Hacking Linux onto your 360 just got a wee bit easier

Once again, we're a far cry from PS3-Linux-easy, but those 360 kids seem rather hard to dissuade. The latest development on the XeLL bootloader front is that you no longer need a serial cable hooked up for executing the boot loader, all you need is a 360 set up for running burned DVDs,
a modified version of the King Kong disc — you'll want the original
game, Windows and a DVD burner to get that together — and of course a
Live CD with XeLL and your Linux distro all prepped to go. By now we're
sure we don't need to tell you that this is limited to those lucky 4532
and 4548 kernels, but if you've got all of the above ingredients, plus
a little bit of patience and complete disregard for warranty voidance,
it looks like Linux on the 360 is within your reach at last. Peep a
video after the break of the previous version of XeLL doing its thing.

From Engadget.


Xbox 360 Hypervisor Privilege Escalation Vulnerability

We have discovered a vulnerability in the Xbox 360 hypervisor that allows privilege escalation into hypervisor mode. Together with a method to
inject data into non-privileged memory areas, this vulnerability allows
an attacker with physical access to an Xbox 360 to run arbitrary code
such as alternative operating systems with full privileges and full
hardware access.

Technical details:
The Xbox 360 security system is designed around a hypervisor concept. All
games and other applications, which must be cryptographically signed with
Microsoft's private key, run in non-privileged mode, while only a small
hypervisor runs in privileged (“hypervisor”) mode. The hypervisor
controls access to memory and provides encryption and decryption

The policy implemented in the hypervisor forces all executable code to be
read-only and encrypted. Therefore, unprivileged code cannot change
executable code. A physical memory attack could modify code; however,
code memory is encrypted with a unique per-session key, making meaningful
modification of code memory in a broadly distributable fashion difficult.
In addition, the stack and heap are always marked as non-executable, and
therefore data loaded there can never be jumped to by unpriviledged code.

Unprivileged code interacts with the hypervisor via the “sc” (“syscall”)
instruction, which causes the machine to enter hypervisor mode. The
vulnerability is a result of incomplete checking of the parameters passed
to the syscall dispatcher, as illustrated below.

More info at Security Focus.

Upgrade your XBox 360's HD by yourself

TheSpecialist (one of the hackers who worked a lot on the original Xbox (360) DVD Firmware hack) sent us an awesome new tool that will allow you to use your own new SATA HDD in your Xbox360! No more 100usd for 20GB 😉

current tool only works with Western Digital BEVS series HDDs (20GB or
larger needed) and for now you can use max 20GB, but when Microsoft
will release larger drives you will be able to use as much space as
Microsoft's largest HDD.

Official Site: n/a, by TheSpecialist
Download HDDHacker v0.5B: here
Open Xbox360 HDD-case: here
Discuss this news item on our forums: forums.xbox-scene.com

Read the full readme on XBox-Scene.com

Wiinja modchip enables Wii / GameCube backups to function

We've seen plenty of Wii hacks since its November release, and we've even seen a completely uninspiring “hack” to run backup discs, but this time, we're thinking it's for real. The Wiinja modchip is on the loose, and apparently it requires soldering to the Wii innards in order to function, but it purportedly allows for Wii and GameCube
backups to be played back on the console. Unfortunately, there's not a
whole lot of information beyond that, and there's just a single photo
to instruct forthcoming owners how to correctly attach it, but if
there's one thing that helps its case, it's the video. So go on, click
on through for the YouTube demonstration, and start saving up those €40
($52) it'll run you when this hits “commercialization.”

From Engadget.

Audio from Xbox hacker's USC talk

The audio from Andrew “bunnie” Huang's free talk at USC last night is
online, thanks to students Mike Jones and Andy Sternberg. Bunnie came
to fame for breaking the crypto on the Xbox, enabling the creation of
Xbox Linux, and is now working with the startup he founded, Chumby, which makes an open media-player/device.

Bunnie's talk was a fantastic exegesis on the mind of a
reverse-engineer, the perils and promise of hardware hacking, and the
pursuit of business models that encourage smart customers to get the
most out of their devices.

Next week's speaker is EFF Staff Technologist Seth Schoen, whose many claims to fame include authoring the DeCSS Haiku, his sharp critiques of trusted computing, his role in uncovering the color printer secret codes, and many other seminal technical achievements. He also maintains the Bootable Business Card distribution of Linux. Seth speaks at 7PM on Tuesday, Nov 28, at the USC Annenberg School, room 207.
Link, MP3 Link

From Boing Boing.

Play the XBox 360 HD-DVD on your PC

Double Double toil and trouble, well more accurately it’s Torx 5
Torx 7 toil and lots trouble. Enticed by the $199 price, we set
ourselves on a mission to find out if the Microsoft’s XBox 360 HD-DVD
player could work on a normal PC. Now, this can’t be an easy task, can

Knowing there was already software available for Windows XP to play HD-DVD’s, could simply plugging the HD-DVD drive into a PC work? Well, no Windows needs drivers.

If Windows wants drivers, drivers it will get. After installing these drivers magic started to happen. The HD-DVD drive was now recognized in Windows XP. Now we needed a piece of software to actually play the HD-DVD. And after some hard work we managed to find a version of WinDVD 8 that was able to play an HD-DVD movie even on my low end hardware (Granted with some stuttering).

Wow… a $199 HD-DVD for my home theater PC.  DONE!  Read all the details on UNEASYsilence.

MS Replies to XBox Hacks: Hitachi GDR-3120L v0078FK

There's a thread on our forums
about a new version (0078FK) of the Hitachi-LG GDR-3120L Xbox360 DVD
drive found in newly manufactured (starting end august 06 anyway, maybe
earlier too) consoles (mostly found in Australia and UK atm, but soon
probably everywhere).
The drive has many changes to try to make FW hacking harder. Garyopa posted a great summary of all discoveries found so far about this new drive version:

There has been many changes done to the new Hitachi GDR-3120L – Version: 0078fk drive:
* 1: No “memdump” command works, totally new program needed
* 2: Chip type has been changed to a 39VF020, so new “flashsec” program needed
* 3: Black hard glue has been added covering all the chip pins and the controller pins.
* 4: External “debug” triggering into ModeB has been removed.

What does all mean:
* 1: The Team-X kit will no longer work on this drive.
* 2: Dumping the firmware by software is currently not possible
* 3: Wiring in a patching-on-the-fly “mod” would be very hard due to the “new black glue”
* 4: Removing the flash chip to externally be read will destory the drive due to the “new black glue”

What options are left to us:
* 1: Get more people working on this new drive, currently only in UK and Aussie.
* 2: Destory at one drive to be able to dump the firmware, using a external programmer.
* 3: Afterwards sitting down and re-writing all the programs: “memdump, firmcrypt, flashsec”.
* 4: If you can't wait, buy an older produced x360 console (Before Late July/Early Aug. dates).

That's all for now….
We are working on it….
Hopefully some poor soul will give us one personally…
So we can destory it and play with it for everyone else….

From XBox Scene News.