Print

[mad_pc_man]

i meant the lpc thing from the pics from cjack with lpc-ish ports

[InterestedHacker]

QUOTE(mad_pc_man @ Dec 5 2005, 09:35 PM)

Yo!
(some ideas follow, no particular order)
1. Has anyone tried using an xbox modchip in a 360, all types of chips, (xecuter spidergx etc...)
2. Has anyone got an output of the eeprom.
3. Can you use an exe from MCE to do some stuff.
4. Can you wipe the hdd/eeprom/tsop clean and see what happens.
5. Might be a bit n00bish but what exactly does a hypervisor do, (in simple layman's terms)
cheers
mad_pc_man

1) The xbox hardware is completely different to the 360, and the xbox modchips contain code for x86 CPUs, not the IBM PowerPC type architecture, so there isn't a hope in hell that it would even slightly work!

2) Can't say for sure, but from what we've seen it will be completely encrypted, with a public / private key scheme similar to the original xboxs, but beafed up.  Considering the hackers never worked out the old xbox encryption key, it's unlikely they will work it out this time either.  Someone is going to have to get access somehow to the unencrypted streams.

3) MCE runs software on your PC / MCE system, and just allows the XBOX360 to remote control it.  Video and audio is streamed from your PC / MCE system, straight to the xbox for display.  Unless some kind of bug is found in the interface, not much doing here.

4) If you do this, your 360 will not boot, and display an error message if your lucky, at which point MS will ask you wtf you did when the support guy visits to fix it!

5) Hypervisor, in laymans terms, is a security guard for the CPU, that cross checks everything that goes on with code, making sure that no exploit code is running on the CPU, eg. buffer overflows etc.  If you ask me, hypervisor, combined with the signed code code make the xbox360 very hard to crack.  I wouldn't be suprised if 2 years from now we still see an unhacked 360.

QUOTE(mad_pc_man @ Dec 5 2005, 09:57 PM)

i meant the lpc thing from the pics from cjack with lpc-ish ports

We know what you meant!

It's like trying to play a DVD inside a VHS video recorder!  Where you gonna put the disc?

[gjm]

It would take an unfeasibly long amount of time, i dont know specifics but probably longer than our lifetimes. With xbox the security was circumvented, i dont think anybody ever found MS' private key..

[Itcouldbeyou]

There was this kind of distributed cracking for the xbox1 private key, but it never worked out. The thing is with this bitchy encryption, if you would need 1 Year to crack the key, they would just make the key 1 Byte longer and you would need 256 Years then. So you say you have what 65000 computers to crack the key, ok, they add just another 2 Bytes and with 3 Bytes more, they kept 65k computers from cracking the key in 256 Years! Its that simple for MS. (Of course they added more than 3 Bytes to a 1Year/1comp crack period so you would not be able to crack it with the dedicated computation power of the hole world in your lifetime).
To sum it up: There is NO way to crack the key until someone (mathematicians(!)) crack the encryption sceme itself (or quantum computers are build).

[donuthole2010]

what would happen if the xbox EEPROM was put on the 360? would the 360 simply not boot, or would it boot with no problem(as the premium boots with no EEPROM, but comes with it). or possibly the signature wouldnt be there, so it would cause and error.

i dont know, i dont have my 360 yet, or i would try it myself.
just thowing out ideas, although it is probably not productive.

[PCBUILDERCHRIS]

Okay i know this may be off the subject but.........


heres what i think should happen when it does become cracked someone release a video and upload it to the usual places or underground somewhere we dont need news about the first 360 mod on the first page it needs to be deep in the forums somewhere where a normal m$ spy couldnt find and if they did they wouldnt understand

so we need a releasing place

and a code word for when it happens like if it happens well go around the forums saying stuff like man you heard about the "PON FAR" *star trek*

laymens terms

dont go all around telling about the next 360 mod until M$'s dumba$$ RE-leases enough for everone before they start the patching process it could be a year and only the original modded xbox owners will know and then after that first few months or year of a modded box we can start moving free and posting hacks on xboxscene front page

any body get what i mean

i love the progress though keep it up yall


i bet m$ had spies on here cuz how they know about people wanting painted xbox's *faceplates* and all the media 360 handles *media capabilities* need i say more how they find it out? *spies on xboxscene*

why xboxscene? *its like ** DO NOT ATTEMPT TO POST LINK TO THAT WAREZ TORRENT SITE ** was to the riaa and mpaa*

[oz_paulb]

QUOTE(ppazz13 @ Dec 6 2005, 02:16 AM)

But as for keeping accomplishments secret from MS... I think that's a little extreme.  I mean, how long would it take MS to change production lines to prevent modding?

The xbox-linux group took this approach when the "1.1" xbox was broken:  They figured out how to get the internal MCPX ROM dumped.  Using the dumped ROM, they found an exploit.  They published the exploit - but did not publish now they dumped the MCPX ROM.

MS could 'fix' the problem by changing the MCPX ROM again, but would be scratching their heads as to how the ROM was dumped.  Since they were relying on 'security through obscurity', they really needed to know how the ROM was dumped/close that door to really 'fix' the problem (otherwise, the new version could be dumped/another exploit found).  I don't believe MS ever made any further releases of the MCPX ROM.

With discussion on the 360 being so 'in the open' (as opposed to internal xbox-linux discussions on "1.1"), it may be hard to hide the actual methods used for finding a future exploit.  But, if possible, it seems like a good idea.

BTW, some of the rest of the 'scene' got pretty pissed off at the xbox-linux group for keeping 'secrets' (since they should be 'open-source'), but I think it was the best decision.  Revealing the secret wasn't necessary (exploit was released), and doing so would have let MS close the door on future exploits.

- Paul

[Aceraider4]

it appears that some things need to be clarified:

1)locking the dvd-rom is smart for ms:
   the less we learn, the harder it is to hack
   whats the point of building a vault if its has an open window; everything has to be air tight for good security

2)eeprom is the lowest common denominator for read only memory, here are some facts:
   non-volatile (information is stored even when there is no power to the chip)
   can store anwhere from 1kbit (128bytes) to 1mbit (considering the small surface area and minimal number of pins, the 360's chip is going to be near the 1kbit range)
   its ridiculously slow compared to most solid state memory, you can only read or write on bit at a time
   in the original xbox, the only information stored on the eeprom was the serial number of the xbox and the hdd key

i dont think a dummy chip is too incredulous: here we are debating its purpose rather than spending time in other areas, seems it pretty effective if thats its purpose

[DivyX]

QUOTE

I mean, how long would it take MS to change production lines to prevent modding?

Definetly enough not to make it too often.  
 It's not worth it in most cases. The numbers of mod users in general isn't that big altough it feels that every friend you know of might have one.

Ofcourse MS does apply security fixes, hw/sw fixes too but i wouldn't bet my money that any version changes were ever made solemly because of modchips. This product updating and changing applies to cell phones also for example. Just general program fixes etc, better components etc...

What i'm trying to say is that "it is common that most electronic devices gets updated and bug fixed or otherwise made better during their lifespans". It will be another matter What we have by then ( if anything ) when MS will be next changing xbox360, meaning, what we would had discovered that MS could include to the "fix" and general product update.

[sm0kie]

couldnt the chip just be a back-up memory for when the 360 is updating the dashboard etc? If theres no HDD to boot from maybe it uses this instead (if it needs a restart mid upgrade). when is a current being sent to the chip?

[Aceraider4]

i think your missing the point of a dummy chip, of course were supposed to find it: what better way to distract someone than to give them a problem with no solution.  maybe it would be better to call it a decoy chip.  and as far as money goes, you gotta realize 1) there not in all the 360s as we see from cjack's data (lets remember that it may be a coincidince that one was found in a premium and not in the core, it could be just as probable to have two cores one with the eeprom and one without) and 2) the price of these chips: they could be had for about $0.01 a piece multiply that by the number of units that have the eeprom (which at max is 999,999; 1million available at lunch minus cjack's eeprom-less unit) so at the absolute max ms spent $9999.99.  if you ask me, thats a small price to pay to delay the cracking of a top security box

[ppazz13]

Two things:

1.  You're forgetting about the added cost of shipping/organizing/installing these chips.

2.  That's thousands of dollars that could just as easily been spent on developing other ways to secure the 360.

I know that if it's a decoy chip it was meant to be found.  I'm just saying that $10,000 is an expensive decoy.  Especially since it's one that has been found within 2 weeks of the release, and will be discarded (if it is a decoy) in less than a few months after launch.

[Aceraider4]

QUOTE(sm0kie @ Dec 6 2005, 03:20 AM)

couldnt the chip just be a back-up memory for when the 360 is updating the dashboard etc? If theres no HDD to boot from maybe it uses this instead (if it needs a restart mid upgrade). when is a current being sent to the chip?

not nearly enough memory on the chip; the chip itself could store a small text document, the dashboard is multiple mbytes in size

[Aceraider4]

QUOTE(ppazz13 @ Dec 6 2005, 03:28 AM)

Two things:

1.  You're forgetting about the added cost of shipping/organizing/installing these chips.

2.  That's thousands of dollars that could just as easily been spent on developing other ways to secure the 360.

I know that if it's a decoy chip it was meant to be found.  I'm just saying that $10,000 is an expensive decoy.  Especially since it's one that has been found within 2 weeks of the release, and will be discarded (if it is a decoy) in less than a few months after launch.

im glad that your actually backing your argument with some logic, but i really still have to disagree.

i still think they could justify the expenditure: i think it would be safe to assume that only about 50% of the units got the decoy thats $5000, throw in a conservative estimate for shipping, installation, etc. and i think it would still bring it to at most $20,000.  now, assuming that the analyst estimate of a $160 loss on each launch unit, that would mean ms spent between $460,000,000 and $560,000,000 on production, that equates to about 0.000043% of the budget was spent.  i say its decoy until someone can prove me wrong

[azninvasion]

Its almost certainly not a decoy. It could be just an appendage from development days. Or a patch to the cpu. In any case, it seems that the xbox is not generating error codes like its supposed to, so certainly it handles something. As you can run the 360 without the dvd and it will not display an error code.

My guess is that it somehow limits the 360 cpu operation so it doesn't overheat. So one day you'll get your proof its not a decoy when that chip you removed caused your xbox to melt lol.