Slashdot Mirror
Xbox Linux Made Possible Without a Modchip
An anonymous reader writes "Free-X have released an exploit for the Xbox that will let you get Linux on the machine without any hardware mods at all... Microsoft is already threatening them with legal action. Here's the Free-X statement. Free-X say they had been trying to contact MS for a month but were ignored, which is why they've released the exploit. Should be interesting to watch this one."
Too late for Microsoft. It's been released. No way of stopping it. Just like Nintendo had no way of stopping UltraHLE.
Go here for teh [sic] funny.
It seems we've had a lot of false and misinterpreted information about this team and their exploit. I don't have an x-box and only somewhat understand why their exploit would work (integer underflow..?), but it atleast sounds interesting. Anyone on slashdot who gets it working please post a verification.
As far as the team... I think they should have submitted their findings to a legal firm of some kind instead of this not-so-holy covert behavior. Their behavior will only lead to troubles in court.
Atleast they'll have $100,000 to help them out, I think they'll need it.
Rob
Trust me, these guys will go down for the count if Microsoft hires a female lawyer.
"From now on today will be known as XBox Independence Day!"
"She's a West Texas girl, just like me" - G.W Bush Iraqis
Dear Public,
Today is a very said day for Microsoft.
Especially if you're using their spelling / grammar software.
I like big butts and I cannot lie.
...did they really think Microsoft would give in to their "demands" AND legitimize X-Box hacking at the same time? Give me a break. Why would it make sense for Microsoft to encourage Linux installs on a product solely meant to play games and movies, when it doesn't even port it's cash cow software for the real desktop OS? I hate to make this comparison (because of the can of worms it's sure to open), but it's like terrorists who try to bargain hostages for freeing their buddies. You CAN'T bargain with them, because it simply encourages others to follow in their path.
Congrats to the guys for the hard hacking work, but get a little business sense and in the meantime, better get a lawyer. This ain't gonna make the boyz in Redmond none too happy.
Chris
Looks like it's open season on the Xbox now, but I'm a bit confused. The ZDnet article mentions the $100,000 no hardware mod prize, yet right in the exploit description it states:
Q1: How do I get the files onto the harddisk?
A1: There are several ways. You could f.e. install the files with the Mechassault or 007 hacks. This requires one of the games and the files on a memorycard. The other way is to open the box and do the harddisk swap trick which is described all over the net.
So if you need to use an existing hack to do this, and those hacks didn't qualify for the prize, how could this one? Any Xbox experts care to comment?
Additionally, isn't it nice to see that companies are now suing on a regular basis for exploit publication. Good that they only want black hats posessing this sort of information.
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
our team has been accused of attempting to extort or blackmail Microsoft
From the article, seems that is exactly what they tried to do:
For the exchange, we were requesting but not demanding the following:
- Complete access to all documentation (chipsets, video etc.) to assist in developing a better Linux for the XBox.
- A signed Linux loader.
- Protection from Microsoft or support if any organisation/government attempted to prosecute members of our team.
- Refunding of the cost occured during the agreement period.
Not demanding? Why would Microsoft politely offer any of those things?
Microsoft is already threatening them with legal action.
Too late. Just ask AOL at trying to stop WASTE when it came out. Up for a day, and mirrored more times then they will ever be able to count.
Microsoft lost right at the point they decided to not talk to them beforehand. They can shut these people down, but it's out there now, game over.
SecondPageMedia - Wha
From the 'statement' link:
Since our attempts to contact Microsoft have become public knowledge our team has been accused of attempting to extort or blackmail Microsoft, this is not true as we have made every attempt possible to make contact with Microsoft to offer the following:
- A complete summary of all hacking technologies (many of these technologies have not been released).
- Source Codes.
- All attacks which have been developed but not yet released.
- To sign a Non-disclosure Agreement regarding our discoveries.
- Further research on exploits, which would be exclusive to Microsoft.
- Full names of all hackers involved upon agreement of legal protection from Microsoft.
- Assistance in the development of future security for the XBox by working with Microsoft.
For the exchange, we were requesting but not demanding the following:
- Complete access to all documentation (chipsets, video etc.) to assist in developing a better Linux for the XBox.
- A signed Linux loader.
- Protection from Microsoft or support if any organisation/government attempted to prosecute members of our team.
- Refunding of the cost occured during the agreement period.
Disclaimer, until a few weeks ago I was very active in Xbox Linux.
This just seems to me to be a cheap attempt to chisel money and personal advantage under the cover of pretending to be doing it for the benefit of Xbox Linux. "Assistance in the development of future security for the XBox by working with Microsoft" indeed!!!!
Anyone who has spent any time with the Xbox Linux project will immediately recognize the author of the "statement" by its novel spelling and tone. It'll be interesting to see just how what goes around is going to come around.
007 Agent Under Fire contains an exploit in the save-game loading routine which can lead to a local-root compromise on your X-box with a specially corrupted save game file.
This can be used, for example, to boot Linux, or flash the BIOS.
The reason that this didn't win Mike Robertson's 100 large is because you still need to rip the lid off the box and solder a pair of jumpers (or use conductive pen) in order to enable 'write' on the flash rom.
You're doing it wrong.
It's a base-64 encoded proof-of-concept font and loader program. Base-64 is sort of like uuencode -- it's just a reversible way to represent a binary file as ascii code. The line "begin-base64 644 dayX.tgz" is the header that includes the encoded filename (dayX.tgz). Ask google about it for more info. Google knows all.
everything in moderation
There's definitely a big risk of zdnet going down, as it's hosted by a 14 year old with a 333 running Apache in console mode (Win98sr2) on a dsl connection and all...
Underflow is the same, but opposite, making it so you wrap from near zero to a very big number... You say the font size is 0x0003, and the X-Box subtracts 0x0004, and ends up thinking it needs to read in 0xffff more data from the font file...
Both just involved wrapping around the maximum/minimum values a variable can hold.
A popular opinion when they threatened to release this was "they're just blackmailing Microsoft, but they've got nothing".
Looks like a different situation now that they've laid their cards on the table.
Good work guys.
I think you meant http://archives.neohapsis.com/archives/vulnwatch/2 003-q3/0008.html (ie without the extraneous space) but yeah, given that they're 100% identical to each other, including the name of the author, i'm guessing that they just _might_ be the same exploit.
This Space Intentionally Left Blank
Actually, it is blackmail. Several of the things they request do have a quantifiable monetary value to them, and to others in similar situations. This includes the creation of an authorized product, refund of costs incurred, legal indemnification, and access to product designs and specs. It doesn't matter if they're willing to sign an NDA. Blackmail isn't limited to just the "give me X dollars or I will do something nasty you won't like." Any argument that Microsoft won't be harmed financially due to the release of this exploit is weak because Microsoft doesn't have to show actual financial damages from this. But that's just the civil suit. These guys will have more to worry about from the Justice Department in the criminal case.
This is not a step forward for the Linux community. It is an embarassing set back that could further strengthen arguments against using Linux and supporting the Linux community. It's just damn irresponsible of them.
MS: Damn it! Doesn't Free-X know we made XBox so that people could play games on it.
Free-X: Err... yes we did just that. We played on it a bit and voila!... its now linuXBox!! *grin*
MS: @#!**@###***
The only reason Microsoft has to care about putting another operating system on x-box is because they are dumping them.
Dumping things undervalue as a monopoly is unethical and illegal in many places. I'd like to see that in some news stories, instead of no explanation why microsoft would care at all what someone did with their own bought hardware.
This is the law were talking about here. There is no room for such concepts..
You don't know when someone will laywer their way into taking this thing offline. Make it as available as you can.
They could force a fix a number of ways, including if you ever "go live" and connect to them on the internet, but they could also make all future games include a dashboard "update" that would install itself whenever the game is run. So as long as you only run Linux (and they don't sneak anything in through Linux software with a trojan), you might be safe, but if you or anyone else ever plays a game on the x-box that was manufacturered after this date, they could get you.
I'm an American. I love this country and the freedoms that we used to have.
It seems that eventually the modded exploit will become available as well. So you'll have Linux plus the ability to play Xbox titles.
As far as cheaters go, yes they suck.
Wouldn't you rather be able to run your own Xbox Live server though?
For free?
If the DMCA continues to be used to shut down what used to be considered fair use, we'll see more and more open source endeavors moving out of the US. Here's to fervently hoping the MPAA/RIAA doesn't manage to implement DMCA clones in all countries on this planet. They seem to be doing a pretty good job at it in Europe.
If any of you Opera users find the "Free-X Statement" link akin to a Spinal Tap album cover, the site hasn't been defaced or removed. Try another browser, Opera 7.0 appears not to render their page readably. Undoubtedly the site's fault, not Opera's, of course.
(me.)
~ Whence do you come, slayer of men, or where are you going, conqueror of space?
In a few days Michael Robertson will announce Lindows Xbox Edition.
New features? The ability to completely hiijack a competitors hardware technology.
If you use Linux, please help development of Autopac
And that's exactly what the Microsoft chimps are thinking right now. How the hell are they going to be able to sue someone if they dont even know where the hell it is? I mean, come on, who REALLY knows where Austria is that hasn't been there already? (Looks around) My point exactly. Hell, half the posters on here think its AUSTRAILIA.
Patchable? :: Furthermore, Microsoft cannot permanently patch this hack through an Xbox Live update. Version 1, v1.2, & v1.3 Xboxes will always execute the current vulnerable code. Should they remotely update the dash; one would simply open the Xbox, write an old image to the hard drive, and reboot. In the process it would be trivial to add bert and ernie (the modified fonts). Xbox Live BIOS updates are not possible due to M$ imposed hardware limitations. Of course, third party BIOS updates are not a problem for those willing to open the case and get crazy with a little solder.
Availability? :: Legal or not, at this point it's not an issue for the end user. The base-64 posted by Mr. Esser isn't going away. Proof? Try this...
X-Prize? :: Probably not. This cannot be executed or copied from a third party memory card ala 007. So opening the box is required. Partial payment maybe.
As seen before microsoft does not like people who publish exploits. So I have made an off-US mirror in a country where releasing exploits to the public is still legal...
.. I would *strongly* recommend that the Slashdot Community who's been all over this 'Linux on the XBOX' bs start doing something interesting with it, and I mean fast. It would look plenty embarrasing for MS if they went after them for releasing the exploit and then people started making good (and legitimate) use of it. If everybody just wants to play MAME on it with questionably legal ROMs, that won't help Free-X.
Might I suggest a DivX based media server that can rip DVDs? I know that seems to fly in the face of what I just said about MAME, however, its a good use for the XBOX, plus you'd only be ripping DVDs you own and with good reason. "I just wanted to have easy access to my library." Another suggestion would be to set up an XBOX as a TV based info center. It stays on-line all the time on Input 2 (or whatever channel your XBOX is on), when a commercial pops up, flip the channels and get your messages. Heck, set up a browser so that it cycles through your favorite news sites every 30 seconds and scrolls them or something.
At least with something like that, something that the XBOX is better at than a cheap-o PC, the case can be made for wanting to make these mods to the unit. That'll weaken MS's case (they'll probably try to say that copy protection is bypassed or something), plus it'll take a few pokes at the DMCA as well.
I hope are people listening. MS has got an army of lawyers.
"Derp de derp."
These poor guys will be the next to be blown up when 120,000 troops jump them on their way to work. Seriously though, reading their demands, they are very close to blackmail. Microsoft took the same position that the US took in "Air Force One": We will not bargain with terrorists. Sure, they didn't blow anything up or there isn't some ISO you can burn and stick in the XBOX and poof, no security, but they did hold a list of demands that most corporations would have a hard time filling. Video Game Console manufacturers make money on software game title sells (as opposed to losing money on hardware).
"For the exchange, we were requesting but not demanding the following:
- Complete access to all documentation (chipsets, video etc.) to assist in developing a better Linux for the XBox.
- A signed Linux loader.
- Protection from Microsoft or support if any organisation/government attempted to prosecute members of our team.
- Refunding of the cost occured during the agreement period."
Since they requested the following, they were turned down on all accounts. I sincerely hope their lawyers are good enough to stave off microsoft's (who will be working on july 4th all day i'm sure). I also hope this is a first step to sticking in and loading a bootable Suse or Mandrake install CD.
---- The geek shall inherit the Earth.
It's one thing to phone up MS and say 'I've found out something you might like to know about and keep secret', and another to phone up and say 'I've got some information you might like to know about and keep secret - and I'd like you to pay me money, indemnify me against legal consequences, and give me a job - or I'll release it to the public'.
The fact that when they were ignored, they carried out the implicit threat of releasing the information (implicit in their suggestion that they'd sign an NDA in exchange for money), makes it look like blackmail to me.
It's the demand for personal gain that makes the threat of disclosure into blackmail.
even though I have no stake in this, I've gotta admit that I'm really disappointed in these guys. Normally, they'd only have to worry about the DMCA. Hacking an unshared system you own is not a crime in any way. Telling people about your experiences isn't either. The only concern is that this technology can circumvent systems designed to enforce copyrights, thereby making it a violation of the DMCA. It does have significant legal uses, and is only presented in such a manner.
Then they go and do this whole threaten/blackmail/extortion thing... doesn't really paint them in a good light. They'd be able to really champion this cause, if they didn't have to go and act like a bunch of script kiddies. Getting Linux on the X-Box without any hardware hacks is an amazing accomplishment, worthy praise and acknowledgement. Unfortunately, anyone who reports on this is gonna focus on the offensive stance they took and paint them as menaces.
And before I complain about them having egos anymore, I should digress and say that if I was good enough to hack an x-box with just software, I'd be pretty self-assured, too.
-=-=-=-=-=
I'd rather be flamed than ignored.
It's time now to hack a *real* protection system made by a *real* console maker -> Nintendo Gamecube.
good luck everybody! (and you'll need it)
People, just buy an mini-itx system. It's much more open, hackable and flexible.
"Today is a very said day for Microsoft."
If they can't even spell correctly in the opening sentence of their world-shaking statement, how the hell are people supposed to take them seriously?
Bah.
Right, you mean like these two did?
Terrible waste of time, eh?
.02
cLive ;-)
-- Trinity in high heels carrying a whip: The donimatrix - there is no spoonerism
integer underflow..?
Here's a completely non-technical explanation:
Think of it like a clock. The XBOX loads a number expecting it to be something like 10 minutes. It then subtracts 5 minutes and uses the number. But instead of giving it a number like 10 minutes you give it a number like 2 minutes. Then when the XBOX subtracts 5 from 2 it gets an underflow. It doesn't know about negative numbers. So what is does is it wraps around like a clock. If you look at the 2 minute mark on a clock, then count backwards 5 minutes where do you end up? You end up 3 minuts before the 12. That's 11 hours and 57 minutes. So XBOX thinks that 2 minus 5 equals 11 hours and 57 minutes.
So by giving the XBOX a smaller number than it expects, and letting the XBOX make the number even smaller, it underflows - wraps around - to a really big number. That really big number tells the XBOX to load a HUGE amount of information. More than it's supposed to load. That means you can feed the XBOX any program you want and the XBOX will suck it up and run it.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
how can such exploit be legal? If your door lock is easy to tamper with, is it implicitly legal for me to break in?
It is perfectly legal for you to "tamper" and "break in" if it's a lock on YOUR OWN DOOR. It doesn't matter if Microsoft built the lock, you bought the house.
The people using the exploit are using in on a machine THEY OWN. They can do anything they like with it. They can smash it with a sledgehammer or toss it in a blast furnace and vaporize the sucker. Of COURSE they can "pick the lock".
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
Anyone arguing that allowing Linux on an XBox is going to sell more Xboxen is clearly deluded. The only reason people want to put Linux on an XBox (or any other device that is not sold for such purposes) is for reasons of pure hacker fun (weee, look! linux on xbox! take that m$) and also because we all feel we're poking billg in the eye at the same time. Admit it. I do.
- Oisin
PGP KeyId: 0x08D63965
Actually, they update the dashboard (what the exploit plays with) when you install the Xbox Live stuff
Any attempt to update the XBOX is merely a request from an outside source for the XBOX to update itself. But once you have control of the XBOX you can program it to ignore that request to update itself.
When you connect to XBOX Live they check to see what version you are running, but all they can find out is what the XBOX tells them. If you control the XBOX you can have it tell them anything you like.
They are going to run into the exact same problem with Palladium and TCPA. Once someone digs the key out of the hardware, or finds any other vulnerability, then they own their system. They can run an undetectable virtualized system. They'll have "god mode" over it and af far as the rest of the world can tell they are running a secure and "trusted" system. Hell, the security situation could wind up being worse because they are pretty much going to force you to "trust" other people running the system. It just means you're going to get screwed over worse when a computer you were forced to "trust" isn't in fact secure.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
Reminds me strongly of the way typical bug-in-your-code exchanges go with companies:
"There's a flaw in your code."
"There's no flaw in our code."
"I'm telling people there's a flaw in your code."
"Alright, there is a flaw, but we're not fixing it."
"I'm telling people how to exploit this flaw in your code."
"Ok! Ok, we'll fix the bug."
These guys have been telling Microsoft that they can run Linux on an Xbox without a mod chip for months. Microsoft has ignored their warnings about the "flaw" in their "code," so we've now arrived at "I'm telling people how to exploit it." Unfortunately, because the majority of people on capital hill are mildly retarded and/or (emphasis on the "and") corporate bitches, Microsoft will NOT be forced to fix the error, but will simply sue the people who publicize the flaw because it involves encryption.
For those to whom it is NOT already patently obvious, THIS is the danger of the DMCA: Companies that provide defective products involving encryption are NOT forced to repair the error or lose business, they now have the option of silencing the white-hats who try to warn them, and trying to ignore the hordes of black-hats who are now working to duplicate the exploit.
Naturally, when involving open-source software, the DMCA becomes irrelevant, because anyone can see and fix the code: We do not have to wait in the hallowed corporate halls waiting for a magic trinket, and that is what they (in reference to greedy CEO's and their ilk, for whom the pursuit of money has become a late-stage cancer) fear.
Ok, I am done rambling. You may now resume your regularly scheduled indoctrination.
It's not necessarily blackmail.
For example, I uncovered a very significant security flaw in the online banking system of a local bank.
It took me some time to determine the scope, cause and effect of the problem -- and my time is money.
I then contacted the bank I advised them that they had a problem which, if not fixed, would almost certainly be picked up by others -- some of who might not be so benign.
I offered to hand over the results of all my work in return for payment for the time I'd spent (at my normal hourly rate).
They agreed and were most satisfied with the transaction -- since it most likely saved them a small (or large) fortune.
Was I blackmailing the bank?
After all, I wasn't about to hand over the results of my investigation without payment.
No, of course it wasn't blackmail. It was just the same as a plumber saying "I won't fix your toilet unless you pay me."
Of course there was no "threat" involved in my offer -- although if they'd chosen not to pay and fix the problem I may have informed the media that there was *a* problem (customers surely had a right to know if it wasn't going to be fixed)
In the Xbox case, Microsoft were offered a business transaction. The price would have been a signed version of Linux for the Xbox in return for the chance to close off the vulnerability and delay public awareness that it existed.
Clearly Microsoft decided that the price was too high -- after all, they've got to pay that building full of lawyers whether they're actually suing people or not so why not just resort to legal action instead?
"640k underflow should be enough to hack an Xbox."
You only leased that XBox. It still belongs to us, in principle, if not (yet) legally in fact because we chose to sell it at a loss. You're not allowed to do anything to it that we don't want you to, nor to tell anyone how to do anything to such things. Ever. Running Linux on it is stealing from us. You owe us more money in games sales, you thief.
Next week: Gilette to sue people who buy one of their razors and then figure out or tell anyone how to remove and resharpen the blades rather than buying more.
Next month: Coca Cola Enterprises Ltd to sue people who buy a bottle of Dr Pepper, drink it, then use it to fetch water from the office water cooler. Damn, that's me busted.
Let's face it, we're only valued customers as long as we're meeting our implicit obligation to continue consuming. The instant we try and (ab/re)use a product without paying more money to the manufacturer, we bcome heartless thieves, possibly communists, maybe even terrorists.
Linux user, why do you hate America so much?
If you were blocking sigs, you wouldn't have to read this.
That's a lie they love to tell. The US negotiates with terrorists all the time. Right now the Bush administration is engaged in intensive negotiations with several Palestinian terrorist groups. (And I'm not calling them terrorists because it's the US-Israeli line, but rather because they detonate bombs in places crowded with civilians.) We negotiate hostage exchanges, "disarmament" (cease fire) agreements, and much more. It all depends on how much we want the terrorists to cooperate. The US (and most other countries) have never had serious policies against negotiating with terrorists, no matter what their propaganda campaigns would like you to believe.
Gates' Law: Every 18 months, the speed of software halves.
If current copyright and IP laws and the interretation thereof were in affect in the mid - 80's what could we expect?
1. PC's would still cost thousands of dollars
2. The only companies to produce BIOS codes would be IBM, and people that paid IBM royalties
3. The Internet would only be available to people in colleges and government - and the content would be heavily censored
4. The only PC manufacture would be IBM and all others would be "illegal copies".
5. All operating systems that ran on PC's would have to be liscenced from Microsoft
6. 20" Rims would have to be liscenced from GM as the own the IP for "the oversized sport tire package"
7. Performance exhaust systems are a Ford product exclusively.
8. CD-R's would have been outlawed and require a liscence to buy or own
9. There would only be 1 word processing program
10."Reverse Engineering" would be a legal term used at your prosecution.
You think it's crazy? Saying that you can buy a game/toy and are not allowed to open it up under penalty of jail - THAT is crazy. Why doesn't MS tell the truth, you didn't BUY anything except the right to use your toy. In actuality, according to their liscence (or my interpretation) that box that you plunked down 200 bucks for isn't even yours. Get used to it, unless there is a revolt, it is the way of the future. You will own nothing - but you will be allowed to use things, provided you pay enough $$$.
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
Say I don't like WinXP on my Dell. I remove it, repartition and install linux. I can do that because I OWN the box. I'm entitled to do whatever I want with it.
Now look at the Xbox. The Xbox is a system much like a Dell with windows, the only difference is you can't easily uninstall/repartition... until now. Why is this illegal? I bought my Xbox. I OWN every part of that machine. No where does it say "Property of Microsoft" on my Xbox. Can't I do whatever I want with it? Can't Free-X release any software they want for it, much like 3rd parties can release software of their own? .02
See here. ZDnet is also running a story here
For better or worse, the concept of selling a closed platform is legal. This is especially true if the buyer has adequate information to know that it is a closed platform. I would prefer a mandatory big red WARNING label to be affixed to all closed platforms saying "The retail price of this unit reflects a subsidy from the manufacturer. This subsidy is provided in anticipation of future revenues. Therefore this unit will only work with software lisenced by the manufacturer."
There are benefits to a closed platform to consumers.
The down side is simple. The consumer is being mislead by an artificially low up-front price into being locked into continued payments of a monopoly tax on each piece of software they purchase.
I believe the only solution is for the FTC to require platform vendors to offer their product in an unbundled format. You can buy an XBOX that will run third party software, but it might cost you $150 more.
Once a machine is sold the seller should have no say in what I do with it. I paid for it afterall. If I want to run Linux on it that's my right. If I throw it in a closet and never use it that's my right also. Either way M$ would lose the same amount of money on the deal.
It seems to me that this group gave Microsoft a fair offer, to let them run Linux on what they have legally purchased, without having to play dirty. Since Microsoft didn't even try to make a counter offer I guess they shouldn't complain. They probably will use the DMCA to attack this group but IMO that just proves what a shitty bit of law the DMCA is.
At what price learning? At what cost wisdom? The price is a man's peace of mind, and the cost is his life.
While you do currently ( but not much longer i do forsee ) own what hardweare you buy, any firm/soft-ware that came with the device you only have a license to use.. at their terms.
---- Booth was a patriot ----