Forgot your password?
typodupeerror
XBox (Games) Security

Xbox Hypervisor Security Protection Hacked 232

Posted by samzenpus
from the they're-in dept.
ACTRAiSER writes "A recent Post on Bugtraq claims the hack of the Xbox 360 Security Protection Hypervisor. It includes sample code as well." From Bugtraq "We have discovered a vulnerability in the Xbox 360 hypervisor that allows privilege escalation into hypervisor mode. Together with a method to inject data into non-privileged memory areas, this vulnerability allows an attacker with physical access to an Xbox 360 to run arbitrary code such as alternative operating systems with full privileges and full hardware access."
This discussion has been archived. No new comments can be posted.

Xbox Hypervisor Security Protection Hacked

Comments Filter:
  • Yes. (Score:5, Funny)

    by TJ_Phazerhacki (520002) on Wednesday February 28, 2007 @08:52PM (#18189112) Journal
    All well and good, but....


    Will it run DOOM?

  • huh? (Score:5, Funny)

    by User 956 (568564) on Wednesday February 28, 2007 @08:54PM (#18189130) Homepage
    A recent Post on Bugtraq claims the hack of the Xbox 360 Security Protection Hypervisor.

    Is that like some primitive version of what Geordi Laforge wears?
  • Does it run Linux......yet?
  • Attacker?? (Score:5, Insightful)

    by Anonymous Coward on Wednesday February 28, 2007 @08:56PM (#18189160)

    this vulnerability allows an attacker with physical access to an Xbox 360 to run arbitrary code such as alternative operating systems with full privileges and full hardware access.


    Wait. Don't you mean this allows an Xbox 360 user to run arbitrary code such as alternative operating systems with full privileges and full hardware access on the machine they rightfully own ?

    How is this an attack, except in the eyes of MS?
    • Re:Attacker?? (Score:4, Insightful)

      by Overly Critical Guy (663429) on Wednesday February 28, 2007 @09:04PM (#18189234)
      It's just security flaw terminology. You're taking something personally that's not meant to be read that way.
      • by MullerMn (526350)
        It's just security flaw terminology. You're taking something personally that's not meant to be read that way.

        Stop criticising me!
    • Re: (Score:2, Interesting)

      by Frosty Piss (770223)

      Wait. Don't you mean this allows an Xbox 360 user to run arbitrary code such as alternative operating systems with full privileges and full hardware access on the machine they rightfully own ?

      Well, yes, if you can get it to work you can run anything you want on your XBox. Has Microsoft ever said you couldn't? Did they make any legal threats? No, no I don't think so. As much as youmight want to be a martyre for The Cause, the police will not be looking for you simply because you have voided your Xbox warra

      • The free60 project ( http://free60.org/ [free60.org] ) has been trying to run Linux on the Xbox360 since it came out, with no success. Microsoft has definitely gone out of their way to prevent this.

        Look around the free60 wiki. For instance, from this page (http://wiki.free60.org/HDD) the Xbox360 will only use hard drives that have a Microsoft PNG logo stored in a certain location on them. For someone trying to boot Linux off the hard drive, in addition to the technical hurdles of hacking the OS they also have to w
        • Re: (Score:3, Informative)

          by drinkypoo (153816)

          the Xbox360 will only use hard drives that have a Microsoft PNG logo stored in a certain location on them. For someone trying to boot Linux off the hard drive, in addition to the technical hurdles of hacking the OS they also have to wrestle with trademark infringement.

          Negative. Courts have already ruled this is OK. IIRC it was a case dealing with the Sega Genesis, which had to have a sega copyright notice in the ROM to play the game. They ruled that you could put that notice in there legally because it was

          • Thanks for the info. Still, I have to wonder why Microsoft bothered if it wasn't for protectionist reasons.
            • by Raenex (947668)

              Still, I have to wonder why Microsoft bothered if it wasn't for protectionist reasons.

              It was definitely for protectionist reasons. Throw up a bunch of shit and see what sticks. It's just something else they can harass you in court over, even though they know courts have ruled against it in the past. The DMCA is the real kicker, though. Can they make illegal any Linux solution that gives you full access to the hardware, because it allows you to play copied games?

        • And that's why the proper course of action is not to try to hack proprietary shit, but bur rather to boycott it in-the first place!

    • Re: (Score:3, Interesting)

      See my comment here [slashdot.org]

      You might think you own it, but SUPRISE, you are licensing it. You probably could have found the completely abiguous statement on that little postcard you threw away.
      • You might think you own it, but SUPRISE, you are licensing it.


        Says who? Microsoft? Why do you think that is the case? Because Microsoft said so?

      • You might think you own it, but SUPRISE, you are licensing it. You probably could have found the completely abiguous statement on that little postcard you threw away.

        It's possible that our world is warped enough that that shit works for software. Having a license agreement to use a copyrighted work that you've bought a copy of at a store is absurd, but there's the outside chance that the courts have bought that bullshit and have set precedents making it legal.

        There's no way it works that way for hardware.

      • Re:Attacker?? (Score:5, Informative)

        by karmatic (776420) on Thursday March 01, 2007 @01:48AM (#18191206)
        Quoth the parent: See my comment here.

        You might think you own it, but SUPRISE, you are licensing it.


        The fact you keep repeating the same wrong information doesn't make it any less wrong.

        Adobe made that same claim you are making. It didn't go over well in court. [cryptome.org] It didn't go over too well for Microsoft either (Microsoft Corp. v. DAK Indus). Novell tried that argument, and got shot down too (Novell, Inc. v. CPU Distrib., Inc., 2000 ).

        "...the Ninth Circuit held that the economic realities of the agreement indicated that it was a sale, not a license to use."

        "... Like Adobe, CPU argued that it purchased the software from an authorized source, and was entitled to resell it under the first sale doctrine. Novell claimed that it did not sell software but merely licensed it to distribution partners. The court held that these transactions constituted sales and not a license, and therefore that the first sale doctrine applied. 2000 U.S. Dist. Lexis 9975 at *18."

        "...The Court finds that the circumstances surrounding the transaction strongly suggests that the transaction is in fact a sale rather than a license. For example, the purchaser commonly obtains a single copy of the software, with documentation, for a single price, which the purchaser pays at the time of the transaction, and which constitutes the entire payment for the "license." The license runs for an indefinite term without provisions for renewal. In light of these indicia, many courts and commentators conclude that a "shrinkwrap license" transaction is a sale of goods rather than a license."

        "...Ownership of a copy should be determined based on the actual character, rather than the label, of the transaction by which the user obtained possession. Merely labeling a transaction as a lease or license does not control. If a transaction involves a single payment giving the buyer an unlimited period in which it has a right to possession, the transaction is a sale."

        "Raymond Nimmer, The Law of Computer Technology 1.18[1] p. 1-103 (1992). The Court agrees that a single payment for a perpetual transfer of possession is, in reality, a sale of personal proper and therefore transfers ownership of that property, the copy of the software. "

        So, at least in the US, a one-time payment for a perpetual use of software is a SALE, regardless of what you call it, and rightfully so. They can't change that with a EULA any more than a car dealership could claim you had a one-time lease payment, with a lifetime use period and the right to transfer the lease for free (thus avoiding legal regulations with regards to sale of vehicles). Any reasonable court would rule that such was a sale, not a lease. What you call it doesn't matter.
    • by Ungrounded Lightning (62228) on Wednesday February 28, 2007 @09:27PM (#18189454) Journal
      Wait. Don't you mean this allows an Xbox 360 user to run arbitrary code such as alternative operating systems with full privileges and full hardware access on the machine they rightfully own ?

      It's a joke!

      The guy who caught the bug is using techie humor in perfect hacker tradition. He's pretending to take things utterly literally and following them to a redicuilous extreme.

      In this case he's doing it by publishing a report of how to crack an Xbox and run an arbitrary OS on it - with complete details on how to replicate it - as a bug report. And he went through the entire procedure:
        - Identify and diagnose the problem.
        - Build a proof-of-concept test.
        - Check it against the latest release (and find the bug still there).
        - Notify the vendor (who ignores the report, as usual).
        - Give him time to respond (which he doesn't).
        - Give a public demonstration.
        - Respond in friendly fashion to the vendor-initiated contact (after the public demo lights a fire), giving him the details of the proof-of-concept.
        - Give the vendor some time to generate and publish a patch.
        - Publish the complete details of the exploit.
      He did this just as if it were a bug, rather than a "feature".

      Now there is "improved" firmware that fixes the hole. And the complete details are out there. If anybody who actually owns an Xbox who doesn't want to "fix" the "bug" and leaves his firmware backdated, so he can "be exploited by himself" by loading Linux, *BSD, or whatever on his own Xbox, well, that's what he gets for not staying up to date on patch levels.

      ROTFLMAO!

      Meanwhile the "anonymous hacker" has published (on Bugtraq no less) complete details of how to crack the Xbox (with a backdated firmware load) and run an arbitrary OS on it with full privileges. Yet when it comes to the DMCA he's squeaky-clean. The MAFIAAs and Microsoft have absolutely no claim against him if anybody out there happens to "exploit himself" and use this "bug" to break their "trusted" computing platform.

      But there's one thing I don't understand:

      Why didn't samzenpus use "The Foot" when he approved this article? B-)

      • One problem with your amusing story: Microsoft did respond with a patch that closed the hole.
        • Read it again Sherlock; he mentioned that.
        • One problem with your amusing story: Microsoft did respond with a patch that closed the hole.

          So did you install it? Without a way to back out if it broke something? B-)
        • Actually, those who broke the 5v line that causes the Efuse to be blown upon updating can reopen said hole. Those looking to mod the console did this quite some time ago.
    • Not entirely true. They are selling you a machine a radically discounted price for a specific use, gaming. They aren't selling a general use computer. They are ineffect giving you a gaming machine at a bargin price so they limit what you are permitted to do with it to avoid competing with themselves. If most people tried to mod out their game stations to turn them into desktops as well then it could potentially cut into their desktop business and force them to charge full price for the game boxes making the
      • Re: (Score:2, Flamebait)

        by Ash-Fox (726320)

        Not entirely true. They are selling you a machine a radically discounted price for a specific use, gaming.

        And they still lock the hardware from letting you use it the way you please

        They aren't selling a general use computer.

        And? It's still your hardware.

        They are ineffect giving you a gaming machine at a bargin price so they limit what you are permitted to do with it to avoid competing with themselves.

        Bargain? I can't afford it. Sorry, I have to disagree.

        If most people tried to mod out their game stations t

      • by Yartrebo (690383)
        Basic economic theory says that it's inefficient to do this - it results in more machines being sold than would be ideal, just like selling printers for a time a dozen encourages people to junk perfectly functional printers while going to great lengths to avoid wasting what should be very cheap ink.

        The proper price for the machine is cost + reasonable profit, and the proper price for games is cost + reasonable profit. The legal system should be enforcing that via the anti-trust department, not doing the opp
    • by Tweekster (949766)
      What if I shoplifted it?
  • by sdo1 (213835) on Wednesday February 28, 2007 @09:01PM (#18189196) Journal
    I've been looking to upgrade my media streamer capabilities and the original XBOX can run Xbox Media Center (http://www.xboxmediacenter.com/). I wonder if this means that a 360 version with HD streaming might be forthcoming? I hope so. I've been avoiding getting one because how locked down it is.

    -S
    • Re: (Score:2, Informative)

      by Osty (16825)

      I've been looking to upgrade my media streamer capabilities and the original XBOX can run Xbox Media Center (http://www.xboxmediacenter.com/). I wonder if this means that a 360 version with HD streaming might be forthcoming? I hope so. I've been avoiding getting one because how locked down it is.

      You do realize that the 360 can act as a Media Center Extender for Windows XP Media Center 2005 and Vista, right? Also, the 360 can stream music and (with the Fall 06 patch) videos from any "compatible" UPnP me

      • by pjl5602 (150416)

        It just seems weird to me that your killer app is media streaming, but you won't buy a 360 that does that out of the box (or close enough, with the Update).

        But it doesn't do that (at least for me.) I don't have a Vista or Media Center server in the house. I've already got my Linux server set up with all of my content (Ogg Vorbis, MP3, FLAC, Xvid and DVD ISO images) that plays via XBMC on my original Xboxes throughout my house. On Linux AFAIK, transcoding isn't even an option, but if it was, that'd be silly given all of the horsepower of the 360. Why should I need both a beefy server and a beefy viewer on the other end? I would get a 360 with XBMC suppor

      • Can the 360 stream media from a NAS?
        I'm not trolling - i thought it couldn't.

        Most of my media files are on NAS - If i'm in the living room streaming stuff with my 360 i don't want
        my pc on in the other room...

        • by 3vi1 (544505)
          No. The 360 is intentionally crippled so that it can only stream from a Windows Media Server. Guess who sells that?

          There are a few Linux apps out there that can fake media server capabilities to various degrees (TwonkyMedia, uShare, 360mediacenter), but you would most likely need to have a separate machine to run them. You could have them access the files on your NAS, do transcoding, and stream the files to the 360.

          TwonkyMedia's the only one with which I've had much success. But, it's not free (though t
      • by sdo1 (213835)

        You do realize that the 360 can act as a Media Center Extender for Windows XP Media Center 2005 and Vista, right?
        Yes, I'm aware of that. But I'm not interested in buying a pre-built PC in order to get Media Center and I'm certainly not interested in Vista (the whole HD DRM thing bugs me). I'd prefer to be able to stream from my Linux based NAS since it's on all the time anyway.

        -S
    • Actually, I'd wait on buying one. It's already been patched [slashdot.org] so unless you already have one or buy an unpatched one on Ebay, this hack is useless.
  • How Useless. (Score:5, Interesting)

    by Rdickinson (160810) on Wednesday February 28, 2007 @09:06PM (#18189254)
    "Bug was fixed in version 4552 (released Jan 09, 2007 - not a
    Patch Tuesday)."

    Fixed already for most people , anyone who's connected to xbox live.

    I'm not sure why there still protecting the system like they are though, 'backup' games are already rife due to hacked DVD rom firmware (which they seem to be unable to back fix), so why not let it run arbitary code, didnt hurt the xbox 1?
    • Re: (Score:2, Insightful)

      by Anonymous Coward
      They need content providers to trust the platform.
    • by garcia (6573)
      Exactly, it should say "XBox Hypervisor Security Protection Hacked in November and Patched in January" but that wouldn't make for a very good Slashdot headline and no one would read the comments^H^H^H^H^H^H^H^Harticle.
    • by cgenman (325138)
      Online cheating?

      E-commerce?

      Because it's easier to stop the end user from discovering weaknesses in your protection schemes if they can't run arbitrary code?

      Because if you could run arbitrary code, people wouldn't need to pay licensing fees to MS to release games on the Xbox 360?

    • Re:How Useless. (Score:4, Interesting)

      by Sycraft-fu (314770) on Wednesday February 28, 2007 @10:55PM (#18190098)
      While I'm sure there are also more draconian reasons, a simple one is cheat prevention. Cheating is always a big problem with online games since you end up having to trust the client to some degree to get reasonable performance. It's a nice idea that everything would e done server side, but you find that the latency and bandwidth of normal Internet connections make such a thing unworkable.

      Well, one thing that sure as hell makes cheating hard is requiring signed code and not allowing it to be modified. Have a hell of a time getting around that.

      I have a couple friends who are both PC and console gamers and one thing they say they really like about shooters on their 360 is the absence of cheaters. On the PC it seems to be a game of cat and mouse. The cheaters find a way to screw with things, the anti-cheat software is updated, they find a way around that, etc. I remember back in the Quake 2 days it was just continuous. You'd get jerks with the latest, greatest aimbot, then the servers would update the anti-cheat, they'd all disappear, until the next one came out.
      • by Bert64 (520050)
        Or you just reverse engineer the protocol, and proxy the game traffic modifying it on the fly...
    • by Doomstalk (629173)
      There are a bunch of reasons. Here are a few:
      1) Unsigned code = avenue for cheating
      2)The Xbox 360 has been so successful as a digital distribution platform for TV and movies in part because it's so secure. If users can't get at the raw bits, content providers are more likely to work with you.
      3) Xbox Live Arcade games aren't compromised yet

      I could go on, but I think you get the idea.
  • From the article... (Score:5, Informative)

    by non0score (890022) on Wednesday February 28, 2007 @09:06PM (#18189256)
    Sadly, unless you haven't updated your machine in the last two months, this wouldn't matter as MS has already patched it. As for those of you with an "unpatched" kernel, let's just say this is like v1.5 PSPs.
  • by lmnfrs (829146) <lmnfrs@@@gmail...com> on Wednesday February 28, 2007 @09:08PM (#18189268) Journal

    Timeline:
    ..
    Jan 03, 2007 - vendor contact established, full details disclosed
    Jan 09, 2007 - vendor releases patch
    ..
    Patch Development Time (In Days): 6

    Interesting to compare timelines affecting Microsoft's users to timelines affecting Microsoft's control schemes.

    • by Ent (88363) on Wednesday February 28, 2007 @09:19PM (#18189388)
      I imagine the quick response had more to do with a smaller test/compatibility matrix than anything else.
      • by Bert64 (520050)
        Same for the patch for windows media DRM that was also turned around quicker than any security patches ever have been?
    • They don't have to test against nearly as much. Part of the problem with OS patching is you have to test to make sure your patch doesn't break anything else, since a whole lot relies on it. Releasing a patch early that screws up is almost worse than releasing no patch at all. With a console, there's little that runs. A very basic OS and only a single 3rd party app at a time. Much less work to do to check it.
  • will run Linux? Man, the Sony PR people just can't seem to get a break. ;)
  • by cliffski (65094) on Thursday March 01, 2007 @05:11AM (#18191974) Homepage
    Forgive my ignorance, but as I understand it, consoles have all this security stuff on them to stop this, because they do not *want* to be used as general purpose computers, partly because the things are subsidised on sale, and the shortfall recouped by games sales?
    If that's true, then an all-out war to hack the things will eventually ,lead to console maufacturers giving up.
    At which point the price of the next gen of consoles will probably double, as they will be sold at true cost.
    Who wants that?

Real programs don't eat cache.

Working...