Slashdot Mirror

← Back to Stories (view on slashdot.org)

Technical Analysis of XBox Save Game Hack

Posted by CowboyNeal on from the picking-it-apart dept.

DJPenguin writes "There is an excellent article at the XBox Linux Project that describes exactly how the XBox savegame hack works. It details how the author went to great lengths to hide exactly what was going on. It turns out the exploit code is hidden within an image of Tux himself!" An enlightening read, to say the least.

4 of 242 comments (clear)

  1. Re:Stego or not? by AdEbh · · Score: 4, Informative

    I think it could. Steganography means hidden/covered writing from it's Greek roots. The term is older than computers so I think the distinction between the body or header of an image file is a bit fine.

    <p>- Alex

  2. Re:I don't understand. by AdEbh · · Score: 5, Informative

    I don't think that the Tux image was in the game executable, rather the save game file. This is a hack that uses a weakness in 007, not a back door placed in by someone working on 007.

    - Alex

  3. Re:I don't understand. by kc8kgu · · Score: 5, Informative
    Not that I would ever waste my time trying to hack an X box, but I can imagine a couple of reasons why the hacker might what to hide how it worked.

    The big one is that the more cryptic and obfusicaed the hack is, the less likely the vulnerabitly will be fixed in a future version because its less likely to be found and understood the the engineers trying close it. From the article, it seems as if the game already has four versions that have this hole.

    But to contridict myself, the article seems to indicate the big hole is a simple buffer overflow. Easily noticed and fixed. If there are other relatively unknown hacks inside the encrypted payload, it may extend their availability and usefulness.

    On the other hand, the hacker my be simply trying to hide his identity, changing her code so it doesn't seem like its in her personal style. To explain, people who write software for long enough in any arbitrary language begin to develop their own consistant style. Don't get me wrong, they do use the language's idiom to a certain extent, but usually have their own bit of flair to add to them.

    Lets consider the c/c++ for loop. Here are a few ways to write it - all pretty standard.
    /* first example */
    int i;
    for (i=0; i < FOO_COUNT; i++)
    DoItTo(myfoos[i]);

    /* second example */
    for (int index=0; index < FOO_COUNT; index++)
    {
    DoItTo(myfoos[index]);
    }

    /* third example, assume ok to change myfoos */
    for (myfoos; myfoos != NULL; myfoos++)
    DoItTo(*myfoos);
    Given a large enough sample of a persons code (say the did it for a living and their employer used cvs or similar), its pretty easy to tell who wrote. After about 15-20 lines of code, I can pretty well tell which of my coworker are to blame for the latest bug. Its not a finger print, but you just need a glove size to narrow down the search.

    Or, I could be completely off base. Its happened before... Once ;-)

    Just my $0.02

    (ps, I realize that the guys fixing the hole wouldn't have the source to look at, but i would wager that enough flair gets through to the machine language)
  4. Re:Umm someone explain! by Gyorg_Lavode · · Score: 4, Informative

    I'm no programmer, but it seems they overflow a buffer used in loading saved games to mount the saved game as the d drive and then run a program off of it. This can then copy the modified files used to boot linux on an unmodified xbox to the hard drive.

    --
    I do security