Slashdot Mirror
Technical Analysis of XBox Save Game Hack
DJPenguin writes "There is an excellent article at the XBox Linux Project that describes exactly how the XBox savegame hack works. It details how the author went to great lengths to hide exactly what was going on. It turns out the exploit code is hidden within an image of Tux himself!" An enlightening read, to say the least.
The code was "hidden" in the jfif header, therefore does not qualify as steganography in my opinion. But I bet MS jumps all over this and gets stego banned.
The code is just brilliant. A lot of care was taken in the construction of this hack. No script kiddie is he.
It looks like it retrives the private key. That's interesting.
Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
Nah, this is still just a buffer overflow. I doubt he "put" it in there.
I think that any programmer can appreciate why he went to such lengths to hide the code. It's a hell of a cool thing to do.
In this world of script kiddies, it's very important to disguinish between kiddies and people who are true hackers. Mad props to him for showing that hacking is most certainly an art.
The modification of the public key to make is divisible by 3 was just beautiful.
int func(int a);
func((b += 3, b));
You might be right about this being a spy vs. spy thing because the stakes are so huge. This could mean that rival Console makers are actually hacking the X-box to diminish it's threat. That could be a reason why this hack was so well done!
You brought up an excellent point!
for buffer overflows or what??
Seems that's the number one way to whack an M$ system...
In this world of script kiddies, it's very important to disguinish between kiddies and people who are true hackers. Mad props to him for showing that hacking is most certainly an art.
/*" is not an artist, he's a criminal who should have his nuts ripped off - no matter how 1337 his 5ki11z are. Although the legality of hacking the X-Box is questionable, it's in a different world entirely from the vandalism associated with computer break-ins, and the community is doing this to a product they paid for and own.
Um, that's not a very good distinction: you need to be clear what meaning of "hacker" you're using. Someone who r00ts my box and types "rm -rf
By confusing the illicit modding and the website defacing, you're making it all the harder to defend against future DMCAs. Many of the big corporate lobbyists and lawyers we so love to bash on Slashdot would love for the public and politicians to view hobbyists and crackers as the same thing.
Hackers traditionaly hold to the ethic of do no harm. It's one thing to get into a box poke around get some evidence that you were there and not damamge anything besides covering your tracks (and thats a bit of a new thing due to the excessive laws against it) A script kiddie is just that a script kiddie lets try to not confuse the two. If they call themselves a hacker thats fine it dosent make it true. The hackers of the world know who they are and how to tell there own.
No sir I dont like it.
... that I didn't understand.
I didn't have to look anything up, though...
I know Assembly, and 80x8n assembly, especially. So that was no problem. I could follow the basic plot; I didn't bother to try to read most of the code, but when I did, it wasn't hard to read. The article was pretty good that way.
But it looks to me like the article really didn't tell how the 007 Save Game was hacked. Rather, the article says "yeah it was hacked, and here's the neat part." But that's where it stops.
There isn't enough info here to reproduce it, unless you already are into hacking the XBox.
But that said, I wonder why [and maybe someone who does understand this hack can explain] the XBox-Linux people at sourceforge don't rewrite their install CDs, and give instructions, to allow a person to use this weakness to install Linux from a single CD.
Could it be that this hack really isn't "out there" yet? That the "Free the XBox" hackers are actually still in negotiations with Microsoft [or with their concrete boots at the bottom of the river]?
Correct Horse Battery Staple: 72 bits of entropy. Enter "Correct H" into google. When it generates the phrase, that's
I should'nt feed the troll, but here goes:
1)Making it upgradable would increase cost, they wanted the cheapest box for the performance they could make (sockets cost money)
2)If you don't like the idea of not being able to write your own code for it, then don't buy it.
3)puts their logo on the front...in that case is Dell also evil?
4)If you even try to open this crippled PC, your warranty is void....why does microsoft have to warranty actions on the XBOX that it's not designed for? That's like me saying that AMD should still warranty my processors even if I'm running them out of spec
5)...you are breaking the law. Despite what the spindoctors say, as long as you aren't hacking your xbox to play copied games, they can't touch you if your putting your own software on there (that said, if a side effect of your little hack causes someone to be able to play burned games, then theyre gonna come after you (which sucks for fair use...).
6)The scariest part? Is that in 10 years, we wont be talking about a console. This is the future of the PC.That is the scary part though. Even though 'the powers that be' keep claiming that people will be able to run unsigned content on TCPA hardware. I can't imagine that it would 'accidentally' cripple things like linux and BSD that hurt the bottom line
-Bucky
By confusing the illicit modding and the website defacing, you're making it all the harder to defend against future DMCAs. Many of the big corporate lobbyists and lawyers we so love to bash on Slashdot would love for the public and politicians to view hobbyists and crackers as the same thing.
Are you trying to say that this was illicit modding? Let's look at it, this is using the hardware they sold you for what you want to do. You don't have to sign an agreement with MS to buy x many games. If they want that, then they should handle it the say way that Columbia House et al do.
There is nothing that says I can buy a PS2, that I must buy games for it. What if I just buy one, and that is the only one I wanted. Maybe in 2 years, I go and buy a discount game somewhere, or some used games. That is not breaking the law, I can do whatever I want with it.
If I choose to not buy any games for my game machine, that is their problem, not mine. They take that risk when they make the game machine, they hope that it will make a profit, but they are not guaranteed.
This is not illicit modding, it would only be illicit if people were modding them and then selling those as original boxes.
I'm sure the reason was to make it harder for others to use the same hack to play copied games.
Remember, they've already gone out of their way to stress it's use for a legitimate purpose (running Linux) and not for piracy. This is just one more example of that. It shows a good faith effort by the authors to insure the hack can't as easily be exploited for other purposes.
Conoles will stay consoles. They will be made to play purely games and nothing else. This is what people want to buy, and they're showing it with their pocketbooks right now. Look at how many dedicated gaming devices Sony and Nintendo have sold compared to Microsofts try-and-do-everything Box. The numbers speak for themselves.
What you are describing is still a system cracker. The "do no harm" philosophy is pure ignorance. Someone breaking into a machine and covering his tracks can do a lot of unintentional harm.
Those who hack the XBox don't have to worry about causing harm because they are working entirely on their own equipment.
[Set Cain on fire and steal his lute.]
It's a sad sad day when someone gets modded up for explaining how hexadecimal works on slashdot.org
Come on.. are we geeks or mice here ?
You're assuming the code in question was compiled. Glancing at it, I'd lay good odds that it was handcrafted.
Besides, with the risk of being DMCA'd into his or her component atoms (regardless of where our mystery hacker lives), this isn't the kind of hack you can do in 15 minutes, slap your name on it, and get your ego gratification by having worldwide bragging rights.
That leaves only one other route to ego gratification - spend a few hours, make it perfect, and get your ego gratification by presenting a beautiful gift to geeks and hackers around the world... and by leaving the world's DMCA types puzzle they'll never figure out.
Win-win, as I see it. And artful as all fuck. Call it the Faberge' egg of hackerdom.
"Who was that masked man?"
"Nobody knows, ma'am. Folks 'round here call 'im the Lone Ranger."
"Artful fucker, ain't he?"
"Yes ma'am. Maddest props to him."