A container file signature tool finally goes public....
What is it?
============
The CON file tool updates signatures found in Xbox 360 user content files ("CON" file). CON is the format used for saved games and settings. The tool requires a valid keyvault file to work.
How it works:
=============
In the keyvault of every Xbox 360 is a unique CON keypair that is used for signing CON files. The public key component of this keypair is signed by Microsoft to ensure that arbitrary keypairs cannot be used.
A copy of the public key and its signature is stored in each CON file. This allows Xbox 360 consoles to verify CON files that may be signed by other Xbox 360 consoles.Because the signing keys are per-box, individual consoles can have their keypair revoked in firmware updates.
For more information, see the source code included in the archive.
What can it do?
===============
The tool is not very interesting from the perspective of running unsigned code or Linux. It would require an exploit that is unlikely given the architecture of the Xbox 360.It is useful for activities such as porting saved game content from PC to Xbox.
Credits
=======
roofus & angerwound for proving it was possible and posting on xboxhacker.net the basic outline of how it works.
Rene Ladan for package file research, including hash table research.
No Credit
=========
superaison & haxalot88 (ie Michael Kaufman of Talent, Oregon 97540) who stole this work in order to try to live up to fantasies of messing with Xbox Live and somehow making financial gain out of it, then trying to claim it as their own work.
Official Site: http://xss.ath.cx
Download: n/a (May be illegal under EULA/DMCA)
News-Source: xbins.org
|
Author
Topic: ConSign (Read 34 times)