Topic: Possible New Exploit? (Read 129 times)

m.e · « **Reply #31 on:** January 19, 2005, 05:47:00 AM »

I hope you find something. This has awsome potential!

DaddyJ · « **Reply #32 on:** January 19, 2005, 06:37:00 AM »

QUOTE(PedrosPad)

(the formats are close cousins)

Looked closer to brother & sister to me

Angerwound · « **Reply #33 on:** January 19, 2005, 08:23:00 AM »

IDA might help you a bit too.

The_Truth · « **Reply #34 on:** January 19, 2005, 08:51:00 PM »

EDIT: also.. there are quite a few .xml scripts that may possibly be able to be replaced.

eh. · « **Reply #35 on:** January 19, 2005, 09:12:00 PM »

CODE

*Default.xbe*
Certificate
~~~~~~~~~~~
Size of certificate : 0x000001EC
Certificate timestamp : 0x3F3D58D6 Fri Aug 15 18:04:06 2003
Title ID : 0x4D53005A
Title name : "Xbox Music Mixer"
Alternate title ID's : 0xfffe0000
Allowed media types : 0x80000002
   : XBE_MEDIA_XBOX_DVD
Allowed game regions : 0x00000001
   : XBE_REGION_US_CANADA
Allowed game rating : 0x00000004
Disk number : 0x00000000
Version : 0x00000004

*downloader.xbe*
Certificate
~~~~~~~~~~~
Size of certificate : 0x000001EC
Certificate timestamp : 0x3F3D58D6 Fri Aug 15 18:04:06 2003
Title ID : 0x4D53005A
Title name : "Downloader"
Alternate title ID's : 0xfffe0000
Allowed media types : 0x00000002
   : XBE_MEDIA_XBOX_DVD
Allowed game region : 0x00000001
   : XBE_REGION_US_CANADA
Allowed game rating : 0x00000004
Disk number : 0x00000000
Version : 0x00000004

*dashupdate.xbe*
Certificate
~~~~~~~~~~~
Size of certificate : 0x000001EC
Certificate timestamp : 0x3F3D58D6 Fri Aug 15 18:04:06 2003
Title ID : 0x4D53005A
Title name : "Xbox Dashboard Updater"
Alternate title ID's : 0xfffe0000
Allowed media types : 0x00000002
   : XBE_MEDIA_XBOX_DVD
Allowed game regions : 0x00000001
   : XBE_REGION_US_CANADA
Allowed game rating : 0x00000004
Disk number : 0x00000000
Version : 0x1012A700

*update.xbe*
Certificate
~~~~~~~~~~~
Size of certificate : 0x000001EC
Certificate timestamp : 0x3F3D58D6 Fri Aug 15 18:04:06 2003
Title ID : 0x4D53005A
Title name : "Online Updater Application"
Alternate title ID's : 0xfffe0000
Allowed media types : 0x00000002
   : XBE_MEDIA_XBOX_DVD
Allowed game regions : 0x00000001
   : XBE_REGION_US_CANADA
Allowed game rating : 0x00000004
Disk number : 0x00000000
Version : 0x00000004

The_Truth · « **Reply #36 on:** January 20, 2005, 04:14:00 PM »

PedrosPad · « **Reply #37 on:** January 20, 2005, 05:51:00 PM »

QUOTE(The_Truth @ Jan 21 2005, 12:45 AM)

is there any chance that someone that knows asm will look at the code that handles .mp3 and .jpg for possible buffer overrun flaws?

eh. · « **Reply #38 on:** January 20, 2005, 09:34:00 PM »

If a modified .mp3/.jpg/.whatever can be created that causes XBMM to reboot/hang/crash (after transferring it to the box using the M$ software) then focussed analysis could be performed with that file eh.

(Maybe there's info. or examples out there about how windows media files were exploited that might help with this eh?)

The_Truth · « **Reply #39 on:** January 20, 2005, 09:38:00 PM »

"on the list"... The_Truth=curious
well anyhow... looking at the disk again... in the media folder... we have fonts again... how do these work? are we loading the fonts from the disk? or are they there as a backup incase of the hdd... if thats the case... there is the possibility to modify them on a burned disk. or if it checks the hard drive first, modify the .xbe to check the media folder first... since we have already passed the signature and media checks.

The_Truth · « **Reply #40 on:** January 20, 2005, 10:21:00 PM »

QUOTE

What causes the vulnerability?
An unchecked buffer in the processing of JPEG images

wow.. that's not vague at all!

i think chances of finding one are better for a .jpg than an mp3... because the mp3 exploit was released in 2002... the jpg exploit was offically recognized by MS as of september 14, 2004

so this is going to hinge on an asm look over...
(i just wish i understood it!)

EDIT: so if someone is too busy to(or just cant) look at it.. but will give me a crash course in it. i would much appreciate it. it might also save time in the long run(if i can comprehend it...lmao)

PedrosPad · « **Reply #41 on:** January 21, 2005, 02:24:00 PM »

QUOTE(The_Truth @ Jan 21 2005, 06:09 AM)

"on the list"... The_Truth=curious

DaddyJ · « **Reply #42 on:** January 21, 2005, 02:41:00 PM »

Jeez.... I wish I had time to take on another project....

total_ass · « **Reply #43 on:** January 21, 2005, 02:45:00 PM »

don't, stay with the one you are working on now.

i want to see 'another gui'.

EDIT: due to excessive laughter i have put another gui in inverted commas.

PedrosPad · « **Reply #44 on:** January 21, 2005, 02:50:00 PM »

QUOTE(total_ass @ Jan 21 2005, 11:16 PM)

don't, stay with the one you are working on now.

Author Topic: Possible New Exploit? (Read 129 times)