Xbox Hypervisor Security Protection Hacked

ACTRAiSER writes "A recent Post on Bugtraq claims the hack of the Xbox 360 Security Protection Hypervisor. It includes sample code as well." From Bugtraq "We have discovered a vulnerability in the Xbox 360 hypervisor that allows privilege escalation into hypervisor mode. Together with a method to inject data into non-privileged memory areas, this vulnerability allows an attacker with physical access to an Xbox 360 to run arbitrary code such as alternative operating systems with full privileges and full hardware access."

Longer than I thought

[kir]

That actually took longer than I thought. I still like my Xbox Media Center Xbox original better.

Re:Longer than I thought

[lmnfrs]

An Xbox with XBMC is great but an Xbox360 with XBMC360 would be able to play HD resolution media, something the Xbox can't do properly.

Re:Longer than I thought

[Breakfast+Pants]

It can with a minor, and very cheap, cpu upgrade.

Re:Longer than I thought

[Andy+Dodd]

Um, cheap? Pentium 3 CPUs aren't made any more, and will likely be extremely expensive if you can find one.

Also, even the fastest P3 can't play back HD without hardware acceleration, and the video hardware in the Xbox is likely not HD-capable.

Re:Longer than I thought

The video hardware on the Xbox is HD capable. The main problem with a CPU upgrade is that many games were programmed assuming that all Xboxes run at the same speed. Some of those games go wacky with faster CPUs.

Re:Longer than I thought

[beckerist]

Nope, you're wrong. It most certainly IS possible:
http://xbox.fuzzymuzzle.com/DreamX/cpuupgrade.htm - Xbox explanation
http://www.geocities.com/_lunchbox/ms6905_tualatin _mod.html - Processor specs

Re:Longer than I thought

[grumbel]

### An Xbox with XBMC is great but an Xbox360 with XBMC360 would be able to play HD resolution media,

Question: Isn't a large part of the video decoding infrastructure on Linux based up on Windows dlls? And wouldn't those fail to work on an XBox360 due to lack of an x86 prozessor? That alone should make a XBox360 not all that attractive as media center, since it can't play half as much as an x86 system.

Yes.

[TJ_Phazerhacki]

All well and good, but....

Will it run DOOM?

Re:Yes.

[f_raze13]

ok, who marked the parent insightful?

Re:Yes.

[EGSonikku]

It already does.

http://www.xbox.com/en-US/games/d/doomxboxlivearca de/

Re:Yes.

[rwven]

The hole was patched on January 9th, by the way.

Re:Yes.

[gblues]

You can run DOOM on your Xbox 360 without hacking it. The complete game is on Xbox Live Arcade for like $5 in MS points.

huh?

[User+956]

A recent Post on Bugtraq claims the hack of the Xbox 360 Security Protection Hypervisor.

Is that like some primitive version of what Geordi Laforge wears?

Re:huh?

[mdielmann]

Yes. And like half a metallic banana clip, it won't let you see a damned thing.

Re:huh?

[Al+Al+Cool+J]

Close. Geordi wears the 180 model. The 360 wraps completely around the head.

oblig

[mastershake_phd]

Does it run Linux......yet?

Re:oblig

[Mad+Merlin]

Probably something to do with it being a 3x 3.2 Ghz gaming console that costs much less than a comparable PC. It turns out that computers are useful for more than just playing games.

Re:oblig

[DuckDodgers]

It probably would have been a good deal if you could run Linux on it immediately after it came out. At that time, the processor and video card were respectable.

But by now I agree with you - for $400 you can assemble a cheap Linux PC that's more useful than a 360 running Linux.

Re:oblig

[jedidiah]

This thing is small, quiet and not-ugly. This is something you won't get in a $400 that you just slapped together. Every component in a PC is priced such that you get quickly diminishing returns for any component that doesn't need to be state of the art. So, you end up wasting money on parts that are bigger or more powerful than you may need.

Then you're stuck cooling it all and trying to keep the result quiet.

Then there's the whole "ugly" thing.

Re:oblig

[Chandon+Seldon]

Then there's the whole "ugly" thing.

There are a ton of choices for small form factor PC cases. Shop around a bit, and find one that isn't ugly.

So, you end up wasting money on parts that are bigger or more powerful than you may need.

Or you realize that your requirements are price and power consumption and *don't* buy more expensive components that probably consume more power.

There are *a lot* of options available for this stuff. If you want to consume less power and do fast encryption, maybe a MicroITX system with a Via-C7 processor. If you want to crunch more numbers, a cheap Athlon X2 on a MicroATX board.

Sure, hacking the DRM on a video game system and installing Linux on it is a neat project - but you're definitely not saving money compared to a similar PC.

Re:oblig

[jedidiah]

Except as I said, THERE AREN'T ANY LESS POWERFUL OPTIONS. They all get discontinued as soon as they would be dirtcheap. So there's a floor for cpus and motherboards and hard drives and what you end up with is a "lowest price" that remains constant while the parts get bigger or more powerful.

Re:oblig

[jedidiah]

...oh and sure there are "less ugly" cases. They tend to cost more than the entire budget for this budget machine we're talking about here. They will also tend to be larger hand have a very generic PS that will probably not past muster on the noise.

Even cheap respectable PC cases aren't all that cheap.

Re:oblig

[Chandon+Seldon]

They all get discontinued as soon as they would be dirtcheap.

That's true, but that price is way lower than an XBox 360.

I explicitly mentioned the Via-C7, which is great for very low power applications. A C7 based system is cheaper than an XBox 360, but it's reasonably expensive compared to a low end Intel or AMD system that consumes more power.

Go to NewEgg, build a MicroATX system based on this: http://www.newegg.com/Product/Product.asp?Item=N82 E16819104245. Use cheap components - don't get tricked by stuff like "DDR 400 RAM only costs $3 more than DDR 333", your goal is cheap not "bang for buck".

Re:oblig

[Chandon+Seldon]

You've got the price of an XBox360 to work with here. The case doesn't have to be $30. Similarly, it doesn't have to have a top brand kilowatt power supply either - MicroATX cases generally come with decent 200 Watt supplies - that's all you need if you're not going to be using a high end video card and 18 hard drives.

"Ugly" is a personal preference thing, but I don't think these are bad:

• http://www.newegg.com/Product/Product.asp?Item=N82 E16811204003
• http://www.newegg.com/Product/Product.asp?Item=N82 E16811190058

Re:oblig

[jedidiah]

"decent" isn't going to cut it. Based on the limited information provided by the newegg links, it's hard to tell if these cases would even be barely acceptable for just being in a home office, nevermind the living room.

It's not about the "power", it's about whether or not the whole thing makes a nuissance of itself.

PC's have traditionally been hot, noisy battleships. So there is some value to a machine that was built with the living room in mind.

Re:oblig

[Chandon+Seldon]

PC's have traditionally been hot, noisy battleships. So there is some value to a machine that was built with the living room in mind.

You're seriously paranoid. Low-noise, small form factor PCs are a well established market. Some of them are explicitly designed for the "living room" role. In fact, some of them are quieter and less "obnoxious" than an XBox 360. Sure, it'll take an hour or so of reading review sites to find the best products, but that's way easier than trying to crack the DRM and install Linux some random game console.

Re:oblig

[sirmonkey]

you people seem to forget for 400 bucks you not only get an xbox360 to play the 3 games that are good, but you also get a pc, and a very nice cased and well hidden HTPC. i'd say its a bargin, heck if we (ture linux user's like myself) had access to the PS3's gfx processor i'd call it a bargin too and own one ! but i forget alot of windows poeple think 3ghz and 2 gigs of ram is the bare min requred to do anything today. for the same reason is why i love carrying my 700mhz 256meg toshiba laptop at school and doing slideshows :-) the reaction is great! what a 700? and you can do all your daily tasks? -wow-

Re:oblig

[Chandon+Seldon]

If you want to play XBox360 games then getting an XBox360 is a perfectly reasonable plan - at least if you're willing to accept a DRM encumbered mess that is explicitly designed to restrict its owner.

But... if you want a Linux box, you'd be much better off giving your money to one of the many manufacturers that hasn't told you to fuck off and die.

Re:oblig

[DuckDodgers]

Not "fuck off and die". Just "keep buying more stuff from us". Big difference.

Re:oblig

[Chandon+Seldon]

For someone who's planning to install Linux, "fuck off and die" is much more accurate. There are manufacturers who actually support that, but Microsoft is working very hard to prevent it.

Re:oblig

[Raenex]

360 fanboys can't stand the truth from an actual 360 owner, so I'll repeat it:

The 360 is not quiet. The whine is much louder than my PC. And that's just the CPU fans -- the DVD drive when playing a game is like a jet engine. As for small and not-ugly, I just don't care. It's a box that sits there and performs a function. A pc case isn't that much bigger.

Re:oblig

[Raenex]

PC's have traditionally been hot, noisy battleships. So there is some value to a machine that was built with the living room in mind.

Do you actually own a 360? Unless they have drastically improved them since when I bought mine, the 360 is a hot, noisy battleship, louder than most PCs. I have two commodity PCs off Ebay that are much quieter than my 360. I invite anybody who disputes this to Google around or listen to a friend's.

Re:oblig

[DuckDodgers]

Oh, I see your point. For someone trying to play Xbox360 games and install Linux too, the message is "Skip Linux, just buy more games! Make us rich!" For someone intent only on installing Linux, "fuck off and die" is basically right.

Attacker??

this vulnerability allows an attacker with physical access to an Xbox 360 to run arbitrary code such as alternative operating systems with full privileges and full hardware access.

Wait. Don't you mean this allows an Xbox 360 user to run arbitrary code such as alternative operating systems with full privileges and full hardware access on the machine they rightfully own ?

How is this an attack, except in the eyes of MS?

Re:Attacker??

[segafreak]

yeah I've gotta say I'm surprised at these hackers - there is a huge scene dedicated to opening up the xbox 360 to run non-signed code, yet these guys find a way to do it and they report it to MS as a bug! While I appreciate this could be a security issue, its a shame they went straight to MS...

Re:Attacker??

[Overly+Critical+Guy]

It's just security flaw terminology. You're taking something personally that's not meant to be read that way.

Re:Attacker??

[DrJokepu]

Wait. Don't you mean this allows an Xbox 360 user to run arbitrary code such as alternative operating systems with full privileges and full hardware access on the machine they rightfully own?
How is this an attack, except in the eyes of MS?

I don't know US laws well, but isn't it a DMCA infringement? In that case, it's an attack in the eyes of the jurisdiction of your country.

Re:Attacker??

[Frosty+Piss]

Wait. Don't you mean this allows an Xbox 360 user to run arbitrary code such as alternative operating systems with full privileges and full hardware access on the machine they rightfully own ?

Well, yes, if you can get it to work you can run anything you want on your XBox. Has Microsoft ever said you couldn't? Did they make any legal threats? No, no I don't think so. As much as youmight want to be a martyre for The Cause, the police will not be looking for you simply because you have voided your Xbox warranty.

Re:Attacker??

[TheRealMindChild]

See my comment here

You might think you own it, but SUPRISE, you are licensing it. You probably could have found the completely abiguous statement on that little postcard you threw away.

Re:Attacker??

[edwardpickman]

Not entirely true. They are selling you a machine a radically discounted price for a specific use, gaming. They aren't selling a general use computer. They are ineffect giving you a gaming machine at a bargin price so they limit what you are permitted to do with it to avoid competing with themselves. If most people tried to mod out their game stations to turn them into desktops as well then it could potentially cut into their desktop business and force them to charge full price for the game boxes making the gaming machine unsellable. Most aren't going to the trouble to get an underpowered machine and risk killing an expensive Xbox. Ultimately it's about geeks points and little else. The machines just aren't suitable for a desktop.

Re:Attacker??

[Ash-Fox]

Not entirely true. They are selling you a machine a radically discounted price for a specific use, gaming.

And they still lock the hardware from letting you use it the way you please

They aren't selling a general use computer.

And? It's still your hardware.

They are ineffect giving you a gaming machine at a bargin price so they limit what you are permitted to do with it to avoid competing with themselves.

Bargain? I can't afford it. Sorry, I have to disagree.

If most people tried to mod out their game stations to turn them into desktops as well then it could potentially cut into their desktop business and force them to charge full price for the game boxes making the gaming machine unsellable.

I thought most people were too 'stupid' to even try another OS other than the one their machine came with and now you're trying to claim they majority could turn their game console into a desktop ..... Hahahahahaha.

The machines just aren't suitable for a desktop.

Yeah, I know. I saw a Dell ad some time ago, this guy wanted to use the machine for 'work' and 'webbrowsing', the phone representative recommended he use a Core duo 2 with 1GB of RAM that comes with Windows XP...

Seems the requirements for Internet Explorer and running Microsoft Office decently are getting a little insane to me... I'd hate to think what they would recommend for Skype.

Re:Attacker??

[asdfghjklqwertyuiop]

You might think you own it, but SUPRISE, you are licensing it.

Says who? Microsoft? Why do you think that is the case? Because Microsoft said so?

Re:Attacker??

[Yartrebo]

Basic economic theory says that it's inefficient to do this - it results in more machines being sold than would be ideal, just like selling printers for a time a dozen encourages people to junk perfectly functional printers while going to great lengths to avoid wasting what should be very cheap ink.

The proper price for the machine is cost + reasonable profit, and the proper price for games is cost + reasonable profit. The legal system should be enforcing that via the anti-trust department, not doing the opposite as they now do.

Re:Attacker??

You are hacking your own system - cancel or allow?

Re:Attacker??

[Chandon+Seldon]

You might think you own it, but SUPRISE, you are licensing it. You probably could have found the completely abiguous statement on that little postcard you threw away.

It's possible that our world is warped enough that that shit works for software. Having a license agreement to use a copyrighted work that you've bought a copy of at a store is absurd, but there's the outside chance that the courts have bought that bullshit and have set precedents making it legal.

There's no way it works that way for hardware. What's next? Shovels with licenses that limit them to being used only to shovel snow in March?

Re:Attacker??

[karmatic]

Quoth the parent: See my comment here.

You might think you own it, but SUPRISE, you are licensing it.

The fact you keep repeating the same wrong information doesn't make it any less wrong.

Adobe made that same claim you are making. It didn't go over well in court. It didn't go over too well for Microsoft either (Microsoft Corp. v. DAK Indus). Novell tried that argument, and got shot down too (Novell, Inc. v. CPU Distrib., Inc., 2000 ).

"...the Ninth Circuit held that the economic realities of the agreement indicated that it was a sale, not a license to use."

"... Like Adobe, CPU argued that it purchased the software from an authorized source, and was entitled to resell it under the first sale doctrine. Novell claimed that it did not sell software but merely licensed it to distribution partners. The court held that these transactions constituted sales and not a license, and therefore that the first sale doctrine applied. 2000 U.S. Dist. Lexis 9975 at *18."

"...The Court finds that the circumstances surrounding the transaction strongly suggests that the transaction is in fact a sale rather than a license. For example, the purchaser commonly obtains a single copy of the software, with documentation, for a single price, which the purchaser pays at the time of the transaction, and which constitutes the entire payment for the "license." The license runs for an indefinite term without provisions for renewal. In light of these indicia, many courts and commentators conclude that a "shrinkwrap license" transaction is a sale of goods rather than a license."

"...Ownership of a copy should be determined based on the actual character, rather than the label, of the transaction by which the user obtained possession. Merely labeling a transaction as a lease or license does not control. If a transaction involves a single payment giving the buyer an unlimited period in which it has a right to possession, the transaction is a sale."

"Raymond Nimmer, The Law of Computer Technology 1.18[1] p. 1-103 (1992). The Court agrees that a single payment for a perpetual transfer of possession is, in reality, a sale of personal proper and therefore transfers ownership of that property, the copy of the software. "

So, at least in the US, a one-time payment for a perpetual use of software is a SALE, regardless of what you call it, and rightfully so. They can't change that with a EULA any more than a car dealership could claim you had a one-time lease payment, with a lifetime use period and the right to transfer the lease for free (thus avoiding legal regulations with regards to sale of vehicles). Any reasonable court would rule that such was a sale, not a lease. What you call it doesn't matter.

Re:Attacker??

[delinear]

Yeah, I know. I saw a Dell ad some time ago, this guy wanted to use the machine for 'work' and 'webbrowsing', the phone representative recommended he use a Core duo 2 with 1GB of RAM that comes with Windows XP...

Haha, I love those ads. Some guy saying he just wants to be able to send email and browse the web being blatantly oversold an uber gaming rig while the friendly voice-over explains how, at Dell, you get the PC you want. And then they upsell him a 21" monitor or something, because, y'know, sometimes those emails just need a super big high-res LCD screen.

Re:Attacker??

[sesshomaru]

And then they upsell him a 21" monitor or something, because, y'know, sometimes those emails just need a super big high-res LCD screen.

I get those kind of Emails sometimes, too. Usually from my girlfriend...

Re:Attacker??

[DuckDodgers]

The free60 project ( http://free60.org/ ) has been trying to run Linux on the Xbox360 since it came out, with no success. Microsoft has definitely gone out of their way to prevent this.

Look around the free60 wiki. For instance, from this page (http://wiki.free60.org/HDD) the Xbox360 will only use hard drives that have a Microsoft PNG logo stored in a certain location on them. For someone trying to boot Linux off the hard drive, in addition to the technical hurdles of hacking the OS they also have to wrestle with trademark infringement. The trademark infringement is no big deal for an individual, but it becomes a problem if they try to redistribute their code for other people to do the same thing.

Microsoft absolutely has gone out of their way to prevent people from doing whatever they want with an Xbox 360. Microsoft is a business, they exist to make a profit. The main way to profit from a game console is for people to buy lots of games. Someone using the machine for an alternative operating system is less likely to do that. So they locked it down. I don't think it's bad - this particular business decision is perfectly understandable - but it is true.

Re:Attacker??

[MullerMn]

It's just security flaw terminology. You're taking something personally that's not meant to be read that way.

Stop criticising me!

Re:Attacker??

[drinkypoo]

the Xbox360 will only use hard drives that have a Microsoft PNG logo stored in a certain location on them. For someone trying to boot Linux off the hard drive, in addition to the technical hurdles of hacking the OS they also have to wrestle with trademark infringement.

Negative. Courts have already ruled this is OK. IIRC it was a case dealing with the Sega Genesis, which had to have a sega copyright notice in the ROM to play the game. They ruled that you could put that notice in there legally because it was required for interoperability.

Re:Attacker??

[mrchaotica]

And that's why the proper course of action is not to try to hack proprietary shit, but bur rather to boycott it in-the first place!

Re:Attacker??

[DuckDodgers]

Thanks for the info. Still, I have to wonder why Microsoft bothered if it wasn't for protectionist reasons.

Re:Attacker??

[GmAz]

Why do people think they can do anything they want with something just because they buy it? Modifying an XBox 360 isn't illegal, but what people do with that XBox once its been modified/hacked is illegal usually. Everyone wants to learn how to "backup one of their games" but in reality, they want to go rent a game, copy it and not have to buy it. Microsoft has put in all these 'security' features to make game developers feel better that the game they produce won't be easy pirated and distrobuted. As for someone reporting this flaw as a bug to microsoft, I am glad they did. Everyone is always praising the Linux community for helping Linux stay up to date, stable and hacker resilient, but when one person helps Microsoft, its "WTF did you do that for, fuck microsoft, its my XBox, I should be able to do what I want to it.

Re:Attacker??

[marcello_dl]

Stop criticising me!

But I did not!

Re:Attacker??

[Raenex]

Why do people think they can do anything they want with something just because they buy it?

Because they bought it and they own it? Do you want your car manufacturer making it illegal for you to modify your own car? How about your PC? "Trusted" computing is on the way, built into the hardware. You'll no longer have full control over your own box.

Re:Attacker??

[Tweekster]

What if I shoplifted it?

Re:Attacker??

[Raenex]

Still, I have to wonder why Microsoft bothered if it wasn't for protectionist reasons.

It was definitely for protectionist reasons. Throw up a bunch of shit and see what sticks. It's just something else they can harass you in court over, even though they know courts have ruled against it in the past. The DMCA is the real kicker, though. Can they make illegal any Linux solution that gives you full access to the hardware, because it allows you to play copied games?

Re:Attacker??

[PrescriptionWarning]

if you own the machine, and are not merely leasing the machine from MS, I fail to see how anyone could bust you for opening up your own box and toying with it... that's the essence of hobbying.

Re:Attacker??

[canajin56]

You're right, they can't. But they can bust you for telling anybody else about it.

Re:Attacker??

[Genom]

The DMCA basically says "If we put up a roadblock, you must stop. You may not attempt to find a way around it. Ever. Even if it interferes with your use. Even if your life depends on it. Even if noone else ever knows."

That having been said, unless you distribute information on how to do it, or advertise that you'll do it for other folks, there's very little chance anything would happen to you. However, in the eyes of the DMCA, it's still quite illegal.

Re:Attacker??

[HardCorePawn]

Usually from my girlfriend...

Hah! now I know you're lying!

Re:Attacker??

[marcello_dl]

> what people do with that XBox once its been modified/hacked is illegal usually

So it's sometimes legal like running linux. I don't care about the percentage who does. I don't want restrictions to my activity dictated by international corporations, fullstop.

Re:Attacker??

[GmAz]

Ok, you use the example of your car. Tell me, if you modify your engine...what happens. Your warranty is void. Same with the XBox. You mod your xbox, its no longer covered under warranty. However, if Microsoft was to put up no roadblocks and said to us all we can do whatever we want with their product free and clear, make all the home brew software we want, use the XBox in any manner we choose, that leave a bit of liability on them. If they do not attempt to stop people from using an XBox in any manner we choose, they can be held liable for the actions we do.

Joe Customer: Sorry officer, but since Microsoft didn't try to stop me from pirating games, isn't it their fault?

Jane Customer: Sorry officer, but since Ford didn't want to put an engine governor on my car, put a turbo on my car that would propel me 0-100 in 8 seconds and refused to put the proper safety harnesses in my car, its not my fault I hit that minivan and killed two children.

You as the customer will have to go out and actively attempt to change/alter the product you own to do what you want it to. People will use every excuse to place blame on anyone but themselves. They sue McDonalds because then they spilled hot coffee on themselves because they were driving and not paying attention and had to hit the breaks so they wouldn't hit the person in front of them, but it was apparently McDonalds fault for not putting "Caution, coffee is hot." on the cup.

All you people are is a bunch of arrogant "intellectuals" that want everything you way because it would make your life easier. Buy a damn XBox to play video games. If you want to run Linux, go to a garage sale and buy some 10 year old computer and put it on that. Better yet, put it on your main desktop. Half of the people I know that are avid Linux fanboys have their main desktop running Windows and a small machine with Linux on it. Does that mean everyone is like that, no, but its a freaking VIDEO GAME ENTERTAINMENT SYSTEM.

Re:That's Because...

[TubeSteak]

Oct 31, 2006 - release of 4532 kernel, which is the first version
containing the bug
Nov 16, 2006 - proof of concept completed; unsigned code running in
hypervisor context
Nov 30, 2006 - release of 4548 kernel, bug still not fixed
Dec 15, 2006 - first attempt to contact vendor to report bug
Dec 30, 2006 - public demonstration
Jan 03, 2007 - vendor contact established, full details disclosed
Jan 09, 2007 - vendor releases patch
Feb 28, 2007 - full public release
Patch Development Time (In Days): 6

Does MS force updates for things like this?

Ironically, I might buy one now

[sdo1]

I've been looking to upgrade my media streamer capabilities and the original XBOX can run Xbox Media Center (http://www.xboxmediacenter.com/). I wonder if this means that a 360 version with HD streaming might be forthcoming? I hope so. I've been avoiding getting one because how locked down it is.

-S

Re:Ironically, I might buy one now

[Osty]

I've been looking to upgrade my media streamer capabilities and the original XBOX can run Xbox Media Center (http://www.xboxmediacenter.com/). I wonder if this means that a 360 version with HD streaming might be forthcoming? I hope so. I've been avoiding getting one because how locked down it is.

You do realize that the 360 can act as a Media Center Extender for Windows XP Media Center 2005 and Vista, right? Also, the 360 can stream music and (with the Fall 06 patch) videos from any "compatible" UPnP media server (technically only Windows Media Connect and WMP11 are supported, but there are apps to do the same on OS X and Linux since all the MSFT apps are really doing is acting as a UPnP media server). Yes, there are codec limitations, but you can transcode on the fly easily enough if you have a powerful enough server.

It just seems weird to me that your killer app is media streaming, but you won't buy a 360 that does that out of the box (or close enough, with the Update). Similarly, if you wanted to develop homebrew games the 360 can already do that with XNA. It has some growing to do still, but expect big things from XNA in the coming months/years. Why would you wait until there's a hack to do that when you could build supported homebrew games already?

Re:Ironically, I might buy one now

[pjl5602]

It just seems weird to me that your killer app is media streaming, but you won't buy a 360 that does that out of the box (or close enough, with the Update).

But it doesn't do that (at least for me.) I don't have a Vista or Media Center server in the house. I've already got my Linux server set up with all of my content (Ogg Vorbis, MP3, FLAC, Xvid and DVD ISO images) that plays via XBMC on my original Xboxes throughout my house. On Linux AFAIK, transcoding isn't even an option, but if it was, that'd be silly given all of the horsepower of the 360. Why should I need both a beefy server and a beefy viewer on the other end? I would get a 360 with XBMC support in a heartbeat given that the original box's hardware is being pushed to it's limits already.

Please note, that I'm not trying to whine about the need for Vista or XP MCE. It's Microsoft's box and if they want to tie it to their other products, good for them. That's however stopping me from getting one for the moment.

And I do agree that their XNA platform is very cool.

Re:Ironically, I might buy one now

[Library+Spoff]

Can the 360 stream media from a NAS?
I'm not trolling - i thought it couldn't.

Most of my media files are on NAS - If i'm in the living room streaming stuff with my 360 i don't want
my pc on in the other room...

Re:Ironically, I might buy one now

[furrycushion]

XBMC has almost complete compatibility with every video/sound format ever made, including automatic playing of *.rar files *.bin,*.iso DVD files.

The current apps which stream to 360s require re-encoding of the video - something only the most powerful PCs can do in HD realtime.

Unfortunately Microsoft will always be unable to create such software of this standard because by the time they negotiate through the licences/patents the technology will have moved on.

Maybe MSFT should just let people use XNA to get XBMC onto their 360?

Re:Ironically, I might buy one now

[sdo1]

You do realize that the 360 can act as a Media Center Extender for Windows XP Media Center 2005 and Vista, right? Yes, I'm aware of that. But I'm not interested in buying a pre-built PC in order to get Media Center and I'm certainly not interested in Vista (the whole HD DRM thing bugs me). I'd prefer to be able to stream from my Linux based NAS since it's on all the time anyway.

-S

Re:Ironically, I might buy one now

[3vi1]

No. The 360 is intentionally crippled so that it can only stream from a Windows Media Server. Guess who sells that?

There are a few Linux apps out there that can fake media server capabilities to various degrees (TwonkyMedia, uShare, 360mediacenter), but you would most likely need to have a separate machine to run them. You could have them access the files on your NAS, do transcoding, and stream the files to the 360.

TwonkyMedia's the only one with which I've had much success. But, it's not free (though there is a free demo version). Twonky's also available for Windows and OS X, if I remember right.

-J

Re:Ironically, I might buy one now

[fistfullast33l]

Actually, I'd wait on buying one. It's already been patched so unless you already have one or buy an unpatched one on Ebay, this hack is useless.

Re:Sweet

[JebusIsLord]

Weird... i'm using mine for exactly that, and without any hacks! (Yes, it does have to work as an extender, but anyone who isn't impressed by Windows Media Center hasn't used it yet. No I'm not an astroturfer).

The 360 is easily the most exciting console I've owned since the PSX, given all it can do. I don't even have cable hooked up to my 1080p TV - its basically just a monitor for my 360.

No, I guess this wasn't a very informative post... i mostly just wanted to give MS props for doing at least something right. You know; compliment before you criticize.

was it really "patched"?

[NinjaNewb]

from the article

"Vendor was notified anonymously, and after cordial discussions a patch
was promptly released."

was it really "patched"?

Re:That's Because...

[Kalriath]

Does MS force updates for things like this? Yes. As soon as your XB360 attempts to connect to Live (which even without you paying, it will do if you signed up for it) it will demand you update or it will disconnect you (which with Live-connected dashboard accounts signs you out of your local XB360 profile too)

How Useless.

[Rdickinson]

"Bug was fixed in version 4552 (released Jan 09, 2007 - not a
Patch Tuesday)."

Fixed already for most people , anyone who's connected to xbox live.

I'm not sure why there still protecting the system like they are though, 'backup' games are already rife due to hacked DVD rom firmware (which they seem to be unable to back fix), so why not let it run arbitary code, didnt hurt the xbox 1?

Re:How Useless.

They need content providers to trust the platform.

Re:How Useless.

[smaddox]

AFAIK Microsoft still hasn't made a profit off of the Xbox 1. I don't have any sources to prove it, but that was the impression I had.

They need to sell software to make money. Hardware is not where the profit is.

Re:How Useless.

[garcia]

Exactly, it should say "XBox Hypervisor Security Protection Hacked in November and Patched in January" but that wouldn't make for a very good Slashdot headline and no one would read the comments^H^H^H^H^H^H^H^Harticle.

Re:How Useless.

[Rdickinson]

How is that relevant?

Yes they make money on sales - 360 costs about what it sells for now, xbox1 was always a looser(financialy also..:P) - sales they make money on are games, add ons (controlers etc) and live stuff.

The 360 is [i]already[/i] compromised in its chief money making area, new games, you can play illigal copies with hacked DVD roms, this should have been the primary area of security, but as normal what security is left only hurts the law abiding people (no multie region dvd player, no linux, no arbitary homebrew etc).

Re:How Useless.

[cgenman]

Online cheating?

E-commerce?

Because it's easier to stop the end user from discovering weaknesses in your protection schemes if they can't run arbitrary code?

Because if you could run arbitrary code, people wouldn't need to pay licensing fees to MS to release games on the Xbox 360?

Re:How Useless.

[Sycraft-fu]

While I'm sure there are also more draconian reasons, a simple one is cheat prevention. Cheating is always a big problem with online games since you end up having to trust the client to some degree to get reasonable performance. It's a nice idea that everything would e done server side, but you find that the latency and bandwidth of normal Internet connections make such a thing unworkable.

Well, one thing that sure as hell makes cheating hard is requiring signed code and not allowing it to be modified. Have a hell of a time getting around that.

I have a couple friends who are both PC and console gamers and one thing they say they really like about shooters on their 360 is the absence of cheaters. On the PC it seems to be a game of cat and mouse. The cheaters find a way to screw with things, the anti-cheat software is updated, they find a way around that, etc. I remember back in the Quake 2 days it was just continuous. You'd get jerks with the latest, greatest aimbot, then the servers would update the anti-cheat, they'd all disappear, until the next one came out.

Re:How Useless.

[Osty]

Yes they make money on sales - 360 costs about what it sells for now, xbox1 was always a looser(financialy also..:P) - sales they make money on are games, add ons (controlers etc) and live stuff.

That's "loser". And the original Xbox was expected to lose money. It was a mostly-off-the-shelf console built quite quickly (approximately a year from initial design to ship, compared to the 360 that was in design for 3+ years before shipping) in an attempt to break into the market following the Sony-style loss-leader method.

The 360, on the other hand, was designed as a purpose-built console, with contracts in place to allow Microsoft to own the IP of the chips, thus allowing them the opportunity to farm out chip manufacture to lower cost partners, or even consolidate chips at a later date. While it's unclear whether or not the 360 is currently breaking even or making a profit on console sales, it's safe to say that this will happen eventually, and probably sooner than later.

The 360 is [i]already[/i] compromised in its chief money making area, new games, you can play illigal copies with hacked DVD roms, this should have been the primary area of security, but as normal what security is left only hurts the law abiding people (no multie region dvd player, no linux, no arbitary homebrew etc).

Except that hacked consoles are detectable on Live and can be blocked from participating in online gameplay as well as access to the Marketplace (no updates for games, no demos or trailers, no XBLA access, etc). Xbox 360's biggest draw is the pervasive support of Xbox Live. Halo 2 is still selling very well today, over two years later, due to its Live support. Games like Gears of War or Crackdown are fun in single player but are even better when you can team up with a friend and play co-op. Some small percentage of people may be willing to trade off Live support in order to get free games. The bread-and-butter core market isn't going to go there.

Re:How Useless.

[Doomstalk]

There are a bunch of reasons. Here are a few:
1) Unsigned code = avenue for cheating
2)The Xbox 360 has been so successful as a digital distribution platform for TV and movies in part because it's so secure. If users can't get at the raw bits, content providers are more likely to work with you.
3) Xbox Live Arcade games aren't compromised yet

I could go on, but I think you get the idea.

Re:How Useless.

[Bert64]

Or you just reverse engineer the protocol, and proxy the game traffic modifying it on the fly...

Re:How Useless.

[pnattress]

It's a nice idea that everything would [b]e done server side Only, on Xbox Live, "server side" is actually just some other guy's Xbox. There are no centralised servers for any games (with the obvious exception of MMOs). It's all peer to peer, so that makes it even more vital to ensure that no-one can modify the software -- at least in the context of using Xbox Live.

Re:How Useless.

[delinear]

It's not that useless since it's possible (maybe even trivial, though I haven't tried it) to remove the fix and revert to the original firmware. For anyone looking for a nice box which will sit in their living room and act as a general-use, wireles and most importantly multi-format media centre with USB connections (for MP3 players, external hard drives, etc) available as standard, this is now a nice option.

Of course, you lose the ability to go on xbox live, but I think that was also a limitation with the original xbox (for a while anyway, not sure if they ever worked out how to get around this). It didn't stop lots of people doing the mod anyway. And now there's a box which can do HD and looks a lot better than the original clunky xbox, I'm sure there will be plenty of people who take this route.

Personally I enjoy playing on XBL, but I'd be tempted myself otherwise.

Re:How Useless.

[Danga]

It's not that useless since it's possible (maybe even trivial, though I haven't tried it) to remove the fix and revert to the original firmware.

Actually it is IMPOSSIBLE to revert to earlier firmware because if you were updated with the fix it actually blew an eFuse. Some people knew this was coming and modded their boxes to prevent the eFuse from being blown so they can go back to the old firmware but everyone else who updated and didn't know that was going to happen are dead in the water.

From the article...

[non0score]

Sadly, unless you haven't updated your machine in the last two months, this wouldn't matter as MS has already patched it. As for those of you with an "unpatched" kernel, let's just say this is like v1.5 PSPs.

Re:From the article...

[fyrewulff]

Not really. It didn't affect Xbox360s before October 31st. So, the only way to have an "open" 360 is to have: 1) Bought a 360 before October 31st. 2) Have updated your 360 on or shortly after October 31st. 3) Have never signed into Live since January 9th or so (unlikely, since that was shortly after Xmas and a lot of people that fell into #1 and #2 would have more than likely been playing a game they got for Xmas) If you buy a 360 now, they still have the unaffected launch dashboard/BIOS/whatever. And the only way to patch them up is to get the cumulative patch up to this point. Any 360 they sell after this point is safe, and all 360s that signed on to Live since Jan 9 are also safe, which leaves a very small section of 360s that still have this exploit.

Timelines for Vulnerability Fixes

[lmnfrs]

Timeline:
..
Jan 03, 2007 - vendor contact established, full details disclosed
Jan 09, 2007 - vendor releases patch
..
Patch Development Time (In Days): 6

Interesting to compare timelines affecting Microsoft's users to timelines affecting Microsoft's control schemes.

Re:Timelines for Vulnerability Fixes

[Ent]

I imagine the quick response had more to do with a smaller test/compatibility matrix than anything else.

Re:Timelines for Vulnerability Fixes

[Bert64]

Same for the patch for windows media DRM that was also turned around quicker than any security patches ever have been?

MacOSX

[dasmoo]

Could this be a cheap way to get a nice small G5? Somehow I doubt that it'll run anything other than pirated games a some *nix.

Re:MacOSX

What Apple called a "G5" was a PPC 970(xx). Seeing as the XBOX 360 doesn't use this CPU, it won't ever be "a nice small G5".

The G5 iMac, however, was EXACTLY that, shame Apple never put the dual-core G5 CPU in it (one of the main reasons why there was a performance boost when they went to the intel Core Duo).

Re:Sweet

[SP33doh]

under $400?

you have to pay extra for the HD dvd drive...

Re:Sweet

[Ender77]

I don't know, I wish they would do what XBMC does and play any video format instead of just DRM WMV. If they would do that the 360 would be perfect. At the moment it feels crippled in that one regard.

It's a joke. LAUGH!

[Ungrounded+Lightning]

Wait. Don't you mean this allows an Xbox 360 user to run arbitrary code such as alternative operating systems with full privileges and full hardware access on the machine they rightfully own ?

It's a joke!

The guy who caught the bug is using techie humor in perfect hacker tradition. He's pretending to take things utterly literally and following them to a redicuilous extreme.

In this case he's doing it by publishing a report of how to crack an Xbox and run an arbitrary OS on it - with complete details on how to replicate it - as a bug report. And he went through the entire procedure:
  - Identify and diagnose the problem.
  - Build a proof-of-concept test.
  - Check it against the latest release (and find the bug still there).
  - Notify the vendor (who ignores the report, as usual).
  - Give him time to respond (which he doesn't).
  - Give a public demonstration.
  - Respond in friendly fashion to the vendor-initiated contact (after the public demo lights a fire), giving him the details of the proof-of-concept.
  - Give the vendor some time to generate and publish a patch.
  - Publish the complete details of the exploit.
He did this just as if it were a bug, rather than a "feature".

Now there is "improved" firmware that fixes the hole. And the complete details are out there. If anybody who actually owns an Xbox who doesn't want to "fix" the "bug" and leaves his firmware backdated, so he can "be exploited by himself" by loading Linux, *BSD, or whatever on his own Xbox, well, that's what he gets for not staying up to date on patch levels.

ROTFLMAO!

Meanwhile the "anonymous hacker" has published (on Bugtraq no less) complete details of how to crack the Xbox (with a backdated firmware load) and run an arbitrary OS on it with full privileges. Yet when it comes to the DMCA he's squeaky-clean. The MAFIAAs and Microsoft have absolutely no claim against him if anybody out there happens to "exploit himself" and use this "bug" to break their "trusted" computing platform.

But there's one thing I don't understand:

Why didn't samzenpus use "The Foot" when he approved this article? B-)

the future?

[toby1]

so if this opens the possibility of "arbitrary code" i guess that means only days until someone is running slackware on their 360. someone has already mentioned the updates through xbox live so i guess it's all over now. i do not have a 360, so forgive me if this is a silly question, but are these updates optional? i understansd the psp situation where there was no requirement to update the BIOS but newer games were not guaranteed to work with older versions .. same deal here perhaps? more interesting would be the option of running something like bootcamp and making great use of the hardware. but i'm biased cos i like osx ...

Re:the future?

[Chmcginn]

Well, they're optional in the sense that you don't ever have to connect the 360 to XboxLive if you don't want... however, most of the games I've gotten for my 360 have brought up a "this game requires an update to your 360's software to play" message the first time you put it in. So unless you're intending to stop using any of the console's games (or at least any newer than the patch for the hack you're using), you're going to get stuck.

Re:the future?

[SCPRedMage]

It only gives you that message because you're already connected to Live and it detects a patch. If you weren't online, it wouldn't give you that message.

Re:the future?

[Juan|Corral]

Nope, just the other day I popped Crackdown into a 360 that has never been on Live and had no ethernet connected to it and it prompted me to update. IIRC, the update on Crackdown brings you up to dash 4552.

now i've got a reason too buy a 360

[sirmonkey]

now i've got a reason too buy a 360 :-) i was waiting 360 or ps3. let me restate that ps3 with full hardware access, or hacked 360(full hardware access implied). woohoo now i'll be able to play halo 3 at my house. ( i'm not going to own a system for one or two games )

Re:now i've got a reason too buy a 360

[jmorris42]

> let me restate that ps3 with full hardware access, or hacked 360(full hardware access implied)

No. The PS3 also uses a hypervisor to keep Linux out of things Sony doesn't want you to touch. They allow basic framebuffer access, including direct YUV video modes at all of the popular HD resolutions. But 3D is reserved for PS3 games who pay their percentage to Sony. Hard drive access is also regulated to keep Linux inside the portion of the drive reserved for it.

On the other hand this hack for the 360 is useless. To make use of it means you have to abandon ANY use of the hardware as a game console (or at least never connect it to Live again) and even that assumes a sufficient supply of machines with that narrow band of revision numbers can be located to have a critical mass to create and sustain a Linux port.

Re:now i've got a reason too buy a 360

[sirmonkey]

never connected my xbox to xbox live, and used the heck out of it as a mythfrontend and htpc :-) now i have a sneaky replacement that isn't a big ugly pc case :-) welll mabye there isn't a set of tools yet. i kinda wish the computer gods cracked the ps3 first i'd like the bluray drive oo well.

Re:now i've got a reason too buy a 360

[tlhIngan]

No. The PS3 also uses a hypervisor to keep Linux out of things Sony doesn't want you to touch. They allow basic framebuffer access, including direct YUV video modes at all of the popular HD resolutions. But 3D is reserved for PS3 games who pay their percentage to Sony. Hard drive access is also regulated to keep Linux inside the portion of the drive reserved for it.

Yes, we really need a crack for the PS3's hypervisor. I believe it's similar to VMWare - Linux on the PS3 runs under a highly virtualized environment - not only can Linux not access the RSX, but it can only touch the stuff Sony wants touched (e.g., no wifi). The Linux partitioning is transparent to Linux (i.e., you can't access the "Game OS Partition" - Linux just sees its partition as a blank disk), and the hypervisor presents incomplete SCSI emulation of the 6 storage devices (hard disk, 4MB of flash memory, blu-ray drive, SD, CF and memory stick slots).

The emulation is so incomplete, if you have a bad block somewhere, the hypervisor returns an I/O error without reporting a media error. Makes for interesting times when your filesystem suddenly goes read-only for no apparent reason (you don't get anything logged other than "I/O Error" and "Filesystem is read-only", no media sense errors...). I think this is testing codepaths in Linux that really couldn't be tested since the errors they handled would be caught earlier...

The things that the hypervisor doesn't let you do:
* RSX access, obviously
* WiFi adapter
* Full access to Blu-Ray drive
* Full hard drive access
* Full configuration flash access
* Access to the EE/GS hardware

If you want fun, you can boot into Linux without formatting the hard drive - the hard drive doesn't appear at all.

LinuXbox...

[Ruvim]

... to follow?

Re:Sweet

[JebusIsLord]

My understanding (although I haven't tried it) is that any audio or video you can play on the host PC can be streamed to the xbox. At least I'm happily playing my FLAC audio files through my 360... I assume video is the same but could be wrong.

Re:Sweet

[Wescotte]

I don't know, I wish they would do what XBMC does and play any video format instead of just DRM WMV. If they would do that the 360 would be perfect. At the moment it feels crippled in that one regard.

While it's not a perfect solution you can use tools like http://www.tversity.com/home or http://runtime360.com/category/blog/transcoding/ to convert just about any media file into WMV in realtime to stream over a network.

Eric

Re:It's a joke. LAUGH!

[Kuciwalker]

One problem with your amusing story: Microsoft did respond with a patch that closed the hole.

May i say...

[Snipes420]

W00T!
what? no mention of http://free60.org?
anyway i try to go there and the wiki seems slashdotted or maybe just slow.
Coralized Link --> http://wiki.free60.org.nyud.net:8080/

Re:Sweet

[Kalriath]

Maybe it would, if it weren't already patched. Typical /., reporting on a bug which was fixed two months ago.

Re:It's a joke. LAUGH!

[Breakfast+Pants]

Read it again Sherlock; he mentioned that.

Patch...

[Ungrounded+Lightning]

One problem with your amusing story: Microsoft did respond with a patch that closed the hole.

So did you install it? Without a way to back out if it broke something? B-)

Now the MS console

[blahpony]

will run Linux? Man, the Sony PR people just can't seem to get a break. ;)

Blue Pill time.

[Ungrounded+Lightning]

Does MS force updates for things like this?

Yes. As soon as your XB360 attempts to connect to Live (which even without you paying, it will do if you signed up for it) it will demand you update or it will disconnect you (which with Live-connected dashboard accounts signs you out of your local XB360 profile too)

Any bets on whether code running in hypervisor mode can create a virtual machine environment where the updated Microsoft code can think it's running the show when it's actually king of a sandbox?

Re:Blue Pill time.

[Kalriath]

Well, that depends. Is there code embedded into the processor to watch for "code tainting"? It's probable that there might be... to prevent you from using third party utilities on Xbox Live. If such is the case, your Xbox might survive, but your hardware ID gets an instaban from XBL.

Re:Blue Pill time.

[DDLKermit007]

Who cares about being banned from XBL? XBMC, and various other tools on the 360? I'd plunk down the $400 just for that.

Re:Blue Pill time.

[tomstdenis]

Agreed. But then again they never really had any respect for the customer to being with.

At least the GB/GBA/DS are hackable. I think Nintendo puts up just enough of a fight to keep the casual hacker away, but not enough to do anything else. Which is nice, and seems to work given their sales figures.

Hacking GBA is fun, just wish the tools weren't windows based :-(

Tom

Re:Blue Pill time.

You realize you can get Linux for the PS3 right? So if you just wanted a Cell processor to play with you don't have to go the MSFT route. Huh? You *can't* go the MSFT route, the Xbox 360 processor *isn't* a Cell.

Re:Blue Pill time.

[hjf]

you don't have to go the MSFT route.

So you don't like to buy products from a monopoly, but you do like to support a corporation that install rootkits, abuses copyright, etc? You, sir, are an idiot.

Re:Blue Pill time.

[datajack]

Huh? You *can't* go the MSFT route, the Xbox 360 processor *isn't* a Cell.

Yes, but whether you think you do or not, Sony tell me that you really do want access to a Cell, just like you want that Blu-Ray drive you have no use for.

Re:Blue Pill time.

[AvitarX]

That explains the GC being the first system to be cracked in the last gen also.

Nintendo wants to make it easy for everyone.

Re:Blue Pill time.

[Raenex]

I doubt Nintendo makes them hackable intentionally. The amount of sales they'd get from homebrewers would be very, very tiny vs the loss due to copying. If Nintendo really wanted to be a friend to the home developer they would open source all their specs and dev tools.

Re:Blue Pill time.

[tomstdenis]

They have to *look* like it's secure platform or the studios wouldn't make games for it.

Though, even though I have DS and GBA kits the only thing I "pirate" are NES games. I pay for my GBA/DS games since they're still on the market (yeah weak justification, but at least nobody is getting hurt).

That the DS/GBA are fun to play, and hackable though is nice all around. And judging by the amount of leaked internal details, and the lack of lawsuits, I'd say Nintendo is doing all they can, as a corporation to allow/permit/promote it to happen.

Tom

Re:Blue Pill time.

[saboola]

In bizarro universe you are correct. Here in reality though, the PS2 was cracked first. Followed shortly by the Xbox, then utlimately the Gamecube using the Phantasy Star Online streaming exploit.

Re:Blue Pill time.

[Raenex]

lack of lawsuits

I know people love to think Nintendo is a nice, friendly company that encourages homebrew, but it just isn't true. They don't care at all about people buying a DS to hack on it. Why would they? That market is incredibly small compared to the very real losses they face over illegal copying.

Don't get me wrong. I bought a DS because it was cheap, hackable, and had a stylus, but I don't kid myself about Nintendo as a company.

Re:Blue Pill time.

[tomstdenis]

I'm not saying that they are going out of their way to support it, I'm saying their going out of their way not to stop it, or at least not as much so as the others.

Sites like gbadev.org and drunkencoders.com have been around FOR YEARS distributing development kits, interal specs and APIs and the like...

Had MSFT or Sony been at the helm sites like gbadev.org would be sued out of existence.

Tom

Re:Blue Pill time.

[Raenex]

Then why did Nintendo sue Lik Sang? And there are plenty of PSP-homebrew sites. Sorry, it is not a case of Nintendo good, Sony bad. If Nintendo could put a 100% stop to illegal copying and that meant locking out homebrewers, they would do so in an instant.

Re:Blue Pill time.

[AvitarX]

yeah, it was sarcastic.

Much easier on a console

[Sycraft-fu]

They don't have to test against nearly as much. Part of the problem with OS patching is you have to test to make sure your patch doesn't break anything else, since a whole lot relies on it. Releasing a patch early that screws up is almost worse than releasing no patch at all. With a console, there's little that runs. A very basic OS and only a single 3rd party app at a time. Much less work to do to check it.

Re:Sweet

[cybrthng]

You only pay extra for the HD if you buy the core system, either way its STILL under 400.00 (by a dollar)

Re:Sweet

[EvlG]

Your understanding is incorrect.

The 360 can only play WMV and MPEG2 - it can't just play any of the files playable on the host PC.

Re:Sweet

[SP33doh]

amazingly random comment, the discussion was about HD-DVD.

No. The question is,

[ZX3+Junglist]

Will it blend?

Re:Sweet

[ZX3+Junglist]

Hey crybaby, Xbox 360 Hypervisor Privilege Escalation Vulnerability Feb 27 2007 11:14PM Anonymous Hacker (anohacker googlemail com) It's day old news, not 2 month old news.

Play HD Content

[mrops]

Now if we can get media centre running on the 360, wonder if it can handle HD content playback. Original Xbox Media Centre refuses to play and HD content, the PIII 733MHz CPU is not fast enough to handle it.

Due to this limitation I set up a ubuntu/mythtv box, but somehow I still like XBMC better. I usually keep my content on my XP PC due to large storage on it and XBMC pulls it quite nicely. Not saying mythtv does not, but somehow I find using the game controller on xbmc more convinient to use.

Re:Play HD Content

[emj]

Well XBMC is more polished that's why it's nicer to use. I have almost no problem with mythTV but the XBMC is limited in what it can do which means it must have been easier to get the right user experience.

Re:Play HD Content

[FunkyELF]

Agreed. I have both an Xbox with xbmc and a MythTV box. The nice thing about XBMC is that it can browse a samba share live. For some reason in MythTV, those files and locations need to go into a database instead of browsing for the stuff live.

Re:Play HD Content

[redcane]

You can set the "video list" to directory mode. I use this, and just have a big NFS share with shows neatly sorted into directories, then I just browse that.

Re:Play HD Content

[FunkyELF]

Yeah, I use directory mode...its nice, but it still relies on a database.
I need to go into the setup menu then the video menu before it updates the database.
Where every time I start XBMC and browse to the samba share it is live.

Re:Modchips?

[romland]

Yes, absolutely. But there are some things that need to be dealt with first, one being how to prevent the efuse from being blown (prevents kernel from being downgraded).

Re:Sweet

[Osty]

I don't know, I wish they would do what XBMC does and play any video format instead of just DRM WMV.

Just to clarify, the WMV files don't have to have DRM, though it's true that the 360 can only play WMV files (for the moment? Who knows if Microsoft will ever release a video codec pack?). In the meantime, you can transcode your videos and stream that to the 360 instead. It's not a perfect solution, but it is a solution.

Re:Sweet

[xhemi]

That is sad, one can only hope the invulnerability will be a moving target.

Re:Sweet

[aguenter]

Oct 31, 2006 - release of 4532 kernel, which is the first version containing the bug Nov 16, 2006 - proof of concept completed; unsigned code running in hypervisor context Nov 30, 2006 - release of 4548 kernel, bug still not fixed Dec 15, 2006 - first attempt to contact vendor to report bug Dec 30, 2006 - public demonstration Jan 03, 2007 - vendor contact established, full details disclosed Jan 09, 2007 - vendor releases patch Feb 28, 2007 - full public release Patch Development Time (In Days): 6 Stupid is as stupid does.

Re:It's a joke. LAUGH!

[DDLKermit007]

Actually, those who broke the 5v line that causes the Efuse to be blown upon updating can reopen said hole. Those looking to mod the console did this quite some time ago.

Isn't it all a bit self defeating?

[cliffski]

Forgive my ignorance, but as I understand it, consoles have all this security stuff on them to stop this, because they do not *want* to be used as general purpose computers, partly because the things are subsidised on sale, and the shortfall recouped by games sales?
If that's true, then an all-out war to hack the things will eventually ,lead to console maufacturers giving up.
At which point the price of the next gen of consoles will probably double, as they will be sold at true cost.
Who wants that?

Re:Isn't it all a bit self defeating?

Everyone with an interest in ensuring open interoperable systems are the future wants exactly that. A stupid business model shouldn't trump users rights to use hardware, tell me how you'd like the EULAs for hammers and screwdrivers to restrict you if you disagree.

Re:Isn't it all a bit self defeating?

[Zwaxy]

as I understand it, consoles have all this security stuff on them to stop this, because they do not *want* to be used as general purpose computers

It's an interesting question, but I don't think anyone has actually asked the consoles how they feel about it yet. I suspect that deep down they really do want to be free.

Re:Isn't it all a bit self defeating?

[cliffski]

that stupid business model is making a lot of billionaires. The only people who describe other peoples business models as stupid tend to be those people who work for someone else and think they know better. If you do, by all means go start a company and make a million.
The console business model has been around long enough for any claims to its stupidity to be a bit... silly.
The fact that the XBox cant be used as a home PC probably means I can get one cheaper than if it was. thats true for most people buying it as a games amchine. Methinks the 99.999% of people who buy a console to play games trump the 0.00001% of people obsessed with running linux on it.

Re:Yet another reason for better prog languages

[rbarreira]

Wait, you don't even know if the C language was used, yet you are sure that the problem would go away with another language? Oh my god...

Re:It's a joke. LAUGH!

[Anubis350]

But I *already have* an xbox for gaming, I didnt buy it to use as a media center, it just happens to useable as one too. It's (reasonably) quiet, already hooked up to my TV and network, and I'd have it there anyway - so why put *another* box next to my tv when the one that's already there can do both jobs well? I suspect that's the reason a lot of people do it.

Oh, and 'cause I can :-D (and if you don't get that reason, pack up and leave /. now :-p)

Re:Yet another reason for better prog languages

[Reverend528]

What language do you propose as an alternative for implementing hypervisors?

Re:It's a joke. LAUGH!

[Das+Modell]

Heh, another post arbitrarily modded as troll. You can't even predict this shit anymore.

Re:It's a joke. LAUGH!

[Captain+Zep]

> mine is slim and almost impossible to see

I'm sorry to hear that.

Have you tried attaching a flag to aid visibility?

Z.

good

This is a good thing that they fixed it - I don't want people playing online with hacked games. Offline? I don't care what people do.

Re:good

[o'reor]

Let me get my cluestick... where is it ? Ah, there [WHACK !] it [WHACK !] is...

The security hole was discovered, not fixed. And it won't be fixed before a loooooong time, Microsoft has a history of letting their security holes unpatched for ages...

Re:good

[SCPRedMage]

Perhaps you should RTFA before you break out your "cluestick".

Timeline:
Oct 31, 2006 - release of 4532 kernel, which is the first version containing the bug
Nov 16, 2006 - proof of concept completed; unsigned code running in hypervisor context
Nov 30, 2006 - release of 4548 kernel, bug still not fixed
Dec 15, 2006 - first attempt to contact vendor to report bug
Dec 30, 2006 - public demonstration
Jan 03, 2007 - vendor contact established, full details disclosed
Jan 09, 2007 - vendor releases patch
Feb 28, 2007 - full public release
Patch Development Time (In Days): 6

Here, let me see that stick...

Re:Yet another reason for better prog languages

[Cheesey]

Actually the system call handler was probably written in PPC assembly. The system call handler is an interrupt service routine: it does the following jobs -

1. Save user mode registers (context switch).
2. Manipulate special purpose registers, e.g. re-enable interrupts.
3. Jump to system call service routine, based on the system call number passed as a parameter. This is where the bug was found - the jump destination was being computed incorrectly.
4. Restore registers.
5. Return to user code.

Even C is too high-level to do most of these operations. Standard C does not allow you to manipulate low-level registers. So assembly is used.

If you are interested, you can find the Linux system call handler for x86 systems in arch/i386/entry.S.

Re:Yet another reason for better prog languages

[Arkan]

Can we please stop employing sub-par developers who only know of memory management as something the garbage collector deals with?

--
Arkan

Re:Yet another reason for better prog languages

[Lisandro]

Amen! I'm not meaning to flame, but i'm sick and tired of people complaining about perfectly good "low level" languages like C just because it gives enough flexibility to the programmer to fuck up. "You mean you actually have to deal with memory management and parameter checks?! Preposterous!!!".

    I see this all the time from developers that grow too acostumed to languages like Java and .ASP - which are fine too, but each have their place. You would never develop a web applet in C (if you even could), just as you would never develop a goddamn hypervisor in Java. Grow up.

Re:Yet another reason for better prog languages

[Dogtanian]

Assuming the whole thing was coded in C Yes, assuming.

And if it were, can you briefly explain why you believe this flaw to be due to the limitations of C? That is, why it would not have occurred with another language?

Can we please stop using C now? "Assuming the whole thing was coded in C", are you implying that they should have written the operating system in Java or Ada 95, or Shoot-Em-Up-Construction-Kit instead?

C certainly is certainly far from perfect from a modern perspective, but they probably chose it (assuming they did) for valid performance reasons. Other languages may have better checking, type safety, blah blah, but they all come with performance trade-offs. They may be better suited for many applications, but I can understand why they might have chosen C here.

Audio is transcoded automatically

[Kerre]

Even though the 360 only plays WMV and MPEG2 video, audio gets transcoded automatically if you use the 360 an extender. Most of my music is stored as LAME encoded 192/256 kb VBR MP3's and the 360 in the living room plays them just fine. I don't know what the media extender software does internally - you probably do lose some quality as the XP or MCE pc transcodes your music on-the-fly. Video can be transcoded using other apps like Transcode360: http://www.runtime360.com/ I haven't tried this myself though.

Re:Sweet

[harryk]

Couldn't figure out how/if I could private reply ...

I'm curious how you access MythTV recorded content from XBMC? I've got the same setup, and if I setup an SMB share on my myth server I can see the record files, but the file names are all numeric channel and date time recording data.

Whats your setup like?

Re:Sweet

[Fifty+Points]

You must be new here.

Re:Sweet

[SP33doh]

I've been pissed off about it since the sony hating began, and it's not just here, it's a very large portion of the internet
the only really justified sony hate I can remember was about the drm rootkit CDs, and sony deserved the hate they got for that shit.

but all the PS3 hate? come on, shut the hell up already, you're just going to say something that we've already heard OVER NINE THOUSAND times.
learn how to think for yourself, rather than just taking the opinion of a herd of trolls who also can't think for themself.


also, to cover my bases, I like the 360. it's a fine console. though I would like to see more good non-shooter games for it.
also, I don't own a PS3 at this time, just because there are only a couple decent games so far. but as soon as a game or two that I really want come out, (shouldn't be too long) I'm all over it.



also, I'm the flamebaited comment? well that's just awesome.

Re:Sweet

[FunkyELF]

You can use the XBMC MythTV python scripts here.... http://sourceforge.net/projects/xbmcmythtv/ Basically you just put it in your scripts directory on your XMBC installation. There is a setup screen and you can have it access your files through Samba. It is okay for watching recorded programs. It asks if you want to skip commercials but it never works for me. Watching live TV doesn't work that well either. But for accessing your recordings, it works just fine.

Re:Sweet

[Kalriath]

Hey moron,

Jan 09, 2007 - vendor releases patch
We're currently in... March. Two months after that date. Yup.

Re:Sweet

[redcane]

Unfortunately you need a windows PC for this, since they "embraced and extended" upnp, to require certain parameters and model names be reported by the UPNP/windows media connect server. Thankfully "x360mediaserver" fakes this well enough for audio. I can't get video streaming to work (not even from my work laptop running XP). Not even if I copy the xvid files to the laptop. I really wish MS hadn't made me jump through hoops to use this hardware as a network player. As it is, I just generally end up using my mythbox anyway because it's easier, and doesn't require UPNP hacks. My ideal solution would actually be playing Gears of War, and Dead rising on my mythbox, and interfacing the controllers to it. This is the first time I've bought a console, and the wireless controllers are definitely a great idea.

Re:Sweet

[ZX3+Junglist]

Hey moron,

Jan 09, 2007 - vendor releases patch
Feb 28, 2007 - full public release
That was, uh, yeah, yesterday.


This was news unless you work at Microsoft xbox division.

Re:Sweet

[Froster]

I would just ignore that live TV is an option. On my setup, I use the tuner in my mythTV box purely for scheduled recordings, and watch live TV with the TV itself. Using the tuner through myth and XBMC doesn't work well enough to make me want to rely on it for daily use. Unless you have a display that lacks a tuner, and have no other option, I'd just say forget it.

Re:Yet another reason for better prog languages

[master_p]

It's astonishing how many people don't know CS.

To answer your question, a proper type system ala ML/Haskell/Erlang/Dylan would solve the problem at compile-time.

Re:Yet another reason for better prog languages

[Dogtanian]

It's astonishing how many people don't know CS. No, what's astonishing is how you assumed my question was due to ignorance of type-checking, rather than because the article didn't make clear whether it was a type-checking problem at all.

To answer your question, a proper type system ala ML/Haskell/Erlang/Dylan would solve the problem at compile-time. My question was "Can you briefly explain why you believe this flaw to be due to the limitations of C?"

I'm well aware that type-checking is much weaker in C than in more modern languages. However, the article stated that the problem was due to "incomplete checking of the parameters". This doesn't necessarily imply a type-checking problem; hence my question.

And bearing in mind that the code example given doesn't even appear to be written in C (as you had assumed), and that the poster who guessed it was PPC assembly is likely closer to the mark, I don't see that your argument is necessarily applicable here.

I'm not familiar with with PowerPC assembly, but my guess is that its type-checking is pretty low-level (if any). And I'm pretty sure that no-one is going to use assembler these days unless they have a damn good reason for it; if (as others have suggested), C didn't support the required facilities for such low-level OS programming, there was no way they were going to be able to do it in the higher level languages you had in mind.

Re:Sweet

[Kalriath]

Hey idiot,

Jan 09, 2007 - vendor releases patch

The news is done when THAT happens, not when someone discloses the non-issue.

Re:Yet another reason for better prog languages

[master_p]

the article stated that the problem was due to "incomplete checking of the parameters". This doesn't necessarily imply a type-checking problem; hence my question.

I apologize for saying it, but you are still wrong and ignorant. Functional programs do not need to check their parameters, for the simple reason that algebraic types force the programmer to write a function for each case of an algebraic type.

And bearing in mind that the code example given doesn't even appear to be written in C (as you had assumed), and that the poster who guessed it was PPC assembly is likely closer to the mark, I don't see that your argument is necessarily applicable here.

C is much more like assembly than a high level programming language.

And I'm pretty sure that no-one is going to use assembler these days unless they have a damn good reason for it; if (as others have suggested), C didn't support the required facilities for such low-level OS programming, there was no way they were going to be able to do it in the higher level languages you had in mind.

There is nothing that Haskell or Erlang can not do. There are operating systems written in them, or telephone switchers, or routers. Really low level stuff. There is no excuse in using C/C++/assembly any more, especially in the context of today's computers that are very powerful.

Re:Yet another reason for better prog languages

[Dogtanian]

I apologize for saying it, but you are still wrong and ignorant. Functional programs do not need to check their parameters If you were specifically discussing the functional programming model, you should have stated this clearly. Yes, all the languages you mention are functional, and perhaps I should have noticed that. However, you don't explicitly mention this, you simply mentioned "a proper type system" (which could include something like- e.g.- Ada's better type-checking); so I make no apologies for missing the veiled thrust of your argument.

There is nothing that Haskell or Erlang can not do. There is nothing that a Sinclair ZX80 cannot do, given enough memory and time. So what?

Or are you claiming that Haskell can replace *all* applications of assembly/C/C++ (even allowing for the fact that in the real world, compilers can often optimise better than doing it by hand)?

There is no excuse in using C/C++/assembly any more You're claiming that Haskell (or Erlang) is capable of carrying out the operations that were (supposedly) too low-level to be done in C? And that they can do this with the performance required by something like the XBox 360?

Furthermore, I suspect that there are "real-world" practical issues surrounding the choice of C/C++/assembly, even if that is only programmer familiarity with the language and procedural paradigms; and that is a good enough "excuse", even if long-term we'd be better off writing everything in Haskell.

Re:Yet another reason for better prog languages

[Dogtanian]

(Meant to address this point in my original reply)

C is much more like assembly than a high level programming language. I'd always considered C a moderately high-level language that allowed some very low-level operations to be carried out in a far more expressive manner than assembly.

Just out of interest, what constitutes a "high-level" language in your opinion?

Re:Yet another reason for better prog languages

[master_p]

If you were specifically discussing the functional programming model, you should have stated this clearly.

Since I am talking about Erlang/Haskell, what else other than the functional programming model would I have been discussing? your comment seems a little ...stupid.

However, you don't explicitly mention this, you simply mentioned "a proper type system" (which could include something like- e.g.- Ada's better type-checking

That's why I called you ignorant, because you think Ada has a proper type system.

There is nothing that a Sinclair ZX80 cannot do, given enough memory and time. So what?

Erlang and Haskell do not need more memory and time than C. They can work under the same hardware that C works, and offer same or better performance and much lower development cost.

Or are you claiming that Haskell can replace *all* applications of assembly/C/C++ (even allowing for the fact that in the real world, compilers can often optimise better than doing it by hand)?

Yes. Haskell/Erlang can replace all applications of assembly/C/C++. I advise you to check out this.

You're claiming that Haskell (or Erlang) is capable of carrying out the operations that were (supposedly) too low-level to be done in C? And that they can do this with the performance required by something like the XBox 360?

Yeah!

Furthermore, I suspect that there are "real-world" practical issues surrounding the choice of C/C++/assembly, even if that is only programmer familiarity with the language and procedural paradigms; and that is a good enough "excuse", even if long-term we'd be better off writing everything in Haskell.

The billions of dollars spent each year in debugging and testing prove you otherwise.

Re:Yet another reason for better prog languages

[master_p]

Just out of interest, what constitutes a "high-level" language in your opinion?

Erlang, Haskell, Oz, Ocaml, Lisp, Smalltalk etc

Re:Yet another reason for better prog languages

[Dogtanian]

Since I am talking about Erlang/Haskell, what else other than the functional programming model would I have been discussing? your comment seems a little ...stupid. Not familiar with Erlang or Dylan, and I assumed you were just throwing around examples. Yeah, I should have been a little sharper on the uptake, but your assumption that everyone should know about your semi-obscure list of languages smacks of ivory towers.

As for "...stupid", would that be stupidity like your original assumption that the XBox security breach was due to the offending OS code being written in C- when in fact the only evidence in the article clearly suggested otherwise?

Haskell/Erlang can replace all applications of assembly/C/C++. I advise you to check out this. No, I'm not reading the whole damn website just to figure out if what you say is true in practice, or just a theoretical possibility.

The billions of dollars spent each year in debugging and testing prove you otherwise. You sound very confident. I recommend you start a mainstream software company (apps, games, etc.) based around these technologies tommorow.

Obviously, finding large numbers of programmers familiar with "real-world" use of Haskell (for *any* applications C/C++/assembler is currently being used for) will be *no problem whatsoever*. Right?

(You'll note that the specific comment you replied to wasn't anti-Haskell, but merely noted the problems with finding enough programmers experienced in the language/paradigm in the short term).

I look forward to hearing of your phenomenal success!