Print

[xbox7887]

I've been out of the loop for quite some time and was wondering if anyone knows if there is something to disassemble .xex files.  If not, would anyone be interested in creating a .xex loader module to be used in IDA?  I'm fairly certain that the 360 itself can't be exploited via software, but this would however allow you to easily crack hashes or other security methods disabling you from modifying a game's content...

[jonlewi5]

but u cant modify the games conten as it would break the signiture, wouldnt it??? plz tell me though if im incorrect

[PedrosPad]

QUOTE(jonlewi5 @ Feb 21 2007, 07:49 PM)

but u cant modify the games conten as it would break the signiture, wouldnt it??? plz tell me though if im incorrect

Often a game's datafile (map, graphic, sound, etc.) will also contain a hash to prevent tampering.  When the game engine loads the datafile, it'll recalculate the correct hash from the data (using a secret algorithm) and compare the result against the hash value in the datafile.  If they match the data is accepted as valid and the game engine continues.

Altering a game's datafile contents means it will no longer match the datafile's original hash  (IMG:style_emoticons/default/sad.gif) - unless the datafile's hash is also updated!  (IMG:style_emoticons/default/cool.gif)   Disassembling the game engine can reveal the secret algorithm used to calculate the hash and the information can be used to calculate a new, accurate, hash for the modified content.  (IMG:style_emoticons/default/biggrin.gif)

An extension of this technique is the use of a manifest  (IMG:style_emoticons/default/ohmy.gif) .  A single manifest would contain the hashes of all the game titles datafiles - separate from the actual datafiles.  This way only the manifest needs to be secured, often by being bound into the XEX, gaining all the digital signature protection thereof.  (IMG:style_emoticons/default/mad.gif)

[jonlewi5]

thanks for the info buddy (IMG:style_emoticons/default/wink.gif)

[xbox7887]

QUOTE(PedrosPad @ Feb 21 2007, 03:16 PM)

An extension of this technique is the use of a manifest  (IMG:style_emoticons/default/ohmy.gif) .  A single manifest would contain the hashes of all the game titles datafiles - separate from the actual datafiles.  This way only the manifest needs to be secured, often by being bound into the XEX, gaining all the digital signature protection thereof.  (IMG:style_emoticons/default/mad.gif)

Hmm I've never thought of that :X  I would assume (or hope (IMG:style_emoticons/default/tongue.gif)) however that most games wouldn't use that technique.

[Millenia1x]

i wonder if the incorrect hash can = a ban

[PedrosPad]

QUOTE(Millenia1x @ Feb 22 2007, 04:37 AM)

i wonder if the incorrect hash can = a ban

There is often a lot of fun mileage in doing this with off-line titles.  (IMG:style_emoticons/default/biggrin.gif) (See my XBOX1 Forza Motorsport toolz  (IMG:style_emoticons/default/wink.gif) )

The custom HALO maps, of course, are used on-line, but you're right, there is a increased risk with doing this.

It is common for the datafile integrity hash to initially exist only in the datafiles.  This saves the developer from having to continually update a manifest and/or recompile the game engine as final tweaks are made to levels, artwork, etc. during the final phases of development.

However, as game engines are commonly updated over XBOX!Live, and the content would have stabilised by this point, there is nothing preventing them dropping an updated game engine that does include a manifest at a later date.  (IMG:style_emoticons/default/dry.gif)


This post has been edited by PedrosPad: Feb 22 2007, 11:32 PM

[Jeff Trust]

QUOTE(PedrosPad @ Feb 21 2007, 10:45 PM)

Often a game's datafile (map, graphic, sound, etc.) will also contain a hash to prevent tampering.  When the game engine loads the datafile, it'll recalculate the correct hash from the data (using a secret algorithm) and compare the result against the hash value in the datafile.  If they match the data is accepted as valid and the game engine continues.

Altering a game's datafile contents means it will no longer match the datafile's original hash  (IMG:style_emoticons/default/sad.gif) - unless the datafile's hash is also updated!  (IMG:style_emoticons/default/cool.gif)   Disassembling the game engine can reveal the secret algorithm used to calculate the hash and the information can be used to calculate a new, accurate, hash for the modified content.  (IMG:style_emoticons/default/biggrin.gif)

An extension of this technique is the use of a manifest  (IMG:style_emoticons/default/ohmy.gif) .  A single manifest would contain the hashes of all the game titles datafiles - separate from the actual datafiles.  This way only the manifest needs to be secured, often by being bound into the XEX, gaining all the digital signature protection thereof.  (IMG:style_emoticons/default/mad.gif)

Most of the games I saw with datafiles signed published by M$. Did somebody try to decrypt the secret algorithm calculating of hash? And is there a tool to define what game has a signed data and what hasn't?

[X-hacker]

Err... sorry to p*ss on your bonfire, but most files contained in the game discs are signed with RSA derived from an SHA-1 Hash - especially XEX files. Yes there is software available to decrypt XEX files, but they need to be signed with a private key know only to Micro$oft. If you know someone who can decrypt RSA 2048 then do tell.

I don't think Micro$oft are slack enough to leave any easy way to reverse-engineer the 360's hardware and/or software, even though the Xbox 1 was a simple to hack as it is to fall over drunk.

I'm not having a go, and sorry if it sounds like I am, but there is VAST amounts of information available on various scenes - just take time to read it.

(Yes I know I only have a few posts to my name, but I tend to study the information. If in doubt Google's yer man) (IMG:style_emoticons/default/pop.gif)