Print

[DaBiscuit]

QUOTE(globe_guyx @ Oct 21 2005, 11:53 PM)

Why?
"You" developed it.  "You" distributed your files.  If not they wouldn't be out there like you said they were.  "You" informed M$??  I doubt they'd entertain more than accepting your sourcecode unless of course you're actually one of their dev's (in which case you would lose your job for this.)  Why totally fuck over ppl who are doing EXACTLY what you did with these xbe's. Seriously, M$ would fix it without your intervention if it was to grow to the situations you didn't want, yet participated in.
I attempted the exact same thing as I said, but if I was successful I wouldn't have been fucking stupid enough to distribute them, and even if I got drunk one night and uploaded them all over the internet I'd accept the fact that the game may as well be over for me, and stop using them myself to avoid an eventual ban, and leave it at that.

Probably because he didn't want to give the scene a bad name. Face it, if something like this had become part of just the normal way of things, MS would have gone ballistic. They are very precious about XBL.

[globe_guyx]

Umm, reputation with whom?  Granted after a little more thinking I might do the same if M$ lawyers traced it back to me.  Immunity is pretty tempting although I don't see why M$ would need his source code anyways.

[DaBiscuit]

QUOTE(globe_guyx @ Oct 22 2005, 03:56 AM)

Umm, reputation with whom?

With MS, of course. They probably hate the scene enough already, without giving them another reason to hate softmodders.

QUOTE

Granted after a little more thinking I might do the same if M$ lawyers traced it back to me.  Immunity is pretty tempting although I don't see why M$ would need his source code anyways.

They may not have needed it, but one thing that is for sure is that it would allow them to test their solution in-house.

[globe_guyx]

QUOTE

They may not have needed it, but one thing that is for sure is that it would allow them to test their solution in-house.

I'm thinking M$ has somebody around who knows how to program.  As for the reputation thing, if M$ had in inclination to go after modders they would..  Its a cost/benefit analysis.  Sure they'd use us as beta testers before suing us, but on the whole it isn't worth it to them.  Like I said, for this I could see them hunting down the author but it boils down to more complex things than reputation.
Allowing a confessed hacker to work on a project that can be accomplished without him serves no purpose except quite possibly allowing more sensitive info to be leaked.

[Angerwound]

QUOTE(globe_guyx @ Oct 21 2005, 11:46 PM)

I'm thinking M$ has somebody around who knows how to program.  As for the reputation thing, if M$ had in inclination to go after modders they would..  Its a cost/benefit analysis.  Sure they'd use us as beta testers before suing us, but on the whole it isn't worth it to them.  Like I said, for this I could see them hunting down the author but it boils down to more complex things than reputation.
Allowing a confessed hacker to work on a project that can be accomplished without him serves no purpose except quite possibly allowing more sensitive info to be leaked.

Well, seeing as they had no idea that a backup on live was possible and were inclined enough to offer things in return for it's details. It's my guess, that they didn't have someone in house that could of fixed it. Otherwise, their live authentication would have had it fixed in the first place...  

I believe these arguments are finished. Let's get back on track with the real reason I posted this info. To help further softmods. Krayzie should hopefully be implementing a package with XBMC that can execute Retail disks and go live in the near future.

[deacon187]

QUOTE(Angerwound @ Oct 22 2005, 01:35 AM)

I believe these arguments are finished. Let's get back on track with the real reason I posted this info. To help further softmods. Krayzie should hopefully be implementing a package with XBMC that can execute Retail disks and go live in the near future.

that  would really be great




on one hand, i say WTF were you thinking telling M$ about this, but hey if they offered you something in return, more power to you, it might even of led you to work on the 360 in some way who knows

but then on the other hand, i'm actually thanking you, ive had enough with cheaters online as it is and this prolley would of made live unbarable, i actually hope this helps M$ to make live security on 360 that much stronger

[globe_guyx]

QUOTE

and were inclined enough to offer things in return for it's details.

All I'd be inclined to offer is leniancy if I was in their shoes.  Its distributed as you said, so they have grounds to go after your confessing ass regardless of whether or not the dmca applies to your country.  Did they shower you with cash and prizes?
That still begs the question of why 'you' narced on the people 'you' enabled.  I'd believe they had no idea it was out there, but I can't believe that they couldn't pull it off themselves.
I'm just sitting here wondering why I'm the only person ragging on you here.  I mean thats a seriously jerk-like hipocritical sellout (yet probably fictional) move.
Did you report the c:\xboxdash.xbe xbl hack too?  Or possibly work with them to implement the marriage theory?  (There just isn't any way a multi-billion dollar international company could have possibly accomplished that stuff without Angerwound's guidance.)

This post has been edited by globe_guyx: Oct 22 2005, 05:56 PM

[zilli0n]

Well if you read the initial posts you would have found that the reason he contacted MS was due to the people he though he could trust with the XBE spreading it to other kiddies. It would be an instance of what you see when you play Halo 2 now a bunch of kids thinking they are 31337z0rz. So there are initially 2 roads to go with it, one would be do nothing and look like the jerk who ruined live. Secondly would be some idiot that got ahold of the XBE and turning it in to MS for acclaim. I suppose that the staff that runs these beta testing facilities dont know to much about the insides of things. They really just play on live and look for glitches or bugs inside the game. Tampering with kernels is beyond their comprehension I suppose. Instead of bitching and moaning just look it as 'wow, so live with backups was possible, sweet'.

[kingroach]

globe_guyx, if you find a way to play backups on live what would you do?..I would tell ms because there is some limit of hacking.. lok what HALO2 hacking did.. anyways.. as I said MS keeps close contacts with many hackers.. and actually hackers get very well payed jobs.. do you know the guy who created cesser worm few months ago got a job in US.. ( may be in FBI).. anyway a true hacker is one who just hack for fun , many hackers hack corporate servers and just leave a message about the flaw..

and we all know we softmod our xbox to play legitimate backups.. dont we..

[globe_guyx]

Right, because it would get out of hand and stay that way forever.  C'mon, when all the kiddies grab it M$ would fix it..  Remember the Halo2 fixes?  Did Bungie need Angerwound for that?
If I had been the successful one I would not have spread the files to anyone.  Not because I'm greedy and want it to myself, but because I'd fear the wrath of the giant.  I guess it can go one of two ways when you walk up to a software giant with proof that you have broken the law and made them vulnerable to profit loss.  But seriously, the concept of this is so simple that I attempted it.  Again, I think M$ could have their in-house test case without the sourcecode.
Developing/Implementing server-side methods to detect the hack: 99.9999% of the job
Developing the actual hack for testing: 0.0001%

[Angerwound]

QUOTE(globe_guyx @ Oct 22 2005, 12:49 PM)

Remember the Halo2 fixes?  Did Bungie need Angerwound for that?

It's funny you mention that... In fact, Bungie did have me assist them with their fixes for their problems.Here's a small piece of the puzzle... http://www.gpforums.co.nz/thread/280804/?s=
Of course that thread is half truth and doesn't involve the DLC flaws that I came across. However, I did give Bungie a four month advance notice about that as well.
 Not to mention, I still have a conference call scheduled for this week to fix some flaws that still aren't made public.  

And please stop the bullshit about how MS is going to come after me for posting this. I did so with their permission obviously...

I don't think you understand the point of these forums. They are to share information with the community. In the past, I have shared many ideas, tools, and theories. This information I was unable to share at the time due to it's risk to XBOX Live. Now that I the confidence that nothing bad can come of it, the information is here for those that want it.

This post has been edited by Angerwound: Oct 22 2005, 08:23 PM

[d0wnlab]

Incredibly interesting read.  And, obviously, you did the right thing..

Angerwound - I have one question - what (if any) proper education do you have in the field?  If you're willing to tell.

[globe_guyx]

I know you've made some developments.  What I gather from that link is that in exchange for completely enlightening them to a flaw in their system they gave you some toys.
Then I assume they suspected you did what they should expect from a hacker and released your code anyways.  I'll never know if the muslim guy is real, but if it is that was unbelievably stupid of you. That would probably explain why they weren't willing to play with you anymore.  Ask Kevin Mitnick if hackers are appreciated by major corporations.
On the other hand, perhaps they figured: Wtf, we'll take his info any he'll probably get banned anyways.
I find it quite odd that somebody can come out and say "Look at how impressive my work was before I sold out and got a bunch of ppl banned, and eliminated a flaw in xbl that could provide truly fascinating info about the xbl system." and not expect atleast one person to get a little pissy about it.  Maybe you understand the reason I'm upset, maybe its lost on you. Pretty sad..

[leorimolo]

Sorry to say but I think M$ knows already. A logged in today and it said live is gonna be down for upgrades for 2 days or a shit like that. I really think this is directly related. If we know do this kernel and eeperom shit hacking they will have no chance other that than to search our hdds, also M$ will fuck us up with this program in live.

Leo

[RiceCake]

So the cat is out of the bag, or some other antique phrase...

I remember when Angerwound first got ahold of me on IRC (I still have the original conversation!) to show off this little trick he had engineered. At first I didn't really believe what he had done, but when he explained how it worked I started to grasp the concept and started to believe that he had actually suceeded with this hack.

Of course, I still persisted with Angerwound to show me something cool. Eventually he signed a copy of the EvoX dashboard (which I used to MD5 the kernel, amaizingly it did indeed come out to retail sums), and even three video's showing him connect to Xbox Live after loading the Avalaunch dashboard. One video included some voice chat audio, and needless to say was pretty hilarious to see at first.

I may release these video's assuming I can properly recompress them. He took them with a digital camera, so the format is all Quicktime in some massive files. Also, this is assuming Angerwound doesn't mind. He was pretty straightforward when he first told me about this hack that he'd basically track me down and beat me if anything got out before he wanted it, so, just being cautious for now, lol...

QUOTE

A few of my XBE's made it around to people they shouldn't have back in the day and I contacted MS and had the flaw fixed.

Just want to add that that wasn't my fault, lol. Its too bad that happened though, having known what Angerwound's original intention was .

Time for a cookie.

This post has been edited by RiceCake: Oct 23 2005, 01:18 AM