xboxscene.org forums

Pages: 1 ... 6 7 [8] 9 10 ... 17

Author Topic: BugTraq: Xbox360 Hypervisor Vulnerability - Unsigned Code on Kernel 45  (Read 1754 times)

xboxex

  • Archived User
  • Newbie
  • *
  • Posts: 5
BugTraq: Xbox360 Hypervisor Vulnerability - Unsigned Code on Kernel 45
« Reply #105 on: February 28, 2007, 05:26:00 AM »

> As you could also see in the video, they use the king kong demo.

No, it is not the KK demo, it is the retail one. The "wingnut logo" introductory video is very different. So the KK is not blacklisted.

I have carefully compared them

This post has been edited by xboxex: Feb 28 2007, 01:27 PM
Logged

TheSpecialist

  • Archived User
  • Full Member
  • *
  • Posts: 215
BugTraq: Xbox360 Hypervisor Vulnerability - Unsigned Code on Kernel 45
« Reply #106 on: February 28, 2007, 05:28:00 AM »

QUOTE(xboxex @ Feb 28 2007, 01:26 PM) View Post

> As you could also see in the video, they use the king kong demo.

No, it is not the KK demo, it is the retail one. The "wingnut logo" introductory video is very different. So the KK is not blacklisted.

I have carefully compared them

The shader experiments were originally done on King Kong, using the kiosk disk, since that one allowed to mod data, like shaders. But since that one got blacklisted, they most probably just continued with the 'real' game, using the FW hack to burn modified shaders to disk.

Anyway, thanks for pointing it out smile.gif
Logged

t10

  • Archived User
  • Newbie
  • *
  • Posts: 4
BugTraq: Xbox360 Hypervisor Vulnerability - Unsigned Code on Kernel 45
« Reply #107 on: February 28, 2007, 05:35:00 AM »

LMAO, almost every post starts with "I'm no... hacker/cracker/chip designer etc" then adds some dumb suggestion. Talk about redundancy.

Anyhoo props to the original hacker, he is a smart fellah. Too bad for us though he likes money over prison.
Logged

kalle_19

  • Archived User
  • Newbie
  • *
  • Posts: 36
BugTraq: Xbox360 Hypervisor Vulnerability - Unsigned Code on Kernel 45
« Reply #108 on: February 28, 2007, 05:47:00 AM »

QUOTE(TheSpecialist @ Feb 28 2007, 12:30 PM) *


With this hack, it finally becomes feasible to get that decrypted hypervisor code, containing all the security stuff, so that is the true merit of this hack, IMHO


You know, you don't need to decrypt the hypervisor code since this exploit runs code outside it...
Logged

TheSpecialist

  • Archived User
  • Full Member
  • *
  • Posts: 215
BugTraq: Xbox360 Hypervisor Vulnerability - Unsigned Code on Kernel 45
« Reply #109 on: February 28, 2007, 05:46:00 AM »

QUOTE(kalle_19 @ Feb 28 2007, 01:47 PM) View Post

You know, you don't need to decrypt the hypervisor code since this exploit runs code outside it...

smile.gif

Maybe then in other words so you get what I was saying: currently THIS hack will only work on some specific kernel versions and since you can't downgrade to that version, this current hack won't be interesting to most people. HOWEVER, this hack will allow us to dump decrypted hypervisor code and THAT opens up a whole new world of insights, maybe it will even open up a way to defeat the efuse check, for example, who knows.  

It's a lot easier to find an exploit if you understand what a process looks like than to shoot bullets in the dark (which was all we could do uptill now). So THAT is why having hypervisor code is such a big thing.
Logged

MadEx

  • Archived User
  • Full Member
  • *
  • Posts: 112
BugTraq: Xbox360 Hypervisor Vulnerability - Unsigned Code on Kernel 45
« Reply #110 on: February 28, 2007, 05:55:00 AM »

Once again, in typical X-S forums fashion, this goes over everyones heads.
Logged

leorimolo

  • Archived User
  • Sr. Member
  • *
  • Posts: 269
BugTraq: Xbox360 Hypervisor Vulnerability - Unsigned Code on Kernel 45
« Reply #111 on: February 28, 2007, 05:54:00 AM »

QUOTE(TheSpecialist @ Feb 28 2007, 06:53 AM) View Post

smile.gif

Maybe then in other words so you get what I was saying: currently THIS hack will only work on some specific kernel versions and since you can't downgrade to that version, this current hack won't be interesting to most people. HOWEVER, this hack will allow us to dump decrypted hypervisor code and THAT opens up a whole new world of insights, maybe it will even open up a way to defeat the efuse check, for example, who knows.  

It's a lot easier to find an exploit if you understand what a process looks like than to shoot bullets in the dark (which was all we could do uptill now). So THAT is why having hypervisor code is such a big thing.

Psp updates were haxozred and decrypted which led to new exploits.
Logged

jonlewi5

  • Archived User
  • Newbie
  • *
  • Posts: 8
BugTraq: Xbox360 Hypervisor Vulnerability - Unsigned Code on Kernel 45
« Reply #112 on: February 28, 2007, 07:00:00 AM »

well that proves one point this is M% we are dealing with, they arent the best at security lol and this proves it lol

i suppose if anything does come outta this then its gunna be a cat and mouse game just like the psp and sony lol



heading over to xbox hacker to see whats being said there now

i really didnt expect this, asi was only coming here for a quick browse lol
Logged

mojoman

  • Archived User
  • Newbie
  • *
  • Posts: 5
BugTraq: Xbox360 Hypervisor Vulnerability - Unsigned Code on Kernel 45
« Reply #113 on: February 28, 2007, 07:14:00 AM »

You guys are in Denial. How does this help us at all. Somone found a hole and quickly told microshit. If at all anything, what we should be doing is,  insult this traitor, I mean people are painfully looking for ways to crack this thing, and what does he do when he finds this.  He goes straight to the microshits. The guy is a big fool.
Logged

cherryduck

  • Archived User
  • Newbie
  • *
  • Posts: 16
BugTraq: Xbox360 Hypervisor Vulnerability - Unsigned Code on Kernel 45
« Reply #114 on: February 28, 2007, 07:19:00 AM »

Ok, I know I'm probably going to get flamed like crazy for this but have a look at this snippet about the efuse I found on Wikipedia:

The primary application of this technology is to provide in-chip performance tuning. If certain sub-systems fail, or are taking too long to respond, or are consuming too much power, the chip can instantly change its behavior by 'blowing' an eFUSE. This process does not physically destroy the eFUSE, so it is reversable and repeatable.

Everyone keeps saying you can't 'unblow' an efuse, yet right here it seems to say exactly the opposite...Anyway that's just what I found so if I'm wrong I'm wrong but thats maybe something to think about. I don't claim to be a fount of wisdom or anything I'm just interested in the possibilities.

Logged

PillHarris

  • Archived User
  • Newbie
  • *
  • Posts: 5
BugTraq: Xbox360 Hypervisor Vulnerability - Unsigned Code on Kernel 45
« Reply #115 on: February 28, 2007, 07:28:00 AM »

QUOTE(jonlewi5 @ Feb 28 2007, 02:00 PM) View Post

well that proves one point this is M% we are dealing with, they arent the best at security lol and this proves it lol

i suppose if anything does come outta this then its gunna be a cat and mouse game just like the psp and sony lol
heading over to xbox hacker to see whats being said there now

i really didnt expect this, asi was only coming here for a quick browse lol


I think 360 has proved ms are very good at security. It's over a year and we've got nothing, Even if this guy did not go to Microsoft, Microsoft would of blown that eFuse as soon as they heard about it. So you are in the situation where you buy an expensive console and you can never play a new retail game or play online just to use some homebrew, Because MS will always be able to blow these eFuses, nobody has any idea how the security works or how to stop it. Nothing is being said at XBH either. Hackers aren't the only one analysing this vulnerability, Microsoft will be looking all over their code to make sure there are no more holes.
Logged

Mike Bowler

  • Archived User
  • Newbie
  • *
  • Posts: 33
BugTraq: Xbox360 Hypervisor Vulnerability - Unsigned Code on Kernel 45
« Reply #116 on: February 28, 2007, 07:41:00 AM »

And how is it that they would have blown the particular eFuse they blow in the update if potentionally the method used to exploit the 360 could have been kept secret?

edit:

Oh and i'd also like to say that patching holes can sometimes create new ones, and plus no-one will ever find all the holes but you can more or less guarantee that the hackers (people trying to get homebrew and modchips on the move) will win.

There are some incredibly smart people out there and i personally respect the people that make the homebrew and modchip scene what it is and what it will be (IMG:style_emoticons/default/smile.gif)

edit2: i don't know why but in between paragraphs i'm getting quite large spaces in my posts



This post has been edited by Mike Bowler: Feb 28 2007, 03:50 PM
Logged

Chamrock

  • Archived User
  • Full Member
  • *
  • Posts: 157
BugTraq: Xbox360 Hypervisor Vulnerability - Unsigned Code on Kernel 45
« Reply #117 on: February 28, 2007, 07:42:00 AM »

If this hacker helped MS I really hope she/he will be insulted, haunted, tortured and bullied for the rest of his life! Fuck you if you helped MS!


How can MS legally release updates that physically blow efuses without approval of the owner? That would be considered as intruding and should be punished to maximum extent, even if we have to bomb MS offices.
Logged

firefighter1023

  • Archived User
  • Jr. Member
  • *
  • Posts: 57
BugTraq: Xbox360 Hypervisor Vulnerability - Unsigned Code on Kernel 45
« Reply #118 on: February 28, 2007, 07:47:00 AM »

QUOTE(mojoman @ Feb 28 2007, 02:14 PM) *

You guys are in Denial. How does this help us at all. Somone found a hole and quickly told microshit. If at all anything, what we should be doing is,  insult this traitor, I mean people are painfully looking for ways to crack this thing, and what does he do when he finds this.  He goes straight to the microshits. The guy is a big fool.


A fool that knows quite a bit more than you do about the technical details of the xbox360.  Until you personally can contribute to the 'scene', instead of riding the coat-tails of those who do the actual work/discovery, you have no room to complain.
Logged

PillHarris

  • Archived User
  • Newbie
  • *
  • Posts: 5
BugTraq: Xbox360 Hypervisor Vulnerability - Unsigned Code on Kernel 45
« Reply #119 on: February 28, 2007, 07:45:00 AM »

QUOTE(Mike Bowler @ Feb 28 2007, 02:41 PM) View Post

And how is it that they would have blown the particular eFuse they blow in the update if potentionally the method used to exploit the 360 could have been kept secret?


If it's secret then Microsoft don't care about, because nobody will be using it. They don't care about super secret exploits used by a few people, as soon as you put one out in the public that we all know about, Microsoft have this little thing called eFuse to answer that.
Logged
Pages: 1 ... 6 7 [8] 9 10 ... 17