Print

[Reno_000]

He doesn't have to come on the message board and share his work with you.  So why knock him, after all if he manages to pull this off, its you people that will benefit from it, so you should be encouraging him.  If this method is not possible, at least we have explored that avenue and can move on to the next.

[xdreamer]

Well It were the guys on the board that attacked me first.

My first message was just giving some inspiration and that it is quite
unlikely that you can manage anything like that.

Then those newbie fuckheads attacked ME first.

[Mordenkainen]

QUOTE

Well It were the guys on the board that attacked me first. My first message was just giving some inspiration and that it is quite unlikely that you can manage anything like that. Then those newbie fuckheads attacked ME first.

Here is the first few lines of your first post here:

QUOTE

Hello, i do not want to sound rude but you guys should learn a bit more about how the security of the xbox works.

If thats not a shot across the bow, I don't know what is.

We are NOT talking about the security of the xbox here. We are not trying to get the X to play an unsigned CD.

The attempt is to find a way to exploit the DVD player....

As you said it:

QUOTE

Corrupting DVDs etc were all done at least one year ago and all they were able to find was a way to hang the kernel with a corrupted DVD.

Well, if the invalid DVD can hang the kernel, then it's possible that there is a buffer exploit that can be utilized to crash the kernel and get PBL loaded.

It's an invalid savegame that does the 007/MA exploit, an invalid font that does the font exploit, and an invalid database that does the audio.

If these items have buffer issues, other portions of the code could, INCLUDING THE DVD PLAYER!

Do you pay any attention at all to CERT advisories? In the past 6 months there have been over 200 buffer exploits found on windows. If the MS developers are THAT sloppy, there ARE others on the xbox. Where? ANYWHERE! If your dev team is a bunch of monkeys your code is gonna have a lot of bananas. And MS's dev team seems to be primates from the rainforest.

As I have said before, dance around your bonfire chanting "It can't be done, It can't be done." all you want. It doesn't change the fact that it COULD be done. Not WILL, but COULD.

Lets see....

1. Can't run unsigned code on the X without a modchip... HMMMMM... 007/MA.
2. Can't do it without the games. The fonts and the audio expliot.
3. Fine, you proved me wrong, but you can't have the SW features of my custom BIOS! PBL.
4. Ok, but you can't boot multiple BIOS's! PBL v 1.3.
5. Fine then... You got me! But none of us will EVER be able to run bigger that 130 gig drives! oz_pauls lba48 patch.

WTF... Boy I guess those guys were kind of wrong... HMM... they seemed sure of it at the time!

Sure, you wanna help, if you are so into the DVD spec and all the ways that the X authenticates things, why don't you do something useful and decompile the DVD player and find that buffer error in there, or at least be able to say for SURE there isn't one!

Hell, I was able to flash the ROM in my DVD player using a boot disk that exploited the FIRMWARE on the player. Boot it up, push a couple of buttons, and BANG, region free!



Morden.

[XcdmX]

Mordenkainen:

Extremely well said!

Xboxhakur:

Keep up the good work!

[pmh]

BUMP. More ppl need to see this.

[luther349]

the xbox in dvd mode is no diffrent from a standerd dvd player. putting fake dvd meda is a bitch thow i dont knoe if is ever been done. being the dvds have securty of there own. i do knoe the xbox will read a standerd dvd-r with a dvd move on it and play it just fine. thats without a midchip.

so making a fake .vob file might work in crashing the kernel. btw mr. xbox only does this or it cant be done if the xbox reads a standerd dvd-r with a movie on it without a modchip guess what it reads single layer disk and doesent use rca checking. so your best bet work be to put like a 60 sec movie or something on it then when it switched to the fake .vob you expolite the kernel.

i tryed this myself time time ago but i dont have a dvd-r i used cdrws but it dont play them very well. most of the time the video just dies.

the hard part is kicking the xbox out of dvd-moive mode back to normel mode i dont knoe if the xbox will handel a .xbe/expolite when its playing a movie.

[peteo]

What xbe plays dvd's?
Is it in the msdash.xbe or is it another file?

Think what luther349 said, a fake .vob file on a dvdr would be the place to start f'in around with. There's got to be a way to make the xbe that plays dvds to overflow the buffer just like the font or audio hack. Of course those hacks require files on the HD to be changed.

When the Xbox goes into dvd mode I wonder if any code could be executed. I mean, every thing needs to be signed. The save game hack uses 007 to trick the xbox into thinking its still runing 007. The font hack is signed and same with the audo hack. So if the xbe that plays dvd's is overflowed I wonder if the file would need be signed with the key the  xbe was signed with. or maybe it will run because it thinks its a dvd and those are not signed?

I wonder if the Xbox checks to see if the vob is valid. Or if it just reads the struckture of the disk to determin if it is a dvd or cd, or xbox game.

[Nailed]

QUOTE (peteo @ Sep 21 2003, 06:39 PM)

What xbe plays dvd's? Is it in the msdash.xbe or is it another file? Think what luther349 said, a fake .vob file on a dvdr would be the place to start f'in around with. There's got to be a way to make the xbe that plays dvds to overflow the buffer just like the font or audio hack. Of course those hacks require files on the HD to be changed. When the Xbox goes into dvd mode I wonder if any code could be executed. I mean, every thing needs to be signed. The save game hack uses 007 to trick the xbox into thinking its still runing 007. The font hack is signed and same with the audo hack. So if the xbe that plays dvd's is overflowed I wonder if the file would need be signed with the key the xbe was signed with. or maybe it will run because it thinks its a dvd and those are not signed?

msdash.xbe, well, actually xboxdash.xbe on a stock box.

An overflow doesn't guarentee an exploit, but its a good start.  Btw, your concept of how the signatures work and when they're needed is a bit flawed.

[Xboxhakur]

later...

[stanneh]

[Xboxhakur]

later...

[sleep_21]

You "stumbled" on to HTML view of an FTP folder?  Maybe I'm missing something, but...

this is nothing.

it opens no doors or begs any new questions.


god i can't wait for the new n64 emulator.

[Xboxhakur]

later...

[stanneh]

no need for him to go looking he just needs to read thi (If u can't think of a better way, move on to the next thread)
its from your last post xboxhakur you have more than put your point accross anyone talking shit now is just being ignorant mate.

[Xboxhakur]

later...