Post by: Angerwound on November 20, 2005, 05:45:00 AM
1st Possibility: Many gamesaves, live content, and other materials that xbox1 will be sharing with the 360 are open to vulernabilities such as the way Forza uses Zlib to compress and uncompress the skins you use online for your cars. I'm sure zlib has its vulnerabilities and since a few of us around here know how to find XBOX Cert Key and sign gamesave data to be valid, why not attempt this route? Any sort of data our xbox1 titles are sharing with a 360 could potentially be compromisable.
Post by: DaBiscuit on November 20, 2005, 07:44:00 AM
Maybe I'm not quite clever enough to see the possibilities though.
Post by: deadparrot on November 20, 2005, 07:52:00 AM
I definatley see this as exploitable.
Post by: deadparrot on November 20, 2005, 09:38:00 AM
Post by: mkjones on November 20, 2005, 09:45:00 AM
But this would be especially hard seen as you cant transfer xbox 1 gamesaves to the 360, it was on Majornelsons blog that they decided against this purely becuase of exploits, poop
Also I would bet the reason MA, 007 and SC arnt on the BC list is becuase of this, probably "just in case" more than anything.
Post by: d0wnlab on November 20, 2005, 11:28:00 AM
- you need a different "emulator" for every game - I'm guessing this is so that critical sections are recoded to exploit the xbox360's speed (and possibly, use the full RAM, etc..) If this is the case then there is probably an easy way to jump between native and emulation mode inside the emulator.
Post by: krackheadbill on November 20, 2005, 12:29:00 PM
QUOTE(mkjones @ Nov 20 2005, 05:52 PM)
Nice ideas
-
Title: Xbox 1 Emulation
Post by: Australian Rat on November 20, 2005, 08:07:00 PM
-
I think one of the more interesting options available is the actual use of the emulation files that can be burned on to CDRs.
Very likely that they will be signed and safeguarded by ms to no end, but seeing as they are releasing loads of them, potential to slip up somewhere.
But I guess we'll have to wait and see how the actual emulation files work
-
Title: Xbox 1 Emulation
Post by: lordvader129 on November 21, 2005, 12:01:00 AM
-
Post by: Australian Rat on November 20, 2005, 08:07:00 PM
Very likely that they will be signed and safeguarded by ms to no end, but seeing as they are releasing loads of them, potential to slip up somewhere.
But I guess we'll have to wait and see how the actual emulation files work
Post by: lordvader129 on November 21, 2005, 12:01:00 AM
QUOTE(Australian Rat @ Nov 20 2005, 08:14 PM)
I think one of the more interesting options available is the actual use of the emulation files that can be burned on to CDRs.
-
Title: Xbox 1 Emulation
Post by: rasmithuk on November 21, 2005, 07:34:00 AM
-
From what I've heard the 'emulation profiles' are just recompiles of the game binaries for the powerpc, with any aditional patches required applied.
If this is correct then expect any well known backdoor to be closed and if they've used the bounding pages option then don't expect buffer overflows to be easily exploited.
-
Title: Xbox 1 Emulation
Post by: TheSpecialist on November 21, 2005, 09:49:00 AM
-
Like said before in this thread, a buffer overflow in emulation mode will most likely just crash the emulator and not overflow the 'real' stack.
And about the emulation files loaded from CD: At first, this also looked promising to me, but if you think of it: all these emulation files will be signed and I'm quite sure they won't load if the signature is missing I also liked the idea, but, unfortunately, I don't think there will be some kind of weakness here ...
-
Title: Xbox 1 Emulation
Post by: heinrich on November 21, 2005, 04:32:00 PM
-
Post by: rasmithuk on November 21, 2005, 07:34:00 AM
If this is correct then expect any well known backdoor to be closed and if they've used the bounding pages option then don't expect buffer overflows to be easily exploited.
Post by: TheSpecialist on November 21, 2005, 09:49:00 AM
And about the emulation files loaded from CD: At first, this also looked promising to me, but if you think of it: all these emulation files will be signed and I'm quite sure they won't load if the signature is missing
I also liked the idea, but, unfortunately, I don't think there will be some kind of weakness here ...
Post by: heinrich on November 21, 2005, 04:32:00 PM
QUOTE(rasmithuk @ Nov 21 2005, 11:41 AM)
From what I've heard the 'emulation profiles' are just recompiles of the game binaries for the powerpc, with any aditional patches required applied.
-
Title: Xbox 1 Emulation
Post by: cheztir on November 21, 2005, 08:51:00 PM
-
What i wonder, correct me if i am wrong here, is if they might be recompiling the games from the source from x86 to PowerPC. This is might be wrong, but since Halo 2 is getting a big HD boost i don't see how you can suddenly emulate that.
I think they might take the approach like so:
Xbox HD Stores loads of just XBE (or what have you executables), when you insert an xbox 1 game it loads the x86 XBE into memory, it reads the XBE header to identify it, from there it tries to match it to an equivalent PPC XBE, then launching that PPC XBE. The PPC XBE then loads all of the game information off the disc. Since the game data (images, music, and such) are not compiled to x86 or anything this could work. This is much like moving Windows Games to Linux, only the exec changes.
I think it's more logical to recompile, have the app run natively, and just load the data from the disc. This could also explain why most games don't run yet. They simply haven't tweaked the source to compile on Xbox 360's arch. yet. Also, if this were true they could patch 007:AUF and other games with holes to no longer be vulnerable. Emulation would just be too slow for even 3 3.2ghz G5-Equals to handle, think Halo 2, and think about it, how can you emulate an HD performance boost?
Like i said correct me if i am wrong somewhere. But it just seems like recompiling to PPC is a better choice.
My 2 cents.
-
Title: Xbox 1 Emulation
Post by: DrNecessiter on November 21, 2005, 09:12:00 PM
-
I personally doubt they are "recompiling" old apps for PPC. Companies just aren't that good at keeping buildable versions of a 4 year-old game lying around like that.
My guess is that there is a generic emulator that requires application specific patches or "workarounds" for apps that used the hardware in a goofy way. Not positive, but that'd be my guess.
Or, they may have some sort of binary translator that somehow pre-translates the X86 code into PPC code, and then they check for problems and make patches accordingly. I just wouldn't use the word "recompile" for this type of process. "recompile" implies rebuilding from the C/C++/whatever source code, which I think is very unlikely.
-
Title: Xbox 1 Emulation
Post by: deadparrot on November 22, 2005, 02:08:00 AM
-
Could these emulator files be encrypted PPF-type patches which patches the x86 xbe in memory?
-
Title: Xbox 1 Emulation
Post by: d0wnlab on November 22, 2005, 10:21:00 AM
-
Post by: cheztir on November 21, 2005, 08:51:00 PM
I think they might take the approach like so:
Xbox HD Stores loads of just XBE (or what have you executables), when you insert an xbox 1 game it loads the x86 XBE into memory, it reads the XBE header to identify it, from there it tries to match it to an equivalent PPC XBE, then launching that PPC XBE. The PPC XBE then loads all of the game information off the disc. Since the game data (images, music, and such) are not compiled to x86 or anything this could work. This is much like moving Windows Games to Linux, only the exec changes.
I think it's more logical to recompile, have the app run natively, and just load the data from the disc. This could also explain why most games don't run yet. They simply haven't tweaked the source to compile on Xbox 360's arch. yet. Also, if this were true they could patch 007:AUF and other games with holes to no longer be vulnerable. Emulation would just be too slow for even 3 3.2ghz G5-Equals to handle, think Halo 2, and think about it, how can you emulate an HD performance boost?
Like i said correct me if i am wrong somewhere. But it just seems like recompiling to PPC is a better choice.
My 2 cents.
Post by: DrNecessiter on November 21, 2005, 09:12:00 PM
My guess is that there is a generic emulator that requires application specific patches or "workarounds" for apps that used the hardware in a goofy way. Not positive, but that'd be my guess.
Or, they may have some sort of binary translator that somehow pre-translates the X86 code into PPC code, and then they check for problems and make patches accordingly. I just wouldn't use the word "recompile" for this type of process. "recompile" implies rebuilding from the C/C++/whatever source code, which I think is very unlikely.
Post by: deadparrot on November 22, 2005, 02:08:00 AM
Post by: d0wnlab on November 22, 2005, 10:21:00 AM
QUOTE(deadparrot @ Nov 22 2005, 04:15 AM)
Could these emulator files be encrypted PPF-type patches which patches the x86 xbe in memory?
-
Title: Xbox 1 Emulation
Post by: Tomilius on November 22, 2005, 04:32:00 PM
-
Post by: Tomilius on November 22, 2005, 04:32:00 PM
QUOTE(cheztir @ Nov 21 2005, 06:58 PM)
What i wonder, correct me if i am wrong here, is if they might be recompiling the games from the source from x86 to PowerPC. This is might be wrong, but since Halo 2 is getting a big HD boost i don't see how you can suddenly emulate that.
-
Title: Xbox 1 Emulation
Post by: PCBUILDERCHRIS on November 22, 2005, 08:09:00 PM
-
oh i didnt know they where recompiled i thought the games where going to be in there original form like .nes .bin .z64
i dreamt up a sofmodded xbox that runs a classic game on an emulator from xbox live or cd while your pc is impostering the real xbox live server or another xbox 360 connected via link but i guess its all over us normal gamers heads
oh and does anyone know how long it takes xbox to load the 360's dash up ?
it could be like ram slice some of the metal connecter prongs from the side of the chip rig a switch to it and after it does it check flick the switch to the boose (bootleg) version of the board of course with an extra chip humping over the original
-
Title: Xbox 1 Emulation
Post by: The Dude on November 23, 2005, 03:43:00 PM
-
As I understand, to update your xbox 360 to play orignal games, it only takes one file (named default.xex) that you can download from xbox.com and burn to a cdr as a data cd. That file is only about 2.5mb. From reading the instructions online, MS does not seem to require any additional files for each game. Just the one file. (Why they did not include this file with the HDD is beyond me...)
It does seem odd that MS has excluded the known games used for exploits from the compatability list.
Since now we are able to boot a MS executable file from a cdr/dvdr, does this mean the 360 no longer requires a media check?
One could only assume MS has added additional security to prevent booting game executables from a cdr/dvdr, but so did Sega with the Dreamcast, and we all know what happened there.
Hopefully someone or some group a lot smarter than me, or any of us will chime in eventually and help explain the security measures MS has implimented to prevent other executables burned to a disc from booting.
-
Title: Xbox 1 Emulation
Post by: lordvader129 on November 23, 2005, 05:21:00 PM
-
because the hardware was finalized and shipped before the emulator software was finished
why is that odd? MS doesnt want the 360 exploited, thats also why you cant use xbox gamesaves on 360
xbox never required a media check, the xbes just had them, there was xbox Live Arcade though, which didnt have a media check, possibly MS trying to see if we'd find a security hole before they decided to do emulator updates this way
games will probably have the same digital signature+media check combo used on xbox, this proved very effecting for MS
the emulator update, like Live Arcade, is simply a signed xbe (xex) without a media check
-
Title: Xbox 1 Emulation
Post by: geniusjc on November 24, 2005, 03:08:00 AM
-
There is a Q&A on xbox.com about the emulation for backward compatibility. In it they state that the emulation already resides on every x360 hard drive and Halo and Halo 2 have profiles already loaded so you can play them right away. They say that you have to use the update file to play Halo 2 on LIVE. More than likely the entire emulator is already on the hard drive and only game profiles are added with the update.
-
Title: Xbox 1 Emulation
Post by: lordvader129 on November 24, 2005, 05:08:00 AM
-
Post by: PCBUILDERCHRIS on November 22, 2005, 08:09:00 PM
i dreamt up a sofmodded xbox that runs a classic game on an emulator from xbox live or cd while your pc is impostering the real xbox live server or another xbox 360 connected via link but i guess its all over us normal gamers heads
oh and does anyone know how long it takes xbox to load the 360's dash up ?
it could be like ram slice some of the metal connecter prongs from the side of the chip rig a switch to it and after it does it check flick the switch to the boose (bootleg) version of the board of course with an extra chip humping over the original
Post by: The Dude on November 23, 2005, 03:43:00 PM
It does seem odd that MS has excluded the known games used for exploits from the compatability list.
Since now we are able to boot a MS executable file from a cdr/dvdr, does this mean the 360 no longer requires a media check?
One could only assume MS has added additional security to prevent booting game executables from a cdr/dvdr, but so did Sega with the Dreamcast, and we all know what happened there.
Hopefully someone or some group a lot smarter than me, or any of us will chime in eventually and help explain the security measures MS has implimented to prevent other executables burned to a disc from booting.
Post by: lordvader129 on November 23, 2005, 05:21:00 PM
QUOTE
Why they did not include this file with the HDD is beyond me...
because the hardware was finalized and shipped before the emulator software was finished
QUOTE
It does seem odd that MS has excluded the known games used for exploits from the compatability list.
why is that odd? MS doesnt want the 360 exploited, thats also why you cant use xbox gamesaves on 360
QUOTE
Since now we are able to boot a MS executable file from a cdr/dvdr, does this mean the 360 no longer requires a media check?
xbox never required a media check, the xbes just had them, there was xbox Live Arcade though, which didnt have a media check, possibly MS trying to see if we'd find a security hole before they decided to do emulator updates this way
QUOTE
One could only assume MS has added additional security to prevent booting game executables from a cdr/dvdr, but so did Sega with the Dreamcast, and we all know what happened there.
games will probably have the same digital signature+media check combo used on xbox, this proved very effecting for MS
the emulator update, like Live Arcade, is simply a signed xbe (xex) without a media check
Post by: geniusjc on November 24, 2005, 03:08:00 AM
Post by: lordvader129 on November 24, 2005, 05:08:00 AM
QUOTE(geniusjc @ Nov 24 2005, 03:15 AM)
More than likely the entire emulator is already on the hard drive and only game profiles are added with the update.
-
Title: Xbox 1 Emulation
Post by: lordvader129 on November 24, 2005, 10:39:00 AM
-
Post by: lordvader129 on November 24, 2005, 10:39:00 AM
QUOTE(Shadowlaw @ Nov 24 2005, 06:25 AM)
Do we have any clue how the signatures are computed? Is it an MD5 hash? Or maybe an MD5 hash thrown through some MS private key inside the box to verify authenticity? I guess there's indeed no way in through that route.
-
Title: Xbox 1 Emulation
Post by: The_Truth on November 24, 2005, 12:12:00 PM
-
I tend to agree with d0wnlab... they will most likely have made the fine line easy to pass... unfortunately... if the emulator is hacked... they will force an update through live... to patch the screwed up emulator... also... even if it crashes the virtual stack, it might also corrupt the actual stack if the code is written incorrectly.
-
Title: Xbox 1 Emulation
Post by: Dameon on November 24, 2005, 05:16:00 PM
-
Just a shot in the dark.
-
Title: Xbox 1 Emulation
Post by: MrPhunkee on December 09, 2005, 12:18:00 PM
-
And how exactly r we gonna put that save on the HD? Or mem card? Guess if we can do that, the 360 is hacked. And even if it would work, it would be kinda useless i think.. The hd isn't designed with the original partitions of xbox1
-
Title: Xbox 1 Emulation
Post by: sentinel0 on December 09, 2005, 12:29:00 PM
-
This is probably a dumb idea that wont work i havn't tried might when i get back home but has anyone tried signing a game backup thats on the backwords compatiblity list with the habi key and see if it works?
-
Title: Xbox 1 Emulation
Post by: lordvader129 on December 09, 2005, 04:03:00 PM
-
This is probably a dumb idea that wont work i havn't tried might when i get back home but has anyone tried signing a game backup thats on the backwords compatiblity list with the habi key and see if it works?
the habibi key only works in conjunction withthe save exploit, but saves arent cross-compatible, so a hacked save wont work on 360
-
Title: Xbox 1 Emulation
Post by: lordvader129 on December 09, 2005, 06:25:00 PM
-
Do you guys think that the 360 gamesaves could be signed too?
you mean would the 360 allow the same exact exploit that was used on xbox1? not a chance in hell
Post by: The_Truth on November 24, 2005, 12:12:00 PM
Post by: Dameon on November 24, 2005, 05:16:00 PM
Just a shot in the dark.
Post by: MrPhunkee on December 09, 2005, 12:18:00 PM
Post by: sentinel0 on December 09, 2005, 12:29:00 PM
Post by: lordvader129 on December 09, 2005, 04:03:00 PM
QUOTE(sentinel0 @ Dec 9 2005, 01:36 PM) 
This is probably a dumb idea that wont work i havn't tried might when i get back home but has anyone tried signing a game backup thats on the backwords compatiblity list with the habi key and see if it works?
the habibi key only works in conjunction withthe save exploit, but saves arent cross-compatible, so a hacked save wont work on 360
Post by: lordvader129 on December 09, 2005, 06:25:00 PM
QUOTE(Zanzang @ Dec 9 2005, 07:24 PM)
Do you guys think that the 360 gamesaves could be signed too?
you mean would the 360 allow the same exact exploit that was used on xbox1? not a chance in hell