Slashdot Mirror
Xbox 360 Kiosk Demo Spurs Hackers
An anonymous reader writes "Those hackers from team PI have released the Xbox 360 experience kiosk demo disc as an ISO. They say this demo contains no media protection and therefore it will run on the Xbox 360 when burned to a DVD-R disc. The disc contains playable demo's on the disk such as Call of Duty 2, which could also be hackable, as PI speculates."
Now they just have to figure out how the demo disk becomes playable, use it as a boot disk, and poof, free games for everyone. :) I might be buying a 360 sooner than I thought...
And this is where the online capabilities become a mixed blessing. Just as users can download media, MS may be able to sneak in a DRM-esque update without the users knowing it. I'd be suprised if that didn't happen, in fact.
http://www.TheGamerNation.com/Forums
The executables as still signed. It is common for supporting data files to be un-signed. The executable usually does a hash check on its datafiles to make sure they haven't been messed with. It seems like everyone jumps on every little thing about the inner workings of the XBox 360 as a major exploit. The sensationalism is just getting boring.
Yeah, just wait 'til Sony puts an Xbox compatible rootkit on the latest crap-rock CD.
Of course they'd probably ge sued out of existance...
Sony V. Microsoft: DRM rootkits on a MS console. Would be an interesting clash.
Of course, that's if they WEREN'T working together.
http://www.TheGamerNation.com/Forums
yes the executables were probably signed, but in making copies you still have a copy of the signed exe, what stops media from directly running is the media check. normally, if its not the official format, if the dummy sectors are absent and the filesystem is correct, or if its not the official media of MS, it still doesnt run the code. its traditionally a three way check. thats not the case here though. here two parts of that are missing.
whats really important here, is to know that games can be run from different sources; its not limited to a certain form of media. therefore you can run from a backup copy of your disk, or possibly even a harddrive. microsoft probably enabled the drive to accept any form of media disk [at least for certain titles like this] just in case they DO decide to move ahead with the HD-DVD drive. by the time they started manufacturing x360s the HD-DVD spec wasnt even done; thus they probably enabled this to future-proof the console, if they ever decided to change their minds and release hd-dvd versions of games or interactive media.
All you need is a buffer overflow in some signed code and you can jump to your unsigned-loader. There are ways around this of course, but gaming hardware cant really take that kind of speed hit on execution time.
I think phantasy star online for the dreamcast was the first major buffer overflow, which persisted in the gamecube version. Then there were the memory card savegame buffer overflows, and many more.
Pain lasts, kid. Its how you know you're alive. Sometimes I think this growing up thing is just pain management-TheMaxx
They don't show the xbox booting that DVD, but reading from it after a hot swap while the system is running...
MS doesnt make their money just out of selling games (and I seriously doubt they LOSE money on each Console sale as they claim) they make a lot of money out of selling XDK's and licenses to publishers, the more people owning the console, the more publishers will want to port their games to it. Piracy and hacking is a surefire way to make the console available to those who cant afford or are unwilling to buy the games at their current price (not just in America but worldwide) besides they CANT clone the console just the games themselves so they have to buy the console anyway and MS knows that, thats why they have never been too severe with piracy or hacking (contrary to sony who is basically sinking PSP by doing the oposite.. and not releasing too many games either), do you actually believe they havent noticed there are groups doing great dashes and even homebrew games on their console using warezed xdks? entire companies dedicated to mod chips?
Do you think is just a big coincidence they released UNPROTECTED demos and games, which can easily be compared to PROTECTED ones by pro hackers?
They are not stupid you know? (at least not that stupid)
Yet IMO it would suck to own a modded or hacked xbox 360 since you wouldnt be able to log to xbox live which is a big part of the 360 deal.
Go ahead MOD my day!
More opinions here
Microsoft actually supports this method of running executables - the xbox emulator update for the 360 can be installed just by downloading a default.xex from their website and burning it to a DVD. Nothing special there.
i lity.htm
http://www.xbox.com/en-US/games/backwardscompatib
I think the big question is why hasn't MS done as much as make a statement about Sony's ploy and how it affects security of machines that have access to "secure" information...
This comment does not necessarily represent the views and opinions of the author.
Will someone here with a 360 and a spare half hour go get the aforementioned warez, and burn two copies - one with a single byte modified in one of the executable files?
Actual results posted here would be oh so welcome.
[FrLz]
This is a good question. Hex edit one of the binaries. Heck, run strings on it, change some text someplace and burn it.
If it still runs, good things be ahead.
Karma: Chameleon (mostly due to the fact that you come and go).
Urban Legend. Gamecube discs do not default to being read from the outside in -- depending on the game and manufacturer/producer of said game, the game's bootstrap code or loader or whatever you want to call it can be as far as 3/4 of the way to the end of the disc. But it still doesn't read from the outside in. It pops the end of the disc on boot to get the game's boot code, then hits back to the center like any other CD/DVD reading device.
To address the entire topic of this conversation, this 'achievement' doesn't mean crap. There is no *exploit* that allows this disc to boot. Whoever pressed it intentionally left off the media check -- thus allowing it to be played as downloaded from Live or on DVD. Not a big deal. It's still encrypted and signed -- the hypervisor still won't run it if a single bit has been altered.
I don't know about you, but I don't think my computer has enough spare CPU cycles in the next 100 years to crack the digital signing.
An exploit would be these people releasing the same DVD image that self-boots but has different content. But they can't. Because the 360 won't run it.
Just think about what people are inferring here. Microsoft, tremendous software goliath, pioneers new Xbox360 system that they claim is 'unhackable'. They have learned from their mistake with the Xbox and have actually taken many steps to make sure the system is as hard to hack as possible. 20 days after its release, they accidentally post an un-protected ISO on their website, allow production facilities to produce un-protected DVDs, and allow hackers to have full reign over their console.
Does this sound odd to anyone else? They wouldn't release these things if they didn't think (whether or not they're correct) that it had absolutely no gain to the hacker community. They're not going to help the hackers crack this system -- they have absolutely no gain from doing so. They lose money on each console, do you really think that's all they want you to buy? It doesn't work that way. This wouldn't have been released the way it was unless MS approved it -- there is a 99.95% chance that if they approved it, there is no way of hacking it.
I'd like to be proved wrong here, but until someone makes a DVD iso for the Xbox360 that opens up to a picture of a horse's ass and an arrow pointing to it that says 'SyncNine', I'm going to have to think I'm correct.
To the darkened skies once more, and ever onward.
People here talking about the executable still being signed and thus not hackable are terribly missing the point.
Team Pi notes that the DATA FILES are not protected. That means that content can be changed and thus the signed executable could be hijacked into loading unsigned code.
This is nothing new. It's exactly what happened in the old Xbox and the game 007: Agent Under Fire. Someone hacked a savefile, which exploited a buffer overrun on the PERFECTLY SIGNED executable from the game and enabled unsigned code (Linux, or a backup game if that's your intention) to run WITHOUT ANY MODCHIP.
You just need a Memory Card to load the hacked savefile from, and the original, signed, protected game.
Team Pi is suggesting that the same idea is possible here, and that's the reason why this ISO is being distributed.
- Otaku no naka no otaku, otaking da!!!