The "General Games Chat" forum, which includes Retro Game Reviews, has been archived and is now read-only. You cannot post here or create a new thread or review on this forum.
go to xboxlinux.org
an interesting development!
an interesting development!
Page:
go to xboxlinux.org
an interesting development!
an interesting development!
Didnt you post this in the FOG chat room...
Sorry I posted it in two places, not sure where to post the news.
Hey I wouldnt mind a cheap PC that runs through my TV.
The Price of the console cant go up that would be suicide. Microsoft could release a redesigned Xbox 1.5 with new features and charge more for it but thats the only reason youll see a price increase!
The question is whether the Xbox will go the way of the Dreamcast!
Hey I wouldnt mind a cheap PC that runs through my TV.
The Price of the console cant go up that would be suicide. Microsoft could release a redesigned Xbox 1.5 with new features and charge more for it but thats the only reason youll see a price increase!
The question is whether the Xbox will go the way of the Dreamcast!
http://lists.netsys.com/pipermail/
full-disclosure/2003-July/010895.html
XBOX Security
-= Security Advisory =-
Advisory: XBOX Dashboard local vulnerability
Release Date: 2003/07/04
Last Modified: 2003/07/04
Author: Stefan Esser [[email protected]]
Application: Microsoft XBOX Dashboard (up to today)
Severity: A vulnerability within the XBOX Dashboard allows to
totally compromise the security features of the XBOX.
Risk: Critical
Vendor Status: Vendor is not willing to talk about XBOX vulnerabilities.
Overview:
The XBOX Dashboard is what appears when you turn the XBOX on without a
disc in the DVD drive. It will let you adjust system settings, manage
your save games, play and rip audio CDs and configure your XBOX Live
account. It is the heart of the XBOX and its most vulnerable point,
because it lacks several security restrictions which are enforced on
games. This includes the lack of the reboot-on-eject-button "feature",
which is obligatory for all games.
The existance of an exploitable vulnerability within the dashboard could
totally compromises the XBOX security system. It will make the box
independent from Microsoft signed code and therefore this information is
released to the public now on the 4th of July 2003, the day of the XBOX
Independence.
Details:
Microsoft knows that a vulnerability within the XBOX dashboard could
have serious impact. This is underlined by the fact that the dashboard
checks most of its files against an internal stored SHA1 hash value
before it uses them.
For an unknown reason this check is not performed on the audio (.wav)
and font (.xtf) files. Unfourtunately for Microsoft there exists an
exploitable integer underflow vulnerabilitiy within the font file loader
which can be exploited with a malformed font file. When the XTF header
is processed the dashboards reads a 4 byte blocksize field from the font
file. This is expected to represent the size of some datablock including
the 4 bytes of the size field itself. The blocksize is then allocated
and the sizefield is copied into the beginning of the buffer. This is
already a possible overflow bug when the field contains the values 0..3.
Due to memory alignment this is not exploitable. But then the blocksize
is decreased by 4 because the dashboard wants to read the rest of the
block into memory. Obviously values of 0..3 will underflow when
decreased by 4 and this results in the dashboard wanting to read up to
~4 gigabytes of data from the font file in a f.e. 3 bytes buffer.
Because the XBOX malloc()/free() implementation is also storing control
information inbound and is similiar to the Windows 2000/XP heap
allocators this bug is exploitable and allows execution of arbitrary
code. The attached proof of concept code shows that exploiting is
possible with offsets that are equal on all dashboards and XBOX versions
known.
BTW: the dashboard loads its font files directly after the XBOX start
animation. This means the exploit does not need any user
interaction and when the code is executed only part of the
dashboard background is on screen.
Proof of Concept:
Attached you will find a proof of concept exploit which will start
linux. To install it you have to rename the 2 XBOX font files within the
font directory of the dashboard partition and then copy ernie.xtf and
bert.xtf into this directory. (If you have an XBOX with an older
dashboard the font directory does not exist and you must do the renaming
and file adding work in the main directory). Once the new fonts are in
place you copy the default.xbe (which is a copy of xbeboot) into the
main directory and add your favourite linux to it.
Trustworthy Computing:
Trustworthy Computing at its best. Nearly 2 Years ago I reported an SSL
vulnerability within IE to Microsoft. 1 month later I released
information about this bug to the public because MS did absolutely
nothing. The vulnerability was nearly forgotten, it only exists on the
list of 19 unpatched IE vulnerabilities anymore. But this is wrong, the
vulnerability was indeed fixed with one of the many IE patches in the
middle of last year. Well is secretly fixing bugs without an official
advisory trustworthy?
Anticipated Questions:
Q1: How do I get the files onto the harddisk?
A1: There are several ways. You could f.e. install the files with the
Mechassault or 007 hacks. This requires one of the games and the
files on a memorycard. The other way is to open the box and do the
harddisk swap trick which is described all over the net.
Q2: This vulnerability is in the dashboard, isn't it? So Microsoft can
simply update the dashboard with XBOX Live or with the help of new
games.
A2: Yes Microsoft could try to upgrade the dashboard and fix the
vulnerability with such an update, but keep in mind that this
vulnerability is like a "local root" hole. You can do nearly
everything with it and this includes redirecting reads and writes to
the xboxdash.xbe file. Additionally people who do not play games on
their box will not be reachable with such updates. And groups who
pirate games can always disable the update feature.
Q3: Well but MS can make the kernel block the vulnerable dashboard.
A3: Indeed they can. But until boxes with new kernels reach the market
we will have the end of this year (You can still get 1.0 boxes in
shops over here) and they can only fix the bugs they know about.
Q4: Is it possible to play "backed-up" games with this?
A4: Yes it is possible to play pirated games by using this vulnerability
but my proof of concept code will not allow this. You have to change
the exploit to patch the kernel in memory. This is not very hard and
I am not going to help you with this.
Q5: Can I go "Live" with this hack?
A5: You have full control over the box with this vulnerability. You can
modify the exploit to allow XBOX Live playing but this will only
start a cat & mouse game with Microsoft.
Q6: I have read that I can solder my mainboard with this hack...
A6: This exploit has nothing to do with soldering, It will just run
everything you want on unmodded (and even unopened) XBOXes. Infact
when this hack is installed you do not need to solder anything to
get your homebrew or whatever applications to run.
full-disclosure/2003-July/010895.html
XBOX Security
-= Security Advisory =-
Advisory: XBOX Dashboard local vulnerability
Release Date: 2003/07/04
Last Modified: 2003/07/04
Author: Stefan Esser [[email protected]]
Application: Microsoft XBOX Dashboard (up to today)
Severity: A vulnerability within the XBOX Dashboard allows to
totally compromise the security features of the XBOX.
Risk: Critical
Vendor Status: Vendor is not willing to talk about XBOX vulnerabilities.
Overview:
The XBOX Dashboard is what appears when you turn the XBOX on without a
disc in the DVD drive. It will let you adjust system settings, manage
your save games, play and rip audio CDs and configure your XBOX Live
account. It is the heart of the XBOX and its most vulnerable point,
because it lacks several security restrictions which are enforced on
games. This includes the lack of the reboot-on-eject-button "feature",
which is obligatory for all games.
The existance of an exploitable vulnerability within the dashboard could
totally compromises the XBOX security system. It will make the box
independent from Microsoft signed code and therefore this information is
released to the public now on the 4th of July 2003, the day of the XBOX
Independence.
Details:
Microsoft knows that a vulnerability within the XBOX dashboard could
have serious impact. This is underlined by the fact that the dashboard
checks most of its files against an internal stored SHA1 hash value
before it uses them.
For an unknown reason this check is not performed on the audio (.wav)
and font (.xtf) files. Unfourtunately for Microsoft there exists an
exploitable integer underflow vulnerabilitiy within the font file loader
which can be exploited with a malformed font file. When the XTF header
is processed the dashboards reads a 4 byte blocksize field from the font
file. This is expected to represent the size of some datablock including
the 4 bytes of the size field itself. The blocksize is then allocated
and the sizefield is copied into the beginning of the buffer. This is
already a possible overflow bug when the field contains the values 0..3.
Due to memory alignment this is not exploitable. But then the blocksize
is decreased by 4 because the dashboard wants to read the rest of the
block into memory. Obviously values of 0..3 will underflow when
decreased by 4 and this results in the dashboard wanting to read up to
~4 gigabytes of data from the font file in a f.e. 3 bytes buffer.
Because the XBOX malloc()/free() implementation is also storing control
information inbound and is similiar to the Windows 2000/XP heap
allocators this bug is exploitable and allows execution of arbitrary
code. The attached proof of concept code shows that exploiting is
possible with offsets that are equal on all dashboards and XBOX versions
known.
BTW: the dashboard loads its font files directly after the XBOX start
animation. This means the exploit does not need any user
interaction and when the code is executed only part of the
dashboard background is on screen.
Proof of Concept:
Attached you will find a proof of concept exploit which will start
linux. To install it you have to rename the 2 XBOX font files within the
font directory of the dashboard partition and then copy ernie.xtf and
bert.xtf into this directory. (If you have an XBOX with an older
dashboard the font directory does not exist and you must do the renaming
and file adding work in the main directory). Once the new fonts are in
place you copy the default.xbe (which is a copy of xbeboot) into the
main directory and add your favourite linux to it.
Trustworthy Computing:
Trustworthy Computing at its best. Nearly 2 Years ago I reported an SSL
vulnerability within IE to Microsoft. 1 month later I released
information about this bug to the public because MS did absolutely
nothing. The vulnerability was nearly forgotten, it only exists on the
list of 19 unpatched IE vulnerabilities anymore. But this is wrong, the
vulnerability was indeed fixed with one of the many IE patches in the
middle of last year. Well is secretly fixing bugs without an official
advisory trustworthy?
Anticipated Questions:
Q1: How do I get the files onto the harddisk?
A1: There are several ways. You could f.e. install the files with the
Mechassault or 007 hacks. This requires one of the games and the
files on a memorycard. The other way is to open the box and do the
harddisk swap trick which is described all over the net.
Q2: This vulnerability is in the dashboard, isn't it? So Microsoft can
simply update the dashboard with XBOX Live or with the help of new
games.
A2: Yes Microsoft could try to upgrade the dashboard and fix the
vulnerability with such an update, but keep in mind that this
vulnerability is like a "local root" hole. You can do nearly
everything with it and this includes redirecting reads and writes to
the xboxdash.xbe file. Additionally people who do not play games on
their box will not be reachable with such updates. And groups who
pirate games can always disable the update feature.
Q3: Well but MS can make the kernel block the vulnerable dashboard.
A3: Indeed they can. But until boxes with new kernels reach the market
we will have the end of this year (You can still get 1.0 boxes in
shops over here) and they can only fix the bugs they know about.
Q4: Is it possible to play "backed-up" games with this?
A4: Yes it is possible to play pirated games by using this vulnerability
but my proof of concept code will not allow this. You have to change
the exploit to patch the kernel in memory. This is not very hard and
I am not going to help you with this.
Q5: Can I go "Live" with this hack?
A5: You have full control over the box with this vulnerability. You can
modify the exploit to allow XBOX Live playing but this will only
start a cat & mouse game with Microsoft.
Q6: I have read that I can solder my mainboard with this hack...
A6: This exploit has nothing to do with soldering, It will just run
everything you want on unmodded (and even unopened) XBOXes. Infact
when this hack is installed you do not need to solder anything to
get your homebrew or whatever applications to run.
http://www.maxconsole.com/?topic=news&sys=all&article=230
Official statement from Free-X regarding exploits.
Dear Public,
Today is a very said day for Microsoft.
One month ago, we began an attempt to make contact with Microsoft, we did this because the first software only mod-chip solution was developed and proved working. This solution meant that there was no need to open the XBox anymore.
The modification only needs to be installed once and all existing XBox consoles are able to be modified to use this exploit, only new consoles with an updated Firmware could lock out this exploit.
After discovering this exploit a Team was formed known as the "Free-X (box)" team.
Members of this team have made many attempts to initiate discussions with Microsoft by various means including:
1. Contacting certified XBox game developers requesting that they contact Microsoft to facilitate discussions about our discoveries.
2. Contacting major web-based news sources requesting that they contact Microsoft on our behalf.
3. Direct contact with various Microsoft departments globally.
4. Direct contact with Authorised XBox distributors globally.
Since our attempts to contact Microsoft have become public knowledge our team has been accused of attempting to extort or blackmail Microsoft, this is not true as we have made every attempt possible to make contact with Microsoft to offer the following:
- A complete summary of all hacking technologies (many of these technologies have not been released).
- Source Codes.
- All attacks which have been developed but not yet released.
- To sign a Non-disclosure Agreement regarding our discoveries.
- Further research on exploits, which would be exclusive to Microsoft.
- Full names of all hackers involved upon agreement of legal protection from Microsoft.
- Assistance in the development of future security for the XBox by working with Microsoft.
For the exchange, we were requesting but not demanding the following:
- Complete access to all documentation (chipsets, video etc.) to assist in developing a better Linux for the XBox.
- A signed Linux loader.
- Protection from Microsoft or support if any organisation/government attempted to prosecute members of our team.
- Refunding of the cost occured during the agreement period.
To prove our discoveries we offered to make available an exploited dashboard for Microsoft to validate our claims.
Our team was more than willing to co-operate with Microsoft and would have most likely accepted most of the terms of agreement coming from our discussions.
If Microsoft had agreed to sign Linux then it would have been possible to generate a signature for the Linux, which would only work on current XBox consoles and able to be stopped in future revisions. It would also be possible to prevent the illegal use of pirated software.
Our team was of the belief that our attempts to initiate discussions with Microsoft would have been welcomed.
Members of our team contacted Microsoft quickly, but then suddenly Microsoft ceased responding to our enquiries. Third parties contacting Microsoft on our behalf also proved to lead to a dead end, is the giant Microsoft's reaction just incompetence or intentional??
Following the public release of this request for communication on the ZDNet/CNet network, Microsoft promised a formal response and as yet we have not seen one.
Is it possible that Microsoft's lack of co-operation in this matter could be because they believe that:
1. Mod-chips are good for business as they increase the sales of the console hardware and that they see them as an important part of there business model.
2. The Exploit can be fixed in future software updates.
3. This is purely a hoax.
A team member called a Microsoft representative again (Mr. Thomas Kritsch of Austria) and offered a presentation.
This presentation was scheduled for 20th June, but Microsoft cancelled it on 19th June. During a phone discussion on this day Mr Kritsch asked many questions.
Everything was explained to Mr Kritsch including our proposed release schedule, at this time Mr Kritsch insinuated that members of the Electronic Arts programming team were "stupid" for allowing an exploit such as the habibi 007 trick to be found.
Mr Kritsch was contacted by email and advised that we would release a modified habibi exploit for Microsoft's own MechAssualt game on 23rd June which allowed plenty of time for Microsoft to request that we not release the exploit but no communications from Microsoft was received.
Many further attempts have been made since this time begin discussions with Microsoft.
We believe that Microsoft sees hackers as a perfect instrument for increasing the sales of the XBox. How else can their reaction to this issue be interpreted?
The software companies who are developing titles for the XBox should be very worried by the lack of protection that Microsoft is offering their work as exploits such as those found by our team pose a serious threat to potential sales due to the possible use of such exploits for software piracy.
Many people have speculated as to who the representatives of our group are, Microsoft and ZDNet are fully aware of the identities of those people who are authorized to speak on our behalf.
Our team has no connection to the Xecutor, EvoX or Xodus teams who make millions of dollars thru their illegal activities and still manage to avoid any sort of legal prosecution from Microsoft. This doesn't seem all that strange in light of Microsoft's reaction to the potential illegal uses of the exploits that we have discovered.
Our team has no relationship with the XBox Linux Project who share the same goals as our team which is to provide a great Linux solution for the XBox.
We have made every possible attempt to achieve our goal of running Linux on the XBox easier without the risks of encouraging software piracy, it is a shame that Microsoft appears to not share our concerns about protecting the intellectual rights of those who develop software for their console.
Official statement from Free-X regarding exploits.
Dear Public,
Today is a very said day for Microsoft.
One month ago, we began an attempt to make contact with Microsoft, we did this because the first software only mod-chip solution was developed and proved working. This solution meant that there was no need to open the XBox anymore.
The modification only needs to be installed once and all existing XBox consoles are able to be modified to use this exploit, only new consoles with an updated Firmware could lock out this exploit.
After discovering this exploit a Team was formed known as the "Free-X (box)" team.
Members of this team have made many attempts to initiate discussions with Microsoft by various means including:
1. Contacting certified XBox game developers requesting that they contact Microsoft to facilitate discussions about our discoveries.
2. Contacting major web-based news sources requesting that they contact Microsoft on our behalf.
3. Direct contact with various Microsoft departments globally.
4. Direct contact with Authorised XBox distributors globally.
Since our attempts to contact Microsoft have become public knowledge our team has been accused of attempting to extort or blackmail Microsoft, this is not true as we have made every attempt possible to make contact with Microsoft to offer the following:
- A complete summary of all hacking technologies (many of these technologies have not been released).
- Source Codes.
- All attacks which have been developed but not yet released.
- To sign a Non-disclosure Agreement regarding our discoveries.
- Further research on exploits, which would be exclusive to Microsoft.
- Full names of all hackers involved upon agreement of legal protection from Microsoft.
- Assistance in the development of future security for the XBox by working with Microsoft.
For the exchange, we were requesting but not demanding the following:
- Complete access to all documentation (chipsets, video etc.) to assist in developing a better Linux for the XBox.
- A signed Linux loader.
- Protection from Microsoft or support if any organisation/government attempted to prosecute members of our team.
- Refunding of the cost occured during the agreement period.
To prove our discoveries we offered to make available an exploited dashboard for Microsoft to validate our claims.
Our team was more than willing to co-operate with Microsoft and would have most likely accepted most of the terms of agreement coming from our discussions.
If Microsoft had agreed to sign Linux then it would have been possible to generate a signature for the Linux, which would only work on current XBox consoles and able to be stopped in future revisions. It would also be possible to prevent the illegal use of pirated software.
Our team was of the belief that our attempts to initiate discussions with Microsoft would have been welcomed.
Members of our team contacted Microsoft quickly, but then suddenly Microsoft ceased responding to our enquiries. Third parties contacting Microsoft on our behalf also proved to lead to a dead end, is the giant Microsoft's reaction just incompetence or intentional??
Following the public release of this request for communication on the ZDNet/CNet network, Microsoft promised a formal response and as yet we have not seen one.
Is it possible that Microsoft's lack of co-operation in this matter could be because they believe that:
1. Mod-chips are good for business as they increase the sales of the console hardware and that they see them as an important part of there business model.
2. The Exploit can be fixed in future software updates.
3. This is purely a hoax.
A team member called a Microsoft representative again (Mr. Thomas Kritsch of Austria) and offered a presentation.
This presentation was scheduled for 20th June, but Microsoft cancelled it on 19th June. During a phone discussion on this day Mr Kritsch asked many questions.
Everything was explained to Mr Kritsch including our proposed release schedule, at this time Mr Kritsch insinuated that members of the Electronic Arts programming team were "stupid" for allowing an exploit such as the habibi 007 trick to be found.
Mr Kritsch was contacted by email and advised that we would release a modified habibi exploit for Microsoft's own MechAssualt game on 23rd June which allowed plenty of time for Microsoft to request that we not release the exploit but no communications from Microsoft was received.
Many further attempts have been made since this time begin discussions with Microsoft.
We believe that Microsoft sees hackers as a perfect instrument for increasing the sales of the XBox. How else can their reaction to this issue be interpreted?
The software companies who are developing titles for the XBox should be very worried by the lack of protection that Microsoft is offering their work as exploits such as those found by our team pose a serious threat to potential sales due to the possible use of such exploits for software piracy.
Many people have speculated as to who the representatives of our group are, Microsoft and ZDNet are fully aware of the identities of those people who are authorized to speak on our behalf.
Our team has no connection to the Xecutor, EvoX or Xodus teams who make millions of dollars thru their illegal activities and still manage to avoid any sort of legal prosecution from Microsoft. This doesn't seem all that strange in light of Microsoft's reaction to the potential illegal uses of the exploits that we have discovered.
Our team has no relationship with the XBox Linux Project who share the same goals as our team which is to provide a great Linux solution for the XBox.
We have made every possible attempt to achieve our goal of running Linux on the XBox easier without the risks of encouraging software piracy, it is a shame that Microsoft appears to not share our concerns about protecting the intellectual rights of those who develop software for their console.
Kinda Ironic, Linux on a machine made by Microsoft, should the OS be a Windows?
Quazimodo wrote:
> Kinda Ironic, Linux on a machine made by Microsoft, should the OS be a
> Windows?
I think the idea of the project was to get linux running on the machine - without help from Microsoft. The people that are involved in the project are all just pasty faced freaks who feel the need to hate windows and bum linux.
> Kinda Ironic, Linux on a machine made by Microsoft, should the OS be a
> Windows?
I think the idea of the project was to get linux running on the machine - without help from Microsoft. The people that are involved in the project are all just pasty faced freaks who feel the need to hate windows and bum linux.
Should be RISC OS anyway! Damn you mass consumer crap!
IS it possible to add a second hardrive to an Xbox?
Quazimodo wrote:
> IS it possible to add a second hardrive to an Xbox?
I would'nt of thought so - You'd need a RAID controller for that I believe.
> IS it possible to add a second hardrive to an Xbox?
I would'nt of thought so - You'd need a RAID controller for that I believe.
Page: