Print

[f34rther34pr]

i remember a while back reading something about how it could be possible to hack a 360 through a system update. the only problem(well maybe not just one) would be that if you modified the update code at all it'd break the signature, making it useless.


well i thought perhaps if one could be able to extract an ms-signed signature from an update and then inject it to a modified update (much like the psp's custom firmware) it could be possible foll the 360 into thinking it of an actual update. thus allowing us to run unsigned code on most consoles. it would be much more efficient(and far less time consuming) than a jtag. please don't torch me if this has already been proven impossible.


btw, im pretty sure if we really did some research and experimenting this could very well be possible. post your thoughts, but like i said please don't torch me if its been disproven.

[Heimdall]

You clearly don't understand how digital signatures work. The signature signs the actual code, it isn't an abstract thing that can be extracted and reused. If you change even one byte of the code then the signature doesn't match the code and it fails, so you can't just attach a known signature to a random piece of code and expect it to work.

The only way it might work would be if Microsoft had implemented their digital signature system incorrectly - and they haven't. Consequently, change a byte = signature fails = code doesn't run.

This article might help you understand the basics of digital signatures.

[f34rther34pr]

it just my theory. perhaps some could build on that though. and u are rite about me knowing nothing about how signing works, i just assumed how it worked lol.

[No_Name]

There is nothing to build on.

Just FYI, this attack vector has been thought off before and back in 2005 the answer was no wont work due to the signature on the updates which is the same as today.

[Heimdall]

Yet another noob who can't read, can't code, and knows nothing about digital signatures.

Again, for those like you who can't read - THERE IS NOTHING TO BUILD ON.

The difficulty isn't writing the "re-signer", the difficulty is that we don't have the key to sign the code with. Only Microsoft have that key.

If you'd bothered to read the link in my previous post you'd have spotted that you need the signing key, and a bit of common sense would lead to to work out that Microsoft is unlikely to make such a vital piece of information publicly available.

Your "input" hasn't helped at all, because you provided no input - only baseless and uneducated speculation about something you know nothing about.

[Heimdall]

QUOTE(Haze666 @ Oct 28 2010, 05:19 PM)

but I do know a thing or two about digital sig's.

Obviously not, as your next statement proves.

QUOTE(Haze666 @ Oct 28 2010, 05:19 PM)

Download the system updates, all of the.
compare the sigs
find a pattern
??
Profit.

There is no "pattern" with digital signatures, and if you knew anything about digital signatures you would know that - it's in every "Digital Signature Design 101" course, book and article as one of the requirements for a good digital signature system. Digital signatures are cryptographic representations of a file, and they remain secure precisely because there is no feasible computational method of creating a signature without the original key, nomatter how many signed files you examine. Get it - there is no pattern.

Now, go back to shooting aliens in your bedroom and leave the real engineering to people who know what they are talking about.

[inspuration]

QUOTE(Haze666 @ Nov 2 2010, 03:50 PM)

Sarcasm my friend.

Wouldn't put it like that if i were being serious, Sir.

You are an idiot. Stop talking.

[f34rther34pr]

yes i revived this postg deal with it.

anyways. in defense of the person who actually supported my idea. it could be possible. namly because the ms digutal signiture has to be stored somewhere rite? if it wasnt then how would the 360 know it is a valid code and not some user made one?

[Heimdall]

Not again.

You either haven't bothered to read up on digital signatures, or haven't understood them, in spite of the simplicity of the article I linked to in my first reply.

The digital signature is different for every single file. I'll say it again in a different order in the hope that it might sink in - every single file has a different digital signature. The signature for one file is of no use with another file, because it simply won't match the second file.

It's the public key that's stored on the Xbox, and the public key is used to VERIFY the digital signature of the file. To sign the file you need the private key. Microsoft's private key is probably not stored in one place, is definitely only accessible to a handful of people, and is therefore unlikely to ever be seen outside of Redmond. I'll say that again as well, in the hope that it might sink in; you can only sign a file with the private key, and only Microsoft has the private key, and the private key ISN'T on your Xbox, it's held at a secure Microsoft location.

FYI, in case you were wondering, JTAGs can run unsigned code because they bypass the signature check - broadly the same method that was used on the Xbox 1. That's the only feasible method to get round the signature problem.

So please, stop flogging this dead horse. Your idea (it was never a theory, in spite of the title) simply won't work. To summarise what I said to your equally misguided supporter, if you can't even grasp the basics of digital signatures then you should stop digging yourself further into this hole, and leave the real engineering to people who know what they are talking about.

[No_Name]

Yes idiot, it is stored somewhere, how the **** do you expect them to sign the games we play.
Its probably stored on a secure stand alone system in a secure room, within a secure room within a secure floor of a secure building.

So there you go got going to steal it and then you dont need your 'theory' which as I said is not a new or unique idea people smarter than you had the same idea the very day the 360 came out.

O and before you think of a new idea, no the old game save hacks from the xbox day wont work either.