The Lazy Genius

Security News & Brain Dumps from Xavier Ashe, a Bit9 Client Partner

Archive for the ‘XBox Hacks’ Category

Hacking Linux onto your 360 just got a wee bit easier

Posted by Xavier Ashe on March 31, 2007

Once again, we're a far cry from PS3-Linux-easy, but those 360 kids seem rather hard to dissuade. The latest development on the XeLL bootloader front is that you no longer need a serial cable hooked up for executing the boot loader, all you need is a 360 set up for running burned DVDs,
a modified version of the King Kong disc — you'll want the original
game, Windows and a DVD burner to get that together — and of course a
Live CD with XeLL and your Linux distro all prepped to go. By now we're
sure we don't need to tell you that this is limited to those lucky 4532
and 4548 kernels, but if you've got all of the above ingredients, plus
a little bit of patience and complete disregard for warranty voidance,
it looks like Linux on the 360 is within your reach at last. Peep a
video after the break of the previous version of XeLL doing its thing.

From Engadget.

Advertisements

Posted in XBox Hacks | Leave a Comment »

Xbox 360 Hypervisor Privilege Escalation Vulnerability

Posted by Xavier Ashe on March 6, 2007

Overview:
We have discovered a vulnerability in the Xbox 360 hypervisor that allows privilege escalation into hypervisor mode. Together with a method to
inject data into non-privileged memory areas, this vulnerability allows
an attacker with physical access to an Xbox 360 to run arbitrary code
such as alternative operating systems with full privileges and full
hardware access.

Technical details:
The Xbox 360 security system is designed around a hypervisor concept. All
games and other applications, which must be cryptographically signed with
Microsoft's private key, run in non-privileged mode, while only a small
hypervisor runs in privileged (“hypervisor”) mode. The hypervisor
controls access to memory and provides encryption and decryption
services.

The policy implemented in the hypervisor forces all executable code to be
read-only and encrypted. Therefore, unprivileged code cannot change
executable code. A physical memory attack could modify code; however,
code memory is encrypted with a unique per-session key, making meaningful
modification of code memory in a broadly distributable fashion difficult.
In addition, the stack and heap are always marked as non-executable, and
therefore data loaded there can never be jumped to by unpriviledged code.

Unprivileged code interacts with the hypervisor via the “sc” (“syscall”)
instruction, which causes the machine to enter hypervisor mode. The
vulnerability is a result of incomplete checking of the parameters passed
to the syscall dispatcher, as illustrated below.

More info at Security Focus.

Posted in XBox Hacks | Leave a Comment »

Upgrade your XBox 360's HD by yourself

Posted by Xavier Ashe on January 29, 2007

TheSpecialist (one of the hackers who worked a lot on the original Xbox (360) DVD Firmware hack) sent us an awesome new tool that will allow you to use your own new SATA HDD in your Xbox360! No more 100usd for 20GB 😉

The
current tool only works with Western Digital BEVS series HDDs (20GB or
larger needed) and for now you can use max 20GB, but when Microsoft
will release larger drives you will be able to use as much space as
Microsoft's largest HDD.

Official Site: n/a, by TheSpecialist
Download HDDHacker v0.5B: here
Open Xbox360 HDD-case: here
Discuss this news item on our forums: forums.xbox-scene.com

Read the full readme on XBox-Scene.com

Posted in XBox Hacks | Leave a Comment »

Wiinja modchip enables Wii / GameCube backups to function

Posted by Xavier Ashe on January 28, 2007

We've seen plenty of Wii hacks since its November release, and we've even seen a completely uninspiring “hack” to run backup discs, but this time, we're thinking it's for real. The Wiinja modchip is on the loose, and apparently it requires soldering to the Wii innards in order to function, but it purportedly allows for Wii and GameCube
backups to be played back on the console. Unfortunately, there's not a
whole lot of information beyond that, and there's just a single photo
to instruct forthcoming owners how to correctly attach it, but if
there's one thing that helps its case, it's the video. So go on, click
on through for the YouTube demonstration, and start saving up those €40
($52) it'll run you when this hits “commercialization.”

From Engadget.

Posted in PSP Hacks, Security, XBox Hacks | Leave a Comment »

Audio from Xbox hacker's USC talk

Posted by Xavier Ashe on November 28, 2006

The audio from Andrew “bunnie” Huang's free talk at USC last night is
online, thanks to students Mike Jones and Andy Sternberg. Bunnie came
to fame for breaking the crypto on the Xbox, enabling the creation of
Xbox Linux, and is now working with the startup he founded, Chumby, which makes an open media-player/device.

Bunnie's talk was a fantastic exegesis on the mind of a
reverse-engineer, the perils and promise of hardware hacking, and the
pursuit of business models that encourage smart customers to get the
most out of their devices.

Next week's speaker is EFF Staff Technologist Seth Schoen, whose many claims to fame include authoring the DeCSS Haiku, his sharp critiques of trusted computing, his role in uncovering the color printer secret codes, and many other seminal technical achievements. He also maintains the Bootable Business Card distribution of Linux. Seth speaks at 7PM on Tuesday, Nov 28, at the USC Annenberg School, room 207.
Link, MP3 Link

From Boing Boing.

Posted in XBox Hacks | Leave a Comment »

Play the XBox 360 HD-DVD on your PC

Posted by Xavier Ashe on November 14, 2006

Double Double toil and trouble, well more accurately it’s Torx 5
Torx 7 toil and lots trouble. Enticed by the $199 price, we set
ourselves on a mission to find out if the Microsoft’s XBox 360 HD-DVD
player could work on a normal PC. Now, this can’t be an easy task, can
it?

Knowing there was already software available for Windows XP to play HD-DVD’s, could simply plugging the HD-DVD drive into a PC work? Well, no Windows needs drivers.

If Windows wants drivers, drivers it will get. After installing these drivers magic started to happen. The HD-DVD drive was now recognized in Windows XP. Now we needed a piece of software to actually play the HD-DVD. And after some hard work we managed to find a version of WinDVD 8 that was able to play an HD-DVD movie even on my low end hardware (Granted with some stuttering).

Wow… a $199 HD-DVD for my home theater PC.  DONE!  Read all the details on UNEASYsilence.

Posted in XBox Hacks | Leave a Comment »

MS Replies to XBox Hacks: Hitachi GDR-3120L v0078FK

Posted by Xavier Ashe on October 16, 2006

There's a thread on our forums
about a new version (0078FK) of the Hitachi-LG GDR-3120L Xbox360 DVD
drive found in newly manufactured (starting end august 06 anyway, maybe
earlier too) consoles (mostly found in Australia and UK atm, but soon
probably everywhere).
The drive has many changes to try to make FW hacking harder. Garyopa posted a great summary of all discoveries found so far about this new drive version:

[QUOTE]
There has been many changes done to the new Hitachi GDR-3120L – Version: 0078fk drive:
* 1: No “memdump” command works, totally new program needed
* 2: Chip type has been changed to a 39VF020, so new “flashsec” program needed
* 3: Black hard glue has been added covering all the chip pins and the controller pins.
* 4: External “debug” triggering into ModeB has been removed.

What does all mean:
* 1: The Team-X kit will no longer work on this drive.
* 2: Dumping the firmware by software is currently not possible
* 3: Wiring in a patching-on-the-fly “mod” would be very hard due to the “new black glue”
* 4: Removing the flash chip to externally be read will destory the drive due to the “new black glue”

What options are left to us:
* 1: Get more people working on this new drive, currently only in UK and Aussie.
* 2: Destory at one drive to be able to dump the firmware, using a external programmer.
* 3: Afterwards sitting down and re-writing all the programs: “memdump, firmcrypt, flashsec”.
* 4: If you can't wait, buy an older produced x360 console (Before Late July/Early Aug. dates).

That's all for now….
We are working on it….
Hopefully some poor soul will give us one personally…
So we can destory it and play with it for everyone else….

From XBox Scene News.

Posted in XBox Hacks | Leave a Comment »

Xbox modder gets home detention

Posted by Xavier Ashe on August 9, 2006

Late last year, three men who worked at the ACME Game Store on Melrose Boulevard in Los Angeles were charged
with copyright infringement for selling illegally modded Xboxes. The
consoles were outfitted with special chips and larger hard drives which
allowed them to play and rip illegal copies of games. Jason Jones, the
owner of the store, has been sentenced to six months of home detention,
reports KCAL 9 News.
On top of the six months of home detention, which includes wearing an
electronic ankle bracelet to track his location, Jones will serve three
years of probation. A second man, Jonathon Bryant, will serve only the
three years probation after Jones admitted he was the sole owner of the
store. A third man, Pei Cai, remains at large and is considered a
fugitive. Jones and Bryant were also ordered to pay more than $2,600 to
the Entertainment Software Association (ESA).

From GameSpot News.

Posted in XBox Hacks | Leave a Comment »

Xbox 360 Piracy Spreading Fast In China

Posted by Xavier Ashe on July 27, 2006

 
As part of Gamasutra's visit to Shanghai for this week's ChinaJoy game
exhibition, we've discovered that Xbox 360 game piracy appears to be
spreading notably in the country, with at least one vendor offering
Xbox 360 titles such as Hitman: Blood Money for around 30 Chinese yuan ($3.50).

This development has occurred after an incident in March 2006, in which hackers managed to flash changes to the firmware
on the Xbox 360's DVD-ROM drive which allowed non-authenticated
(copied) games to be played. Further information on the hack surfaced
in late May, when other parties appear to have released a public
version of the exploit, and Microsoft's Gamerscore Blog published an official response to the problem.

But, judging by the shrinkwrapped copies of Xbox 360 titles available
publically in the country, Microsoft's much-vaunted security system has
been definitively bypassed for physical media-based Xbox 360 games –
with stores or individuals in Shanghai presumably offering to flash the
Xbox 360's disc drive BIOS for a fee.

As for the large selection of Xbox 360 games available, a recent Chinese-language article at Sina.com pictures some of the titles readily available at game vendors throughout China, also including Ninety-Nine Nights, Fight Night Round 3, and Project Gotham Racing 3.

Read the full article on Gamasutra.

Posted in XBox Hacks | Leave a Comment »

XBox-Scene News show us the goods…

Posted by Xavier Ashe on July 22, 2006

Here are some high-res pictures of the sample we received of the Globe 360 (pre-order) dual-firmware DVD chip with “on-the-fly” DVD-key patching.

Globe 360 Globe 360

More Pictures:
* Close-up of Actel CPLD chip: low-res | high-res
* Close-up of socket-ed SST flash-chip: low-res | high-res
* Close-up back of PCB: low-res | high-res

Features:
*
Plug&Play: Don't need the extraction of drive-key from the original
firmware of drive on your console, only install the chip and the
“unsigned” firmware on-board will be boot.
* Firmware-drive Upgrade:
you can use an upgraded firmware for better performance of your
DVD-drive to reading DVD-R DL support (ex: you should use on Hitachi-LG
the firmware vers. 059 instead your original 47D or 46D).
*
Electronic Switch ON/OFF: enable or disable the chip when turn-on your
console by power button, you can check the state of chip by a
led-indicator.
* Easy Reprogrammable Flash eprom: the on-board flash
eprom is mounted on a socket connector for an easy and clean remove in
order to fast reprogramming it.
* Compatible with all DVD-drives on the market (Hitachi-LG and Toshiba-Samsung).
* High reliability through ACTEL CPLD technology.

Official Site: http://www.globe-360.com
Install Diagrams: Toshiba-Samsung | Hitachi-LG
Pre-Order Globe 360 ($53): divineo.com
Discuss this news item on our forums: forums.xbox-scene.com

From XBox-Scene News.

Posted in XBox Hacks | Leave a Comment »

NME-360 XBox Mod Chip

Posted by Xavier Ashe on July 11, 2006

We are proud to introduce the first real Modchip for the Xbox360!

The
NME-360 enables your XBox360 to play backups of your highly valuable
original games. NME-360 is a universal solution for ALL currently
available XBox360 Consoles on the market. Forget crazy dual mods with
30+ wires or even bricking your DVD drive by flashing corrupt/wrong
firmware files. Your original firmware stays untouched and intact at
any time when using the NME-360. There is no need for any
firmware-reading or flashing.

Simply install the NME-360 with 4 cables for Samsung or 11 wires for Hitachi/LG and you are done…NME-360 – the clever solution:

The
NME-360 autodetects the inserted media. If the inserted media is a
backup NME-360 injects the necessary information to the DVD drive
enabling it to boot smoothly ahead! If the media is an original game,
or anything else, which doesnt require any further action of the
NME-360 then it simply falls asleep so there is no need for an external
switch whatsoever. This way it can not be detected online when you play
an original online game.

Official Site: http://www.team-underdog.com.  Expected Retail Price: $50  Thanks to hitman43[ModControl] and gamefreax for the news/link.  Found on forums.xbox-scene.com.

Posted in XBox Hacks | Leave a Comment »

How-to Backup Your Original XBOX 360 Games

Posted by Xavier Ashe on May 21, 2006

Now that you've flashed your Xbox 360's firmware
to enable the playing of backup discs, you probably want to start
actually backing up those expensive games you bought in case they get
scratched or perhaps even melted by your toasty 360. And luckily for
you, CleverMod has posted just the step-by-step instructions you need
for ripping your games and then burning the images onto dual-layer DVDs
— but keep in mind, you're voiding about a million warranties with all
of this flashing and ripping and such. Basically, CleverMod's method
involves disassembling a DVD drive so that you can switch discs without
hitting the eject button, and then installing a program called WxRipper
that finds a so-called “magic number” from any regular 8+GB dual-layer
DVD. The program then uses that data to unlock a substituted 360 disc
and dump a RAW copy onto your hard drive, which can be burned onto a
blank disc and presumably played using the Commodore4Eva hack on
Toshiba-Samsung drive-sporting 360s. And just to be super clear, if you
don't own a copy of the game you're ripping, then you're not allowed to
do this (i.e. Blockbuster, GameFly games are off-limits).

From Engadget.

Posted in XBox Hacks | Leave a Comment »

Xbox Waterballoon Fight In Real Life

Posted by Xavier Ashe on April 3, 2006

Those crazy aussies are trying to recreate the famous water balloon fight commercial for the Xbox 360 in Sydney on April 22.

Xbox 360 is hoping to set the world record for largest water balloon
fight at Coogee Beach in Sydney to celebrate the console's launch. You
have to buy tickets to get in, but each entry comes with an Xbox 360
Challenge Pack.

The pack's include an unnamed 360 game, a T-shirt (which I desperately want), atrucker cap, swimming goggles and canvas bag.

The event will include hands-on time with unreleased games, music by
Melbourne band Kisschasy and both a radio station and a TV show both
capturing all of the fun.

The current record for largest water balloon fight was set in 2005 when 2,677 Spaniards threw 50,855 balloons.

From Kotaku.com.

Posted in For Fun, XBox Hacks | Leave a Comment »

Team Avalaunch Xbox360 SATA Adapter

Posted by Xavier Ashe on April 3, 2006

Here are some shots we received of another Xbox 360
Harddrive SATA adapter currently in development by the guys at Team
Avalaunch(info).
The small PCB will allow you to connect your Xbox 360 HD on your PC
without removing it from its case. You'll notice that for the
connection to the Xbox 360 HD and for the PC SATA data-cable they used
simple tracks/lines on the PCB. For the power there are 2 options:
either a mini-B USB port (like used on PSP or many digital cams for
example) so you can power the Xbox 360 HD with a cable from your PC's
USB port (data will still go over SATA, this is no SATA-to-USB device)
or you can power the HD via a standard 5v pin (like you can find on
many electronic devices like the connector to recharge your PSP for
example). There will also be adapters for both small and large HD power
connectors to get power from the PC PSU.
The public/retail release
is expected just after easter. There's no final price yet, but they are
working on getting an as low as possible retail price.

Xbox-Scene
Xbox-SceneXbox-Scene

More Pictures:
* Back Avalaunch 360 SATA PCB: low-res | high-res
* Top PCB with no components: low-res | high-res
* Bottom PCB with no components: low-res | high-res

From XboxScene News.

Posted in XBox Hacks | Leave a Comment »

wxRipper v1.2 and wx360 v1.6

Posted by Xavier Ashe on January 25, 2006

Gael360 released a new version of his tools to dump
Xbox 360 discs with a PC DVD-drive using an hot-swap method (means
you'll have to open your drive – see previous news). This is a translation from french to english of what he said on the gueux forums about the new release:

I
just released a big update of my tools, you will now be able to find
the 'magic number' immediatly, without having to scan an unknown Xbox
360 DVD.

So there's no longer a difference between known and unknown games, they will all be detected/dumped the same way.

The
advantage of this method is that you will be able to use wx360 directly
to open the content of the DVD without having to dump it first. After
doing the hot-swap you'll just have to open wx360, select the DVD-drive
and click the DVD icon.

wxRipper will thus have a feature to find
the 'magic number' immediately, without scanning the Xbox 360 DVD. The
features related to dumping did not change.

Posted in Tools, XBox Hacks | Leave a Comment »

Stream DivX Movies to your Xbox 360

Posted by Xavier Ashe on January 17, 2006

this article shows how to stream DivX (and XviD) movies to an XBox 360 using a
Media Center. for the picky people, it doesn't actually stream DivX … it
converts to WMV on the fly to stream. the core process for accomplishing
this is taken from a thread found on the XBox forums :
Playing DivX movies without having to Re-encode, through media centre
.
and this might be the original post (in German) : Divx
mit Mediaencoder auf die Xbox360 streamen!
, so they get credit
for pioneering this approach. it works fine, but has the disadvantage
that you have to manually set up the encoding process on your Media Center and
then move over to the XBox 360 to watch it. so all this article really
does is provide an MCE interface so you can control everything from your XBox
360 being used as an MCE Extender. i.e. its for lazy people. it was also an
excuse for me to write a ListMaker AddIn for MCE … which i hadn't done yet.
not to mention my MCE setup doesnt have a TV Tuner and only has 32 megs of
video RAM, so i cannot play video on it at all 😦

From Brains-n-Brawn.com.  Be patient, Digg effect in force.

Posted in XBox Hacks | Leave a Comment »

bf Unpacker

Posted by Xavier Ashe on January 17, 2006

th0mas has posted in the forums about an unpacker he wrote for .bf files. It should unpack the files such as “KingKongTheGame_clean.bf”. (see this discussion)

C souce: http://th0mas.sixbit.org/bfunpack.c

Untested windows binary: http://th0mas.sixbit.org/bfunpack.exe

From XboxHacker.net.

Posted in XBox Hacks | Leave a Comment »

I.C.E. chip a scam, real modchips on their way

Posted by Xavier Ashe on January 13, 2006

Well … in fact the article from team xecuter is mainly about one of the 'hot' discussions currently in the scene: the Team I.C.E. 'modchip' for the Xbox 360. Xecuter(info) received an email (which we received too) from Divineo giving even more reasons to think this modchip is fake:

The
360 chip is 99% a scam, we had booked tickets to go meet them, we were
ready to make huge prepayment and more after we meet the guys at their
office and see the working X-Box 360 with back-ups they 100% confirmed
they had and it was no problem to show etc. Now at last second they
cancelled, with some lame reason, those guys are scammers I really
believe. They did the same to Xenium(info), backed off and changed completely what they said.

You might have noticed we ignored anything related to this chip so far here on the news (it's of course heavily discussed on our forums).
The reason is very simple, I think most of our visitors trust our news
for this type of information and we don't want to give attention to
fakes/scams (good or bad news it's all publicity). So just like we
don't post about fake bootdiscs, videos and alike (posting such things
will just motivate even more people to do similar 'jokes'), new teams
announcing a new modchip concept will have to provide enough proof (so
no fake pictures, impossible OS features and what-not) or support from
trusted teams/people/shops before we'll post about it.

Anyways (damn, now I still ended up talking about that chip on the news) … what I wanted to post about is that team xecuter re-confirms
that real 1st-gen modchips are coming in a reasonable amount of time to
the Xbox 360, taking the doubt away from some people that they were
referring to the 'thing' above in their previous news post:

We
can assure you there will be more than one type of mod available from
different groups in the coming weeks/months – just be patient.

From Xbox-Scene.

Posted in XBox Hacks | Leave a Comment »

Xbox 360 Hacks: Modchip and Hot Swap

Posted by Xavier Ashe on January 12, 2006

Got two bits of new on the 360 hacking front.  First is the existance of a 360 mod chip:

Testing has been completed by our affilate Infinitymods.com
! The I.C.E. Chip v1 is confirmed working with xbox 360 NTSC Units, at
this time. PAL is currently under testing but should have no issues.
Samples can be provided apon release date of the chip for bulk orders
only, and are limited. Stay Tuned for updates !

The makers of this modchip is Team I.C.E. and looks like will be selling through a number of retailers.  Other info gathered:  Price is retail , Wires are 20-30, Install time is approx 25 minutes, able to direct boot backups, dumped isos, or full rips.

Also, here's a video showing a hot swap trick to play a backup of PGR3.  Good Stuff:

Posted in XBox Hacks | Leave a Comment »

Xbox 360 inches closer to piracy with bootable, modifiable kiosk DVD

Posted by Xavier Ashe on January 3, 2006

An Xbox 360 hacker's checklist:

  • Being able to rip games off of Xbox 360 DVD discs? Check
  • Being able to boot the system off of a custom disc? Check
  • Being able to run home-grown code on the Xbox 360? Not yet
  • Being able to decrypt ripped games so that copies of them can be used? Not
    yet

If the group of hackers that call themselves “Pi,” is to be believed, the second item in the checklist
above has been achieved by exploiting unencrypted content contained on disks intended for use on Xbox 360 kiosks in
European retail locations. They write, “This leaves hackers with the possibility to hack around with this disc
that load from a normal DVDR5 backup! …. YES you can run this! Burn the iso, put it into your xbox and be very
amazed….”

Link.

Posted in XBox Hacks | Leave a Comment »

 
%d bloggers like this: