Slashdot Mirror
Xbox Linux Made Possible Without a Modchip
An anonymous reader writes "Free-X have released an exploit for the Xbox that will let you get Linux on the machine without any hardware mods at all... Microsoft is already threatening them with legal action. Here's the Free-X statement. Free-X say they had been trying to contact MS for a month but were ignored, which is why they've released the exploit. Should be interesting to watch this one."
Too late for Microsoft. It's been released. No way of stopping it. Just like Nintendo had no way of stopping UltraHLE.
Go here for teh [sic] funny.
It seems we've had a lot of false and misinterpreted information about this team and their exploit. I don't have an x-box and only somewhat understand why their exploit would work (integer underflow..?), but it atleast sounds interesting. Anyone on slashdot who gets it working please post a verification.
As far as the team... I think they should have submitted their findings to a legal firm of some kind instead of this not-so-holy covert behavior. Their behavior will only lead to troubles in court.
Atleast they'll have $100,000 to help them out, I think they'll need it.
Rob
Official statement from Free-X regarding exploits.
Dear Public,
Today is a very said day for Microsoft.
One month ago, we began an attempt to make contact with Microsoft, we did this because the first software only mod-chip solution was developed and proved working. This solution meant that there was no need to open the XBox anymore.
The modification only needs to be installed once and all existing XBox consoles are able to be modified to use this exploit, only new consoles with an updated Firmware could lock out this exploit.
After discovering this exploit a Team was formed known as the "Free-X (box)" team.
Members of this team have made many attempts to initiate discussions with Microsoft by various means including:
1. Contacting certified XBox game developers requesting that they contact Microsoft to facilitate discussions about our discoveries.
2. Contacting major web-based news sources requesting that they contact Microsoft on our behalf.
3. Direct contact with various Microsoft departments globally.
4. Direct contact with Authorised XBox distributors globally.
Since our attempts to contact Microsoft have become public knowledge our team has been accused of attempting to extort or blackmail Microsoft, this is not true as we have made every attempt possible to make contact with Microsoft to offer the following:
- A complete summary of all hacking technologies (many of these technologies have not been released).
- Source Codes.
- All attacks which have been developed but not yet released.
- To sign a Non-disclosure Agreement regarding our discoveries.
- Further research on exploits, which would be exclusive to Microsoft.
- Full names of all hackers involved upon agreement of legal protection from Microsoft.
- Assistance in the development of future security for the XBox by working with Microsoft.
For the exchange, we were requesting but not demanding the following:
- Complete access to all documentation (chipsets, video etc.) to assist in developing a better Linux for the XBox.
- A signed Linux loader.
- Protection from Microsoft or support if any organisation/government attempted to prosecute members of our team.
- Refunding of the cost occured during the agreement period.
To prove our discoveries we offered to make available an exploited dashboard for Microsoft to validate our claims.
Our team was more than willing to co-operate with Microsoft and would have most likely accepted most of the terms of agreement coming from our discussions.
If Microsoft had agreed to sign Linux then it would have been possible to generate a signature for the Linux, which would only work on current XBox consoles and able to be stopped in future revisions. It would also be possible to prevent the illegal use of pirated software.
Our team was of the belief that our attempts to initiate discussions with Microsoft would have been welcomed.
Members of our team contacted Microsoft quickly, but then suddenly Microsoft ceased responding to our enquiries. Third parties contacting Microsoft on our behalf also proved to lead to a dead end, is the giant Microsoft's reaction just incompetence or intentional??
Following the public release of this request for communication on the ZDNet/CNet network, Microsoft promised a formal response and as yet we have not seen one.
Is it possible that Microsoft's lack of co-operation in this matter could be because they believe that:
1. Mod-chips are good for business as they increase the sales of the console hardware and that they see them as an important part of there business model.
2. The Exploit can be fixed in future software updates.
3. This is purely a hoax.
A team member called a Microsoft representative again (Mr. Thomas Kritsch of Austria) and offered a presentation.
This presentation was scheduled for 20th June, but Microsoft cancelled it on 19th June. During a phone discussion on this day Mr Kritsch a
Free-X say they had been trying to contact MS for a month but were ignored, which is why they've released the exploit.
MS before: Screw them, we haven't got time to deal with annoying flies on the wall like that.
MS after: Shut up! Sue them! This kind of thing is why we hate open source. They want to take our intellectual property and turn it into an experimental plaything.
-You may license this sig for only $6.99.
Trust me, these guys will go down for the count if Microsoft hires a female lawyer.
Ohh, wait, no-body applies security patches to game boxes, what was I thinking :)
"From now on today will be known as XBox Independence Day!"
"She's a West Texas girl, just like me" - G.W Bush Iraqis
Dear Public,
Today is a very said day for Microsoft.
Especially if you're using their spelling / grammar software.
I like big butts and I cannot lie.
...did they really think Microsoft would give in to their "demands" AND legitimize X-Box hacking at the same time? Give me a break. Why would it make sense for Microsoft to encourage Linux installs on a product solely meant to play games and movies, when it doesn't even port it's cash cow software for the real desktop OS? I hate to make this comparison (because of the can of worms it's sure to open), but it's like terrorists who try to bargain hostages for freeing their buddies. You CAN'T bargain with them, because it simply encourages others to follow in their path.
Congrats to the guys for the hard hacking work, but get a little business sense and in the meantime, better get a lawyer. This ain't gonna make the boyz in Redmond none too happy.
Chris
Looks like it's open season on the Xbox now, but I'm a bit confused. The ZDnet article mentions the $100,000 no hardware mod prize, yet right in the exploit description it states:
Q1: How do I get the files onto the harddisk?
A1: There are several ways. You could f.e. install the files with the Mechassault or 007 hacks. This requires one of the games and the files on a memorycard. The other way is to open the box and do the harddisk swap trick which is described all over the net.
So if you need to use an existing hack to do this, and those hacks didn't qualify for the prize, how could this one? Any Xbox experts care to comment?
Additionally, isn't it nice to see that companies are now suing on a regular basis for exploit publication. Good that they only want black hats posessing this sort of information.
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
I wonder if it is the same exploit posted here:
h /2 003-q3/0008.html
http://archives.neohapsis.com/archives/vulnwatc
This is also an exploit dealing with the X-Box dashboard.
This was initially posted in replies to another story in the gaming section by another AC.
XBOX Security
-= Security Advisory =-
Advisory: XBOX Dashboard local vulnerability
Release Date: 2003/07/04
Last Modified: 2003/07/04
Author: Stefan Esser [senopiracy.de]
Application: Microsoft XBOX Dashboard (up to today)
Severity: A vulnerability within the XBOX Dashboard allows to
totally compromise the security features of the XBOX.
Risk: Critical
Vendor Status: Vendor is not willing to talk about XBOX vulnerabilities.
Overview:
The XBOX Dashboard is what appears when you turn the XBOX on without a
disc in the DVD drive. It will let you adjust system settings, manage
your save games, play and rip audio CDs and configure your XBOX Live
account. It is the heart of the XBOX and its most vulnerable point,
because it lacks several security restrictions which are enforced on
games. This includes the lack of the reboot-on-eject-button "feature",
which is obligatory for all games.
The existance of an exploitable vulnerability within the dashboard could
totally compromises the XBOX security system. It will make the box
independent from Microsoft signed code and therefore this information is
released to the public now on the 4th of July 2003, the day of the XBOX
Independence.
They provide what they claim is working code to exploit the vulnerability.
our team has been accused of attempting to extort or blackmail Microsoft
From the article, seems that is exactly what they tried to do:
For the exchange, we were requesting but not demanding the following:
- Complete access to all documentation (chipsets, video etc.) to assist in developing a better Linux for the XBox.
- A signed Linux loader.
- Protection from Microsoft or support if any organisation/government attempted to prosecute members of our team.
- Refunding of the cost occured during the agreement period.
Not demanding? Why would Microsoft politely offer any of those things?
Microsoft shouldn't fight this too much. More Xbox loss leader sales will mean more game title sales, even if (or because of) piracy increases.
Who am I kidding? Bend over Bill, here comes the Penguin!
Hopefully with the release of this exploit Microsoft will stop ignoring the homebrew community. The way I see it they knew about this before it happened and they should have taken the actions to communicate with the hackers and try to settle this. Now that they refused to negotiate people can freely pirate games causing not only Microsoft to lose money, but also the game developers. If they had negotiated only linux would be running on the xbox. :) Too bad for them. Maybe they will learn to listen to us ... maybe not.
Microsoft is already threatening them with legal action.
Too late. Just ask AOL at trying to stop WASTE when it came out. Up for a day, and mirrored more times then they will ever be able to count.
Microsoft lost right at the point they decided to not talk to them beforehand. They can shut these people down, but it's out there now, game over.
SecondPageMedia - Wha
This is the EXACT kind of case the the corporations have waited to have fall into their lap. Expect this case to be rationale behind a storm of anti-OSS legislation in the VERY near future.
In short, we're even more screwed than we were before!
Isn't this possible already using exploitable games such as 007? Basically he is just running arbitrary code by exploiting a default application (the dashboard) instead of a '3rd party' application (007).
I suppose the main difference may be that it happens on 'boot' rather than in the middle of a game - this may be related to the 'reboot on eject' 'feature' he talks about, but I'm not sure. Anyone care to explain further?
I.O.U One Sig.
From the 'statement' link:
Since our attempts to contact Microsoft have become public knowledge our team has been accused of attempting to extort or blackmail Microsoft, this is not true as we have made every attempt possible to make contact with Microsoft to offer the following:
- A complete summary of all hacking technologies (many of these technologies have not been released).
- Source Codes.
- All attacks which have been developed but not yet released.
- To sign a Non-disclosure Agreement regarding our discoveries.
- Further research on exploits, which would be exclusive to Microsoft.
- Full names of all hackers involved upon agreement of legal protection from Microsoft.
- Assistance in the development of future security for the XBox by working with Microsoft.
For the exchange, we were requesting but not demanding the following:
- Complete access to all documentation (chipsets, video etc.) to assist in developing a better Linux for the XBox.
- A signed Linux loader.
- Protection from Microsoft or support if any organisation/government attempted to prosecute members of our team.
- Refunding of the cost occured during the agreement period.
Disclaimer, until a few weeks ago I was very active in Xbox Linux.
This just seems to me to be a cheap attempt to chisel money and personal advantage under the cover of pretending to be doing it for the benefit of Xbox Linux. "Assistance in the development of future security for the XBox by working with Microsoft" indeed!!!!
Anyone who has spent any time with the Xbox Linux project will immediately recognize the author of the "statement" by its novel spelling and tone. It'll be interesting to see just how what goes around is going to come around.
007 Agent Under Fire contains an exploit in the save-game loading routine which can lead to a local-root compromise on your X-box with a specially corrupted save game file.
This can be used, for example, to boot Linux, or flash the BIOS.
The reason that this didn't win Mike Robertson's 100 large is because you still need to rip the lid off the box and solder a pair of jumpers (or use conductive pen) in order to enable 'write' on the flash rom.
You're doing it wrong.
because Microsoft feers it.... Actually, the reason Linux is on the PS2 is for development reasons, originally. The software running the PS2 is based on linux iirc, so they put out a whole distro or something to work on PS2. Only problem with this is, it's a specialized distro, and I don't think there are any others that boot on PS2(some proprietery program used during boot or something so they didn't have to release the source to it) As for why no XBox.... well, it's Microsoft, I mean, come ON, would you let people change the operating system on your video game system to one that causes problems?
I want you to assume that all spelling and grammar errors are intentional. Thank You.
It's a base-64 encoded proof-of-concept font and loader program. Base-64 is sort of like uuencode -- it's just a reversible way to represent a binary file as ascii code. The line "begin-base64 644 dayX.tgz" is the header that includes the encoded filename (dayX.tgz). Ask google about it for more info. Google knows all.
everything in moderation
Underflow is the same, but opposite, making it so you wrap from near zero to a very big number... You say the font size is 0x0003, and the X-Box subtracts 0x0004, and ends up thinking it needs to read in 0xffff more data from the font file...
Both just involved wrapping around the maximum/minimum values a variable can hold.
A popular opinion when they threatened to release this was "they're just blackmailing Microsoft, but they've got nothing".
Looks like a different situation now that they've laid their cards on the table.
Good work guys.
Really sucked reading this article as I was finishing up installing a mod-chip into my friend's XBOX with him...
MS: Damn it! Doesn't Free-X know we made XBox so that people could play games on it.
Free-X: Err... yes we did just that. We played on it a bit and voila!... its now linuXBox!! *grin*
MS: @#!**@###***
Since it is on the website, google will probably cache it meaning it will not be lost. :) And even if MS orders to take their site down, google will still have it.
This is was a huge mistake. These people have just poked what will turn out to be a very violent and angry grizzly bear. It is well known that Microsoft loses money on each Xbox sold. Microsoft sells Xboxes at a LOSS(!) in the hopes of getting you into the additional content and features like Live. Why in the world would they want people to buy an Xbox, only to install Linux on it and never again be able to play another Xbox game on it???
People who buy Xboxes to install Linux do not buy more Xbox games!!!
This is a Bad Thing because it is only a matter of time before someone starts using this approach to hack Xbox Live. These Assholes were treated way too kindly in the Penny Arcade Comic. All I can say is I loathe these guys the same way I loathe the bored programmers that ruined Quake 1, Quake 2 and Counterstrike. The actions these zealots have taken will inevitably lead to cheating on Xbox Live, which is a real shame. To me, part of the point of paying for Xbox Live is so that I don't have to deal with the same fecal coated cheaters online- if you're caught, you're banz0red. Why is it that some people can't just rub there 2 486s together and be frigging happy w/ their beowulf cluster?
This is a terrible day for gamers.
The only reason Microsoft has to care about putting another operating system on x-box is because they are dumping them.
Dumping things undervalue as a monopoly is unethical and illegal in many places. I'd like to see that in some news stories, instead of no explanation why microsoft would care at all what someone did with their own bought hardware.
The chief reason for the success of GNU, Linux and indeed saome flavors of BSD, is that the hardware is a commodity item and available from multiple vendors. Thus the hardware is an open platform and true competition drives down prices to make it affordable, viable and immune to monopolization.
Now, the XBox is a proprietary piece of shit, and is controlled by a single gorilla (of course, with contributions from a few chimps). What's the motivation of getting GNU and Linux running on this proprietary junk?
MS loses money since they make losses on hardware? Crap! Unless the XBox is sold for under $50, this assumption is ridiculous. Geeks get a sense of revenge when they try to annoy MS? Sorry - MS is too smart for that. If they felt XBox hacks were truly threatening their margins, they'd have let loose SCO or some other SCUD litigation.
Doing geeky things is not the primary or only objective of the GNU connosieurs - the more important reason is to make the software AND the hardware free of encumbrances and/or lock-ins.
The best hacks for the XBox will become meaningless if MS comes out with a new design. The devious statements and logic emanating from the press about the XBox and the hacks - does in fact indicate that some kind of social engg. is at work.
It's like all the brouhaha about the latest Harry Potter - how it's getting stolen, how many millions have sold in the first week, how some cheap folks are trying to obtain illegal copies, etc. It's promoting by making an appeal to criminal insticts.
Cracking an XBox to run Linux is like using a 500MB word-processor to write a 1 page letter. Waste of resources and effort, it profits only MS. Better contribute to some useful GNU projects, such as AbiWord - there's many of them out there that need attention.
If you keep throwing chairs, one day you'll break windows....
This is the law were talking about here. There is no room for such concepts..
You don't know when someone will laywer their way into taking this thing offline. Make it as available as you can.
They could force a fix a number of ways, including if you ever "go live" and connect to them on the internet, but they could also make all future games include a dashboard "update" that would install itself whenever the game is run. So as long as you only run Linux (and they don't sneak anything in through Linux software with a trojan), you might be safe, but if you or anyone else ever plays a game on the x-box that was manufacturered after this date, they could get you.
I'm an American. I love this country and the freedoms that we used to have.
It seems that eventually the modded exploit will become available as well. So you'll have Linux plus the ability to play Xbox titles.
As far as cheaters go, yes they suck.
Wouldn't you rather be able to run your own Xbox Live server though?
For free?
If the DMCA continues to be used to shut down what used to be considered fair use, we'll see more and more open source endeavors moving out of the US. Here's to fervently hoping the MPAA/RIAA doesn't manage to implement DMCA clones in all countries on this planet. They seem to be doing a pretty good job at it in Europe.
If any of you Opera users find the "Free-X Statement" link akin to a Spinal Tap album cover, the site hasn't been defaced or removed. Try another browser, Opera 7.0 appears not to render their page readably. Undoubtedly the site's fault, not Opera's, of course.
(me.)
~ Whence do you come, slayer of men, or where are you going, conqueror of space?
..all xbox hackers should use freenet to publish their discoveries. That would give them total anonymity and good night sleep without getting burdened by possible lawsuits.
Getting Linux on the XBox without modifications, could very well be an MS effort to compete with HP IBM and possibly even Dell, on the desktop hardware platform. So far, they've made only unwieldly mice, broken keyboards and complicated home WiFi gear in hardware.
The XBox so closely resembles the PC architecture, it could be an MS attempt to make BIOS, motherboard and PC makers superfluous. MS would package the XBox for $100 and offer Linux on a desktop PC! All this subterfuge and publishing hacks is just a way to generate some mometum behind the development of their proprietary piece of junk into a viable desktop platform.
Too late, yes... the industry has moved along, users and partners have become smarter to MS tricks, and the game is up. Sorry MS.
If you keep throwing chairs, one day you'll break windows....
In a few days Michael Robertson will announce Lindows Xbox Edition.
New features? The ability to completely hiijack a competitors hardware technology.
If you use Linux, please help development of Autopac
You either need 007 or a screwdriver. You just replace some files, which you can do either by using the 007 hack or switching HDs. Once the files are replaced, put the XBox back together, and it'll load whatever you want.
Litigious bastards
And that's exactly what the Microsoft chimps are thinking right now. How the hell are they going to be able to sue someone if they dont even know where the hell it is? I mean, come on, who REALLY knows where Austria is that hasn't been there already? (Looks around) My point exactly. Hell, half the posters on here think its AUSTRAILIA.
Patchable? :: Furthermore, Microsoft cannot permanently patch this hack through an Xbox Live update. Version 1, v1.2, & v1.3 Xboxes will always execute the current vulnerable code. Should they remotely update the dash; one would simply open the Xbox, write an old image to the hard drive, and reboot. In the process it would be trivial to add bert and ernie (the modified fonts). Xbox Live BIOS updates are not possible due to M$ imposed hardware limitations. Of course, third party BIOS updates are not a problem for those willing to open the case and get crazy with a little solder.
Availability? :: Legal or not, at this point it's not an issue for the end user. The base-64 posted by Mr. Esser isn't going away. Proof? Try this...
X-Prize? :: Probably not. This cannot be executed or copied from a third party memory card ala 007. So opening the box is required. Partial payment maybe.
There's other linux distributions that are runnable on the PS2, but honestly, why not just buy the kit? It's reasonably priced, and you won't be able to install GNU/Linux on your PS2 without the hard drive, anyway. Also, you're supporting a company that decided to open up their system somewhat.
You Slashdot guys ought to be cautious about posting links to stories containing the exploit at hand. Remember what happened with the DVD encryption scheme and 2600?
"Come on, let's go drink till we can't feel feelings anymore."
Does this mean you are able to install a hard drive without having to add a mod chip? Running GNU/Linux on the XBox is great and all, but a 8/10GB hard drive just doesn't cut it, especially when you're intending for it to be a media hub. It's even worse when you want to both use Linux and play games on the machine. So... will this allow me to use a different hard drive? Explain why or why not this is possible...
As seen before microsoft does not like people who publish exploits. So I have made an off-US mirror in a country where releasing exploits to the public is still legal...
.. I would *strongly* recommend that the Slashdot Community who's been all over this 'Linux on the XBOX' bs start doing something interesting with it, and I mean fast. It would look plenty embarrasing for MS if they went after them for releasing the exploit and then people started making good (and legitimate) use of it. If everybody just wants to play MAME on it with questionably legal ROMs, that won't help Free-X.
Might I suggest a DivX based media server that can rip DVDs? I know that seems to fly in the face of what I just said about MAME, however, its a good use for the XBOX, plus you'd only be ripping DVDs you own and with good reason. "I just wanted to have easy access to my library." Another suggestion would be to set up an XBOX as a TV based info center. It stays on-line all the time on Input 2 (or whatever channel your XBOX is on), when a commercial pops up, flip the channels and get your messages. Heck, set up a browser so that it cycles through your favorite news sites every 30 seconds and scrolls them or something.
At least with something like that, something that the XBOX is better at than a cheap-o PC, the case can be made for wanting to make these mods to the unit. That'll weaken MS's case (they'll probably try to say that copy protection is bypassed or something), plus it'll take a few pokes at the DMCA as well.
I hope are people listening. MS has got an army of lawyers.
"Derp de derp."
I think calling this blackmail is a little over the top.
These guys discovered a flaw in the XBOX that Microsoft was unaware of. They contacted Microsoft and informed them of the flaw. Microsoft was not interested. MS refused to discuss the flaw. It's clear from the statement that they tried to talk to MS. MS could have said "We want the information and we want you to sign an NDA and we wont even give you a thank you." But they didn't. Informed of the issue, they ignored it.
The information about the flaw is not Microsoft's property. Nor did Microsoft ever suggest otherwise. The people who discovered it can do whatever they like with the information. In this case, they released it to the public over the web. I don't see how this is blackmail as it is common practice to report bugs (and their exploits) publicly.
It breaks my pluginses, my precious!
Free-X made a threat, and requested valuable consideration to forestall the threat.
bing-bing-bing-bing-bing-bing!
extortion
Hope you like green baloney, chillun.
For your Information:
Austria
Australia
These poor guys will be the next to be blown up when 120,000 troops jump them on their way to work. Seriously though, reading their demands, they are very close to blackmail. Microsoft took the same position that the US took in "Air Force One": We will not bargain with terrorists. Sure, they didn't blow anything up or there isn't some ISO you can burn and stick in the XBOX and poof, no security, but they did hold a list of demands that most corporations would have a hard time filling. Video Game Console manufacturers make money on software game title sells (as opposed to losing money on hardware).
"For the exchange, we were requesting but not demanding the following:
- Complete access to all documentation (chipsets, video etc.) to assist in developing a better Linux for the XBox.
- A signed Linux loader.
- Protection from Microsoft or support if any organisation/government attempted to prosecute members of our team.
- Refunding of the cost occured during the agreement period."
Since they requested the following, they were turned down on all accounts. I sincerely hope their lawyers are good enough to stave off microsoft's (who will be working on july 4th all day i'm sure). I also hope this is a first step to sticking in and loading a bootable Suse or Mandrake install CD.
---- The geek shall inherit the Earth.
Because he doesn't realise this is just a small step for XBox customers.
When Linux first booted on an XBox, that was a big step. Everything since then has been a small step, and will continue to be so until we can just drop a disc into an XBox and boot straight to Linux.
I wish that M$ had given into the demands, or at least an authorized Linux bootloader. That would make things easier for Linux fans everywhere, and it would've prevented the easing up of piracy.
You can't judge a book by the way it wears its hair.
It's time now to hack a *real* protection system made by a *real* console maker -> Nintendo Gamecube.
good luck everybody! (and you'll need it)
I submitted a story about these guys a day or two ago, but of course it was rejected because it painted them in a less than favorable light (blackmail and all).
I'll ask the question again: Is this how the Open Source movement is going to seek legitimacy? By attempting to blackmail people?
I love linux as much as the next guy, but tell me -- does this hack mean that I can only install linux on the thing, or can I install any OS I want? I think that for MS, it'd be more embarrassing that you need to hack the machine to get an installation of Windows 9X/XP up and running. :)
People, just buy an mini-itx system. It's much more open, hackable and flexible.
If Microsoft Entertainment was a seperate company, they would probably be encouraging Linux on the XBox to increase the flexibility of their product and drive up sales - it's working for Sony, SCEE are even hiring staff to help with development of Linux for PS2!
However because they are tied to a company with no interest in seeing Linux get anywhere, they are forced to take every possible anticompetative measure to stop it suceeding.
It's the same with other MS products - the don't produce phone or PDA sync software for Linux... why exactly? Wouldn't it be nice to have access to those extra customers? Oh... but I forget... then they might not need to buy Windows. How about office? If it had been split off at the time of the antitrust trial, and given the level of interest of corps in the Linux desktop, don't you think that there would have been a Office-for-Linux by now? But then you might be able to avoid buying Windows desktops and Windows servers...
They leverage it the other way too, making it easier to use MS products on Windows than anything else - look at the level of integration they have with Outlook. I talked to a guy from Sharp about their Outlook connector for the Zaurus and they said they had a hell of a time getting it to work because Microsoft wouldn't release the lower level APIs to the developer of a Linux PDA.
It's hard to believe that a whole company could be evil, but MS seem to be trying hard.
Beep beep.
"Today is a very said day for Microsoft."
If they can't even spell correctly in the opening sentence of their world-shaking statement, how the hell are people supposed to take them seriously?
Bah.
You are assuming:
1. Your hardware will work and/or be supported in it's present form, indefinitely by Microsoft.
Since I have not made any hardware modifications to my xbox, my warranty is intact. When that runs out, I run the same risks of non-support that I would if I used the xbox only as a console.
I am not insane; I don't expect indefinite support. Chances are good that when this hardware wears out, I will be happy to simply junk it.
2.You'd rather wait for these and better hacks to run Linux, rather than spend $200 for a Walmrt Linux box with warranty.
In my own situation, I have no real need for a Linux box. I have this xbox. Running linux on it is of equal if not better entertainment value to playing games on it.
3. A large number of people get these XBoxes as a gift.
To repeat myself, I am speaking only of my own situation. I don't have any answers for other people.
As Microsoft says often, think 3 years down. XBox may be cheap to acquire, but who supports the Linux?
In my own situation, linux is "supported" by thousands, across the globe, who publish their support. I have little need for immediate support. The little need I have has been met to date by informal IRC conversations.
Again, I have no answers for others. I would not recommend to a corporate entity that they run a mission-critical web server on an xbox!
Why should GNU coders take interest in a proprietary plaform controlled by the gorilla they love to hate?
The fact is, they do. As long as they do, I am grateful.
Right, you mean like these two did?
Terrible waste of time, eh?
.02
cLive ;-)
-- Trinity in high heels carrying a whip: The donimatrix - there is no spoonerism
integer underflow..?
Here's a completely non-technical explanation:
Think of it like a clock. The XBOX loads a number expecting it to be something like 10 minutes. It then subtracts 5 minutes and uses the number. But instead of giving it a number like 10 minutes you give it a number like 2 minutes. Then when the XBOX subtracts 5 from 2 it gets an underflow. It doesn't know about negative numbers. So what is does is it wraps around like a clock. If you look at the 2 minute mark on a clock, then count backwards 5 minutes where do you end up? You end up 3 minuts before the 12. That's 11 hours and 57 minutes. So XBOX thinks that 2 minus 5 equals 11 hours and 57 minutes.
So by giving the XBOX a smaller number than it expects, and letting the XBOX make the number even smaller, it underflows - wraps around - to a really big number. That really big number tells the XBOX to load a HUGE amount of information. More than it's supposed to load. That means you can feed the XBOX any program you want and the XBOX will suck it up and run it.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
- copy and paste the whole thing begining with:
..and ending with:
- execute uudecode like such:
- And to wrap it all up execute tar in the same directory.
There you go. As easy as 1,2,3."begin-base64 644 dayX.tgz..."
"===="
into emacs(or whatever your prefered editor is(so long as it doesn't insert it's own formatting)) and save it as something like xbox.64
$uudecode
$tar xzvf dayX.tgz
Say hi to Bert and Ernie for me.
-Steve
Anyone arguing that allowing Linux on an XBox is going to sell more Xboxen is clearly deluded. The only reason people want to put Linux on an XBox (or any other device that is not sold for such purposes) is for reasons of pure hacker fun (weee, look! linux on xbox! take that m$) and also because we all feel we're poking billg in the eye at the same time. Admit it. I do.
- Oisin
PGP KeyId: 0x08D63965
It's not blackmail, although MS have painted as such and quite a few people have failed to actually think about it. These guys told MS that they were going to run Linux on their Xbox and it would be easier for everyone, including MS, if they simply had a normal Xbox signed binary. But, they knew they didn't need it if MS didn't want to help.
In other words: We're going to do this the easy way or the hard way, but we ARE going to do it.
MS, no one else, picked the hard way. They had nothing to lose by going the easy way and the fact that they now have a compromised Xbox situation is entirely their own fault.
After all, when MS tells people that they will sue them for running their own software on their own hardware, who exactly is doing the blackmailing? And that question is exactly what open source is all about.
TWW
"Encyclopedia" is to "Wikipedia" what "Library" is to "Some people at a bus stop"
- Refunding of the cost occured during the agreement period.
So you are telling M$ that you want to be reimbursed for your work? Technically you are reverse engineering the product. So according to current laws you want to be reimbursed for acting illegally?
I'm just saying that even though we don't like the laws, we are still accountable for them. So they acted willingly to break the laws and then want rights to the design and money?!?!?!
I am all for the advancement of Linux, but come on people.
This SIG pulled due to lack of funding. (This damn war is costing too much!)
That doesn't mean it's the best beer.
Correct. Probably more people program in Visual Basic than Java, Perl and Php combined.
That doesn't mean VB is the best programming language, either...
Reminds me strongly of the way typical bug-in-your-code exchanges go with companies:
"There's a flaw in your code."
"There's no flaw in our code."
"I'm telling people there's a flaw in your code."
"Alright, there is a flaw, but we're not fixing it."
"I'm telling people how to exploit this flaw in your code."
"Ok! Ok, we'll fix the bug."
These guys have been telling Microsoft that they can run Linux on an Xbox without a mod chip for months. Microsoft has ignored their warnings about the "flaw" in their "code," so we've now arrived at "I'm telling people how to exploit it." Unfortunately, because the majority of people on capital hill are mildly retarded and/or (emphasis on the "and") corporate bitches, Microsoft will NOT be forced to fix the error, but will simply sue the people who publicize the flaw because it involves encryption.
For those to whom it is NOT already patently obvious, THIS is the danger of the DMCA: Companies that provide defective products involving encryption are NOT forced to repair the error or lose business, they now have the option of silencing the white-hats who try to warn them, and trying to ignore the hordes of black-hats who are now working to duplicate the exploit.
Naturally, when involving open-source software, the DMCA becomes irrelevant, because anyone can see and fix the code: We do not have to wait in the hallowed corporate halls waiting for a magic trinket, and that is what they (in reference to greedy CEO's and their ilk, for whom the pursuit of money has become a late-stage cancer) fear.
Ok, I am done rambling. You may now resume your regularly scheduled indoctrination.
Why is it that when some non-corporate entities have the audacity to ask for a finder's fee from a business, it's blackmail? And when a company threatens to litigate unless the peons pipe down and do as they're told, it's just protecting your business interest?
Could you bend over a little more please? Your head isn't as far past your ankles as I would like it to be. Shhheessh!
Local Fosters; it's shite. VB is likewise shite, however; most of the people I know drink either Boags or Cascade
Never mind the brand. Most of the industrial stuff tastes the same anyway. Real issue is how to effectively order a beer in a crowded bar:
South Australia: A heawy scooner please will cause the bartender to serve you half a liter of West End Super. This however does not work in the rest of Australia where you have to order by Pot (Qld and Vic) or Middie (WA and NSW).
Germany: Ein pils bitte will, after a tapping delay of approximately 5 minutes, get you a local brew from the tab. Due to the latency it is recommended to pipeline the process: Order the next beer when the current beer is delivered. This will guarantee you a new beer every 5 minutes.
Sweden: En stor stark (a large strong) will give you half a liter of 5% beer. For heavy drinking tax-free party ships to Tallin, Gdansk or Oslo are recommended.
Soviet Union Beer was usually out of stock. Vodka or spirt (99% Ethanol) could be bought from the nearest taxi driver. Also good as a substitute for windshield liquid which was also hard to get hold of. In current times I recomment Nevskoe for the St. Petersburg area, although Baltika is usually easier to get hold of.
For better taste you should try Budweiser Budvar from the Czech Republic (Don't confuse this with the cheap US copy of the same name)
"640k underflow should be enough to hack an Xbox."
You only leased that XBox. It still belongs to us, in principle, if not (yet) legally in fact because we chose to sell it at a loss. You're not allowed to do anything to it that we don't want you to, nor to tell anyone how to do anything to such things. Ever. Running Linux on it is stealing from us. You owe us more money in games sales, you thief.
Next week: Gilette to sue people who buy one of their razors and then figure out or tell anyone how to remove and resharpen the blades rather than buying more.
Next month: Coca Cola Enterprises Ltd to sue people who buy a bottle of Dr Pepper, drink it, then use it to fetch water from the office water cooler. Damn, that's me busted.
Let's face it, we're only valued customers as long as we're meeting our implicit obligation to continue consuming. The instant we try and (ab/re)use a product without paying more money to the manufacturer, we bcome heartless thieves, possibly communists, maybe even terrorists.
Linux user, why do you hate America so much?
If you were blocking sigs, you wouldn't have to read this.
That's a lie they love to tell. The US negotiates with terrorists all the time. Right now the Bush administration is engaged in intensive negotiations with several Palestinian terrorist groups. (And I'm not calling them terrorists because it's the US-Israeli line, but rather because they detonate bombs in places crowded with civilians.) We negotiate hostage exchanges, "disarmament" (cease fire) agreements, and much more. It all depends on how much we want the terrorists to cooperate. The US (and most other countries) have never had serious policies against negotiating with terrorists, no matter what their propaganda campaigns would like you to believe.
Gates' Law: Every 18 months, the speed of software halves.
If current copyright and IP laws and the interretation thereof were in affect in the mid - 80's what could we expect?
1. PC's would still cost thousands of dollars
2. The only companies to produce BIOS codes would be IBM, and people that paid IBM royalties
3. The Internet would only be available to people in colleges and government - and the content would be heavily censored
4. The only PC manufacture would be IBM and all others would be "illegal copies".
5. All operating systems that ran on PC's would have to be liscenced from Microsoft
6. 20" Rims would have to be liscenced from GM as the own the IP for "the oversized sport tire package"
7. Performance exhaust systems are a Ford product exclusively.
8. CD-R's would have been outlawed and require a liscence to buy or own
9. There would only be 1 word processing program
10."Reverse Engineering" would be a legal term used at your prosecution.
You think it's crazy? Saying that you can buy a game/toy and are not allowed to open it up under penalty of jail - THAT is crazy. Why doesn't MS tell the truth, you didn't BUY anything except the right to use your toy. In actuality, according to their liscence (or my interpretation) that box that you plunked down 200 bucks for isn't even yours. Get used to it, unless there is a revolt, it is the way of the future. You will own nothing - but you will be allowed to use things, provided you pay enough $$$.
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
I think MS shouldve been told about the vulnerability regardless. And the exploit shouldve been released only after at least one month had passed. Asking Microsoft to support Linux under the threat of immediate disclosure of a vulnerability is just plain wrong and we would all cry foul if this was done to Linux, FreeBSD or Apache.
By the way, I think MS can fix the vulnerability for new systems. For existing users attached to XBox Live, Microsoft can even send a patch thru the net. And for the rest, a CD in the mail would do the trick (with a few extra perks just to get people interested).
Say I don't like WinXP on my Dell. I remove it, repartition and install linux. I can do that because I OWN the box. I'm entitled to do whatever I want with it.
Now look at the Xbox. The Xbox is a system much like a Dell with windows, the only difference is you can't easily uninstall/repartition... until now. Why is this illegal? I bought my Xbox. I OWN every part of that machine. No where does it say "Property of Microsoft" on my Xbox. Can't I do whatever I want with it? Can't Free-X release any software they want for it, much like 3rd parties can release software of their own? .02
The obvious thing for Microsoft to do is to install a video camera in the box so that they can insure proper use.
Compared to what you can get in a Walmart PC, isn't the Xbox kindof unimpressive technology? I mean, what are you going to do with Linux on Xbox anyhow? Certainly not cluster computing -- the Walmart PC would be cheaper and faster. Graphics? Buy the Walmart PC and add a Radeon -- then you'll have faster graphics than the Xbox.
What could you possibly get from running Linux on Xbox that you can't from the cheaper, faster Walmart PC?
See here. ZDnet is also running a story here
The members of the team were found dead the next day. The police believe that they all had heart attacks while sleeping. No Foul play is suspected.
I'm surprised Big Bird never got a look in.
Seriously, though, If Microsoft want to market a crippled general purpose computing device, I'm not surprised that people are going to want to hack it just for the hell of it.
Good luck to the guys, and a big up to the Sesame Street gang.
oh brave new world, that has such people in it!
Software piracy? Exploit? Could they have protrayed themselves in a worse light? They also promised to sign NDAs and happily screw everyone else and work exclusively for M$ like good little boys and girls should. Sounds like standard BSA propaganda to me and the wave of corporate sponsored, Digital Rights Damaged, coppies of free software bode evil for software freedom.
Free software is not about making binary coppies of a few games, it's about having control of your hardware and building things. An xbox with a "signed" Linux kernel that can't be programed or modified offers neither liberty nor the license FreeX offers as a substitute. That kind of box is worth no more than XP on a Next Generation Enslaved PC, except it might have better uptime.
It would not be at all surprising to learn that Microsoft is paying FreeX to make this noise. If it looks like a duck and acts like a duck, chances are it's a duck.
Who knows, perhaps this is the way for M$ to meet the Linux threat while further expanding into hardware sales. Embrace, Extend, Extinguish is their tried and true pattern. They can call it Shared Linux, port M$ Office to it and push it on big dumb companies as the legitimate child of the free software movement. $100/box is 1/4 the price of a current corporate desktop and they will be just in time for the next corporate "upgrade" cycle. If it caught on, Dell and Gateway would indeed be introuble, because they have to buy their software from M$. Then they move in for the kill by using the DMCA to neuter the GPL. Distributing partial source kernels in a way that nothing can be modified even if you had the source is a massive violation of the spirit of the GPL if not it's letter. What use is source code if you go to jail for modifying it?
I've said it before and I'll say it again, purchasing the xbox only helps M$. If you want a gaming console, buy one with merrit. If you want a PC build one. One way you get better games, the other way you keep your computing freedom. Purchasing the xbox gives you neither of the things you are looking for and removes a sale from someone who's more interested in what you want.
Friends don't help friends install M$ junk.
And, where can I get one for $179.99? With a case, a hard drive and a Geforce 3 video card?
For better or worse, the concept of selling a closed platform is legal. This is especially true if the buyer has adequate information to know that it is a closed platform. I would prefer a mandatory big red WARNING label to be affixed to all closed platforms saying "The retail price of this unit reflects a subsidy from the manufacturer. This subsidy is provided in anticipation of future revenues. Therefore this unit will only work with software lisenced by the manufacturer."
There are benefits to a closed platform to consumers.
The down side is simple. The consumer is being mislead by an artificially low up-front price into being locked into continued payments of a monopoly tax on each piece of software they purchase.
I believe the only solution is for the FTC to require platform vendors to offer their product in an unbundled format. You can buy an XBOX that will run third party software, but it might cost you $150 more.
Once a machine is sold the seller should have no say in what I do with it. I paid for it afterall. If I want to run Linux on it that's my right. If I throw it in a closet and never use it that's my right also. Either way M$ would lose the same amount of money on the deal.
It seems to me that this group gave Microsoft a fair offer, to let them run Linux on what they have legally purchased, without having to play dirty. Since Microsoft didn't even try to make a counter offer I guess they shouldn't complain. They probably will use the DMCA to attack this group but IMO that just proves what a shitty bit of law the DMCA is.
At what price learning? At what cost wisdom? The price is a man's peace of mind, and the cost is his life.
poor guys, they have no idea that they've just put austria next in line for "regime change"..
Newsie, Moderator, www.tauniverse.com
While you do currently ( but not much longer i do forsee ) own what hardweare you buy, any firm/soft-ware that came with the device you only have a license to use.. at their terms.
---- Booth was a patriot ----
I'm really amazed that no one brought up the X-Box Media Player. Honestly, it's the *only* reason I have considered purchasing an X-Box. At 150 USD for a used one (or less; I haven't been shopping recently), it's the cheapest VCD/SVCD/MP3/DivX/DVD/etc player I could get (since Mini-ITX boards with nice setups are still more money than that). I wonder who is going to be the first to modify the loader for it...
"He may look like an idiot, and talk like an idiot, but don't let that fool you. He really is an idiot." - Duck Soup
"For the exchange, we were requesting but not demanding the following..."
I mean really. I think this hack is as cool as the next person does, but who do these guys really think they're fooling? If there is one thing that everybody on the planet Earth knows, it's that MS is not about to assist ANYBODY in the installation of Linux on their console.
"We were nice, polite and reasonable in our attempt to pursuade MS into supporting offical Linux/Xbox development, but since they didn't call back, we released the exploit to the world at large."
I guess you can't blame em for trying, but how is this noteworthy again? Microsoft doesn't want Linux on the XBox. How dense do you have to be to not realize this??? OF COURSE THEY AREN'T GOING TO COOPERATE WITH YOU, regardless of how unfortuante you think it is!!!
You're asking them to remove the only saftey that guarantees they make money on games, their primary source of income! Add Linux and the box becomes a computer, a device of multiple uses. Now you can buy a cheap ass XBox computer sold at a hefty loss and MS has no guaranteed way to recoup the loss because you no longer have to buy games for it.
On top of all that, MS is in DIRECT COMPETITION with the Linux platform (unlike Sony)!!
To even believe they'd answer any other way than they did is insanity of the highest order. Asking them to sell their hardware at a loss and cut the only guarantee they can make the money back through games?! Yeah, I know I would have cooperated too...
I mean, I think the hack is cool, but the sheer naivity of people like these amazes me.
You need a FREE iPod Nano
this has just arrived to the bugtraq mailing list:
t .asp?url=/technet/se
curity/bulletin/alertus.asp.
Periodically we hear people say they tried to contact Microsoft about a product or service vulnerability and that Microsoft didn't respond.
We are concerned that people may not know how to report security vulnerabilities to Microsoft.
The Microsoft Security Response Center investigates all reports of security vulnerabilities affecting Microsoft products. If you believe you have found a security vulnerability affecting a Microsoft product, we'd like to work with you to investigate it.
You can contact the Microsoft Security Response Center by emailing secure@microsoft.com directly, or you can submit your report via our web-based vulnerability reporting form located at https://www.microsoft.com/technet/treeview/defaul
Sincerely, Microsoft Security Response Center
IANAL, of course, but IHAB, and it seems pretty obvious that the only HW EULA that would pass muster in a court would be one that the consumer reads and signs before completing the transaction. Otherwise, the consumer's belief that he is in fact purchasing the item in question, rather than a license to use it, would be ratified by any court that heard the case.
[100% ISO 646 Compliant]
SVM, ERGO MONSTRO.
And even if you are convicted of some sort of made up IP crime, you can always take the matter to the European Court of Human Rights, which pretty much always finds for the individual, because the EU Convention on Human Rights is a very broad and generous document.
If the EU Convention on Human Rights is anything like the UN Universal Declaration of Human Rights, it includes something about copyright. Article 27 of the UDHR guarantees at least some semblance of copyright to adhering nations.
Article 17 of the Charter of Fundamental Rights of the European Union states bluntly: "Intellectual property shall be protected."
Will I retire or break 10K?
The XBox isn't the only product with issues like this. Remember the EV-1 electric car? They wouldn't sell them to people, even though people wanted to buy them. They would only lease them, and they insisted on taking them back.
Remember when Ma Bell owned your phone?
Surely there are other examples of "lease only" hardware too.
The real question is, "to what extent should lease-only hardware be permitted"? not "how do we stop this one company from releasing lease-only hardware?".
Personally, I think there should be no such thing as lease-only hardware at the consumer level. It probably makes more sense at the corporate level, like, if you're leasing a drilling rig or something.
OTOH, there are other less clear-cut cases. For example, is your credit card "hardware"? Not in the traditional sense, but the card is owned by the bank, and they can take it from you any time they like. How is that different from, for example... MS disabling your XBox remotely if you violate their TOS?
We could make lease-only illegal by default and carve out exceptions for things like credit card issuers. Or, we could make lease-only legal by default and carve out exceptions for companies like MS.
Actually, a more effective, and less ad-hoc reform might be to prohibit *any* legally declared monopoly from selling *any* product at a loss or under lease-only terms.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
"They've essentially validated the need for the DMCA. "
This is a non-sequiteur.
If I buy a piece of hardware, its not my responsibility to validate that vendor's business model, particularly since you haven't signed an agreement with the vendor agreeing to support that business model.
"Microsoft sells XBOX at a loss"
Maybe. Maybe not. I frankly don't care. They are competitive in selling price with other game consoles; it isn't my job to make sure their cost of manufacture is in line with the price of sale.
So I get my XBOX home, I hack it, or a friend hacks it. But it now functions in a way that Microsoft doesn't like.
Maybe. Maybe not. I frankly don't care. I bought it, its mine. I can use it to play games, I can use it as a skeet target, I can use it to prop open the basement door. Hell, I might even use Linux on it. If Microsoft will let me smash it with a hammer, if they'll let me use it to prop up my book shelf, but they won't let me use it to use Linux, I'd say MS is being pretty particular on how they want *MY* equipment to be used.
Just because Microsoft wants you to do something, why are you obligated to do it that way? I don't see the logical connection between the two. If Microsoft is willing to give me some benefit for restricting my use of the XBOX, they probably should have made me agree to it before I bought it.
You were mistaken. Which is odd, since memory shouldn't be a problem for you
There isn't anything on the outside of the box, and I didn't sign anything that agreed I could only use the firmward in a microsoft approved manner.
Why do you think I owe microsoft anything beyond the purchase price of the XBOX?
"The software included in the Xbox product is licensed to you, not sold." It's on page 20 of the Xbox manual. This exploit involves the dashboard which is MS property even if it's on your Xbox. It is not yours to do with whatever you would like.
Other nice parts of the manual state that your warrenty can be voided if your system is damaged by a virus. I asked MS about this once and they couldn't give me an answer beyond "don't worry about it". Unfortunatly, my experience with MS products says I should worry about it.