Print

[lordvader129]

hmm, the exploit is in the driver, im sure 360 uses different drivers

also, the article doesnt say what device the vunerable driver(s) is for, it could be something very different from a memory stick, something the 360 wouldnt have support for at all, let alone an exploitable driver

also, it uses our old friend the buffer overflow, and MS has gone to great lengths to make sure we cant use that to hack 360 (not to say its perfect, but somethign to consider when looking for the "easy" hacks)

[Math1]

And of course, Xbox 360 doesn't run Windows, and doesn't have the concept of an "administrator"... I'm also willing to bet that this sort of thing has been VERY carefully blocked. Worht investigating, but I am not holding my breath.

[killzer]

Actually the more efficient hack is a DMA command loop hole, not a driver problem. A command is sent from the USB device to the CPU requesting DMA, once the USB device has DMA it can read and write freely to any point in the entire memory range. This can result in any number of different hacks including patching a program directly into memory, patching in a new bois, or spoofing the security signatures. Since USB devices require DMA to function MS would never be able to change their design to prevent this. This is a fairly new hack, but once it has matured a little more is will be easy to use on any device that has a USB, Firewire, or SCSI controller.

[lordvader129]

patching data in main RAM might not do us much good, it seems all the critical data (bios/kernel, signature keys, checksums, and all other comparative values) are held in processor caches and in the processors own RAM, i dont think a DMA hack would give us access to that memory

[Cio]

QUOTE(Math1 @ Dec 1 2005, 08:08 AM)

And of course, Xbox 360 doesn't run Windows, and doesn't have the concept of an "administrator"... I'm also willing to bet that this sort of thing has been VERY carefully blocked. Worht investigating, but I am not holding my breath.

It "sorta" runs windows and its very possible that M$ gave us all guest accounts, whereas the repair centre for example holds admin rights (ability to ADD DRIVERS, FORMAT DRIVES etcetc).

Admin rights might be granted (if only temp) by the signature of an executable file (think of a built in "run as" command).

An example to both of these things could be a self burned update CD for the xbox 1 emulator. M$ would know how to implement a "run as system service" option from the new NT based OS's (modfied win2k kernel AFAIK)