Print

[PedrosPad]

QUOTE (krayzie @ Jul 12 2004, 08:28 PM)

are xbe files the only type of files that can be exploited? Couldn't  there be  vulnarubilities (or however you write it) in other type of xbox files?

This is a big question.
Some excellent links to read are Project B (Hacking) Overview and the 6.5MB PDF XBOX Software Hacking (all interesting but page 37 onwards covers Dashboard exploits ).

[PedrosPad]

QUOTE (mkjones @ Jul 12 2004, 09:52 PM)

You mean like Audio? How about (looks in some xbox folders) The creditcard files in "\xodash\media\Content" (creditcard.csv) The WAV files in the Audio directory?? Has anyone looked at modding these? I have no idea if these ideas will help, but I remember the old Live! exploit thread was a LOT of brainstorming and that led to something!

Indeed it did  This is just the brainstorming  I'm hoping for

[adil786]

QUOTE (PedrosPad @ Jul 13 2004, 09:36 AM)

This is a big question. Some excellent links to read are Project B (Hacking) Overview and the 6.5MB PDF XBOX Software Hacking (all interesting but page 37 onwards covers Dashboard exploits ).

i  highly reccomend those 2 links, excellent pdf, well done xbox-linux, very very nice and intresting!

they should update it with ude etc etc aswell..

regards

[mkjones]

QUOTE (PedrosPad @ Jul 13 2004, 09:40 AM)

Heavily snipped quote: Indeed it did  This is just the brainstorming  I'm hoping for

Thats good then Ped.. at least it wasnt a waste of my time  

Im really interested in finding a new exploit in the dash, I mean were talking M$ here.. I belive the chances are high..  

[PedrosPad]

QUOTE (PedrosPad @ Jul 12 2004, 04:52 PM)

From MechAssault's downloaded content....

This downloaded content sounds like it could be good place to search for suitable UDE/5713 XBE's (those with the XBE_MEDIA_HDD flag ).

What we need is a homebrew utility XBE that'll search the XBOX hard disk drives, walking the directory trees, looking for any XBE's that meet the necessary criteria to be used an an UDE bootstrap, and drop their paths and filenames into a log file on C:\ (for FTPing off ).

That sounds like it could speed up the search.  A nice little project, should anyone wish to contribute .  (I'll have a go at putting something together myself if no one beats me to it and time allows).

[Australian Rat]

QUOTE (mkjones @ Jul 13 2004, 06:36 PM)

Thats good then Ped.. at least it wasnt a waste of my time   Im really interested in finding a new exploit in the dash, I mean were talking M$ here.. I belive the chances are high..

Yeah there will always be flaws in m$ code  Just a matter of finding them.  I mean, the UDE was available essentially as early as many of the original fonts.  It was just never explored before.

Wonder what else is lieing around we haven't prodded yet?

[adil786]

QUOTE (PedrosPad @ Jul 13 2004, 11:33 AM)

This downloaded content sounds like it could be good place to search for suitable UDE/5713 XBE's (those with the XBE_MEDIA_HDD flag ). What we need is a homebrew utility XBE that'll search the XBOX hard disk drives, walking the directory trees, looking for any XBE's that meet the necessary criteria to be used an an UDE bootstrap, and drop their paths and filenames into a log file on C:\ (for FTPing off ). That sounds like it could speed up the search.  A nice little project, should anyone wish to contribute .  (I'll have a go at putting something together myself if no one beats me to it and time allows).

nice, i think ldots could make this kinda program cause he's good at these things...

[mkjones]

QUOTE (adil786 @ Jul 13 2004, 01:48 PM)

nice, i think ldots could make this kinda program cause he's good at these things...

True, maybe a little linux distro could do this, but dont pressure the penguin!

Im sure hes busy enuf

I mean, he did turn down the Mod possition for the same reasons as me, no bloody time these days  

I would love to find some time just to PLAY a little more on my xbox not just develop new softmod tools for it  

[ldots]

I dont have a 5713, but I guess a freshly Live upgraded xbox would do?
Would every file need searching or could the file extension be narrowed down? (xbe, xip,...?).

[adil786]

QUOTE (ldots @ Jul 13 2004, 02:24 PM)

True, I'm a little short on time at the moment, but I think I could easily cook up a a little package to do this search. It would be linux based of course I dont have a 5713, but I guess a freshly Live upgraded xbox would do? Would every file need searching or could the file extension be narrowed down? (xbe, xip,...?).

i would say that all files should be searched, just to add the chance of finding a vunerability...

[PedrosPad]

QUOTE (ldots @ Jul 13 2004, 02:24 PM)

very file need searching or could the file extension be narrowed down? (xbe, xip,...?).

I was thinking of simply scanning for *.xbe, and checking the media type for XBE_MEDIA_HDD , but I guess crafty software houses may have renamed their XBEs...

[mkjones]

QUOTE (PedrosPad @ Jul 13 2004, 02:58 PM)

I was thinking of simply scanning for *.xbe, and checking the media type for XBE_MEDIA_HDD , but I guess crafty software houses may have renamed their XBEs...

Hmm, do you think there are any games around or maybe even game demos (lots of MS ones on certain CDs like Halo/Links2004) that use the exploitable fonts?

I mean, you would need an origional game CD, as before but has anyone tried ever just copying a game default.xbe and folders to C and renaming the file to xboxdash?

Would it load? Or does DVD2Xbox and other such tools patch the XBE_MEDIA string??

[PedrosPad]

QUOTE (mkjones @ Jul 13 2004, 03:14 PM)

Or does DVD2Xbox and other such tools patch the XBE_MEDIA string??

Yes, it does (breaking the signature).   XBEs from DVDs have the XBE_MEDIA_XBOX_DVD media type, and wouldn't be able to be launched from the HDD of an XBOX with a retail BIOS .

I've every OXM cover disk - just in case a demo XBE has both MEDIA types set .  (and I'll search all again if Ldots produces an XBE searcher )

Please, do keep on thinking...

[PedrosPad]

QUOTE (PedrosPad @ Jul 13 2004, 03:31 PM)

I've every OXM cover disk - just in case a demo XBE has both MEDIA types set .

Which reminds me, Ldots, it'll be the lower significant bit of the media type flag that needs to be checked - not simply the whole flag (XBE media flag ANDed with 0x00000001).  It's possible to set the media flag to support multiple medias.  The LSB is the HDD bit.

[ldots]

I simply thought of doing a simple linux script using xbedump to search all xbe's for the XBE_MEDIA_HDD flag. Would still be automatic - as in run the default.xbe (bootloader) and afterwards ftp out the log-file.