the official business, but never questioning where intelligence or 'fortunate victories' come from. Eventually these corporations will need to take a hint and start some black/grey hat work of their own to support their interests. Most likely it is already going on. But if it is, I can't tell. They keep getting caught with their pants down so much to the extent that we're barely even suprised anymore. It's almost expected at this point.
-Look lively. LOOK LIVELY!!! --Mr. Shmallow
These poor guys will be the next to be blown up when 120,000 troops jump them on their way to work. Seriously though, reading their demands, they are very close to blackmail. Microsoft took the same position that the US took in "Air Force One": We will not bargain with terrorists. Sure, they didn't blow anything up or there isn't some ISO you can burn and stick in the XBOX and poof, no security, but they did hold a list of demands that most corporations would have a hard time filling. Video Game Console manufacturers make money on software game title sells (as opposed to losing money on hardware).
"For the exchange, we were requesting but not demanding the following:
- Complete access to all documentation (chipsets, video etc.) to assist in developing a better Linux for the XBox.
- A signed Linux loader.
- Protection from Microsoft or support if any organisation/government attempted to prosecute members of our team.
- Refunding of the cost occured during the agreement period."
Since they requested the following, they were turned down on all accounts. I sincerely hope their lawyers are good enough to stave off microsoft's (who will be working on july 4th all day i'm sure). I also hope this is a first step to sticking in and loading a bootable Suse or Mandrake install CD.
---- The geek shall inherit the Earth.
even though I have no stake in this, I've gotta admit that I'm really disappointed in these guys. Normally, they'd only have to worry about the DMCA. Hacking an unshared system you own is not a crime in any way. Telling people about your experiences isn't either. The only concern is that this technology can circumvent systems designed to enforce copyrights, thereby making it a violation of the DMCA. It does have significant legal uses, and is only presented in such a manner.
Then they go and do this whole threaten/blackmail/extortion thing... doesn't really paint them in a good light. They'd be able to really champion this cause, if they didn't have to go and act like a bunch of script kiddies. Getting Linux on the X-Box without any hardware hacks is an amazing accomplishment, worthy praise and acknowledgement. Unfortunately, anyone who reports on this is gonna focus on the offensive stance they took and paint them as menaces.
And before I complain about them having egos anymore, I should digress and say that if I was good enough to hack an x-box with just software, I'd be pretty self-assured, too.
-=-=-=-=-=
I'd rather be flamed than ignored.
It's time now to hack a *real* protection system made by a *real* console maker -> Nintendo Gamecube.
good luck everybody! (and you'll need it)
People, just buy an mini-itx system. It's much more open, hackable and flexible.
Right, you mean like these two did?
Terrible waste of time, eh?
.02
cLive ;-)
-- Trinity in high heels carrying a whip: The donimatrix - there is no spoonerism
how can such exploit be legal? If your door lock is easy to tamper with, is it implicitly legal for me to break in?
It is perfectly legal for you to "tamper" and "break in" if it's a lock on YOUR OWN DOOR. It doesn't matter if Microsoft built the lock, you bought the house.
The people using the exploit are using in on a machine THEY OWN. They can do anything they like with it. They can smash it with a sledgehammer or toss it in a blast furnace and vaporize the sucker. Of COURSE they can "pick the lock".
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
Actually, they update the dashboard (what the exploit plays with) when you install the Xbox Live stuff
Any attempt to update the XBOX is merely a request from an outside source for the XBOX to update itself. But once you have control of the XBOX you can program it to ignore that request to update itself.
When you connect to XBOX Live they check to see what version you are running, but all they can find out is what the XBOX tells them. If you control the XBOX you can have it tell them anything you like.
They are going to run into the exact same problem with Palladium and TCPA. Once someone digs the key out of the hardware, or finds any other vulnerability, then they own their system. They can run an undetectable virtualized system. They'll have "god mode" over it and af far as the rest of the world can tell they are running a secure and "trusted" system. Hell, the security situation could wind up being worse because they are pretty much going to force you to "trust" other people running the system. It just means you're going to get screwed over worse when a computer you were forced to "trust" isn't in fact secure.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
Though I agree with some of what you say the bottom line is the purchaser of an X-Box owns the machine, not Microsoft. He can do what ever he wants with the hardware once he has the sales receipt in his hand.
Time is what keeps everything from happening all at once.
2. The only companies to produce BIOS codes would be IBM, and people that paid IBM royalties
Compaq secretly agreed to pay IBM royalties on each PC they sold, so IBM would drop the suit. The agreement's existance was a secret until recently.
8. CD-R's would have been outlawed and require a liscence to buy or own
Some countries charge a "tax" on each CD-R sold that goes to the RIAA, because that CD "might" be used to pirate their music. I think Canada and Sweden do this, among others. If they get money on each CD-R, that should constitute a licence to fill it with downloaded music. But I think a lot of crazy things.
5. All operating systems that ran on PC's would have to be liscenced from Microsoft
Refer to the "Microsoft Tax" on most PC's made by the big companies, no matter what OS is on them.
You're dead on though... It's scary to see how much of that is actually going on today.
"Give us what we want that's not in your own best interests or we'll tell people how to break your machine and potentially lose more money by having people buy XBOXes for uses other than buying the games that make them money."
It's a little more like:
"You know that problem you wouldn't help us with? Well, we figured it out, but we don't think you'll like the solution. Can you help us with an alternative solution which is in your best interest? No? Ok, then we'll just do it our own way."
For better or worse, the concept of selling a closed platform is legal. This is especially true if the buyer has adequate information to know that it is a closed platform. I would prefer a mandatory big red WARNING label to be affixed to all closed platforms saying "The retail price of this unit reflects a subsidy from the manufacturer. This subsidy is provided in anticipation of future revenues. Therefore this unit will only work with software lisenced by the manufacturer."
There are benefits to a closed platform to consumers.
The down side is simple. The consumer is being mislead by an artificially low up-front price into being locked into continued payments of a monopoly tax on each piece of software they purchase.
I believe the only solution is for the FTC to require platform vendors to offer their product in an unbundled format. You can buy an XBOX that will run third party software, but it might cost you $150 more.
Once a machine is sold the seller should have no say in what I do with it. I paid for it afterall. If I want to run Linux on it that's my right. If I throw it in a closet and never use it that's my right also. Either way M$ would lose the same amount of money on the deal.
It seems to me that this group gave Microsoft a fair offer, to let them run Linux on what they have legally purchased, without having to play dirty. Since Microsoft didn't even try to make a counter offer I guess they shouldn't complain. They probably will use the DMCA to attack this group but IMO that just proves what a shitty bit of law the DMCA is.
At what price learning? At what cost wisdom? The price is a man's peace of mind, and the cost is his life.
Aw c'mon punkin'.
I dont think anyone buys into the belief that if they purchase a tangible piece of equipment,that its still controlled by the whim of its creator.
No matter how many unread agreements they clicked,signed or were implied.
Put simply Microsoft is stupid for their "now you own it now you dont"business model.NO ONE and i mean NO ONE but anal lamers would agree let alone comply(remember this is the real world)
Best off if all remember: once i hand you the money and walk off with the merchandise,you have NO say so about what i do with it no matter how many lawyers you hire,no matter how many legislators you bribe.Its mine and if you want it back you better be able to fight with your hands.
That thought spent,I would also like to call up a lil history where wild bill gates sold mail order software for a "poplular electronics kit computer" and then stomped around and shook his fists when the code was copied and shared LONG BEFORE MICROCRAP EXISTED.Most people quit banging their head on a brick wall after the first strike but not a pinhead like Bill Gates!He instead makes a career out of flattening his pointy head.
So,with that in mind feel free to do whatever you like with whatever you bought and feel justified in knocking the teeth out of the losers who would play stupid games with IP.
Hey world i got news for you, if you want to keep IP secret,dont tell anyone,dont implement it and dont sell any examples.Anyone is allowed to make money from their ideas but like helium in a balloon,once its out,its out(no matter what non workable laws ignorant politicians write to increase their legacy.)
Damn,if only people would use common sense and their knowlege of people and the way the world is,instead of trying to force their unworkable fantasies of how it should be into effect.
In short:Screw Microsoft,we've no pity left for the bruise on his forehead.
*Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
While you do currently ( but not much longer i do forsee ) own what hardweare you buy, any firm/soft-ware that came with the device you only have a license to use.. at their terms.
---- Booth was a patriot ----