Slashdot Mirror
Xbox Linux Made Possible Without a Modchip
An anonymous reader writes "Free-X have released an exploit for the Xbox that will let you get Linux on the machine without any hardware mods at all... Microsoft is already threatening them with legal action. Here's the Free-X statement. Free-X say they had been trying to contact MS for a month but were ignored, which is why they've released the exploit. Should be interesting to watch this one."
Too late for Microsoft. It's been released. No way of stopping it. Just like Nintendo had no way of stopping UltraHLE.
Go here for teh [sic] funny.
It seems we've had a lot of false and misinterpreted information about this team and their exploit. I don't have an x-box and only somewhat understand why their exploit would work (integer underflow..?), but it atleast sounds interesting. Anyone on slashdot who gets it working please post a verification.
As far as the team... I think they should have submitted their findings to a legal firm of some kind instead of this not-so-holy covert behavior. Their behavior will only lead to troubles in court.
Atleast they'll have $100,000 to help them out, I think they'll need it.
Rob
Trust me, these guys will go down for the count if Microsoft hires a female lawyer.
"From now on today will be known as XBox Independence Day!"
"She's a West Texas girl, just like me" - G.W Bush Iraqis
Dear Public,
Today is a very said day for Microsoft.
Especially if you're using their spelling / grammar software.
I like big butts and I cannot lie.
...did they really think Microsoft would give in to their "demands" AND legitimize X-Box hacking at the same time? Give me a break. Why would it make sense for Microsoft to encourage Linux installs on a product solely meant to play games and movies, when it doesn't even port it's cash cow software for the real desktop OS? I hate to make this comparison (because of the can of worms it's sure to open), but it's like terrorists who try to bargain hostages for freeing their buddies. You CAN'T bargain with them, because it simply encourages others to follow in their path.
Congrats to the guys for the hard hacking work, but get a little business sense and in the meantime, better get a lawyer. This ain't gonna make the boyz in Redmond none too happy.
Chris
Looks like it's open season on the Xbox now, but I'm a bit confused. The ZDnet article mentions the $100,000 no hardware mod prize, yet right in the exploit description it states:
Q1: How do I get the files onto the harddisk?
A1: There are several ways. You could f.e. install the files with the Mechassault or 007 hacks. This requires one of the games and the files on a memorycard. The other way is to open the box and do the harddisk swap trick which is described all over the net.
So if you need to use an existing hack to do this, and those hacks didn't qualify for the prize, how could this one? Any Xbox experts care to comment?
Additionally, isn't it nice to see that companies are now suing on a regular basis for exploit publication. Good that they only want black hats posessing this sort of information.
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
our team has been accused of attempting to extort or blackmail Microsoft
From the article, seems that is exactly what they tried to do:
For the exchange, we were requesting but not demanding the following:
- Complete access to all documentation (chipsets, video etc.) to assist in developing a better Linux for the XBox.
- A signed Linux loader.
- Protection from Microsoft or support if any organisation/government attempted to prosecute members of our team.
- Refunding of the cost occured during the agreement period.
Not demanding? Why would Microsoft politely offer any of those things?
Microsoft is already threatening them with legal action.
Too late. Just ask AOL at trying to stop WASTE when it came out. Up for a day, and mirrored more times then they will ever be able to count.
Microsoft lost right at the point they decided to not talk to them beforehand. They can shut these people down, but it's out there now, game over.
SecondPageMedia - Wha
007 Agent Under Fire contains an exploit in the save-game loading routine which can lead to a local-root compromise on your X-box with a specially corrupted save game file.
This can be used, for example, to boot Linux, or flash the BIOS.
The reason that this didn't win Mike Robertson's 100 large is because you still need to rip the lid off the box and solder a pair of jumpers (or use conductive pen) in order to enable 'write' on the flash rom.
You're doing it wrong.
It's a base-64 encoded proof-of-concept font and loader program. Base-64 is sort of like uuencode -- it's just a reversible way to represent a binary file as ascii code. The line "begin-base64 644 dayX.tgz" is the header that includes the encoded filename (dayX.tgz). Ask google about it for more info. Google knows all.
everything in moderation
There's definitely a big risk of zdnet going down, as it's hosted by a 14 year old with a 333 running Apache in console mode (Win98sr2) on a dsl connection and all...
Underflow is the same, but opposite, making it so you wrap from near zero to a very big number... You say the font size is 0x0003, and the X-Box subtracts 0x0004, and ends up thinking it needs to read in 0xffff more data from the font file...
Both just involved wrapping around the maximum/minimum values a variable can hold.
A popular opinion when they threatened to release this was "they're just blackmailing Microsoft, but they've got nothing".
Looks like a different situation now that they've laid their cards on the table.
Good work guys.
I think you meant http://archives.neohapsis.com/archives/vulnwatch/2 003-q3/0008.html (ie without the extraneous space) but yeah, given that they're 100% identical to each other, including the name of the author, i'm guessing that they just _might_ be the same exploit.
This Space Intentionally Left Blank
Actually, it is blackmail. Several of the things they request do have a quantifiable monetary value to them, and to others in similar situations. This includes the creation of an authorized product, refund of costs incurred, legal indemnification, and access to product designs and specs. It doesn't matter if they're willing to sign an NDA. Blackmail isn't limited to just the "give me X dollars or I will do something nasty you won't like." Any argument that Microsoft won't be harmed financially due to the release of this exploit is weak because Microsoft doesn't have to show actual financial damages from this. But that's just the civil suit. These guys will have more to worry about from the Justice Department in the criminal case.
This is not a step forward for the Linux community. It is an embarassing set back that could further strengthen arguments against using Linux and supporting the Linux community. It's just damn irresponsible of them.
This is the law were talking about here. There is no room for such concepts..
You don't know when someone will laywer their way into taking this thing offline. Make it as available as you can.
If the DMCA continues to be used to shut down what used to be considered fair use, we'll see more and more open source endeavors moving out of the US. Here's to fervently hoping the MPAA/RIAA doesn't manage to implement DMCA clones in all countries on this planet. They seem to be doing a pretty good job at it in Europe.
If any of you Opera users find the "Free-X Statement" link akin to a Spinal Tap album cover, the site hasn't been defaced or removed. Try another browser, Opera 7.0 appears not to render their page readably. Undoubtedly the site's fault, not Opera's, of course.
(me.)
~ Whence do you come, slayer of men, or where are you going, conqueror of space?
In a few days Michael Robertson will announce Lindows Xbox Edition.
New features? The ability to completely hiijack a competitors hardware technology.
If you use Linux, please help development of Autopac
And that's exactly what the Microsoft chimps are thinking right now. How the hell are they going to be able to sue someone if they dont even know where the hell it is? I mean, come on, who REALLY knows where Austria is that hasn't been there already? (Looks around) My point exactly. Hell, half the posters on here think its AUSTRAILIA.
Patchable? :: Furthermore, Microsoft cannot permanently patch this hack through an Xbox Live update. Version 1, v1.2, & v1.3 Xboxes will always execute the current vulnerable code. Should they remotely update the dash; one would simply open the Xbox, write an old image to the hard drive, and reboot. In the process it would be trivial to add bert and ernie (the modified fonts). Xbox Live BIOS updates are not possible due to M$ imposed hardware limitations. Of course, third party BIOS updates are not a problem for those willing to open the case and get crazy with a little solder.
Availability? :: Legal or not, at this point it's not an issue for the end user. The base-64 posted by Mr. Esser isn't going away. Proof? Try this...
X-Prize? :: Probably not. This cannot be executed or copied from a third party memory card ala 007. So opening the box is required. Partial payment maybe.
.. I would *strongly* recommend that the Slashdot Community who's been all over this 'Linux on the XBOX' bs start doing something interesting with it, and I mean fast. It would look plenty embarrasing for MS if they went after them for releasing the exploit and then people started making good (and legitimate) use of it. If everybody just wants to play MAME on it with questionably legal ROMs, that won't help Free-X.
Might I suggest a DivX based media server that can rip DVDs? I know that seems to fly in the face of what I just said about MAME, however, its a good use for the XBOX, plus you'd only be ripping DVDs you own and with good reason. "I just wanted to have easy access to my library." Another suggestion would be to set up an XBOX as a TV based info center. It stays on-line all the time on Input 2 (or whatever channel your XBOX is on), when a commercial pops up, flip the channels and get your messages. Heck, set up a browser so that it cycles through your favorite news sites every 30 seconds and scrolls them or something.
At least with something like that, something that the XBOX is better at than a cheap-o PC, the case can be made for wanting to make these mods to the unit. That'll weaken MS's case (they'll probably try to say that copy protection is bypassed or something), plus it'll take a few pokes at the DMCA as well.
I hope are people listening. MS has got an army of lawyers.
"Derp de derp."
It's one thing to phone up MS and say 'I've found out something you might like to know about and keep secret', and another to phone up and say 'I've got some information you might like to know about and keep secret - and I'd like you to pay me money, indemnify me against legal consequences, and give me a job - or I'll release it to the public'.
The fact that when they were ignored, they carried out the implicit threat of releasing the information (implicit in their suggestion that they'd sign an NDA in exchange for money), makes it look like blackmail to me.
It's the demand for personal gain that makes the threat of disclosure into blackmail.
It's time now to hack a *real* protection system made by a *real* console maker -> Nintendo Gamecube.
good luck everybody! (and you'll need it)
People, just buy an mini-itx system. It's much more open, hackable and flexible.
Right, you mean like these two did?
Terrible waste of time, eh?
.02
cLive ;-)
-- Trinity in high heels carrying a whip: The donimatrix - there is no spoonerism
how can such exploit be legal? If your door lock is easy to tamper with, is it implicitly legal for me to break in?
It is perfectly legal for you to "tamper" and "break in" if it's a lock on YOUR OWN DOOR. It doesn't matter if Microsoft built the lock, you bought the house.
The people using the exploit are using in on a machine THEY OWN. They can do anything they like with it. They can smash it with a sledgehammer or toss it in a blast furnace and vaporize the sucker. Of COURSE they can "pick the lock".
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
Actually, they update the dashboard (what the exploit plays with) when you install the Xbox Live stuff
Any attempt to update the XBOX is merely a request from an outside source for the XBOX to update itself. But once you have control of the XBOX you can program it to ignore that request to update itself.
When you connect to XBOX Live they check to see what version you are running, but all they can find out is what the XBOX tells them. If you control the XBOX you can have it tell them anything you like.
They are going to run into the exact same problem with Palladium and TCPA. Once someone digs the key out of the hardware, or finds any other vulnerability, then they own their system. They can run an undetectable virtualized system. They'll have "god mode" over it and af far as the rest of the world can tell they are running a secure and "trusted" system. Hell, the security situation could wind up being worse because they are pretty much going to force you to "trust" other people running the system. It just means you're going to get screwed over worse when a computer you were forced to "trust" isn't in fact secure.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
Reminds me strongly of the way typical bug-in-your-code exchanges go with companies:
"There's a flaw in your code."
"There's no flaw in our code."
"I'm telling people there's a flaw in your code."
"Alright, there is a flaw, but we're not fixing it."
"I'm telling people how to exploit this flaw in your code."
"Ok! Ok, we'll fix the bug."
These guys have been telling Microsoft that they can run Linux on an Xbox without a mod chip for months. Microsoft has ignored their warnings about the "flaw" in their "code," so we've now arrived at "I'm telling people how to exploit it." Unfortunately, because the majority of people on capital hill are mildly retarded and/or (emphasis on the "and") corporate bitches, Microsoft will NOT be forced to fix the error, but will simply sue the people who publicize the flaw because it involves encryption.
For those to whom it is NOT already patently obvious, THIS is the danger of the DMCA: Companies that provide defective products involving encryption are NOT forced to repair the error or lose business, they now have the option of silencing the white-hats who try to warn them, and trying to ignore the hordes of black-hats who are now working to duplicate the exploit.
Naturally, when involving open-source software, the DMCA becomes irrelevant, because anyone can see and fix the code: We do not have to wait in the hallowed corporate halls waiting for a magic trinket, and that is what they (in reference to greedy CEO's and their ilk, for whom the pursuit of money has become a late-stage cancer) fear.
Ok, I am done rambling. You may now resume your regularly scheduled indoctrination.
Yeah, sure, it's legal to *sell* a closed system. However, there is absolutely no legal basis that allow a seller to prevent a consumer from opening it. The most they could do would be to void all warranties if you do anything unapproved.
If MS can say that you can't open it or run software on it, does that also mean that MS can keep you from reselling it or smashing it with a sledgehammer or just tossing the whole thing in the garbage?
If someone wants to maintain control of a device after they give it to the consumer, their only choice is to rent it to the consumer and maintain the ownership themselves.
-- Don't Tase me, bro!
any firm/soft-ware that came with the device you only have a license to use.. at their terms.
Fine then, I don't accept the terms of the license. I guess I gotta delete the software. Hmm, now what am I going to do with my XBOX? I know! I'll run Linux on it!