blasteroids.com
Search Search User User name Password  
     
All Platforms PC PS2 PS3 Xbox Xbox 360 Wii
 Home  News  Games  Downloads  Forums  Feedback 
 

News

You are here: blasteroids.com / news / code shown to exploit xbox 360 security /
Latest news

Code shown to exploit Xbox 360 security

Dela @ Mar 01, 2007 12:20 | 13 comments

An anonymous hacker has discovered a way to hack Microsoft's Xbox 360 console in a way that could have allowed an alternative operating system to run on the hardware. For the hack to work, physical access to the hardware is required to take advantage of a vulnerability in the Xbox 360 hypervisor.

The hypervisor provides encryption and decryption services for the console, and controls access to memory. This ensures that all games and other code run on the console need to be cryptographically signed with Microsoft's private key and run in non-privileged read-only mode.

Flaws in the interaction between unprivileged code and the hypervisor led to the groundwork for the hack. The hacker tipped off Microsoft about the problem and the company quickly produced a patch. Proof of concept code and details were published on BugTraq on Wednesday.

Severity:

Critical (Unsigned Code Execution in Hypervisor Mode)

Vendor:

Microsoft

Systems Affected:

All Xbox 360 systems with a kernel version of 4532 (released Oct 31, 2006) and 4548 (released Nov 30, 2006). Versions prior to 4532 are not affected. Bug was fixed in version 4552 (released Jan 09, 2007 - not a Patch Tuesday).

Overview:

We have discovered a vulnerability in the Xbox 360 hypervisor that allows privilege escalation into hypervisor mode. Together with a method to inject data into non-privileged memory areas, this vulnerability allows an attacker with physical access to an Xbox 360 to run arbitrary code such as alternative operating systems with full privileges and full hardware access.

Technical details:

The Xbox 360 security system is designed around a hypervisor concept. All games and other applications, which must be cryptographically signed with Microsoft's private key, run in non-privileged mode, while only a small

hypervisor runs in privileged ("hypervisor") mode. The hypervisor controls access to memory and provides encryption and decryption services.

The policy implemented in the hypervisor forces all executable code to be read-only and encrypted. Therefore, unprivileged code cannot change executable code. A physical memory attack could modify code; however, code memory is encrypted with a unique per-session key, making meaningful modification of code memory in a broadly distributable fashion difficult. In addition, the stack and heap are always marked as non-executable, and therefore data loaded there can never be jumped to by unprivileged code.

Unprivileged code interacts with the hypervisor via the "sc" ("syscall") instruction, which causes the machine to enter hypervisor mode. The vulnerability is a result of incomplete checking of the parameters passed to the syscall dispatcher, as illustrated below.

Read the rest of the technical details at http://www.securityfocus.com/archive/1/461489/30/0/threaded

Source:

The Register


More Recent Gaming News

Date

BioShock release set for August Mar 01, 2007
Take-Two enters settlement for Hot Coffee Mar 01, 2007
Sony: 1000 PS2 games backwards compatible with Euro PS3 Mar 01, 2007
Sony confirms price of UK PS3 downloads Feb 28, 2007
Sony aims to resolve PS3 shortages by May Feb 27, 2007
Sony Australia boss talks about PS3 price Feb 27, 2007
Disney teams up with Macrovision for game downloads Feb 27, 2007
Microsoft changes to Wii strategy Feb 27, 2007
European PS3 titles priced Feb 26, 2007
Best Buy sale, $2 video games Feb 26, 2007

Previous Next

Comments

Comment by: tabletpc (Mar 01, 2007 12:24)

knew about this

they where talking about it on a german video that showed a hacker hacking the 360 to run a screen saver that said mac osx and linux soon

Comment by: Dela (Mar 01, 2007 12:55)

I had thought that was just modified King Kong running on hacked DVD drive firmware?

Comment by: emachine (Mar 01, 2007 14:19)

To bad that hacker gave his goods away to M$. But I bet he made an ass load of cash.

Comment by: dikdimond (Mar 01, 2007 14:30)

I read of rumors that the German video was made with the King Kong modified shaders. I had hoped that it was indeed a true hack. This might be it. Just because this hacker left the cat out of the bag to M$ doesn't mean the exploit can't be reproduced. seriously I doubt he was paid anything

Comment by: hughjars (Mar 01, 2007 18:07)

It's early days but I just hope the XBox 360 can become as good an allround media player as the mk1 XBox was.

Comment by: xhardc0re (Mar 02, 2007 00:54)

hmmmm someone already h4ck0rzd the PS3 Hypervisor to d/l games onto the HDD. aka b00tloader for PS3. now they've taken the same concept & applied to the Xbox360.
Sweet :)

Comment by: duckNrun (Mar 02, 2007 13:57)

xhardc0re to self: I 4|\/| $0 |<3\/\/l 83c@u53 1 C4|\| U$E LE3+

Most other people to themselves: j00 @Re 50 |<3\/\/l U5iNG L33t$P34k 1N 4 PUbl1c PH0Ru|\/|...|\|Ot!

sorry just a pet peeve of mine.

Comment by: xhardc0re (Mar 02, 2007 15:48)

Originally posted by duckNrun:
xhardc0re to self: I 4|\/| $0 |<3\/\/l 83c@u53 1 C4|\| U$E LE3+

Most other people to themselves: j00 @Re 50 |<3\/\/l U5iNG L33t$P34k 1N 4 PUbl1c PH0Ru|\/|...|\|Ot!

sorry just a pet peeve of mine.


u seem to have a lot of pet peeves buddy. where's some actual content in your msg about the story? having a bad day? :( :( :(

Comment by: duckNrun (Mar 02, 2007 16:09)

lol actually not a bad day at all, just hate to see leet in a public forum knowing that most people cant read it. Seems pointless, like posting french in an all english forum.

peace

Comment by: kshep92 (Mar 03, 2007 09:02)

... OK, righty-o. Anyway, It would have been cool to see this exploit built on and expanded. Imagine the possibilities!! This could have been the first X360 mod... looks like my waiting period to buy one is extended :(

Comment by: Bageland (Mar 03, 2007 16:45)

x hardcore said: you are so lame using leetspeak in a public forum...not!
yea ur cool

Comment by: DXR88 (Nov 06, 2007 17:25)

Quote:
xhardc0re to self: I 4|\/| $0 |<3\/\/l 83c@u53 1 C4|\| U$E LE3+ = i am so cool i can use leet

Thats one out of many. the real question is how he was able to get as far as he did.

Comment by: marcusita (Nov 09, 2007 11:27)

This is very old news.

   

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums
Software: Software downloads
Blogs: User profile pages
RSS feeds: Digital Technology News | Latest Software Updates International: fin.AfterDawn.com | Download.fi | fin.MP3Lizard.com
Navigate: Search
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 2024 by AfterDawn Ltd.