Xbox exploited (1 Viewer)

[Krystian C]

Hi all,

Just doing some reading over at www.the-magicbox.com in there forum section there was something of interest.

Seems a hacking group called FREE-X has found a way to exploit the Xbox Dashboard to allow access to the system WITHOUT a modchip. The have been able to run Linux off the system, without cracking the case. The link is below

Security Release for Xbox exploit

Funny side to this, is supposedly (I have yet to confirm for myself) they tried to contact MS and present the flaw to them. But it seems MS told these guys to take a hike. They tried for over a month, and kept getting shot down, they told MS if they didn't hear them out, they would go public with the exploit. And they did. Now MS is seeking legal action against them. Go figure. If Bill's manhood was as big as his ego, he would probably be in porn.

Anyways, wonder if this means the Xbox will go the way of the Dreamcast. I recall piracy being one off the key factors in it's demise. Now with the ability to hack the Xbox un-modded, we may see a huge rise in Xbox sales, and a severe drop in software sales. Only time will tell I guess.

 

[Jeffrey D Smith]

I doubt that the Xbox will face the same demise of the Dreamcast. You have been able to do perfect copies of xbox games for nearly a year now with a mod chip and I don't think it's done much to the system.

I suppose removing the requirement of the $20 mod chip will boost piracy a bit.

 

[JasonKrol]

I personally dont see MS allowing anything to happen to their baby too.

If that means coming to each of our houses, and swapping our Xbox with a new one that has an updated kernal, I believe they would actually do it.

But, i do think that this exploit is rather difficult to pull off, but perhaps in time tweaks will be added to make it difficult, either way, piracy has been and will always be an issue with developers, but thankfully there are more honest people than there are crooked (surpising isnt it?) and the sales should remain intact. Especially if MS has something up their sleeves to combat issues like this (which they must, because thay had to have known that it was only a matter of time before someone figured out something, considering how complex the machine is to begin with)

 

[JamesHl]

It's pretty easy, the hardest thing is getting the files onto the memory card. I also think the way the group went about trying to inform Microsoft was stupid. They tried to blackmail them into allowing an 'official' linux boot disc to run linux on any xbox. Microsoft had a couple of meetings and phone calls with them, I think more to get an idea of what these guys had on their hands than anything. Surely they're working on a fix for newer boxes based on the amount of information they did get already. All they could have prevented is a public release of the information, which in their eyes may or may not have happened anyway, as anyone who doesn't work for Microsoft and finds exploits in a Microsoft product is untrustworthy and probably some sort of criminal.

Basically, both sides were wrong in this case. However, I'm not going to argue with the fact that a solution to running linux on the xbox has come out that is easy enough for the lazy such as myself to install.

 

[John Kilroy]

I think this is insignificant to MS and Xbox. They only wish this was their biggest problem. Some miniscule fraction of a percentage of hackers will try this. Most of us on this board are more than capable of doing it, and yet I bet not one of us will. And it won't work on Live-enabled boxes, that's for sure. This is not a problem for Microsoft.

Now 63 million PS2s sold and counting, that's a problem for Microsoft.

 

[Dave F]

Funny side to this, is supposedly (I have yet to confirm for myself) they tried to contact MS and present the flaw to them. But it seems MS told these guys to take a hike. They tried for over a month, and kept getting shot down, they told MS if they didn't hear them out, they would go public with the exploit.

This isn't quite what happened. This group basically tried to blackmail Microsoft. They contacted MS and told them that they would "release" the information unless Microsoft offered a Linux loader for the Xbox. Of course they claim that this isn't blackmail.

I don't really care that the exploit was released, but I hope Microsoft nails'em to the wall for attempted blackmail.

-Dave

(Edit: I should've read JamesHl's post first. )

 

[paul h]

hmmm.. from what i've read and seen IMHO MS have released the most pirate friendly console ever in the shape of the XBox. By basing it on a PC they have opened it up to all kinds of hacks/mods etc. At a computer fair i watched a guy chip one in no more than 5 minutes, at which point it had a new bios, skin, had emulators installed and played any and every kind of disc.. oh and it also had a switch fitted so it could be disabled for XBox Live.

Gamerfeed.com posted an interesting article a while back:

http://www.gamerfeed.com/index.php?story=2799

 

[Krystian C]

I also don't see how the common person is supposed to perform this 'hack'.

This was the beauty of the Dreamcast hack, all it required was a boot disc at first, then eventually as hackers got smarter, they even incorporated the boot info onto the first track of the pirated games. It became a no brainier for pirates. Download game, burn, insert. No fuss, nothing. I remember after this hack came out I decided to buy another dreamcast (I had sold mine about a month earlier) And there was no one anyhere in the city that had them in stock, I could not even pick up a used console.

It is now only a matter of time before they have an easy to use, bootable solution for the techno-peseants among us. And in mp opinion, this is bad news for MS in the long run.

They are already competing in a market where they are nowhere near the top dog (sales wise) This now adds a new factor of loss of software sales, that was previously accounted for.

Turn a blind eye if you want, and rant that Xbox wont feel anything from this, but you are wrong in my opinion. I am willing to bet everyone here know a person or 2 who had a modded PSX, or played a few burned titles on there dreamcast. Every one of those titles bing played is a loss of cash to someone, like it or not, and an already struggling console (by struggling I mean, struggling to get a fair market share in the highly PS2 dominated game market, so don't even start fan-boys), does not need anymore loss of revenue.

 

[Allen_Appel]

... as anyone who doesn't work for Microsoft and finds exploits in a Microsoft product is untrustworthy and probably some sort of criminal.

There have been a ton of Microsoft product security flaws that have only been reluctantly fixed due to discovery by "criminals".

 

[BrianB]

I remember after this hack came out I decided to buy another dreamcast (I had sold mine about a month earlier)

Interesting timing, Krystian. Would you have re-bought the DC so soon /without/ the "hack"?

 

[KevinRB]

Hacking caused the fall of Dreamcast? That's an interesting one. If anything, it extended it's life since it still has uses after games have stopped being released for it.

Funny side to this, is supposedly (I have yet to confirm for myself) they tried to contact MS and present the flaw to them. But it seems MS told these guys to take a hike.

Why is this funny? I can't stand the "we told them, they did nothing, so it's their fault we are releaasing this" arguement. If this group was truely a white hat group, they would have kept this vulnerability to themselves.

 

[JamesHl]

Haha, thanks for pointing that out Dean.

They really treat people who point out security exploits to them badly: indifference in the best case, threats of prosecution in the worst.

 

[BrianB]

I think you misread his post as he said "IN THEIR EYES".

It reads either way. But point taken, James.

 

[Michael St. Clair]

It's a little premature to read doom and gloom into this.

They can update the affected games so that future buyers of James Bond and Mechassault do not have access to the overflow issue.

Second of all, it is very likely that the act of reading a save file from a memory card uses some kind of system call in the kernel or dashboard.

If this is the case, Microsoft can certainly update all future consoles to prevent this overflow issue, regardless of what version of the two games in question is used.

And they can probably update every single online (Live) player's XBox to also prevent this.

And there is a very good chance they can program future games and magazine discs to update the system as well.

If this is the case, anybody with a hacked XBox not only will have to stay offline, they will have to never put an official disc into their console.

It's way too early to assume that the kind of widespread piracy that affected the Dreamcast will be possible on the XBox.

 

[David Lee]

If this is the case, anybody with a hacked XBox not only will have to stay offline, they will have to never put an official disc into their console.

Even if they can make their Xbox look Stock at the flick of a switch. I'm not sure, but I believe most modded Xbox's can do that.

 

[Michael St. Clair]

Even if they can make their Xbox look Stock at the flick of a switch. I'm not sure, but I believe most modded Xbox's can do that.

You are talking two different things. Modded Xboxes (like modded PSX and PS2 consoles) have been around for a long time.

If Microsoft can send out a 'Trojan Horse' update to the kernel and/or dashboard, it will update any XBox it is sent to...regardless of whether or not that user has been booting unsigned code. And once modded, the system would no longer allow this (non-modchip) exploit.

 

[JamesHl]

They've disabled people whose boxes are hardware modded from getting on live, I would tend to wonder why if they could remotely mess with the software considerably that they didn't just completely disable people's xboxes. I guess there might be some legal issues, and frankly I don't feel much better about it than I do about Hatch's "we'll blow up your computer for tradin' music files, dagnabbit!" plan, but it seems like something they might do. Directv already blasts people's hacked access cards... although I guess they're only destroying the bit of your hardware that's illegal, as opposed to rendering a semi expensive piece of electronics totally inoperable. Perhaps they could get away with it if you had to call MS, or send the box to them to get it reactivated, or something?

Anyway, I'm not sure they have the infrastructure to update you over live like that, as the hack fixes they have done so far were hardware revisions. If they could simply patch the exploit in software, why wouldn't they have yet? Also, patching the software won't fix the boxes that have been hacked, unless you wipe everyone clean or something.

Also, with the court decision about verizon having to turn customer information based on ip addresses to the riaa, MS could conceivably track you down and charge you with violating the dmca. However, this would probably require too much effort on their part for the people using hardware mod chips as opposed to going after the chipmakers, and I'm not sure how easy it would be to tell if the box has been modified through software.

 

[Michael St. Clair]

If they could simply patch the exploit in software, why wouldn't they have yet?

Um, the exploit is brand new.

Remember, we aren't talking about modchips here.

 

[JamesHl]

Yes... and it is MS we're talking about I suppose... it's also the first software-only exploit, so I guess they're asking themselves the same questions we are here.

 

[Kelley_B]

There is a new Dashboard coming out soon, its currently included in the last software revs of the XDK. And this has been something that is going to happen for a while, so this little hack has nothing to do with it.

BTW - the new Dashboard is SO much bette then the current one IMHO.