xboxscene.org forums

Pages: 1 ... 3 4 [5] 6 7 ... 17

Author Topic: BugTraq: Xbox360 Hypervisor Vulnerability - Unsigned Code on Kernel 45  (Read 1724 times)

brandogg

  • Archived User
  • Hero Member
  • *
  • Posts: 1668
BugTraq: Xbox360 Hypervisor Vulnerability - Unsigned Code on Kernel 45
« Reply #60 on: February 27, 2007, 09:36:00 PM »

DVD movies look like crap on the 360 compared to the Xbox because XBMC upscales DVDs no matter which connection you use, the 360 only upscales over VGA, because of CSS. Back to the topic at hand, this is awesome. I wonder if Team Xecuter's interview the other day was hinting at any of this.
Logged

infamous_Q

  • Archived User
  • Full Member
  • *
  • Posts: 101
BugTraq: Xbox360 Hypervisor Vulnerability - Unsigned Code on Kernel 45
« Reply #61 on: February 27, 2007, 09:37:00 PM »

i dunno wut $100 fee ur talking about...cuz this isn't XNA at all.

although...XNA code manipulation may be a way to write homebrew code in case no one get's their hand on an XDK.
Logged

kevhonda

  • Archived User
  • Full Member
  • *
  • Posts: 126
BugTraq: Xbox360 Hypervisor Vulnerability - Unsigned Code on Kernel 45
« Reply #62 on: February 27, 2007, 09:35:00 PM »

QUOTE(infamous_Q @ Feb 28 2007, 05:37 AM) View Post

i dunno wut $100 fee ur talking about...cuz this isn't XNA at all.

although...XNA code manipulation may be a way to write homebrew code in case no one get's their hand on an XDK.


...Yeah that's what I was trying to say..kinda thought I did say it.  Anyway if Games created in XNA work to me this would seem like an option if no XDK is leaked.
Logged

GBW88

  • Archived User
  • Newbie
  • *
  • Posts: 4
BugTraq: Xbox360 Hypervisor Vulnerability - Unsigned Code on Kernel 45
« Reply #63 on: February 27, 2007, 09:49:00 PM »

I hate to be a fly in the soup here, but I guess I might as well toss some of my understandings out. I'm no team X member, but to my knowledge just "chipping" to cover the patched and fuse-burned parts of the box is hardly practical.

I'm not as versed in the 360's architecture as it's predecessor, but a burned efuse, to my understanding, is in the CPU. Thats the legendary multi-core processor. You can't really just practically toss a new CPU onto a chip and call it a day, any easier than you can repair all the components surrounding it. You might as well just produce a new 360 mobo and call it a modboard, and just cut out the need for chips/soldering at all.

Is this an interesting hole? Yea, it sure as hell is. Is it practical at this point? Hell no. It needs to be refined by those MUCH better versed in assembly and the hyporvisor concept before it sees any fruition. Hopefully those same people won't go running to M$ shouting "mommy mommy, look what Timmy did!!" just to get a cookie for it. Legally, yea, smart move. But you sold your soul to the devil man. Bring back bunnie, I say.

But I'm babbling here. M$ really did make a good security program this time, something we're finally realizing. There isn't such a thing as a hack-proof piece of hardware, the laws of entropy forbid it, but it can be hard as hell to break. If it were only as easy as the PSP, then it'd be spectacular, but the problem here is M$ built in the proverbial "kill-switch" that can be re-used. They fry a fuse, and everything gets locked down. Period.

Feel free to bash me if any of my facts are wrong, like I said, my 360 knowledge isn't too huge.
Logged

Highcutt-

  • Archived User
  • Newbie
  • *
  • Posts: 3
BugTraq: Xbox360 Hypervisor Vulnerability - Unsigned Code on Kernel 45
« Reply #64 on: February 27, 2007, 09:53:00 PM »

Very exciting. A lot of people don't seem to notice the significance of this exploit and are straight out bashing it because it has already been patched in the upgraded kernal. Well think of it this way, when the right people get their hands on 360's that don't have upgraded firmware, they will be able to run unsigned code, which will allow them to dig even deeper and either find ways around the supposed blown efuse problem for the known downgrading method by discovering another method of downgrading, or a totally different exploit. Just because microsoft knows about this exploit doesn't mean it doesn't work to our advantage. Being able to run unsigned code is a huge breakthrough, whether or not everyone can do it, you can be sure that someone is already working on this and when they make use of it, it will benefit their efforts.


Also, I highly doubt the guy got money from microsoft or a job, or else you wouldn't see this released. I bet he gave them the info, they had talks or emails with him about it, figured out the problem and decided he was useless because they had patched it. Also probably assumed he had told others so it would go public anyway.
Logged

dokworm

  • Archived User
  • Sr. Member
  • *
  • Posts: 462
BugTraq: Xbox360 Hypervisor Vulnerability - Unsigned Code on Kernel 45
« Reply #65 on: February 27, 2007, 09:55:00 PM »

I agree, I'll be very surprised if we ever see homebrew running i a mainstream way like with the original xbox, and even then you can be pretty sure it will mean never buying any new games for your 360 or going online.

This is a whole world away from the original xbox as far as hacking is concerned.
Logged

tonemgub

  • Archived User
  • Jr. Member
  • *
  • Posts: 57
BugTraq: Xbox360 Hypervisor Vulnerability - Unsigned Code on Kernel 45
« Reply #66 on: February 27, 2007, 09:57:00 PM »

I see a lot of people don't "get" what this means.

This discovery is useless to 99.9% of the people reading this but it gives people in the know the ability to get on the 360 and sniff around. I can't stress enough how huge this is. This is basically a backdoor into testing different hacks. This doesn't mean that xbmc360 is a week away but there is light at the end of the tunnel now.
Logged

GBW88

  • Archived User
  • Newbie
  • *
  • Posts: 4
BugTraq: Xbox360 Hypervisor Vulnerability - Unsigned Code on Kernel 45
« Reply #67 on: February 27, 2007, 09:54:00 PM »

QUOTE(tonemgub @ Feb 27 2007, 11:57 PM) View Post

I see a lot of people don't "get" what this means.

This discovery is useless to 99.9% of the people reading this but it gives people in the know the ability to get on the 360 and sniff around. I can't stress enough how huge this is. This is basically a backdoor into testing different hacks. This doesn't mean that xbmc360 is a week away but there is light at the end of the tunnel now.


Exactly. Those who won't sell out due to being scared or just wanted a nice letter of thanks from Gates can make use of this. Now that its in the wild, this can at least give the real coders and reverse-engineers some ides of where to start.
Logged

NumarkTTX1

  • Archived User
  • Full Member
  • *
  • Posts: 125
BugTraq: Xbox360 Hypervisor Vulnerability - Unsigned Code on Kernel 45
« Reply #68 on: February 27, 2007, 10:02:00 PM »

3 cheers to ms!

HIP HIP HOORAY! HIP HIP HOORAY!

i would love to see hombrew on 360... but i much rather play my backups online. as soon as this bad boy is cracked the ban hammer is comin down HARD!
Logged

Highcutt-

  • Archived User
  • Newbie
  • *
  • Posts: 3
BugTraq: Xbox360 Hypervisor Vulnerability - Unsigned Code on Kernel 45
« Reply #69 on: February 27, 2007, 11:11:00 PM »

QUOTE(NotMe1963 @ Feb 28 2007, 02:36 AM) *

Actually if you have been following the discussions about downgrading the kernel and 4552.  With the 4552 update an efuse was blown and downgrade was disabled.  Attempts to downgrade after that update result in an unbootable console.  Re-flashing with 4552 returns the console to life.  If you have removed the resistor which was on the supply line for the 5v needed for blowing efuses it would still be possible to downgrade, but consoles that have not had such a mod are currently unable to complete a downgrade from 4552.


r6t3 removal prior to the upgrade prevents blown efuse, allowing to downgrade, but doing so after does not bring back the blown efuse. just to clear that up.
Logged

azninvasion

  • Archived User
  • Newbie
  • *
  • Posts: 49
BugTraq: Xbox360 Hypervisor Vulnerability - Unsigned Code on Kernel 45
« Reply #70 on: February 27, 2007, 11:19:00 PM »

So to sum it up.

1. Found a syscall that only checked 32 bits, and modified instruction in order to mask upper 32 bits, disabling code checking.
2. Loaded a indexed register to point to a stack of memory of unsigned code to run.
3. Performed a context switch in order to load data from this area.
4. Pwned

Given the concept of how this works, it should be relatively easy to discover future vulnerabilities involving syscalls. Good work anonymous hacker! Now I have something to look forward to in operating systems aside from dry lectures.
Logged

xtreme_360fw

  • Archived User
  • Jr. Member
  • *
  • Posts: 87
BugTraq: Xbox360 Hypervisor Vulnerability - Unsigned Code on Kernel 45
« Reply #71 on: February 27, 2007, 11:30:00 PM »

Wow, this is some awesome news!  Too bad my personal box has been upgraded to the newest kernel.  Good thing is that I got a good chunk of used and broken systems coming in and will definitely have some non-upgraded mobos for sure.  I'm sure I can pass a couple of systems to some reputable hackers to get their feet wet in this new vulnerability.  Honestly, all I want is an XBMC to run HiDef movies off the HDD and maybe a powerful Linux distribution; everything else is covered by the wonderful world of XBox 1.  It's gonna be fun to see where all this leads to.  I'm not too crazy about the fact that this got reported to M$, but I understand if he wanted to cover his ass/get a job.  I'm sure that some good would come out of this though, it'll just be a matter of time!  Schweeeet!   cool.gif

=Xtreme=
Logged

rehab

  • Archived User
  • Newbie
  • *
  • Posts: 35
BugTraq: Xbox360 Hypervisor Vulnerability - Unsigned Code on Kernel 45
« Reply #72 on: February 27, 2007, 11:43:00 PM »

Great news!

Even if this does not lead to anything, it could not be a bad thing that people who know what they're doing have an open door to check for other possible hacks!
Logged

andi_06

  • Archived User
  • Jr. Member
  • *
  • Posts: 78
BugTraq: Xbox360 Hypervisor Vulnerability - Unsigned Code on Kernel 45
« Reply #73 on: February 28, 2007, 12:04:00 AM »

Back to square one, thanks mate it was over before it started.
Logged

Morlok8k

  • Archived User
  • Sr. Member
  • *
  • Posts: 259
BugTraq: Xbox360 Hypervisor Vulnerability - Unsigned Code on Kernel 45
« Reply #74 on: February 28, 2007, 12:16:00 AM »

by this time next year, we will have modchips for our 360's to run homebrew.  Huzzah!

mark my words....
 
i said that there was going to be a halo 3 beta released to the public - about a month after the first announcement video - and lo and behold - a halo 3 beta.

i'm excited.

 cool.gif
Logged
Pages: 1 ... 3 4 [5] 6 7 ... 17