xboxscene.org forums

Pages: [1] 2 3 4

Author Topic: Possible New Exploit?  (Read 127 times)

The_Truth

  • Archived User
  • Full Member
  • *
  • Posts: 134
Possible New Exploit?
« on: January 11, 2005, 08:18:00 PM »

I had the idea, that a .jpg image could be used to create a buffer overflow from inside the xbox music mixer disk. MS already released a utility that allows transfer of .mp3, .jpg, and xbox karaoke files to the xbox. I assume the karaoke files would be easier to exploit, but, they are most likely signed since they are purchased content. So the idea starts with our hacked jpg. have it crash to nkpatcher, unsure how, maybe embed it somehow? after that, should be able to boot all unsigned media. if you wanted to take the hack further, it could be turned into a standard installer, and possibly have everything inside the jpg
smack me if it's a bad idea wink.gif
Logged

eh.

  • Archived User
  • Hero Member
  • *
  • Posts: 529
Possible New Exploit?
« Reply #1 on: January 12, 2005, 12:23:00 AM »

I'm unfamilar with the music mixer, but to me this sure sounds like a good idea (re. the windows-like exploit potential of the transferred files) eh.
Logged

triggernum5

  • Archived User
  • Hero Member
  • *
  • Posts: 896
Possible New Exploit?
« Reply #2 on: January 12, 2005, 06:38:00 AM »

I mentioned this a few months ago, and IIRC the asm guys didn't find any holes that we know how to exploit at the present time..
Logged

PedrosPad

  • Archived User
  • Hero Member
  • *
  • Posts: 1277
Possible New Exploit?
« Reply #3 on: January 12, 2005, 07:24:00 AM »

This disk is interesting for a few reasons.

I started to look into this in last October - in fact the APILogger utility was developed to help with this - But my investigation was centred around the fact that this title in one of only a few XBOX game DVDs that are flagged to leave Reset-on-eject off.  Meaning that if an exploit could be found, you could exchange DVD media after it fired, beating the GameSav exploits..  I only attempted a few things at the time and my investigation was far from exhaustive.  I planned to return to it when time allows.

As was stated, this title also has a PC software component – A utility that allows you to move your own images and sound samples onto a retail XBOX.  Another avenue worthy of investigation.
Logged

The_Truth

  • Archived User
  • Full Member
  • *
  • Posts: 134
Possible New Exploit?
« Reply #4 on: January 12, 2005, 03:12:00 PM »

i just assumed that it would be easier to exploit a .jpg because usually they are smaller, so it would take less to crash the program(correct me if i am thinking incorrectly). also, i had a wonderful idea for next nkpatcher release, once again, to beat MS at the live banning game.(atleast a changed key in memory biggrin.gif )
Logged

JimmyGoon

  • Archived User
  • Full Member
  • *
  • Posts: 210
Possible New Exploit?
« Reply #5 on: January 12, 2005, 05:45:00 PM »

wow... sounds interesting.. this could be REALLY cool... if exploited of course. No Reset on Eject.... interesting.... hmm

well good luck and if it needs more saying ... but priority on this cause this could be VERY good....
Logged

DaddyJ

  • Archived User
  • Hero Member
  • *
  • Posts: 1324
Possible New Exploit?
« Reply #6 on: January 12, 2005, 06:40:00 PM »

QUOTE(PedrosPad)
As was stated, this title also has a PC software component – A utility that allows you to move your own images and sound samples onto a retail XBOX.  Another avenue worthy of investigation.


Hmmmm....
Logged

The_Truth

  • Archived User
  • Full Member
  • *
  • Posts: 134
Possible New Exploit?
« Reply #7 on: January 12, 2005, 06:57:00 PM »

wow, even the "Senior" hackers are thinking about this one. but the best part is, no gamesave! the even better part is... if the possibility is there, no uxe needed if it crashed to nkpatcher!
only downside, disk swap. would kinda be like the PS2 gameshark disk swap smile.gif
Logged

BlackWar

  • Archived User
  • Sr. Member
  • *
  • Posts: 280
Possible New Exploit?
« Reply #8 on: January 12, 2005, 10:31:00 PM »

more like "patching it up for live gaming"......

I am not going to say anymore because this is not my idea, and I am not going to take the sun from someone that deserves it.
Logged

rmenhal

  • Archived User
  • Full Member
  • *
  • Posts: 102
Possible New Exploit?
« Reply #9 on: January 12, 2005, 10:39:00 PM »

QUOTE(BlackWar @ Jan 13 2005, 07:02 AM)
more like "patching it up for live gaming"......


Oh, one of these.. again.. sleeping.gif

I'll never put anything that supports playing backups on Live to nkpatcher. Whatever you're thinking, MS could just add a new check and then you get banned again.
Logged

JimmyGoon

  • Archived User
  • Full Member
  • *
  • Posts: 210
Possible New Exploit?
« Reply #10 on: January 13, 2005, 02:56:00 PM »

QUOTE(rmenhal @ Jan 13 2005, 07:10 AM)
Oh, one of these.. again.. sleeping.gif
Logged

DaddyJ

  • Archived User
  • Hero Member
  • *
  • Posts: 1324
Possible New Exploit?
« Reply #11 on: January 13, 2005, 03:29:00 PM »

QUOTE(JimmyGoon)
what do they give you that nkpatcher doesn't?????


Not much anymore, but they still give you dual bios boot, LED control, and the ability to boot multiple dashs via Paths.

But IMO, Virtual Drives, Eeproms & Shadowing is a better trade off.

Logged

krayzie

  • Archived User
  • Hero Member
  • *
  • Posts: 3350
Possible New Exploit?
« Reply #12 on: January 13, 2005, 07:05:00 PM »

fan speed adjustment would be nice though
Logged

The_Truth

  • Archived User
  • Full Member
  • *
  • Posts: 134
Possible New Exploit?
« Reply #13 on: January 13, 2005, 09:01:00 PM »

wink.gif

Edit: sorry v1 brethren, i feel your pain of no F:\  wink.gif
Logged

The_Truth

  • Archived User
  • Full Member
  • *
  • Posts: 134
Possible New Exploit?
« Reply #14 on: January 14, 2005, 08:38:00 PM »

anyone know how to start on the xbox music mixer code? i dont know how to examine the code for a buffer overflow. i will gladly work on this if someone will point me in the right direction, even if this does eventually lead to a dead end.
Logged
Pages: [1] 2 3 4