Xbox 360 Reset Hack Yields Unsigned Code Execution

← Back to Stories (view on slashdot.org)

Xbox 360 Reset Hack Yields Unsigned Code Execution

Posted by Soulskill on Wednesday August 31, 2011 @03:16PM from the let's-see-if-microsoft-pulls-a-sony dept.

walshy007 writes "A new exploit has been shown which allows unsigned code execution on the Xbox 360 for all current models. It functions by pulsing the reset pin at a critical time during the checksumming/crypto boot process. The exploit enables the running of Xell, a boot loader which facilitates the running of Linux, amongst other programs."

26 of 177 comments (clear)

Min score:

Reason:

Sort:

Finally! by Anonymous Coward · 2011-08-31 15:35 · Score: 2, Funny

Now I can run Windows on my 360!
1. Re:Finally! by Pseudonym+Authority · 2011-08-31 16:33 · Score: 4, Funny
  
  I'm installing ReactOS as we speak!
2. Re:Finally! by cbackas · 2011-09-01 01:21 · Score: 3, Insightful
  
  According to MS, neither XBox is based on the Windows kernel at all contrary to popular belief.
  http://blogs.msdn.com/b/xboxteam/archive/2006/02/17/534421.aspx
3. Re:Finally! by neokushan · 2011-09-01 01:35 · Score: 3, Interesting
  
  Interesting, I hadn't seen this before.
  I've read more than once that the XboxOS was based on Win 2000. I'm sure I can find some examples -
  http://www.windowsfordevices.com/c/a/News/The-scoop-on-the-Xbox-360s-embedded-OS/
  "The original Xbox ran an OS that had its roots in Windows 2000. Granted, by the time you strip out everything that is not needed in a console like the Xbox and replace some of the parts with stuff specific to that device (like the file system), and add a few pieces, it hardly resembles anything remotely like Windows 2000 at all. But you could say that's where its original roots lie, even if 95 percent of it has been cut or heavily altered."
  http://www.xbox365.com/stories/xdkcomplete.shtml
  "The kernel is based on Microsoft® Windows® 2000."
  Granted, neither of those sources are remotely "official", but this one is interesting -
  http://www.caustik.com/cxbx/progress.htm
  "The Xbox uses a stripped down and partially modified Windows 2000 Kernel."
  That's from a developer of cxbx, an Xbox emulator. Surely he of all people would have figured if the kernel was completely different? Then again, who knows how relevant that is to emulation itself. With people like that making the same claim, it's no wonder the misconception is so common.
  
  --
  +1 IDisagreeSoHeMustBeATrollOrAnAstroturferOrAShill
Why? by Gojira+Shipi-Taro · 2011-08-31 15:41 · Score: 4, Insightful

I can already run unsigned code on any of half a dozen PCs or similar devices I have that are not the 360 and are FAR more powerful. This is interesting-ish in that it's a neat kind of hack, but really... why would I want to do this now?

--
"Oh my God. This is terrible. This is the end of my Presidency. I'm fucked."; ~ Donald J. Trump
1. Re:Why? by gman003 · 2011-08-31 15:48 · Score: 4, Insightful
  
  You're obviously not a real geek, then. Running arbitrary code on a device designed to not let you run arbitrary code is, to a geek, a worthy goal in and of itself.
  In other words, "it's not about WHY, it's about WHY NOT!".
2. Re:Why? by Gojira+Shipi-Taro · 2011-08-31 15:50 · Score: 2
  
  I'm all about doing that if it has a purpose. I guess if there weren't PC drivers for the motion sensor gizmo it would be really cool.
  
  --
  "Oh my God. This is terrible. This is the end of my Presidency. I'm fucked."; ~ Donald J. Trump
3. Re:Why? by Anonymous Coward · 2011-08-31 16:02 · Score: 5, Informative
  
  Because its your hardware, and you should have the right to do so, whether or not you have a reason to at the moment. It's about preserving that right, which seems to be going away on more and more devices over time.
4. Re:Why? by Anonymous Coward · 2011-08-31 16:10 · Score: 2, Insightful
  
  Umm, because it's fun?
  Jesus, what the hell has happened to this place... *sigh*
5. Re:Why? by scrib · 2011-08-31 16:31 · Score: 2
  
  Thank you, Cave Johnson!
  
  --
  Help! Help! I'm being repressed!
6. Re:Why? by mykos · 2011-08-31 16:33 · Score: 2
  
  Thanks for bringing me some clarity! I can run unsigned code on my computer, therefore I shouldn't need to be able to run unsigned code on my Android devices, iDevices, or Xbox 360s. I mean, what's the fucking point of running unsigned code on any other devices if I can already run it on one?
7. Re:Why? by gman003 · 2011-08-31 16:56 · Score: 5, Insightful
  
  You're still focusing on the wrong thing. The people doing this aren't doing it because they need a computer to do useful tasks. They're doing it because breaking into a system designed to keep you out is fun. Getting a decent machine (the CPU on it is actually fairly impressive, even if the graphics processor isn't that hot, and the memory system opens some interesting opportunities) is just icing on the cake.
  Some people, in their leisure time, collect stamps, others play war games, others still read ancient Greek political satire. And some people hack game consoles.
  Sure beats arguing on /.
8. Re:Why? by V!NCENT · 2011-08-31 21:34 · Score: 2
  
  Well you got this billion-trillion-gazillion dollar company that hires the best of the best people to make a million/billion dollar costing platform with some realy serious security that nobody is supposed to break.
  And a single guy, doing some hobby hacking, can beat that. It's like chess. He is superior. He won.
  That's why. And now he's showing the world that he is smarter than the guys who even gone so far as too make the CPU burn its own key. It's like sport, for nerds.
  
  --
  Here be signatures
9. Re:Why? by Opportunist · 2011-08-31 22:53 · Score: 2
  
  Here's my reason: I prefer playing on PC to console, because I hate those shit controllers. By leveling the piracy amount on all platforms, I encourage game makers to provide me games for my preferred platform. And since I cannot lower piracy on PC, I do the next best thing and am quite happy if I see an increase in piracy on the consoles.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
that's why i don't buy console by Anonymous Coward · 2011-08-31 15:42 · Score: 2, Insightful

I refuse to buy devices where the mfg intentionally locks me out of running code I want on a device that I own. Sure, sure, these hacks appear but you have to subvert the attempts by the vendor to lock you out of your own hardware. Same for many cell phones, and with things like the iPad slowly starting to eat away at PC sales, that seems to be how personal computing is going to go. It'll end up that you can only run "approved" code on your own device to prevent "hackers" - just wait.
I don't get why so many other people don't seem to mind giving up control over their own systems. It's a war only one side is fighting.
1. Re:that's why i don't buy console by Elbereth · 2011-08-31 17:21 · Score: 2
  
  That's a bit unfair, really. He's got a point about the restricted code execution, even if it's a technicality that most (99%?) people don't care about. I agree that it comes dangerously close to "I don't own a TV", but, really, he's not a hipster. He's just some guy who cares about things that nobody else does. And isn't that punishment enough, without ridiculing him?
2. Re:that's why i don't buy console by Jmc23 · 2011-08-31 17:52 · Score: 2
  
  Um, probably because the vast majority of people buy a games console to, you know, play games.
  Out of the remainder geeks who do want to run unsigned code they really don't care about being able to run their own code, they just want aded functionality and/or bragging rights by running other people's unsigned code. An even smaller percentage of geeks buy them because of the challenge of breaking the security, finding flaws, and taking advantage of the hardware and possibly making it do things it was never meant to do.
  Then there's you, who just whines and bitches and doesn't share in all the different ways others are getting pleasure from a simple game console, and let's be realistic, nobody, neither companies nor peers, cares about your opinion because you are neither buying nor having fun with other people.
  NB, I'm using the plural you. Take heart AC there are other losers out there.
  
  --
  Don't complain about syntax, grammar, or spelling. There is no.hell like input on android.
Two 1 h GoogleTechTalks by AHuxley · 2011-08-31 15:50 · Score: 5, Interesting

Deconstructing The Xbox Security System
http://www.youtube.com/watch?v=9NqLljaHc80
Xbox 360 Security System and its Weaknesses
http://www.youtube.com/watch?v=uxjpmc8ZIxM

--
Domestic spying is now "Benign Information Gathering"
Can't wait by ArchieBunker · 2011-08-31 16:02 · Score: 2

For all the usual emulators to get ported. Is it really that big a deal to run a Sega Genesis emulator on your Xbox? If you want a media player then you might as well buy a netbook for around the same price but with a larger hard drive and much lower power requirements.

--
Only the State obtains its revenue by coercion. - Murray Rothbard
Would be nice if by CityZen · 2011-08-31 16:38 · Score: 2

this lets you figure out the keys that are necessary to write to the optical drive firmware to pair them up again, because there are boatloads of systems out there that don't work after someone removed and lost track of the paired drive that was in it.
1. Re:Would be nice if by _133MHz · 2011-08-31 16:55 · Score: 4, Informative
  
  It does! Xell spits out the CPU key and the DVD key at the boot console. Just have a digital camera handy!
NO IT DOESN'T! by definate · 2011-08-31 18:21 · Score: 5, Funny

Sure beats arguing on /.
NO IT DOESN'T!

--
This is my footer. There are many like it, but this one is mine.
1. Re:NO IT DOESN'T! by TheRealQuestor · 2011-08-31 19:13 · Score: 2
  
  yes it does you insensitive clod
Not the first 360 hack like this.. by neokushan · 2011-08-31 20:30 · Score: 2

A lot of people are saying things like "ohhh, I wonder how long before emulators appear".
FYI, this is actually the 3rd hack like this to appear for the 360. There was a first hack, the KK (King Kong) exploit that got patched quickly, then in 2009 details for a JTAG hack were released. Because of this, there's quite a few 360's running unsigned code out there and plenty of emulators for them. MAME, SNES, Genesis/MD, I believe someone even ported Final Burn Alpha. Sadly the homebrew scene wasn't quite as rampant as the PS3 homebrew scene and neither had anything on the Xbox homebrew scene, but hopefully this will breathe new life into it.
Suffice to say, as a JTAG owner myself, it's worth it for being able to store and load all your games from a HDD. With most 360 games (full games, that is) clocking in at about 6.5GB, you don't even need a lot of space for a big collection.

--
+1 IDisagreeSoHeMustBeATrollOrAnAstroturferOrAShill
How the hell could that work? by Viol8 · 2011-08-31 22:57 · Score: 2

Because I assume the code as written could only handle one bullet at a time. I doubt they put in extra memory locations and support code for more "just in case someone hit select at power-up".
1. Re:How the hell could that work? by Haven · 2011-09-01 00:03 · Score: 2
  
  Any marginally complex computer program has the possibility of exhibiting nearly any behavior given the correct environmental parameters.
  Bugs never behave like you imagine they should, and there are always bugs in any computer system.