xboxscene.org forums

Pages: 1 2 [3] 4 5 ... 7

Author Topic: Bunnie, Mist and Tmbinc meet Designer of the Xbox360 Security  (Read 620 times)

kgn340

  • Archived User
  • Newbie
  • *
  • Posts: 11
Bunnie, Mist and Tmbinc meet Designer of the Xbox360 Security
« Reply #30 on: May 13, 2007, 06:01:00 AM »

i'm still a little miffed about not being informed about the update or the contents of there-of prior to.
my ability to run homebrew on my 360 went from "yes" to "no" because of athe "wonderful stuff" mentioned in the article.

thanks for that.

score one for big business then, i guess.
Logged

gasclown

  • Archived User
  • Hero Member
  • *
  • Posts: 686
Bunnie, Mist and Tmbinc meet Designer of the Xbox360 Security
« Reply #31 on: May 13, 2007, 06:04:00 AM »

Didn't you guys own an xbox1? Or any other hacked console... bunnie! The other guys are legends too, but I'm up the back yellin bunnie!!

rock and roll
Logged

Modiller

  • Archived User
  • Full Member
  • *
  • Posts: 172
Bunnie, Mist and Tmbinc meet Designer of the Xbox360 Security
« Reply #32 on: May 13, 2007, 06:31:00 AM »

QUOTE
Money talks.


you act as if people in the scene aren't financially capable

heh, MS. isn't paying them millions for information..
Logged

DrPepperFan15

  • Archived User
  • Full Member
  • *
  • Posts: 193
Bunnie, Mist and Tmbinc meet Designer of the Xbox360 Security
« Reply #33 on: May 13, 2007, 06:40:00 AM »

Honestly..... I would like the 360 to not be hacked. There are so many reasons why I would like this but mainly because I do NOT like people who bring the mods online which I know will happen with 360 since the damn thing is built upon the online system. I could go on and on about everything that would piss me off everytime I went to my friends list and seen someone with the status like "  :Is playing OMG360HAKZORZWTFBBQ"  should I say anymore?

edit:Although again I would like it to get modded for all the things you could do but theres always the majority of people who will go mental for halo 3 mods and whatnot also people are already modding games online through the firmware mods which annoys the hell out of me mainly in gears of war when I see one guy who has 1 kill but 99999999999999 points... it's already starting to happen and it's just purely annoying when you play with them too.... also I've had it happen to me in chromehounds. I'm complaining too much but just giving my thoughts about the whole thing

This post has been edited by DrPepperFan15: May 13 2007, 01:44 PM
Logged

Trex666

  • Archived User
  • Jr. Member
  • *
  • Posts: 85
Bunnie, Mist and Tmbinc meet Designer of the Xbox360 Security
« Reply #34 on: May 13, 2007, 06:51:00 AM »

QUOTE
Furthermore, it is standard practice in the security profession to contact the vendor to attempt to resolve the issue prior to disclosure. There is no monetary reward for this behavior; it is simple professionalism and an act of good faith. I would like to point out that this is identical to the path we started last time — when I hacked the original Xbox security the first thing we did prior to public disclosure was to notify Microsoft of the vulnerability — but last time Microsoft wasn’t responsive, and furthermore, even if they wanted to do something, they couldn’t because of how they had burned a single key and codebase into every box out there. This time, they have an improved system with sufficient agility to respond to such a threat, and they also listened to us and invited us to their house so they can learn and improve, and hopefully improve relationships with potential developers like the homebrew community. We gladly obliged because as security professionals our ultimate goal is to improve the state of the art and social policy in security, and open negotiation is more productive than a protracted guerilla warfare.
Logged

mike315

  • Archived User
  • Full Member
  • *
  • Posts: 207
Bunnie, Mist and Tmbinc meet Designer of the Xbox360 Security
« Reply #35 on: May 13, 2007, 07:03:00 AM »

sometimes i miss the days when 0day was 0day and screw the vendors. tongue.gif

i remember going to pumpcon, summercon, etc; knowing i was going to hear some juicy exploit no one had heard about...im not saying it doesn't happen. but it doesn't happen enough anymore.

Logged

manu_xl

  • Archived User
  • Sr. Member
  • *
  • Posts: 393
Bunnie, Mist and Tmbinc meet Designer of the Xbox360 Security
« Reply #36 on: May 13, 2007, 07:32:00 AM »

QUOTE(gasclown @ May 13 2007, 02:04 PM) *

Didn't you guys own an xbox1? Or any other hacked console... bunnie! The other guys are legends too, but I'm up the back yellin bunnie!!

rock and roll

hehe ... he even doesnt look like a nerd. Bunnie has the looks to play in some kungfu movie ;-)

Bunnie for president \0/

(IMG:http://pictures.xbox-scene.com/xbox360/bunnie/bluehat3_07_s300.jpg)

isnt he adorable?

This post has been edited by manu_xl: May 13 2007, 02:38 PM
Logged

ampedXR

  • Recovered User
  • Full Member
  • *
  • Posts: 106
Bunnie, Mist and Tmbinc meet Designer of the Xbox360 Security
« Reply #37 on: May 13, 2007, 08:12:00 AM »

Sounds like people from the scene are cashing out if you ask me...
Logged

rgtaa

  • Archived User
  • Hero Member
  • *
  • Posts: 604
Bunnie, Mist and Tmbinc meet Designer of the Xbox360 Security
« Reply #38 on: May 13, 2007, 08:37:00 AM »

So am I hearing this right, these guys only Hacked xbox 1 to show MS how it could be done,and when MS didn't respond the way they liked, turned to "gorilla warfare", and let it out of bag so we could have modded xbox 1.  

Now with 360, MS  says , GLAD to see you FELLOWS, take a seat and let's talk, can I get you cup of coffee, please, show us what you are up to and our security holes, so, nobody can hack it.  So in future , are Sony, Nintendo, MS gonna be be "offered" a sit-down and if "meeting" goes well, no hacks will come out. If not, you guys know what we will do, and we are the guys that did it in past.

All you people , praising this, will not be smiling when "all the consoles" stop being hacked... period!.  Sounds like hackers now have to watch for this type "slime-ball" tactic, it's extortion.

In past, MS found out, what happens if they don't play ball with these "slime-balls" , they will let everyone get a FREE MOD, and if they do play ball with these "slime-balls" ... they get rich and community shuts down. And don't think it will not happen, MS, Sony and Nintendo  has the money to throw at this problem... to make it go away.  

Guys, please think what you are supporting, LONG TERM.  I understand most of us don't like "cheating" etc, but we are also talking, home brew, Linux, media center, everything else.  And that is what you are supporting if you support these "slime-balls"!

Sorry fellows for ranting a little but gee, knowing we were used as PAWNS in a scam to get MS to hire them , makes me MUFFED to say the least, and MUFFED at you guys supporting their tactics.  Not to mention all the other NICE folks that "trusted" them with info, they latter gave to MS.  More than 1 person had to do hacking stuff, many people helped to do it, but only the "slime-ball" , who did it for MONEY!  That is why the word "traitor" was used by some.  The same way MS would use the TERM if an employee of MS took valued info to rival company, MS would think of that employee as TRAITOR, right?

Logged

PhatheadWRX

  • Archived User
  • Full Member
  • *
  • Posts: 230
Bunnie, Mist and Tmbinc meet Designer of the Xbox360 Security
« Reply #39 on: May 13, 2007, 08:09:00 AM »

QUOTE(Modiller @ May 13 2007, 08:31 AM) View Post

you act as if people in the scene aren't financially capable

heh, MS. isn't paying them millions for information..

just hundreds of thousands....

much more than net recognition.  the original hackers don't make the money, its the companies that mas produce chips to sell to the masses
Logged

DrPepperFan15

  • Archived User
  • Full Member
  • *
  • Posts: 193
Bunnie, Mist and Tmbinc meet Designer of the Xbox360 Security
« Reply #40 on: May 13, 2007, 08:45:00 AM »

Well tyhe guy with the devkit made an emulator i think XMAME for 360... either he himself was a developer or he was just an extremely wealthy/lucky person to get one of those. He's making homebrew already, so would he be a traitor to them? to us?

Also looking at the pic again is kinda funny how I noticed that the Apple logo is smaller than the Microsoft logo which is just a bit funny.... only I and other extreme apple haters would understand what I'm talking about. Even funnier to see an apple at microsoft

This post has been edited by DrPepperFan15: May 13 2007, 03:49 PM
Logged

sunn02

  • Archived User
  • Newbie
  • *
  • Posts: 20
Bunnie, Mist and Tmbinc meet Designer of the Xbox360 Security
« Reply #41 on: May 13, 2007, 08:52:00 AM »

Here's what they said on the blog

#  Felix Says:
May 13th, 2007 at 5:25 am


Why hurting? Working together with Microsoft actually made it possible to speak about this hack in public at all, and releasing information (including that proof-of-concept) about it. My/our intention was never to spoil homebrew. No, there was no money and no job involved in the disclosure to Microsoft. I have good-paying job, and hacking stops being fun if money is involved, at least for me. (which reminds me about that gray every-day life which will start again after I enter the plane tomorrow - i really had a great time here at Bluehat and Toorcon - thanks Bunnie, thanks microsoft, thanks toorcon and all the other people involved!)

The real enemy is not Microsoft in general, they are their lawyers. That are the people I wanted to keep on distance. It worked out. The reason to stay anonymous so long was not that being mysterious is so cool or whatever - it was just about not getting sued. But after Bluehat, it become clear that this was no issue anymore.

And my strict demand for working on a project like free60 is that i can publish stuff in public, under my real name, without hiding anything, and still be able to sleep well at night. This would not have been possible if we hadn’t worked together with Microsoft.

And I would be the very last person not wanting free60 to become successful. The world is just not that black and white.

# bunnie Says:
May 13th, 2007 at 5:37 am


Actually, we are very strongly for homebrew and Linux. We had a very long talk with the security architects at Microsoft about splitting up security into separate modules for anti-piracy, anti-cheating, DRM, code signing, etc. for the next generation so that homebrew can run, without enabling piracy. Hopefully they have listened.

The problem with the exploit is that it can be directly abused for piracy, as their architecture used a single core security module which, when compromised, caused everything to be compromised. The potential liability of such an exploit is immense. The likely crack-down on the homebrew effort due to legal backlash would not have been productive in the long term and there were strong indications of such a possibility — after all, it is the exploit developers who are putting their necks on the line.

It is also clear in 20/20 hindsight that if we had not taken the path we did, Microsoft would have quickly reverse engineered our exploit installer and developed a patch, and we would have lost the opportunity to discuss the situation with them while creating potential legal havoc for ourselves due to the ambiguity of our intentions from their standpoint. At least this way we had a chance to share our views. And, to reiterate the obvious, the homebrew-fans would be in exactly the same place as they are now (e.g. having to stop at a certain patch level/potentially buy new hardware) because the “strength” of the exploit wasn’t great enough to stand on its own for more than a few days. Under all circumstances you would eventually have to buy one box to play Xbox Live, and another box to do homebrew, full stop. That’s how good the 360’s security architecture is.

Furthermore, it is standard practice in the security profession to contact the vendor to attempt to resolve the issue prior to disclosure. There is no monetary reward for this behavior; it is simple professionalism and an act of good faith. I would like to point out that this is identical to the path we started last time — when I hacked the original Xbox security the first thing we did prior to public disclosure was to notify Microsoft of the vulnerability — but last time Microsoft wasn’t responsive, and furthermore, even if they wanted to do something, they couldn’t because of how they had burned a single key and codebase into every box out there. This time, they have an improved system with sufficient agility to respond to such a threat, and they also listened to us and invited us to their house so they can learn and improve, and hopefully improve relationships with potential developers like the homebrew community. We gladly obliged because as security professionals our ultimate goal is to improve the state of the art and social policy in security, and open negotiation is more productive than a protracted guerilla warfare.

Simply put, we are locksmiths, and we love locks. We see locks as protecting possessions, homes, and families. We understand how to pick locks, and we also understand how to make better locks. Locks can be abused by preventing access to public places, but we believe it is best to go to the biggest lock maker and help them improve their locks (for the love of the art) and also help them set policies on deploying locks (for the love of the people). Microsoft will continue to improve their locks with or without us, but I doubt they would ever even consider making a policy change without us.

And, I think we left a clear message at Microsoft that until they do provide a signing key to enable homebrew, inevitably every new generation will be attacked until an exploit is found that enables homebrew (and other aspects), possibly by a new adversary that is not as white-hat as us. Creating a multi-faceted security strategy that enables homebrew effectively diffuses the threat model and thereby enhances security. Open hardware platforms are inevitable; hardware is inherently open.

Finally, those who are interested in homebrew may have read the security focus bugtraq release back in February and understood that enabling homebrew on your box is as simple as not accepting the latest patch updates. The modest interest the post generated was probably a reasonable indicator that the vast majority of the potentially affected parties didn’t actually care for homebrew, as game copying was already possible for many months now. I apologize to the homebrewers who did miss on the opportunity, but you can probably also still obtain unpatched boxes in the standing inventory of stores today.

Because of this, Linux development is still very active in the homebrew community, no new piracy or cheating was enabled, and thankfully we can continue our work with little fear of legal action. I think many would agree that this is in fact probably the best compromise solution available. You can’t make everybody happy, but I think all parties acting true to their stated intentions should be happy.

This post has been edited by sunn02: May 13 2007, 03:53 PM
Logged

HSDEMONZ

  • Archived User
  • Hero Member
  • *
  • Posts: 5248
Bunnie, Mist and Tmbinc meet Designer of the Xbox360 Security
« Reply #42 on: May 13, 2007, 09:00:00 AM »

I've talked to bunnie.. but not to the others at that lecture. All I can really say on this is that If they've found an opportunity to make some coin out of their years of research, hacking, whatever then so be it. i'm not going to judge them cause they've found a way to make a living doing some legit and above board work applying what they've learned in the past via what some may view as less then legit means.

Homebrew, backups, Piracy. these three things are tied together in a circle whether we like it or not. Many times, the work in one of these fields, benefits those wanting the others to flourish. I don't draw a line and thank a guy for giving us potential access to homebrew, and forget that they've also given us access to backups, and others to outright piracy.

I don't call any of these guys traitors. I don't forget what drives much of this and the other console scenes.

Piracy.

I don't expect alot of people to stand by and be loyal to anyone in this or the other scenes. Everyone grows up, and eventually.. piracy in any of it's flavors becomes less and less a focal point while earning a legit living and not looking over your shoulder all the time wondering if you've finally pushed your luck too far this time becomes more important.

I'm at a point in my own life where pretty much only the potential of homebrew interests me in the various console scenes. Piracy, or even backups don't warrant my interest any longer. I suppose that came with age, maturity, and acknowledging that I don't need backups of stuff. ( I take care of my shit )

Congrats to the 3 brains on rolling their skills into something legit.

Logged

caster420

  • Archived User
  • Hero Member
  • *
  • Posts: 938
Bunnie, Mist and Tmbinc meet Designer of the Xbox360 Security
« Reply #43 on: May 13, 2007, 09:29:00 AM »

I think most of you fail to realize how much knowledge bunnie and his team have allowed us to gain on the 360 security and inner workings of it.  If this information wasn't made public, we would still be standing in the dark with nothing but a firmware hack for 'backups'.  As stated a long time ago, it is obvious that most people do not want true homebrew.  Most of you also fail to respect what bunnie did for the original xbox and the legal issues he went though to release the developements he was making.  He also made a report of recommendations to microsoft based off of that research, so this is nothing new.  

Bunnie and crew, thanks for all of the hard work you have done with this console.  I know i am glad to have an exploitable kernel to play around with and hopefully things will continue to progress.

Thanks,

Caster.
Logged

rgtaa

  • Archived User
  • Hero Member
  • *
  • Posts: 604
Bunnie, Mist and Tmbinc meet Designer of the Xbox360 Security
« Reply #44 on: May 13, 2007, 10:46:00 AM »

The xbox 1 took off when it was hacked and this SITE took off around same time ... and xbmc and all types of programs were created for it.  I was sort of hoping the same thing would happen on 360 with all NEW different type stuff, sykpe phone, video phone, web surfing, homebrew, linux, and stuff I never would have imagined.  But these guys have dashed my hopes of "cool" stuff coming out from very creative community.  With POWER of 360 I was thinking xbox 1 was just the beginning, but NOW it seems the way HEAD MOD is saying, it's an era that has come and will probably die, as we all move on to other things.

Damn, I'm going through grieving process.

This post has been edited by rgtaa: May 13 2007, 05:51 PM
Logged
Pages: 1 2 [3] 4 5 ... 7