Slashdot Mirror
Xbox 360 Kiosk Demo Spurs Hackers
An anonymous reader writes "Those hackers from team PI have released the Xbox 360 experience kiosk demo disc as an ISO. They say this demo contains no media protection and therefore it will run on the Xbox 360 when burned to a DVD-R disc. The disc contains playable demo's on the disk such as Call of Duty 2, which could also be hackable, as PI speculates."
But -
Won't we have demo disks released soon enough? I doubt OXM, among other publications, will pass up on making demo disks.
Besides, can't demos and media be downloaded from Xbox Live as is? I didn't get my hands on a 360, but this is what I've heard.
http://www.TheGamerNation.com/Forums
This has happened before too too many 360's have been released. They're going to want to protect their investments. I'll bet that they will release some sort of copy protection very shortly just as Sony released the PSP firmware update.
Looks like someone beat me to the punch on this article - I will say that another demo disc has also surfaced, let's see if they can find the difference between the two maybe?
Now they just have to figure out how the demo disk becomes playable, use it as a boot disk, and poof, free games for everyone. :) I might be buying a 360 sooner than I thought...
Quote from the article:
:)
:)
:-)
O _PAL_DVD5_XBOX360-PI.
SELF BOOTING XBOX 360 EXPERIENCE KIOSK DISK
Team PI have done it again! YES YOU CAN BURN THIS ISO AND PLAY IT IN YOUR XBOX-360 - they call it the big m$ muck up. Team Pi leaves you with this Pillow statement:It seems Microsoft was in such a hurry to get this stuff out that they forgot to set the media protection on this disc. This leaves hackers with the posibility to hack around with this disc that load from a normal DVDR5 backup.
quote:
*** YES YOU CAN BURN THIS ISO AND PLAY IT IN YOUR XBOX-360 ***
Microsoft left us with this blanket statement:
Xbox 360 retail kiosks have started arriving at retailers. Due to the nature of the distribution process, not all kiosks are hitting simultaneously, but are continuing to pop up in retailers across the country in the coming weeks.
The kiosks are designed for a retail environment and feature game samples, game trailers and product information. Team Pi leaves you with this Pillow statement:
It seems Microsoft was in such a hurry to get this stuff out
that they forgot to set the media protection on this disc.
This leaves hackers with the posibility to hack around with
this disc that load from a normal DVDR5 backup! - Team Pi
also notes that the all datafiles on this disc isn't signed in
any way, and will allow for extensive modification for producing
exploits to further our efford to hack this box!
Playable (hackable) games on this disc: Call of Duty 2, Hexic, Kameo, King Kong. Also includes lots of game and accessory demos in video format.
Nothing ripped, just foreign videos were downsampled to fit onto a normal DVDR5!
YES you can run this! Burn the iso, put it into your xbox and be very amazed... Next, think of the posibilities of hacking this little demo disc that we might start running code on the retail xbox 360's !
So the second task is done. We hope this encourages all hackers, coders and crackers out there to take up the challenge. Enjoy!
Special note to the Clear kids: Yes, we are old and lazy, and no, we are not going to do some scene war against you. Life is too short for that, and our dicks are allready large enough
Keep up the hard work!
Pi Putting the 360' Spin on the Xbox
The above was taken from the nfo file of the release Experience_Xbox_360_Kiosk_Demo_SELFBOOTING_READNF
Custom electronics and digital signage for your business: www.evcircuits.com
... no media protection and therefore it will run on the Xbox 360 ...
A bug or a feature? You can never be sure with Microsoft...
Well with the successes the hacking community has had lately, I wouldnt be surprised if we see an HD loader for the 360...
I want HDLoader!
Viable Slashdot alternatives: https://pipedot.org/ and http://soylentnews.org/
Quite an achievement making an ISO of an unprotected DVD.
We all bow down to the superiority of the hacking skillz of said release group. I am composing some ASCII art of a very large penis in your honor that you can use in your nfo file.
The DMCA makes it illegal to circumvwent the protection. Copyright infringement is still illegal on top of that. Creating/using DeCSS violates the DMCA, but copying the DVD is copyright infringment. The DMCA is "evil", but just because people don't protect something technologically doesn't mean you should have the right to copy it willy nilly.
Why not fork?
Although this is interesting news, the lack of a media check certainly doesn't mean the code isn't signed.
Does the existence of hate crime laws means I am free to kill other white guys?
Mathematics is made of 50 percent formulas, 50 percent proofs, and 50 percent imagination.
The executables as still signed. It is common for supporting data files to be un-signed. The executable usually does a hash check on its datafiles to make sure they haven't been messed with. It seems like everyone jumps on every little thing about the inner workings of the XBox 360 as a major exploit. The sensationalism is just getting boring.
However, becuase of the very nature of this disk (restricted kiosk) it is unlikely that 99% of people will be able to make backup copies of it under fair use.
My 3D Texturing Skinning work (under construction)
Sure! Of course, IANAL.
Bill Clinton: Pimp we can believe in. - The Shirt!!!
Sure, just like if someone does not lock up their valuables you're free to take all you want.
try { do() || do_not(); } catch (JediException err) { yoda(err); }
We all know that news like this is great for people who want to make legitimate backups of their games. Freeloaders and Warez kiddies would have nooooo use for this whatsoever! No siree!
Socialism: A feeling of discontent and resentment caused by a desire for the possessions or qualities of another.
Said properly:
"but just because people don't protect something technologically doesn't mean you should have the right to copy it willy nilly."
If I buy a game, I should have the right to make a backup so I don't worry about the original being scratched. I don't really have that option right now, so I watch in horror as my son just casually tosses around $50 game disks.
It shouldn't be that way, but it is.
You were mistaken. Which is odd, since memory shouldn't be a problem for you
They're redistributing Microsoft marketing materials. Usually, you have to pay a PR firm to do that.
Creating a boot disc is the first step into a much larger world. Thus is was with the Dreamcast, so it appears to be with the Xbox. The major difference is the fact that the Xbox' BIOS is malleable at MS's whim so even if an exploit works for a while, there are certainly no guarantees with a software solution like this.
"...Well, there's egg and bacon; egg sausage and bacon; egg and spam; egg bacon and spam; egg bacon sausage and spam..."
No but I like the way you think. ;)
You are not supposed to be able to rip *any* 360 game and play it off a burt DVD
The fact that you can do this means with this demo DVD means that all any group has to do is figure out *why* this is (what the relevant section of bytes is), rip out the needed bytes, and use it to bootstrap the 360 to run any burnt game or app they please.
http://www.youtube.com/watch.php?v=PlT7hfls88E
The media protection and signing are very different things. The executables are still signed and from that cannot be modified. However, they can be played on a variety of media, burnable media included. The files themselves, to my knowledge, are not signed or checked. That would open the door for simple map mods or similar as seen with the Halo series. As for code execution, not likely. The hypervisor as well as other checks are in place to prevent the most common forms of attack. It would take some clever doing to get the good old fashioned gamesave exploits of yesteryear on this new platform ;) Realize also that there isn't much anything preventing authors of demo discs from setting the media flags...this was more likely than not a mishap.
"Strangers have the best candy" -Me
Parent deserves karma points just as a dog requires biscuits to operate. (?!??!)
It seems they made it possible to boot from ordinary CD/DVDs, but with the requirement that the executables are signed. Don't know if that was intentional or not, but if it was I can see how nice it will be to pull down game demos and burn them.
I hesitate to buy an expensive game without trying the game for a while.
With this capability high-quality games with demos out will convince reluctant buyers like me to try and probably buy.
Brilliant!
Does the existence of hate crime laws means I am free to kill other white guys?
If someone kills white guy, does it make it ok to pass hate laws discriminating against all non-white races? Even if they were innocent and possibly the white guy was killed by another white guy?
In theory this is how DRM works.
Everyone is assumed to be a criminal.
"I am the king of the Romans, and am superior to rules of grammar!"
-Sigismund, Holy Roman Emperor (1368-1437)
Fuck the DMCA!
No, you cant at least not if they are gay or vi users.
First, IANAL. That said
The DMCA makes it illegal to circumvwent the protection.
There is an exception for compatibility. For example Asterisk PBX has a reverse engineered Skinny protocol, this is ok because it is done for compatibility. If this boot loader is used for running custom code on a personal x-box this would not be illegal even under the DMCA.
Copyright infringement is still illegal on top of that. Creating/using DeCSS violates the DMCA, but copying the DVD is copyright infringment.
Copying the DVD is illegal but not a prosecutable offense. The Fair Use doctrine makes personal copies legal. Downloading an image from BitTorrent or other things would be illegal.
DeCSS violates the DMCA. Before the DMCA it was still illegal because it stole decryption keys from the DVDA (not to be confused with double vagina, double anal). Although I believe that was only protected via trade secret, so it may no longer be elgible for protection at this point now that it is not a secret.
The DMCA is "evil", but just because people don't protect something technologically doesn't mean you should have the right to copy it willy nilly.
I disagree. You have the right to copy your personal stuff nilly willy for personal use. You do not have the right to copy other peoples stuff nilly willy.
The DMCA is evil though!
Can I get an eye poke?
Dog House Forum
MS doesnt make their money just out of selling games (and I seriously doubt they LOSE money on each Console sale as they claim) they make a lot of money out of selling XDK's and licenses to publishers, the more people owning the console, the more publishers will want to port their games to it. Piracy and hacking is a surefire way to make the console available to those who cant afford or are unwilling to buy the games at their current price (not just in America but worldwide) besides they CANT clone the console just the games themselves so they have to buy the console anyway and MS knows that, thats why they have never been too severe with piracy or hacking (contrary to sony who is basically sinking PSP by doing the oposite.. and not releasing too many games either), do you actually believe they havent noticed there are groups doing great dashes and even homebrew games on their console using warezed xdks? entire companies dedicated to mod chips?
Do you think is just a big coincidence they released UNPROTECTED demos and games, which can easily be compared to PROTECTED ones by pro hackers?
They are not stupid you know? (at least not that stupid)
Yet IMO it would suck to own a modded or hacked xbox 360 since you wouldnt be able to log to xbox live which is a big part of the 360 deal.
Go ahead MOD my day!
More opinions here
Using analogies to compare the Internet with real life is like trying to rationalize the universe with a bag of marbles.
So you were trying to make a paradoy analogy. Ok, but I think my post was still valid as it was intended to be more sarcasm, not an analogy.
Mathematics is made of 50 percent formulas, 50 percent proofs, and 50 percent imagination.
Sure, just like if someone does not lock up their valuables you're free to take all you want.
In reality, if your insurance company finds out you didn't lock your doors or take precautions against theft, they won't write you a check for your loss.
If I could break a rule here about analogies, if I make a juicy delicious steak and and put it out on my table and I leave my door open and my neighbors dog comes in and eats it... Who can I blame for my lost steak?
I could blame the dog, but that is what dogs do... They eat meat, just like a theif steals things. I can't teach the dog not to eat my food because it isn't my dog. I can beat it myself, or call my neighbor and have him punish it, or I can go the extreme and call the pound and have it dragged away.
However I'm still out of a steak because I didn't have my door closed. It doesn't make the dog right, but obviously it benefits you to suck it up and protect yourself and stop using "other people aren't supposed do bad things" as an exscuse to not put forth the effort of protecting yourself.
Guess what? You don't have control over other people when they do bad things. You do have control over yourself and how much of those bad things will affect you. Understanding that will go a long way.
"I am the king of the Romans, and am superior to rules of grammar!"
-Sigismund, Holy Roman Emperor (1368-1437)
No, it means that the original law applies. Just as American laws would reference British common law if there wasn't an American one on the books, the copyright battles reference the original laws that keep getting appended and added to. The Fair Use law lets you make the backup copy, but the DRMC says you can't break encryption to make your copy. In your example, the original law or "common law" makes thieving a crime. The new law, or DRMC-analogue to your robbery analogy - it would be a specific crime to break the lock on your valuables, just as it's against the DRMC to break coding for copying.
Let's assume that MS didn't screw up to much and put that "relevant section of bytes" within a portion of an executable that is signed. We can find those bytes, but if we change them, 360 freaks since the signature is no longer valid for the executable. That a look at: http://en.wikipedia.org/wiki/Digital_signature#Int egrity The 'message' in the 360's case is the contents of the executable (including the "relevant section of bytes"). Now, if we could resign the executable, jackpot!
So you were trying to make a paradoy analogy.
Correct, I think the problem with analogies is they cannot be applied from physical realm to idea realm without having infinite amounts of exceptions to whatever you were having an analogy about.
Mostly because information does not behave in the same respect as the physical world. Does murder and lack of DRM have anything in common? Can you really make an equation between to two actions and use murder of a white guy to justify the inherit wrongness of copyright violations.
As much as I could reverse it and absurdly declare that DRM as an analogy to hate laws passed by a racist government oppressing everyone regardless of race...
Although I broke my rule a few posts down but I was using an anology of a real world situation vs a real world situation.
"I am the king of the Romans, and am superior to rules of grammar!"
-Sigismund, Holy Roman Emperor (1368-1437)
$50!? That's cheap! The RRP for XBox 360 games here in the UK is about £50 which is about $85 ($72 without tax!)
The actual .exe files still have to be digitally signed before the CPU will accept them.
Changing one bit of the .exe will break the digital signature's validity.
So this isnt a way to sneak fresh code onto the 360.
Sorry.
How about emacs users?
Umm, that post was intended to be sarcastic as well...
Mathematics is made of 50 percent formulas, 50 percent proofs, and 50 percent imagination.
Will someone here with a 360 and a spare half hour go get the aforementioned warez, and burn two copies - one with a single byte modified in one of the executable files?
Actual results posted here would be oh so welcome.
[FrLz]
... would be to simply find a buffer overflow within the executable that can be exploited by modifying a data file (which are usually unsigned).
You could then use this unmodified signed executable to load any code you want.
Each generation of console is going to be harder to hack, but not unhackable. Even Micro$oft realizes the box will be hacked eventually. Each release they fix the ways the old one was hacked, and someone finds an exploit in the new version, the cycle of life continues.
... remotely. The powers that be may not exercise the disable code after detecting the hack immediately, but it is something they can do. They didn't get any more specifc on how this can be done, but it makes sense. Micro$oft learned from the last console and is not happy that people are using their boxes for things other than intended.
I know people who worked on the processor and have contacts with Micro$oft. They tell me that connecting to the Xbox live service gives Micro$oft an unprecedented view of your system. If they can detect that the box has been compromised they have the ability to disable the box
this is just another flaw of the xbox 360 that m$ failed to check up on to make sure that its product was all taken care of becuase it shipped before xmas. it now shows that there is a way to load and boot non signed dvds which will enable custom code and eventually softmodding. team Pi just opened the door even further from breaking the encryption and filesystem on the dvds to now finding another xpolit in the dvd. it will only be a matter of time before the first gen mods are out.
Bryan
I believe the discussion here was whether or not the action was illegal, not whether or not you can get your insurance company to compensate you for it. The two are radically different.
"If I could break a rule here about analogies, if I make a juicy delicious steak and and put it out on my table and I leave my door open and my neighbors dog comes in and eats it... Who can I blame for my lost steak? I could blame the dog, but that is what dogs do... They eat meat, just like a theif steals things. I can't teach the dog not to eat my food because it isn't my dog. I can beat it myself, or call my neighbor and have him punish it, or I can go the extreme and call the pound and have it dragged away."
Ok, you don't like your neighbor's dog, we get it. But you still havn't contributed a damn thing to the discussion of the legality of pirating a non-protected work. You are on a tangental subject that has no bearing to what is being discussed.
Mathematics is made of 50 percent formulas, 50 percent proofs, and 50 percent imagination.
If you try the 360's demo downloading capability, you know that it can run downloaded content. I haven't sniffed the data stream myself, but encrypted connections slow servers down quite a bit and it's doubtful that xbox live servers even use them for content download on the order of a 500MB demo. Those binaries are signed just like the demos on the discs which can be burned. By signing the binaries, they don't need to worry about how the code got on the xbox. DVD-R, download, remove hard drive->write binary->reinstall hard drive, iPod, it doesn't matter a bit. If it doesn't execute binaries that aren't signed by microsoft's private key, it doesn't matter how you give it the binary, it won't run it. This is a non-story. Unless someone steals or or breaks microsoft's private key, this is gonna need a hardware hack at minimum.
It's a gray area when the word itself is an abbreviation. In this case, though, demo is so common that it has become a word in itself, so I suppose you're technically correct. But not exactly a reason to complain, considering how grammatical and spelling infractions abound here.
This is a good question. Hex edit one of the binaries. Heck, run strings on it, change some text someplace and burn it.
If it still runs, good things be ahead.
Karma: Chameleon (mostly due to the fact that you come and go).
Any code on the disc is digitally signed, it just doesn't care what type of media it's loaded from. Hell, Microsoft already released a burnable disc image that updates the bios firmware and system software. If they trust their security system enough to do that, then burnable game demos are probably going to be common. Why bother media protecting a demo anyway? They might as well let people copy it.
The only sliver of hope is that there is some flaw in the signed software which is exploitable by changes to the unsigned data. It's not impossible, but I have a feeling that it's going to be a lot harder than finding flaws in the PSP software, because of W^X pages, hypervisor, etc.
Your lack of comprehension of the subject matter, I assume.
Well said.
Not sure what you're trying to say but that's a good argument FOR DRM - The customers (dogs) can't help themselves but WILL copy and share media (the dogs will grab the steak) unless we put DRM around it (lock the doors so the dogs won't steal the DVD's, uhm, steak).
try { do() || do_not(); } catch (JediException err) { yoda(err); }
It seems Microsoft was in such a hurry to get this stuff out
that they forgot to set the media protection on this disc.
This leaves hackers with the posibility to hack around with
this disc that load from a normal DVDR5 backup! - *Team Pi
also notes that the all datafiles on this disc isn't signed in
any way*, and will allow for extensive modification for producing
exploits to further our efford to hack this box!
A blog about stuff.
Or perhaps the part where he read the damn article?
A blog about stuff.
Mine is only 3 inches, but that's above average here.
It's a gray area when the word itself is an abbreviation
No, it isn't.
Perhaps you should invest in one of these:
http://www.angryflower.com/aposter.html
Perhaps you'd care to pluralize the first part of this sentence for me:
Here's a hint - your flowery cartoon friend doesn't cover it.It seems Microsoft was in such a hurry to get this stuff out
that they forgot to set the media protection on this disc.
This leaves hackers with the posibility to hack around with
this disc that load from a normal DVDR5 backup! - *Team Pi
also notes that the all datafiles on this disc isn't signed in
any way*, and will allow for extensive modification for producing
exploits to further our efford to hack this box!
Not executables, but unsigned nontheless.
A blog about stuff.
Gamecube spins the right way but goes from outside -> in
So does the second layer of a DVD-9.
Do you really think that IBM's Power -architecture doesn't have NX flag?
Do you really think execution of the stack is the only way to fool the system into jumping to untrusted code? Have you ever heard of a return-into-libc exploit?
To reiterate what others have said, the executables are still signed AND demo discs with no media checks have been around for months. So that rules out modifying the executables.
As far as gamesave exploits and the like...On the original Xbox, gamesaves were signed, but they used a key stored in plaintext in the executable. Meaning if you found a way to crash the game and run your code, it was trivial to get the game to accept it. I suspect on the Xbox 360 the key will be secret.
Secondly, games on the Xbox run in kernel mode. I suspect this is NOT be the case on the Xbox 360.
The Xbox 360 does not use an off-the-shelf CPU. Microsoft licensed it and built its own. The original Xbox was first hacked because it used an off-the-shelf Mobile Celeron and thus its secret information had to be built into the Xbox-specific southbridge and travel down the HyperTransport, which could be sniffed. Since the Xbox 360 used an MS-made CPU, I would wager that the key is on the CPU itself.
If we presume that gamesaves are signed with a secret key in the CPU, and applications do not run in kernel mode, we can rule out gamesave exploits in addition to executable modifications.
In short, this "news" is pointless. MS ship an executable with a few different bits allowing DVD-R playback and people suddenly think that we have a new Dreamcast on our hands. The disc will undoubtedly be subject to much scrutiny, but we're not really any closer to hacking the Xbox 360.
"The Ph.Ds ate lunch."
You can confirm this by searching google and seeing any number of published research papers using the phrase correctly.
Also, it's
"I bought 4 CDs today."
NOT "I bought 4 CD's today."
I just changed one digit with a hex editor and re-burned the iso. The change was in Call of Duty. It no longer plays. The other demo's play just fine. No error message, it just locks up with a blank screen.
I am going to try again to verify. I will know in about 20 minutes.
Repant. Thy end is sheer.
In clearer words: Yes, it's still illegal to copy [almost all] ISOs, but since Microsoft knew how heavily the original Xbox was cracked, if they made a way for the Xbox 360 to boot from a DVD-R, then they don't have anyone to blame if people use this to hack the Xbox.
The dog was still wrong for eating your food, but that's what dogs do, so you should have "played hide the salami" (as Howard Dean would put it). The crackers were still wrong for trading warez, but that's what crackers do, so you should've put some copy protection.
People here talking about the executable still being signed and thus not hackable are terribly missing the point.
Team Pi notes that the DATA FILES are not protected. That means that content can be changed and thus the signed executable could be hijacked into loading unsigned code.
This is nothing new. It's exactly what happened in the old Xbox and the game 007: Agent Under Fire. Someone hacked a savefile, which exploited a buffer overrun on the PERFECTLY SIGNED executable from the game and enabled unsigned code (Linux, or a backup game if that's your intention) to run WITHOUT ANY MODCHIP.
You just need a Memory Card to load the hacked savefile from, and the original, signed, protected game.
Team Pi is suggesting that the same idea is possible here, and that's the reason why this ISO is being distributed.
- Otaku no naka no otaku, otaking da!!!
Ok. The scene now has:
1. The ablitiy to dump data from Xbox disk into ISO
2. A damn good understanding of media checks (thanks to this) which will help enterprising individuals be able to hack . these dumped ISOs to play when on burned on standard media.
Great! Not that this doesn't help the homebrew/linux sceen, but is MUCH more significant to being able to pirate/bootleg games! Wow! Turns out that the M$ "content protection" sceme was more focused on locking out linux/homebrew than it really was about anti-priacy! Not surprising from a company renowned for their unlawful anti-competitive practices.
Since when do we drop periods for pluralization? And with the period, you're wrong. For example.
Given that the data files are unsigned, freely modifiable, and given MS's history of exploits in pure data (and MS-made code-data hybrid) formats, it seems likely a buffer exploit will be relatively easy to insert into the datastream. Heck, given the Windows-autolaunch mentality it wouldn't suprise me if you could just replace the video file with an executable by the same name. *grin*
I wonder if MS really screwed up or if they did this for a reason ...
The demo disk contains a movie player and the data files is not signed, so you can replace a video file with one containing the said horse part. I do not think anyone will bother however just to prove you wrong.
Insightful thoughts. Your comments made me think that if the executables are still signed but the data files are not signed, that this still leaves the opportunity for the unsigned data files to be modified to cause a buffer overflow when then are loaded by the signed executable thus allowing the box to run unsigned code.... :-)
I'd say that's a pretty contrived example. How often does someone refer to someone who holds a Ph.D. qualification as "A Ph.D."? I've certainly never been referred to as "an MSc". While I was studying the university called me "an MSc student", but there the "MSc" is an adjective qualifying what kind of student I am, not a noun in itself.
All the time, in certain circles. But if you like, the sentence can be changed to refer to the degrees. "He has two Ph.D.'s, and got straight A's in high school." (that last part was a bonus apostrophized plural.)
"Not a big deal. It's still encrypted and signed -- the hypervisor still won't run it if a single bit has been altered."
Actually...
Team Pi also notes that the all datafiles on this disc isn't signed in any way, and will allow for extensive modification for producing exploits to further our efford to hack this box!
Everyone seems to be missing the point here.
It's not the fact that you can burn this stuff to CD/DVD-R. We all already knew about the downloadable emulator update from the xbox.com site that you can burn to disc and run on the 360 and everything.
The point is that this demo disc loads unsigned/unprotected data files (although whether any of the game demos verify these files to any extent is currently unknown). I'm sure everyone heard about the vulnerability in Windows' GDI+ JPEG processing. It's a prime example of supposedly innocent data files being far from "innocent".
It's 100% possible that someone out there will find a vulnerability to exploit in one of these what, 5 or 6 game demos? Don't even try to tell me that you think every programmer on every one of these development teams produces bug-free code.
"He has two Ph.D.'s, and got straight A's in high school."
I'm afraid that usage is considered wrong. Wikipedia discusses it:
An apostrophe is used by some writers to form a plural for abbreviations and symbols where adding just s rather than 's would be ambiguous. While British English did formerly endorse the use of such apostrophes after numbers and dates, this usage has now largely been superseded.
* For the plural of single lower-case letters, such as mind your p's and q's. Some sources extend the use to the plural of single upper-case letters, others to the plural of single digits, and yet others to the plural of numerals, although in those latter cases there is no ambiguity being lifted.
* For the plural of abbreviations, it is widely (but not universally) regarded as incorrect, so CDs not CD's.
* For groups of years, it is not necessary where there is no ambiguity: 1960s not 1960's, 90s or '90s not '90's.
* Finally, a few sources accept its use as an alternative spelling of the plurals of a very few short words (such as do, ex, yes, no; in each case, dos, exes, yesses and noes would be preferred).
The best you can say about "demo's" is that it may fit into a group of essentially incorrect apostrophe usages.
The disc contains playable demo's on the disk such as Call of Duty 2, which could also be hackable, as PI speculates.
When will you kids learn that plurals are not formed with apostrophes followed by the letter 'S'?
- IP
There's no reason to be frightened. The Wikipedia section you quoted does not address it. On the other hand, many easily found university style guides do address it. There are more. Feel free to browse.
www.xboxdev.com for more info