Slashdot Mirror

← Back to Stories (view on slashdot.org)

Xbox Hypervisor Security Protection Hacked

Posted by samzenpus on from the they're-in dept.

ACTRAiSER writes "A recent Post on Bugtraq claims the hack of the Xbox 360 Security Protection Hypervisor. It includes sample code as well." From Bugtraq "We have discovered a vulnerability in the Xbox 360 hypervisor that allows privilege escalation into hypervisor mode. Together with a method to inject data into non-privileged memory areas, this vulnerability allows an attacker with physical access to an Xbox 360 to run arbitrary code such as alternative operating systems with full privileges and full hardware access."

7 of 232 comments (clear)

  1. Yes. by TJ_Phazerhacki · · Score: 5, Funny
    All well and good, but....


    Will it run DOOM?

    --
    Physics is nothing like religion. If it was, we'd have an easier time trying to raise money!
  2. Attacker?? by Anonymous Coward · · Score: 5, Insightful

    this vulnerability allows an attacker with physical access to an Xbox 360 to run arbitrary code such as alternative operating systems with full privileges and full hardware access.


    Wait. Don't you mean this allows an Xbox 360 user to run arbitrary code such as alternative operating systems with full privileges and full hardware access on the machine they rightfully own ?

    How is this an attack, except in the eyes of MS?
    1. Re:Attacker?? by karmatic · · Score: 5, Informative

      Quoth the parent: See my comment here.

      You might think you own it, but SUPRISE, you are licensing it.

      The fact you keep repeating the same wrong information doesn't make it any less wrong.

      Adobe made that same claim you are making. It didn't go over well in court. It didn't go over too well for Microsoft either (Microsoft Corp. v. DAK Indus). Novell tried that argument, and got shot down too (Novell, Inc. v. CPU Distrib., Inc., 2000 ).

      "...the Ninth Circuit held that the economic realities of the agreement indicated that it was a sale, not a license to use."

      "... Like Adobe, CPU argued that it purchased the software from an authorized source, and was entitled to resell it under the first sale doctrine. Novell claimed that it did not sell software but merely licensed it to distribution partners. The court held that these transactions constituted sales and not a license, and therefore that the first sale doctrine applied. 2000 U.S. Dist. Lexis 9975 at *18."

      "...The Court finds that the circumstances surrounding the transaction strongly suggests that the transaction is in fact a sale rather than a license. For example, the purchaser commonly obtains a single copy of the software, with documentation, for a single price, which the purchaser pays at the time of the transaction, and which constitutes the entire payment for the "license." The license runs for an indefinite term without provisions for renewal. In light of these indicia, many courts and commentators conclude that a "shrinkwrap license" transaction is a sale of goods rather than a license."

      "...Ownership of a copy should be determined based on the actual character, rather than the label, of the transaction by which the user obtained possession. Merely labeling a transaction as a lease or license does not control. If a transaction involves a single payment giving the buyer an unlimited period in which it has a right to possession, the transaction is a sale."

      "Raymond Nimmer, The Law of Computer Technology 1.18[1] p. 1-103 (1992). The Court agrees that a single payment for a perpetual transfer of possession is, in reality, a sale of personal proper and therefore transfers ownership of that property, the copy of the software. "

      So, at least in the US, a one-time payment for a perpetual use of software is a SALE, regardless of what you call it, and rightfully so. They can't change that with a EULA any more than a car dealership could claim you had a one-time lease payment, with a lifetime use period and the right to transfer the lease for free (thus avoiding legal regulations with regards to sale of vehicles). Any reasonable court would rule that such was a sale, not a lease. What you call it doesn't matter.

  3. Re:That's Because... by Kalriath · · Score: 5, Informative

    Does MS force updates for things like this? Yes. As soon as your XB360 attempts to connect to Live (which even without you paying, it will do if you signed up for it) it will demand you update or it will disconnect you (which with Live-connected dashboard accounts signs you out of your local XB360 profile too)
    --
    For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
  4. Timelines for Vulnerability Fixes by lmnfrs · · Score: 5, Interesting

    Timeline:
    ..
    Jan 03, 2007 - vendor contact established, full details disclosed
    Jan 09, 2007 - vendor releases patch
    ..
    Patch Development Time (In Days): 6

    Interesting to compare timelines affecting Microsoft's users to timelines affecting Microsoft's control schemes.

    1. Re:Timelines for Vulnerability Fixes by Ent · · Score: 5, Insightful

      I imagine the quick response had more to do with a smaller test/compatibility matrix than anything else.

  5. It's a joke. LAUGH! by Ungrounded+Lightning · · Score: 5, Insightful

    Wait. Don't you mean this allows an Xbox 360 user to run arbitrary code such as alternative operating systems with full privileges and full hardware access on the machine they rightfully own ?

    It's a joke!

    The guy who caught the bug is using techie humor in perfect hacker tradition. He's pretending to take things utterly literally and following them to a redicuilous extreme.

    In this case he's doing it by publishing a report of how to crack an Xbox and run an arbitrary OS on it - with complete details on how to replicate it - as a bug report. And he went through the entire procedure:
      - Identify and diagnose the problem.
      - Build a proof-of-concept test.
      - Check it against the latest release (and find the bug still there).
      - Notify the vendor (who ignores the report, as usual).
      - Give him time to respond (which he doesn't).
      - Give a public demonstration.
      - Respond in friendly fashion to the vendor-initiated contact (after the public demo lights a fire), giving him the details of the proof-of-concept.
      - Give the vendor some time to generate and publish a patch.
      - Publish the complete details of the exploit.
    He did this just as if it were a bug, rather than a "feature".

    Now there is "improved" firmware that fixes the hole. And the complete details are out there. If anybody who actually owns an Xbox who doesn't want to "fix" the "bug" and leaves his firmware backdated, so he can "be exploited by himself" by loading Linux, *BSD, or whatever on his own Xbox, well, that's what he gets for not staying up to date on patch levels.

    ROTFLMAO!

    Meanwhile the "anonymous hacker" has published (on Bugtraq no less) complete details of how to crack the Xbox (with a backdated firmware load) and run an arbitrary OS on it with full privileges. Yet when it comes to the DMCA he's squeaky-clean. The MAFIAAs and Microsoft have absolutely no claim against him if anybody out there happens to "exploit himself" and use this "bug" to break their "trusted" computing platform.

    But there's one thing I don't understand:

    Why didn't samzenpus use "The Foot" when he approved this article? B-)

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way