Print

[JimmyGoon]

QUOTE(Gamester17 @ Feb 16 2005, 06:11 PM)

and I thought it was SHA1 and HMAC_SHA1 ?, more info on xbox-linux.org

[cmiz]

QUOTE(JimmyGoon @ Feb 16 2005, 11:16 PM)

I'm sorry but does this mean we don't need to change files at all on the HD anymore and that we can just sign our DVD's and XBE's to run off discs? or is that WAY still far away.

well you COULD try to sign every xbe, but you have to realize that this isn't just signing something with xbedump....it's finding a pre-existing xbe and trying to hide your own code in it. it will be pretty much necessary (at least for awhile IMO) to run a patcher/loader.

QUOTE(JimmyGoon @ Feb 16 2005, 11:16 PM)

@cmiz- but would that suffer ROE?

yes it would...you'd need to have the disc install a more permanent hack. this would just be a quicker way of originally breaking into an unmodded xbox (instead of having to use a gamesave).

QUOTE(JimmyGoon @ Feb 16 2005, 11:16 PM)

@cmiz- you say only a BS LD'er off a CD-R/W! Think about it. The utopia Installer disc. 5 second mod....

well i said get a bios loader that would boot off of a cd-rw.....i just assumed people would realize they could put anything else they wanted on the disc after that. (yeah, i'd probably have it boot up to evox or unleashx and run a quick installer.)

in case any of you are confused as to what the live arcade disc is....i went ahead and dug it up. here

edit: please realize that this is all speculation. i don't even know if it's POSSIBLE let alone feasible. i'm just sorta throwing out "what ifs"

[triggernum5]

[The_Truth]

.
and if you are gonna say, oh this would be good for pirated games... shut up now, thats not what the hacking community is for, and its your deal if you wanna be a Warez monkey, but dont even suggest it!
and like what's been said, it's not simply signing... if you cant resign the header, then you are hosed... you would be stuck with a file that runs off XBOX_DVD book type. that's why the book type needs to be worked with. that is the main problem. if you can replicate a book type, then no resigning is needed! just use the little SHA-1 Collision hack.

another question\idea. who's to say that you can't write your file to collide with an already made .xbe with ROE off?

[cmiz]

i think it would be a bit more intricate than simply setting the book type to xbox_dvd.

you COULD make a file that would collide with an XBE with ROE set to off....but the only one i can think of that has the ROE flag set to off is the xbox music maker disc....and again, it has the xbox_dvd media type so we'd need to somehow get it onto an xbox game disc.

@a94060: we're not coming up with new ideas to help MS...we're simply stating that ideas that have been kicked around before are not solved by this. if MS had any intention of doing these things, they would be doing them already. also the idea of signing an XBE and replacing xboxdash with it. what kind of xbe are you talking about? like a bios loader? yeah...it was already suggested within the first handful of posts. that wouldn't really make a huge difference over current exploits though...the biggest advantage we could probably reap from this would be a cd media xbe that could load a bios or patch the kernel.

[Lysip]

QUOTE

MD5 has been widely used, and was originally thought to be cryptographically secure. However, research has uncovered weaknesses which make further use of MD5 questionable. On 17 August 2004, collisions for MD5 were announced by Xiaoyun Wang, Dengguo Feng, Xuejia Lai and Hongbo Yu [1] (http://eprint.iacr.org/2004/199.pdf) [2] (http://eprint.iacr.org/2004/264.pdf). Their attack was reported to take only one hour on an IBM P690 cluster.

Note that Wang et al's attack is a collision attack and not a preimage attack.

While Wang et al's attack was analytical, the size of the hash — 128 bits — is small enough to contemplate a brute force birthday attack. MD5CRK was a distributed project started in March 2004 with the aim of demonstrating that MD5 is insecure by finding a collision using a brute force attack, although it ended without success shortly after Wang et al's announcement.

Because of the discovery of an easy method for generating collisions, many researchers recommend that replacement algorithms, such as SHA-1 or RIPEMD-160, be used instead of MD5.

Because MD5 passes the data only once, a collision might be used to mark a file, without altering the MD5-Checksum. If (x, y) is a collision (i.e. MD5(x) = MD5(y)) with the length of x and y being multiples of the blocksize, then MD5(x + q) = MD5 (y + q) for all q. (cf. this paper (http://www.doxpara.com/md5_someday.pdf) by Dan Kaminsky)

[The_Truth]

QUOTE(cmiz @ Feb 17 2005, 01:29 AM)

i think it would be a bit more intricate than simply setting the book type to xbox_dvd.

[cmiz]

QUOTE(The_Truth @ Feb 17 2005, 02:08 AM)

right but wrong at the same time

[The_Truth]

[RunningRiot]

-RunningRiot

[Monoxboogie]

QUOTE(RunningRiot @ Feb 17 2005, 03:53 AM)

Somone knowledgable inform me:

[XanTium]

Xbox checks signature with the "public key" (which is known for a long time already ... probably released by the Xbox-Linux Team or someone on the XBH forums)

[Pillzburydoofus]

It's not really so simple, because SHA-1 and RSA are asymmetrical. This means that even if we could calculate the SHA-1 or RSA keys from the bios/kernel/MCPX/whatever, it would do us absolutely no good.

[jameswalter]

This would do us no good at all.

Would this let us boot backups without modfication : NO
   There are security sectors on each xbox disc that no one currently understands nor can reproduce.  These are what prevent us from making 1:1 backups.  Why would it change the xbe header just by copying it.

Would this let us make a xbe that boots of the HD to load a bios: NO
    The SHA-1 hack find another set of 0s and 1s that compute to the same SHA-1 hash.  What are the chances that a random set of 0s and 1s that happen to have the same hash would also happen to make a boot loader : NONE

Would this let us sign the xbe: NO
    XBE is signed using the 2048bit RSA algorithm.  Good luck cracking that.

[dankydoo]

QUOTE(jameswalter @ Feb 17 2005, 03:53 AM)

Installer of SoftMod/TSOP/Chips in the Portland, OR / Vancouver, WA area. Email [email protected] for more info ($20 chip ($25 for 1.6), $20 TSOP, $20 softmod, $10 HD upgrade ($5 if w/ install))
Motherboards repaired (if possible, price varies, email with description and picture if possible)

You charge people for this stuff.... and you don't know what you are talking about?  Wow.  Poor bastards..

dankydoo