360 "almost" hacked?

[PiNkY]

This video is from the 23rd CCC.

 

[-=P3tRaN=-]

everybody would easily call it a hoax, but the fact that it was presented on that hackers conference thats been running for so many years gives it credibility.
we'll see...

 

[Fu3lFr3nzy]

Wait, so what was the video about? :| all I saw was king kong then a linux wallpaper?

 

[Bohdy]

It's supposed to be an exploit from within King Kong that has allowed the running of a small homebrew demo.

I actually posted about this in my other topic, but I guess nobody noticed. :smile:

 

[PiNkY]

It's supposed to be an exploit from within King Kong that has allowed the running of a small homebrew demo.

I actually posted about this in my other topic, but I guess nobody noticed. :smile:

Well, sorry, but I didn't..

 

[StefanS]

I am going to leave this thread open in order to have separate discussions on Wii & X360. Use this one for the X360 discussion.

 

[Colourless]

It's very easy to call it a hoax because it was done using King Kong. It is known that it's possible to change the data for King Kong because it shaders, etc, are plain files on the DVD (and was done in the past using the Kiosk Demo Disk that could be modified). If it was demonstrated using some other game there would be more credibility. That said, it might be something new, which would be quite interesting, but there isn't enough actual evidence that its something that's actually new.

It would be far more interesting and legitimate looking if it was a very basic demo that kills the execution of the running program and does 'something' even if it opens the DVD tray or something stupid that shows that it is doing something that can't be done in any other way. If doing code injection you wan't to take complete control of the machine... and the demo doesn't look like that's actually happened.

 

[assen]

It's very easy to call it a hoax because it was done using King Kong. It is known that it's possible to change the data for King Kong because it shaders, etc, are plain files on the DVD (and was done in the past using the Kiosk Demo Disk that could be modified).

Hm, that's interesing. On some games (I know one ;-) ) you can achieve the same effect only by modifying the postprocessing shader file (.FX) and adding a texture in the same folder.

 

[crosseye]

Yeah, it seems kinda sketchy. We've known about the Kong files and how they can be manipulated. It appears as though all that happened was said manipulation. There's just no way of telling from what was shown.

 

[Legend]

are we talking about a new hack here? because there is an old 360 hack (software based) that has been avaialbe for months. it is used by flashing the disk drive memory and changing it with something else.

there are also multiple hardware modchips advertised in many sites that claim you don't need to flash the disk drive memory and that you can use LIVE normally.

just google it and you'll see many sites offering shipping and instructions on how to use it with reviews and what have you.

 

[pipo]

are we talking about a new hack here?

Yes. This is supposed to show they can run their own (unsigned) code.

But I don't buy it.

 

[assen]

are we talking about a new hack here? because there is an old 360 hack (software based) that has been avaialbe for months. it is used by flashing the disk drive memory and changing it with something else.

there are also multiple hardware modchips advertised in many sites that claim you don't need to flash the disk drive memory and that you can use LIVE normally.

just google it and you'll see many sites offering shipping and instructions on how to use it with reviews and what have you.

Yes, this is different. The firmware hack and the associated modchips fool the box into accepting DVD-Rs as factory burned DVD-ROMs, and allow you to play the original, signed executables. This hack here supposedly shows running unsigned code on the box, which would be a major breakthrough against the security system. I think this conference is pretty big-name and "serious" (as far as "hacker" conferences go), I'm not inclined to think they would show fakes... on the other hands, I'm not sure old school German hackers like the organizers would be that familiar with the console scene to judge whether it's worthy for admission or not, after all, it's displaying a penguin on a MS box, so it must be cool, right?

 

[one]

Followup: actually it was totally cracked (and patched subsequently).

http://www.securityfocus.com/archive/1/461489/30/0/threaded

Security Advisory

Xbox 360 Hypervisor Privilege Escalation Vulnerability

Release Date:
February 28, 2007

Author:
Anonymous Hacker <anohacker (at) gmail (dot) com [email concealed]>

Timeline:
Oct 31, 2006 - release of 4532 kernel, which is the first version
containing the bug
Nov 16, 2006 - proof of concept completed; unsigned code running in
hypervisor context
Nov 30, 2006 - release of 4548 kernel, bug still not fixed
Dec 15, 2006 - first attempt to contact vendor to report bug
Dec 30, 2006 - public demonstration
Jan 03, 2007 - vendor contact established, full details disclosed
Jan 09, 2007 - vendor releases patch
Feb 28, 2007 - full public release
Patch Development Time (In Days): 6

Severity:
Critical (Unsigned Code Execution in Hypervisor Mode)

Vendor:
Microsoft

Systems Affected:
All Xbox 360 systems with a kernel version of 4532 (released Oct 31,
2006) and 4548 (released Nov 30, 2006). Versions prior to 4532 are not
affected. Bug was fixed in version 4552 (released Jan 09, 2007 - not a
Patch Tuesday).

Overview:
We have discovered a vulnerability in the Xbox 360 hypervisor that allows
privilege escalation into hypervisor mode. Together with a method to
inject data into non-privileged memory areas, this vulnerability allows
an attacker with physical access to an Xbox 360 to run arbitrary code
such as alternative operating systems with full privileges and full
hardware access.

 

[Rainbow Man]

I love how the person describes the procedure as some form of hostile attack rather than being able to do what everybody rightfully ought to be able to - which is run whatever we want whenever we want on a piece of hardware we've bought and paid for.

Peace.

 

[AzBat]

I love how the person describes the procedure as some form of hostile attack rather than being able to do what everybody rightfully ought to be able to - which is run whatever we want whenever we want on a piece of hardware we've bought and paid for.

Peace.

You can, it's called your PC. And look how great that security turned out? No thanks, I'd rather not have virus, spam and spyware ruining my game experience.

Tommy McClain

 

[Bohdy]

Bloody hell!

What a square. They mightn't have discovered the vulnerability for a while if he hadn't reported it before releasing.

 

[fearsomepirate]

You can, it's called your PC. And look how great that security turned out?

It actually turned out pretty great in operating systems that don't give every program and its brother root access by default.

 

[assen]

It actually turned out pretty great in operating systems that don't give every program and its brother root access by default.

It actually works pretty great for programs that don't require root access to even breathe - which is, in my experience, virtually every non-MS application out there.

 

[LunchBox]

i'm actually quite impressed that ms did their research on anti-piracy,

them hackers haven't been able to fully figure out a way to circumnavigate the bloody thing..

 

[doob]

You can, it's called your PC. And look how great that security turned out? No thanks, I'd rather not have virus, spam and spyware ruining my game experience.

Tommy McClain

There's a difference between interpreting "we" as in "i" want, and what "others" want.