We have discovered a vulnerability in the Xbox 360 hypervisor that allows privilege escalation into hypervisor mode. Together with a method to
inject data into non-privileged memory areas, this vulnerability allows
an attacker with physical access to an Xbox 360 to run arbitrary code
such as alternative operating systems with full privileges and full
The Xbox 360 security system is designed around a hypervisor concept. All
games and other applications, which must be cryptographically signed with
Microsoft's private key, run in non-privileged mode, while only a small
hypervisor runs in privileged (“hypervisor”) mode. The hypervisor
controls access to memory and provides encryption and decryption
The policy implemented in the hypervisor forces all executable code to be
read-only and encrypted. Therefore, unprivileged code cannot change
executable code. A physical memory attack could modify code; however,
code memory is encrypted with a unique per-session key, making meaningful
modification of code memory in a broadly distributable fashion difficult.
In addition, the stack and heap are always marked as non-executable, and
therefore data loaded there can never be jumped to by unpriviledged code.
Unprivileged code interacts with the hypervisor via the “sc” (“syscall”)
instruction, which causes the machine to enter hypervisor mode. The
vulnerability is a result of incomplete checking of the parameters passed
to the syscall dispatcher, as illustrated below.
More info at Security Focus.
TheSpecialist (one of the hackers who worked a lot on the original Xbox (360) DVD Firmware hack) sent us an awesome new tool that will allow you to use your own new SATA HDD in your Xbox360! No more 100usd for 20GB 😉
current tool only works with Western Digital BEVS series HDDs (20GB or
larger needed) and for now you can use max 20GB, but when Microsoft
will release larger drives you will be able to use as much space as
Microsoft's largest HDD.
Official Site: n/a, by TheSpecialist
Download HDDHacker v0.5B: here
Open Xbox360 HDD-case: here
Discuss this news item on our forums: forums.xbox-scene.com
Read the full readme on XBox-Scene.com.
The audio from Andrew “bunnie” Huang's free talk at USC last night is
online, thanks to students Mike Jones and Andy Sternberg. Bunnie came
to fame for breaking the crypto on the Xbox, enabling the creation of
Xbox Linux, and is now working with the startup he founded, Chumby
, which makes an open media-player/device.
Bunnie's talk was a fantastic exegesis on the mind of a
reverse-engineer, the perils and promise of hardware hacking, and the
pursuit of business models that encourage smart customers to get the
most out of their devices.
From Boing Boing.
Double Double toil and trouble, well more accurately it’s Torx 5
Torx 7 toil and lots trouble. Enticed by the $199 price, we set
ourselves on a mission to find out if the Microsoft’s XBox 360 HD-DVD
player could work on a normal PC. Now, this can’t be an easy task, can
Knowing there was already software available for Windows XP to play HD-DVD’s, could simply plugging the HD-DVD drive into a PC work? Well, no Windows needs drivers.
If Windows wants drivers, drivers it will get. After installing these drivers magic started to happen. The HD-DVD drive was now recognized in Windows XP. Now we needed a piece of software to actually play the HD-DVD. And after some hard work we managed to find a version of WinDVD 8 that was able to play an HD-DVD movie even on my low end hardware (Granted with some stuttering).
Wow… a $199 HD-DVD for my home theater PC. DONE! Read all the details on UNEASYsilence.