xboxscene.org forums

Xbox360 Forums => Xbox 360 Hacking Forums => General Technical Hacking Discussion => Topic started by: Xbox-Scene on December 28, 2007, 09:01:00 PM

Title: 24C3 Xbox360 Secuirty Lecture On-Demand Video
Post by: Xbox-Scene on December 28, 2007, 09:01:00 PM
24C3 Xbox360 Secuirty Lecture On-Demand Video
Posted by XanTium | December 28 22:25 EST | News Category: Xbox360
 
Sorry for the delay, but here's the on-demand video stream of Felix Domke's (alias Tmbinc) and Michael Steil's (alias Mist) lecture at the 24th Chaos Communication Congress in Berlin, Germany: "Why Silicon-Based Security is still that hard: Deconstructing Xbox 360 Security". They explain the Xbox360 security and tell how it was hacked to run Linux (Hypervisor and Shader Exploit and the Timing Attack). The anonymous 'Hoodie Guy' from last year's CCC also makes a short appearance :) They also show a 3d-demo using their reversed engineered driver for ATI/AMD's Xenos gfxchip. At the end there's also a short video of native Wii homebrew!
Even if you don't understand every part of the lecture (it's pretty technical) it's certainly worth a watch to understand more about the Xbox360 security.




Title: 24C3 Xbox360 Secuirty Lecture On-Demand Video
Post by: El3M3nT on December 28, 2007, 08:25:00 PM
Title: 24C3 Xbox360 Secuirty Lecture On-Demand Video
Post by: ausmods on December 28, 2007, 11:05:00 PM
That was a brilliant speech, its very interesting how the security in the 360 works.

I found it a bit hard to understand sometimes, because of the guys french accent and the shitty audio quality....

Is there anywhere to download a better quality version of the video?
Title: 24C3 Xbox360 Secuirty Lecture On-Demand Video
Post by: XanTium on December 28, 2007, 10:36:00 PM
QUOTE(ausmods @ Dec 29 2007, 07:05 AM) View Post

I found it a bit hard to understand sometimes, because of the guys french accent and the shitty audio quality....

Is there anywhere to download a better quality version of the video?


german accent (respect to them for doing their lecture in English tho, so we can all follow it smile.gif)

Anyway, yeah the video/audio quality kinda sucks, but it should be good enough to understand everything.
Video conversion tools really don't work well (or maybe it's just me ... anyone knows a GOOD conversion tool that handles many formats and doesn't crash every 10secs or nuke the video/audio?).

I'll try to post a better version tomorrow.
Title: 24C3 Xbox360 Secuirty Lecture On-Demand Video
Post by: the-ghoul on December 28, 2007, 11:43:00 PM
Definitely have to give respect to these guys for that detailed info.

Exploiting a 64 bit instruction. Genius.

Imagine the trial and error for that. How big is the PPC instruction set? 107 Opcodes in the core set alone?!? Sheesh!


Also, getting the decryption keys for the Wii is huge. But, I thought the Wii uses a hypervisor as well.

Man, I cant wait until mame with lightgun support is ported. T2 on the Wii...yummy.

Great work guys. They are correct, the linux guys are smarter.
Title: 24C3 Xbox360 Secuirty Lecture On-Demand Video
Post by: ausmods on December 28, 2007, 11:24:00 PM
QUOTE
german accent (respect to them for doing their lecture in English tho, so we can all follow it )

Anyway, yeah the video/audio quality kinda sucks, but it should be good enough to understand everything.
Video conversion tools really don't work well (or maybe it's just me ... anyone knows a GOOD conversion tool that handles many formats and doesn't crash every 10secs or nuke the video/audio?).

I'll try to post a better version tomorrow.


Thanks for that Xantium, im looking forward to a better quality version. lol yeah I understand video converters are usually crap.

Lol I could have sworn that was a french accent tho, but now I think about it, they do have german accents  laugh.gif




I can only hope one day I can help with console hacking (Hopefully the electrical enginering course im starting at uni next year will help me on that way...)

I can dream cant I?  laugh.gif
Title: 24C3 Xbox360 Secuirty Lecture On-Demand Video
Post by: m82a1 on December 29, 2007, 12:04:00 AM
*waits on better video quality
Title: 24C3 Xbox360 Secuirty Lecture On-Demand Video
Post by: ryanworrell on December 29, 2007, 02:23:00 AM
So how long do we think till we will see XBMC for 360....maybe even MAC running on the 360?  biggrin.gif  biggrin.gif
Title: 24C3 Xbox360 Secuirty Lecture On-Demand Video
Post by: deilzfcjk on December 29, 2007, 03:31:00 AM
Geez, some guys don't know what the German accent sounds like? It sounds like achtung ich bin esser.  That' means Danger beware of the unknown. ! Heehee!  Everyone knows the best hackers are Finns and Germans.  Linus Torvalds(Finn) is the father of all hackers...because he created Linux. And as you all know from watching that video.... porting things to linux leads to security exploits. It's the nature of LInux. Started out as a hacker O/S and trying to make devices run it....leads to homebrew. Look at xbox1. Key vault hypervisor, etc blah blah....who knows what all that stuff means? I need to get some hash. And some beer!! Watching hackers explain stuff is getting me dizzy. I'm sure weed will make me understand it more!!! hahaha!!!! laugh.gif The Chinese are okay too. But they just do destructive things....they never make homebrew and linux apps. Look at code red and worms....and they hack ps2, wii for piracy only.
Title: 24C3 Xbox360 Secuirty Lecture On-Demand Video
Post by: TIMxIRISH on December 29, 2007, 03:53:00 AM
About where does the hoodie guy appear? I have intention of watching the full thing sometime, but the main thing that perks my interest is the hooded guy as of current.
Title: 24C3 Xbox360 Secuirty Lecture On-Demand Video
Post by: kidman64 on December 29, 2007, 04:04:00 AM
is it me being unable to find a clickable link to the video, or was that link deleted?
nvm, opera hid that content from me.

This post has been edited by kidman64: Dec 29 2007, 12:11 PM
Title: 24C3 Xbox360 Secuirty Lecture On-Demand Video
Post by: WiSo on December 29, 2007, 04:33:00 AM
<off topic>
QUOTE(deilzfcjk @ Dec 29 2007, 11:31 AM) View Post

Geez, some guys don't know what the German accent sounds like? It sounds like achtung ich bin esser.  That' means Danger beware of the unknown.

Your German words mean "Attention I'm an eater"  tongue.gif
</off topic>
Title: 24C3 Xbox360 Secuirty Lecture On-Demand Video
Post by: Dark Seraph on December 29, 2007, 05:13:00 AM
that was a crazy lecture...i cant believe how much stuff goes into getting linux to run on the 360

theres some smart guys on the 360 front
Title: 24C3 Xbox360 Secuirty Lecture On-Demand Video
Post by: flashfreak on December 29, 2007, 05:27:00 AM
deilzfcjk's post was rather useless...

A friend sent me a link to the youtube video of the wii being hacked earlier, but i havnt seen the link to the 360 session on here. Is it up and im missing something or has it been taken down?

Heres the YT link for the wii talk for those who wanna see it:
http://youtube.com/watch?v=H5YB1Mmx7E4

edit: changed clickable link. the html didnt seem to work

This post has been edited by flashfreak: Dec 29 2007, 01:29 PM
Title: 24C3 Xbox360 Secuirty Lecture On-Demand Video
Post by: biscoito on December 29, 2007, 07:48:00 AM
he sounds like he learned his English in Boston, latah, hackah, bootloadah lol
Title: 24C3 Xbox360 Secuirty Lecture On-Demand Video
Post by: JCDenton@AS on February 03, 2020, 10:36:00 AM
where is the link?
Title: 24C3 Xbox360 Secuirty Lecture On-Demand Video
Post by: troyBORG on December 29, 2007, 10:51:00 AM
Yeah!  Wheres the Beef?  

 huh.gif I mean link!
Title: 24C3 Xbox360 Secuirty Lecture On-Demand Video
Post by: JCDenton@AS on February 03, 2020, 10:55:00 AM
I cant find it anywhere

Nothing on youtube
Title: 24C3 Xbox360 Secuirty Lecture On-Demand Video
Post by: erexx on February 03, 2020, 11:24:00 AM
Nothing about the PS3's security
Still the most secure IP delivery system on the market...
(http proxy hack is dead after 1.6 and linux rsx hack is dead after 2.01)
Title: 24C3 Xbox360 Secuirty Lecture On-Demand Video
Post by: JCDenton@AS on February 03, 2020, 11:25:00 AM
help??
Title: 24C3 Xbox360 Secuirty Lecture On-Demand Video
Post by: JCDenton@AS on February 03, 2020, 11:44:00 AM
Cant see anything anywhere checked the page source and i can find something but cant load it.. Anything on youtube?? thanks!
Title: 24C3 Xbox360 Secuirty Lecture On-Demand Video
Post by: 88 Ecko Unltd 88 on February 03, 2020, 12:14:00 PM
for all the idiots asking for the link here it is in windows media player stream

      room 1:
            mms://streaming-internet.fem.tu-ilmenau.de/saal1 (IPv4)
            mms://streaming-internet2.fem.tu-ilmenau.de/saal1 (IPv4)
            mms://streaming.ipv6.tu-ilmenau.de/saal1 (IPv6)
     room 2:
            mms://streaming-internet.fem.tu-ilmenau.de/saal2 (IPv4)
            mms://streaming-internet2.fem.tu-ilmenau.de/saal2 (IPv4)
            mms://streaming.ipv6.tu-ilmenau.de/saal2 (IPv6)
     room 3:
            mms://streaming-internet.fem.tu-ilmenau.de/saal3 (IPv4)
            mms://streaming-internet2.fem.tu-ilmenau.de/saal3 (IPv4)
            mms://streaming.ipv6.tu-ilmenau.de/saal3 (IPv6)

This post has been edited by 88 Ecko Unltd 88: Yesterday, 08:15 PM
Title: 24C3 Xbox360 Secuirty Lecture On-Demand Video
Post by: JCDenton@AS on February 03, 2020, 01:06:00 PM
mmm... Thanks. I have linux tho. Ill try some stuff.
Title: 24C3 Xbox360 Secuirty Lecture On-Demand Video
Post by: l4z4ru5 on February 03, 2020, 03:53:00 PM
QUOTE(88 Ecko Unltd 88 @ Dec 29 2007, 08:14 PM) *

for all the idiots asking for the link here it is in windows media player stream


Any chance you could provide the "idiots" with a link to the actual x360 security lecture instead of the live room links?  (IMG:style_emoticons/default/rolleyes.gif)

Thanks xxx
Title: 24C3 Xbox360 Secuirty Lecture On-Demand Video
Post by: sbmotoracer on December 29, 2007, 04:32:00 PM
Heres the link where i downloaded the lecture:

ftp://ftp.nullstelle.de/CCC/24c3.official.recordings/mpeg4/

13th from the top
Title: 24C3 Xbox360 Secuirty Lecture On-Demand Video
Post by: phoenixdigital on February 03, 2020, 06:05:00 PM
To anyone looking for the video link from this story for "Xbox360 Secuirty Lecture" and can't find it..... turn off adblock if you are using firefox.... took me ages to work out where the video was.
Title: 24C3 Xbox360 Secuirty Lecture On-Demand Video
Post by: mr2000jp on December 29, 2007, 09:22:00 PM
QUOTE(XanTium @ Dec 29 2007, 10:12 AM) View Post

german accent (respect to them for doing their lecture in English tho, so we can all follow it smile.gif)

Anyway, yeah the video/audio quality kinda sucks, but it should be good enough to understand everything.
Video conversion tools really don't work well (or maybe it's just me ... anyone knows a GOOD conversion tool that handles many formats and doesn't crash every 10secs or nuke the video/audio?).

I'll try to post a better version tomorrow.

xilisoft video converter is one of the best , try it.
Title: 24C3 Xbox360 Secuirty Lecture On-Demand Video
Post by: kronicd on December 29, 2007, 11:06:00 PM
Here's a mirror of the entire presentation smile.gif

http://foo.kronicd.n...60_security.mp4
Title: 24C3 Xbox360 Secuirty Lecture On-Demand Video
Post by: G0t M4xx 21 on December 29, 2007, 11:24:00 PM
QUOTE(deilzfcjk @ Dec 29 2007, 04:31 AM) View Post

 I need to get some hash. And some beer!! Watching hackers explain stuff is getting me dizzy. I'm sure weed will make me understand it more!!!


it should, worked for me  wink.gif

that was a great video, I knew bits and pieces about the hypervisor exploit, and timing attack, but that lecture really tied everything together.

Really makes you think, if it weren't for that one bug in the hypervisor, the 360 certainly wouldn't have been hacked yet, and probably never would. The security system in the 360 is truly brilliant.
Title: 24C3 Xbox360 Secuirty Lecture On-Demand Video
Post by: troyBORG on December 29, 2007, 11:41:00 PM
QUOTE(phoenixdigital @ Dec 29 2007, 08:05 PM) View Post

To anyone looking for the video link from this story for "Xbox360 Secuirty Lecture" and can't find it..... turn off adblock if you are using firefox.... took me ages to work out where the video was.


 love.gif Thanks.  Way to be sneaky X-S  grr.gif  grr.gif doing something weird like that!!
Title: 24C3 Xbox360 Secuirty Lecture On-Demand Video
Post by: JCDenton@AS on December 30, 2007, 05:51:00 AM
Thanks guys!
Title: 24C3 Xbox360 Secuirty Lecture On-Demand Video
Post by: DJdad on December 30, 2007, 09:47:00 AM
To me, this guy don't know what he's talking about.
Title: 24C3 Xbox360 Secuirty Lecture On-Demand Video
Post by: jurrabi on December 30, 2007, 01:37:00 PM
Does anybody know if the actual presentation (I mean the PPT) is available somewhere?
It would be nice to follow the video with the PPT to read some of the data (in the video is not readable).

Thanks,

Jur.
Title: 24C3 Xbox360 Secuirty Lecture On-Demand Video
Post by: bobz9 on December 30, 2007, 01:01:00 PM
QUOTE(kidman64 @ Dec 29 2007, 03:04 AM) View Post

is it me being unable to find a clickable link to the video, or was that link deleted?
nvm, opera hid that content from me.

thanks for posting that I was viewing in Firefox and I couldnt find a link, felt really stupid and thought the video must be on xbins or something.  Once I opened teh page in IE I could see the link just fine.  

Someone should try to make that link work better.
Title: 24C3 Xbox360 Secuirty Lecture On-Demand Video
Post by: faithlesssoul on December 31, 2007, 03:22:00 AM
Linux nice system for 299 i love it lol the fun starts at 41.17 min (IMG:style_emoticons/default/pop.gif)

This post has been edited by faithlesssoul: Dec 31 2007, 11:22 AM
Title: 24C3 Xbox360 Secuirty Lecture On-Demand Video
Post by: ddsdavey on January 03, 2008, 08:40:00 AM
Come on,hug a hoodie!
Im sure he mugged my mates granny last Xmas,LOL!
(the huddie that is,not the german dude.Or perhaps he kept lookout?! bloody germans,i should have known!)
Title: 24C3 Xbox360 Secuirty Lecture On-Demand Video
Post by: ddsdavey on January 03, 2008, 01:30:00 PM
It states that Game cube was the first but wasnt Dreamcast hacked first...then again Ps1 was chipped.
Anyone knoe for sure???