Xbox Hypervisor Security Protection Hacked

ACTRAiSER writes "A recent Post on Bugtraq claims the hack of the Xbox 360 Security Protection Hypervisor. It includes sample code as well." From Bugtraq "We have discovered a vulnerability in the Xbox 360 hypervisor that allows privilege escalation into hypervisor mode. Together with a method to inject data into non-privileged memory areas, this vulnerability allows an attacker with physical access to an Xbox 360 to run arbitrary code such as alternative operating systems with full privileges and full hardware access."

Yes.

[TJ_Phazerhacki]

All well and good, but....

Will it run DOOM?

Re:

[EGSonikku]

It already does.

http://www.xbox.com/en-US/games/d/doomxboxlivearca de/ [xbox.com]

Re:

[rwven]

The hole was patched on January 9th, by the way.

Re:

[gblues]

You can run DOOM on your Xbox 360 without hacking it. The complete game is on Xbox Live Arcade for like $5 in MS points.

huh?

[User 956]

A recent Post on Bugtraq claims the hack of the Xbox 360 Security Protection Hypervisor.

Is that like some primitive version of what Geordi Laforge wears?

Re:

[mdielmann]

Yes. And like half a metallic banana clip, it won't let you see a damned thing.

Re:

[Al Al Cool J]

Close. Geordi wears the 180 model. The 360 wraps completely around the head.

oblig

[mastershake_phd]

Does it run Linux......yet?

Re:

[Mad Merlin]

Probably something to do with it being a 3x 3.2 Ghz gaming console that costs much less than a comparable PC. It turns out that computers are useful for more than just playing games.

Re:

[DuckDodgers]

It probably would have been a good deal if you could run Linux on it immediately after it came out. At that time, the processor and video card were respectable.

But by now I agree with you - for $400 you can assemble a cheap Linux PC that's more useful than a 360 running Linux.

Re:

[jedidiah]

This thing is small, quiet and not-ugly. This is something you won't get in a $400 that you just slapped together. Every component in a PC is priced such that you get quickly diminishing returns for any component that doesn't need to be state of the art. So, you end up wasting money on parts that are bigger or more powerful than you may need.

Then you're stuck cooling it all and trying to keep the result quiet.

Then there's the whole "ugly" thing.

Re:

[Chandon Seldon]

Then there's the whole "ugly" thing.

There are a ton of choices for small form factor PC cases. Shop around a bit, and find one that isn't ugly.

So, you end up wasting money on parts that are bigger or more powerful than you may need.

Or you realize that your requirements are price and power consumption and *don't* buy more expensive components that probably consume more power.

There are *a lot* of options available for this stuff. If you want to consume less power and do fast encryption, maybe a MicroITX s

Re:

[jedidiah]

Except as I said, THERE AREN'T ANY LESS POWERFUL OPTIONS. They all get discontinued as soon as they would be dirtcheap. So there's a floor for cpus and motherboards and hard drives and what you end up with is a "lowest price" that remains constant while the parts get bigger or more powerful.

Attacker??

[Anonymous Coward]

this vulnerability allows an attacker with physical access to an Xbox 360 to run arbitrary code such as alternative operating systems with full privileges and full hardware access.

Wait. Don't you mean this allows an Xbox 360 user to run arbitrary code such as alternative operating systems with full privileges and full hardware access on the machine they rightfully own ?

How is this an attack, except in the eyes of MS?

Re:Attacker??

[Overly Critical Guy]

It's just security flaw terminology. You're taking something personally that's not meant to be read that way.

Re:

[MullerMn]

It's just security flaw terminology. You're taking something personally that's not meant to be read that way.

Stop criticising me!

Re:

[marcello_dl]

Stop criticising me!

But I did not!

Re:

[Raenex]

Why do people think they can do anything they want with something just because they buy it?

Because they bought it and they own it? Do you want your car manufacturer making it illegal for you to modify your own car? How about your PC? "Trusted" computing is on the way, built into the hardware. You'll no longer have full control over your own box.

Re:

[Frosty Piss]

Wait. Don't you mean this allows an Xbox 360 user to run arbitrary code such as alternative operating systems with full privileges and full hardware access on the machine they rightfully own ?

Well, yes, if you can get it to work you can run anything you want on your XBox. Has Microsoft ever said you couldn't? Did they make any legal threats? No, no I don't think so. As much as youmight want to be a martyre for The Cause, the police will not be looking for you simply because you have voided your Xbox warra

Re:

[DuckDodgers]

The free60 project ( http://free60.org/ [free60.org] ) has been trying to run Linux on the Xbox360 since it came out, with no success. Microsoft has definitely gone out of their way to prevent this.

Look around the free60 wiki. For instance, from this page (http://wiki.free60.org/HDD) the Xbox360 will only use hard drives that have a Microsoft PNG logo stored in a certain location on them. For someone trying to boot Linux off the hard drive, in addition to the technical hurdles of hacking the OS they also have to w

Re:

[drinkypoo]

the Xbox360 will only use hard drives that have a Microsoft PNG logo stored in a certain location on them. For someone trying to boot Linux off the hard drive, in addition to the technical hurdles of hacking the OS they also have to wrestle with trademark infringement.

Negative. Courts have already ruled this is OK. IIRC it was a case dealing with the Sega Genesis, which had to have a sega copyright notice in the ROM to play the game. They ruled that you could put that notice in there legally because it was

Re:

[DuckDodgers]

Thanks for the info. Still, I have to wonder why Microsoft bothered if it wasn't for protectionist reasons.

Re:

[Raenex]

Still, I have to wonder why Microsoft bothered if it wasn't for protectionist reasons.

It was definitely for protectionist reasons. Throw up a bunch of shit and see what sticks. It's just something else they can harass you in court over, even though they know courts have ruled against it in the past. The DMCA is the real kicker, though. Can they make illegal any Linux solution that gives you full access to the hardware, because it allows you to play copied games?

Re:

[mrchaotica]

And that's why the proper course of action is not to try to hack proprietary shit, but bur rather to boycott it in-the first place!

Re:

[TheRealMindChild]

See my comment here [slashdot.org]

You might think you own it, but SUPRISE, you are licensing it. You probably could have found the completely abiguous statement on that little postcard you threw away.

Re:

[asdfghjklqwertyuiop]

You might think you own it, but SUPRISE, you are licensing it.

Says who? Microsoft? Why do you think that is the case? Because Microsoft said so?

Re:

[Chandon Seldon]

You might think you own it, but SUPRISE, you are licensing it. You probably could have found the completely abiguous statement on that little postcard you threw away.

It's possible that our world is warped enough that that shit works for software. Having a license agreement to use a copyrighted work that you've bought a copy of at a store is absurd, but there's the outside chance that the courts have bought that bullshit and have set precedents making it legal.

There's no way it works that way for hardware.

Re:Attacker??

[karmatic]

Quoth the parent: See my comment here.

You might think you own it, but SUPRISE, you are licensing it.

The fact you keep repeating the same wrong information doesn't make it any less wrong.

Adobe made that same claim you are making. It didn't go over well in court. [cryptome.org] It didn't go over too well for Microsoft either (Microsoft Corp. v. DAK Indus). Novell tried that argument, and got shot down too (Novell, Inc. v. CPU Distrib., Inc., 2000 ).

"...the Ninth Circuit held that the economic realities of the agreement indicated that it was a sale, not a license to use."

"... Like Adobe, CPU argued that it purchased the software from an authorized source, and was entitled to resell it under the first sale doctrine. Novell claimed that it did not sell software but merely licensed it to distribution partners. The court held that these transactions constituted sales and not a license, and therefore that the first sale doctrine applied. 2000 U.S. Dist. Lexis 9975 at *18."

"...The Court finds that the circumstances surrounding the transaction strongly suggests that the transaction is in fact a sale rather than a license. For example, the purchaser commonly obtains a single copy of the software, with documentation, for a single price, which the purchaser pays at the time of the transaction, and which constitutes the entire payment for the "license." The license runs for an indefinite term without provisions for renewal. In light of these indicia, many courts and commentators conclude that a "shrinkwrap license" transaction is a sale of goods rather than a license."

"...Ownership of a copy should be determined based on the actual character, rather than the label, of the transaction by which the user obtained possession. Merely labeling a transaction as a lease or license does not control. If a transaction involves a single payment giving the buyer an unlimited period in which it has a right to possession, the transaction is a sale."

"Raymond Nimmer, The Law of Computer Technology 1.18[1] p. 1-103 (1992). The Court agrees that a single payment for a perpetual transfer of possession is, in reality, a sale of personal proper and therefore transfers ownership of that property, the copy of the software. "

So, at least in the US, a one-time payment for a perpetual use of software is a SALE, regardless of what you call it, and rightfully so. They can't change that with a EULA any more than a car dealership could claim you had a one-time lease payment, with a lifetime use period and the right to transfer the lease for free (thus avoiding legal regulations with regards to sale of vehicles). Any reasonable court would rule that such was a sale, not a lease. What you call it doesn't matter.

It's a joke. LAUGH!

[Ungrounded Lightning]

Wait. Don't you mean this allows an Xbox 360 user to run arbitrary code such as alternative operating systems with full privileges and full hardware access on the machine they rightfully own ?

It's a joke!

The guy who caught the bug is using techie humor in perfect hacker tradition. He's pretending to take things utterly literally and following them to a redicuilous extreme.

In this case he's doing it by publishing a report of how to crack an Xbox and run an arbitrary OS on it - with complete details on how to replicate it - as a bug report. And he went through the entire procedure:
  - Identify and diagnose the problem.
  - Build a proof-of-concept test.
  - Check it against the latest release (and find the bug still there).
  - Notify the vendor (who ignores the report, as usual).
  - Give him time to respond (which he doesn't).
  - Give a public demonstration.
  - Respond in friendly fashion to the vendor-initiated contact (after the public demo lights a fire), giving him the details of the proof-of-concept.
  - Give the vendor some time to generate and publish a patch.
  - Publish the complete details of the exploit.
He did this just as if it were a bug, rather than a "feature".

Now there is "improved" firmware that fixes the hole. And the complete details are out there. If anybody who actually owns an Xbox who doesn't want to "fix" the "bug" and leaves his firmware backdated, so he can "be exploited by himself" by loading Linux, *BSD, or whatever on his own Xbox, well, that's what he gets for not staying up to date on patch levels.

ROTFLMAO!

Meanwhile the "anonymous hacker" has published (on Bugtraq no less) complete details of how to crack the Xbox (with a backdated firmware load) and run an arbitrary OS on it with full privileges. Yet when it comes to the DMCA he's squeaky-clean. The MAFIAAs and Microsoft have absolutely no claim against him if anybody out there happens to "exploit himself" and use this "bug" to break their "trusted" computing platform.

But there's one thing I don't understand:

Why didn't samzenpus use "The Foot" when he approved this article? B-)

Re:

[Kuciwalker]

One problem with your amusing story: Microsoft did respond with a patch that closed the hole.

Re:

[Breakfast Pants]

Read it again Sherlock; he mentioned that.

Patch...

[Ungrounded Lightning]

One problem with your amusing story: Microsoft did respond with a patch that closed the hole.

So did you install it? Without a way to back out if it broke something? B-)

Re:

[DDLKermit007]

Actually, those who broke the 5v line that causes the Efuse to be blown upon updating can reopen said hole. Those looking to mod the console did this quite some time ago.

Re:

[Anubis350]

But I *already have* an xbox for gaming, I didnt buy it to use as a media center, it just happens to useable as one too. It's (reasonably) quiet, already hooked up to my TV and network, and I'd have it there anyway - so why put *another* box next to my tv when the one that's already there can do both jobs well? I suspect that's the reason a lot of people do it.

Oh, and 'cause I can :-D (and if you don't get that reason, pack up and leave /. now :-p)

Re:

[Captain Zep]

> mine is slim and almost impossible to see

I'm sorry to hear that.

Have you tried attaching a flag to aid visibility?

Z.

Re:

[edwardpickman]

Not entirely true. They are selling you a machine a radically discounted price for a specific use, gaming. They aren't selling a general use computer. They are ineffect giving you a gaming machine at a bargin price so they limit what you are permitted to do with it to avoid competing with themselves. If most people tried to mod out their game stations to turn them into desktops as well then it could potentially cut into their desktop business and force them to charge full price for the game boxes making the

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Yartrebo]

Basic economic theory says that it's inefficient to do this - it results in more machines being sold than would be ideal, just like selling printers for a time a dozen encourages people to junk perfectly functional printers while going to great lengths to avoid wasting what should be very cheap ink.

The proper price for the machine is cost + reasonable profit, and the proper price for games is cost + reasonable profit. The legal system should be enforcing that via the anti-trust department, not doing the opp

Re:

[Tweekster]

What if I shoplifted it?

Re:

[Anonymous Coward]

You are hacking your own system - cancel or allow?

Re:

[canajin56]

You're right, they can't. But they can bust you for telling anybody else about it.

Ironically, I might buy one now

[sdo1]

I've been looking to upgrade my media streamer capabilities and the original XBOX can run Xbox Media Center (http://www.xboxmediacenter.com/). I wonder if this means that a 360 version with HD streaming might be forthcoming? I hope so. I've been avoiding getting one because how locked down it is.

-S

Re:

[Osty]

I've been looking to upgrade my media streamer capabilities and the original XBOX can run Xbox Media Center (http://www.xboxmediacenter.com/). I wonder if this means that a 360 version with HD streaming might be forthcoming? I hope so. I've been avoiding getting one because how locked down it is.

You do realize that the 360 can act as a Media Center Extender for Windows XP Media Center 2005 and Vista, right? Also, the 360 can stream music and (with the Fall 06 patch) videos from any "compatible" UPnP me

Re:

[pjl5602]

It just seems weird to me that your killer app is media streaming, but you won't buy a 360 that does that out of the box (or close enough, with the Update).

But it doesn't do that (at least for me.) I don't have a Vista or Media Center server in the house. I've already got my Linux server set up with all of my content (Ogg Vorbis, MP3, FLAC, Xvid and DVD ISO images) that plays via XBMC on my original Xboxes throughout my house. On Linux AFAIK, transcoding isn't even an option, but if it was, that'd be silly given all of the horsepower of the 360. Why should I need both a beefy server and a beefy viewer on the other end? I would get a 360 with XBMC suppor

Re:

[Library Spoff]

Can the 360 stream media from a NAS?
I'm not trolling - i thought it couldn't.

Most of my media files are on NAS - If i'm in the living room streaming stuff with my 360 i don't want
my pc on in the other room...

Re:

[3vi1]

No. The 360 is intentionally crippled so that it can only stream from a Windows Media Server. Guess who sells that?

There are a few Linux apps out there that can fake media server capabilities to various degrees (TwonkyMedia, uShare, 360mediacenter), but you would most likely need to have a separate machine to run them. You could have them access the files on your NAS, do transcoding, and stream the files to the 360.

TwonkyMedia's the only one with which I've had much success. But, it's not free (though t

Re:

[sdo1]

You do realize that the 360 can act as a Media Center Extender for Windows XP Media Center 2005 and Vista, right?

Yes, I'm aware of that. But I'm not interested in buying a pre-built PC in order to get Media Center and I'm certainly not interested in Vista (the whole HD DRM thing bugs me). I'd prefer to be able to stream from my Linux based NAS since it's on all the time anyway.

-S

Re:

[fistfullast33l]

Actually, I'd wait on buying one. It's already been patched [slashdot.org] so unless you already have one or buy an unpatched one on Ebay, this hack is useless.

How Useless.

[Rdickinson]

"Bug was fixed in version 4552 (released Jan 09, 2007 - not a
Patch Tuesday)."

Fixed already for most people , anyone who's connected to xbox live.

I'm not sure why there still protecting the system like they are though, 'backup' games are already rife due to hacked DVD rom firmware (which they seem to be unable to back fix), so why not let it run arbitary code, didnt hurt the xbox 1?

Re:

[Anonymous Coward]

They need content providers to trust the platform.

Re:

[garcia]

Exactly, it should say "XBox Hypervisor Security Protection Hacked in November and Patched in January" but that wouldn't make for a very good Slashdot headline and no one would read the comments^H^H^H^H^H^H^H^Harticle.

Re:

[cgenman]

Online cheating?

E-commerce?

Because it's easier to stop the end user from discovering weaknesses in your protection schemes if they can't run arbitrary code?

Because if you could run arbitrary code, people wouldn't need to pay licensing fees to MS to release games on the Xbox 360?

Re:How Useless.

[Sycraft-fu]

While I'm sure there are also more draconian reasons, a simple one is cheat prevention. Cheating is always a big problem with online games since you end up having to trust the client to some degree to get reasonable performance. It's a nice idea that everything would e done server side, but you find that the latency and bandwidth of normal Internet connections make such a thing unworkable.

Well, one thing that sure as hell makes cheating hard is requiring signed code and not allowing it to be modified. Have a hell of a time getting around that.

I have a couple friends who are both PC and console gamers and one thing they say they really like about shooters on their 360 is the absence of cheaters. On the PC it seems to be a game of cat and mouse. The cheaters find a way to screw with things, the anti-cheat software is updated, they find a way around that, etc. I remember back in the Quake 2 days it was just continuous. You'd get jerks with the latest, greatest aimbot, then the servers would update the anti-cheat, they'd all disappear, until the next one came out.

Re:

[Bert64]

Or you just reverse engineer the protocol, and proxy the game traffic modifying it on the fly...

Re:

[Doomstalk]

There are a bunch of reasons. Here are a few:
1) Unsigned code = avenue for cheating
2)The Xbox 360 has been so successful as a digital distribution platform for TV and movies in part because it's so secure. If users can't get at the raw bits, content providers are more likely to work with you.
3) Xbox Live Arcade games aren't compromised yet

I could go on, but I think you get the idea.

Re:

[Rdickinson]

How is that relevant?

Yes they make money on sales - 360 costs about what it sells for now, xbox1 was always a looser(financialy also..:P) - sales they make money on are games, add ons (controlers etc) and live stuff.

The 360 is [i]already[/i] compromised in its chief money making area, new games, you can play illigal copies with hacked DVD roms, this should have been the primary area of security, but as normal what security is left only hurts the law abiding people (no multie region dvd player, no linux, no

Re:

[Osty]

Yes they make money on sales - 360 costs about what it sells for now, xbox1 was always a looser(financialy also..:P) - sales they make money on are games, add ons (controlers etc) and live stuff.

That's "loser". And the original Xbox was expected to lose money. It was a mostly-off-the-shelf console built quite quickly (approximately a year from initial design to ship, compared to the 360 that was in design for 3+ years before shipping) in an attempt to break into the market following the Sony-style los

Re:

[Danga]

It's not that useless since it's possible (maybe even trivial, though I haven't tried it) to remove the fix and revert to the original firmware.

Actually it is IMPOSSIBLE to revert to earlier firmware because if you were updated with the fix it actually blew an eFuse. Some people knew this was coming and modded their boxes to prevent the eFuse from being blown so they can go back to the old firmware but everyone else who updated and didn't know that was going to happen are dead in the water.

From the article...

[non0score]

Sadly, unless you haven't updated your machine in the last two months, this wouldn't matter as MS has already patched it. As for those of you with an "unpatched" kernel, let's just say this is like v1.5 PSPs.

Timelines for Vulnerability Fixes

[lmnfrs]

Timeline:
..
Jan 03, 2007 - vendor contact established, full details disclosed
Jan 09, 2007 - vendor releases patch
..
Patch Development Time (In Days): 6

Interesting to compare timelines affecting Microsoft's users to timelines affecting Microsoft's control schemes.

Re:Timelines for Vulnerability Fixes

[Ent]

I imagine the quick response had more to do with a smaller test/compatibility matrix than anything else.

Re:

[Bert64]

Same for the patch for windows media DRM that was also turned around quicker than any security patches ever have been?

Much easier on a console

[Sycraft-fu]

They don't have to test against nearly as much. Part of the problem with OS patching is you have to test to make sure your patch doesn't break anything else, since a whole lot relies on it. Releasing a patch early that screws up is almost worse than releasing no patch at all. With a console, there's little that runs. A very basic OS and only a single 3rd party app at a time. Much less work to do to check it.

Now the MS console

[blahpony]

will run Linux? Man, the Sony PR people just can't seem to get a break. ;)

Isn't it all a bit self defeating?

[cliffski]

Forgive my ignorance, but as I understand it, consoles have all this security stuff on them to stop this, because they do not *want* to be used as general purpose computers, partly because the things are subsidised on sale, and the shortfall recouped by games sales?
If that's true, then an all-out war to hack the things will eventually ,lead to console maufacturers giving up.
At which point the price of the next gen of consoles will probably double, as they will be sold at true cost.
Who wants that?

Re:That's Because...

[TubeSteak]

Oct 31, 2006 - release of 4532 kernel, which is the first version
containing the bug
Nov 16, 2006 - proof of concept completed; unsigned code running in
hypervisor context
Nov 30, 2006 - release of 4548 kernel, bug still not fixed
Dec 15, 2006 - first attempt to contact vendor to report bug
Dec 30, 2006 - public demonstration
Jan 03, 2007 - vendor contact established, full details disclosed
Jan 09, 2007 - vendor releases patch
Feb 28, 2007 - full public release
Patch Development Time (In Days): 6

Does MS force updates for things like this?

Re:That's Because...

[Kalriath]

Does MS force updates for things like this?

Yes. As soon as your XB360 attempts to connect to Live (which even without you paying, it will do if you signed up for it) it will demand you update or it will disconnect you (which with Live-connected dashboard accounts signs you out of your local XB360 profile too)

Blue Pill time.

[Ungrounded Lightning]

Does MS force updates for things like this?

Yes. As soon as your XB360 attempts to connect to Live (which even without you paying, it will do if you signed up for it) it will demand you update or it will disconnect you (which with Live-connected dashboard accounts signs you out of your local XB360 profile too)

Any bets on whether code running in hypervisor mode can create a virtual machine environment where the updated Microsoft code can think it's running the show when it's actually king of a sandbox?

Re:

[Kalriath]

Well, that depends. Is there code embedded into the processor to watch for "code tainting"? It's probable that there might be... to prevent you from using third party utilities on Xbox Live. If such is the case, your Xbox might survive, but your hardware ID gets an instaban from XBL.

Re:

[DDLKermit007]

Who cares about being banned from XBL? XBMC, and various other tools on the 360? I'd plunk down the $400 just for that.

Re:

[Anonymous Coward]

You realize you can get Linux for the PS3 right? So if you just wanted a Cell processor to play with you don't have to go the MSFT route.

Huh? You *can't* go the MSFT route, the Xbox 360 processor *isn't* a Cell [wikipedia.org].

Re:

[datajack]

Huh? You *can't* go the MSFT route, the Xbox 360 processor *isn't* a Cell.

Yes, but whether you think you do or not, Sony tell me that you really do want access to a Cell, just like you want that Blu-Ray drive you have no use for.

Re:

[hjf]

you don't have to go the MSFT route.

So you don't like to buy products from a monopoly, but you do like to support a corporation that install rootkits, abuses copyright, etc? You, sir, are an idiot.

Re:

[tomstdenis]

Agreed. But then again they never really had any respect for the customer to being with.

At least the GB/GBA/DS are hackable. I think Nintendo puts up just enough of a fight to keep the casual hacker away, but not enough to do anything else. Which is nice, and seems to work given their sales figures.

Hacking GBA is fun, just wish the tools weren't windows based :-(

Tom

Re:

[Raenex]

I doubt Nintendo makes them hackable intentionally. The amount of sales they'd get from homebrewers would be very, very tiny vs the loss due to copying. If Nintendo really wanted to be a friend to the home developer they would open source all their specs and dev tools.

Re:

[tomstdenis]

They have to *look* like it's secure platform or the studios wouldn't make games for it.

Though, even though I have DS and GBA kits the only thing I "pirate" are NES games. I pay for my GBA/DS games since they're still on the market (yeah weak justification, but at least nobody is getting hurt).

That the DS/GBA are fun to play, and hackable though is nice all around. And judging by the amount of leaked internal details, and the lack of lawsuits, I'd say Nintendo is doing all they can, as a corporation to al

Re:

[saboola]

In bizarro universe you are correct. Here in reality though, the PS2 was cracked first. Followed shortly by the Xbox, then utlimately the Gamecube using the Phantasy Star Online streaming exploit.

Re:

[Raenex]

lack of lawsuits

I know people love to think Nintendo is a nice, friendly company that encourages homebrew, but it just isn't true. [eurogamer.net] They don't care at all about people buying a DS to hack on it. Why would they? That market is incredibly small compared to the very real losses they face over illegal copying.

Don't get me wrong. I bought a DS because it was cheap, hackable, and had a stylus, but I don't kid myself about Nintendo as a company.

Re:

[JebusIsLord]

Weird... i'm using mine for exactly that, and without any hacks! (Yes, it does have to work as an extender, but anyone who isn't impressed by Windows Media Center hasn't used it yet. No I'm not an astroturfer).

The 360 is easily the most exciting console I've owned since the PSX, given all it can do. I don't even have cable hooked up to my 1080p TV - its basically just a monitor for my 360.

No, I guess this wasn't a very informative post... i mostly just wanted to give MS props for doing at least something ri

Re:

[Ender77]

I don't know, I wish they would do what XBMC does and play any video format instead of just DRM WMV. If they would do that the 360 would be perfect. At the moment it feels crippled in that one regard.

Re:

[JebusIsLord]

My understanding (although I haven't tried it) is that any audio or video you can play on the host PC can be streamed to the xbox. At least I'm happily playing my FLAC audio files through my 360... I assume video is the same but could be wrong.

Re:

[EvlG]

Your understanding is incorrect.

The 360 can only play WMV and MPEG2 - it can't just play any of the files playable on the host PC.

Audio is transcoded automatically

[Kerre]

Even though the 360 only plays WMV and MPEG2 video, audio gets transcoded automatically if you use the 360 an extender. Most of my music is stored as LAME encoded 192/256 kb VBR MP3's and the 360 in the living room plays them just fine. I don't know what the media extender software does internally - you probably do lose some quality as the XP or MCE pc transcodes your music on-the-fly. Video can be transcoded using other apps like Transcode360: http://www.runtime360.com/ [runtime360.com] I haven't tried this myself though.

Re:

[harryk]

Couldn't figure out how/if I could private reply ...

I'm curious how you access MythTV recorded content from XBMC? I've got the same setup, and if I setup an SMB share on my myth server I can see the record files, but the file names are all numeric channel and date time recording data.

Whats your setup like?

Re:

[SP33doh]

under $400?

you have to pay extra for the HD dvd drive...

Re:

[cybrthng]

You only pay extra for the HD if you buy the core system, either way its STILL under 400.00 (by a dollar)

Re:

[Kalriath]

Maybe it would, if it weren't already patched. Typical /., reporting on a bug which was fixed two months ago.

Re:

[Chmcginn]

Well, they're optional in the sense that you don't ever have to connect the 360 to XboxLive if you don't want... however, most of the games I've gotten for my 360 have brought up a "this game requires an update to your 360's software to play" message the first time you put it in. So unless you're intending to stop using any of the console's games (or at least any newer than the patch for the hack you're using), you're going to get stuck.

Re:

[Breakfast Pants]

It can with a minor, and very cheap, cpu upgrade.

Re:

[Andy Dodd]

Um, cheap? Pentium 3 CPUs aren't made any more, and will likely be extremely expensive if you can find one.

Also, even the fastest P3 can't play back HD without hardware acceleration, and the video hardware in the Xbox is likely not HD-capable.

Re:

[emj]

Well XBMC is more polished that's why it's nicer to use. I have almost no problem with mythTV but the XBMC is limited in what it can do which means it must have been easier to get the right user experience.

Re:

[jmorris42]

> let me restate that ps3 with full hardware access, or hacked 360(full hardware access implied)

No. The PS3 also uses a hypervisor to keep Linux out of things Sony doesn't want you to touch. They allow basic framebuffer access, including direct YUV video modes at all of the popular HD resolutions. But 3D is reserved for PS3 games who pay their percentage to Sony. Hard drive access is also regulated to keep Linux inside the portion of the drive reserved for it.

On the other hand this hack for the 360 i

Re:

[tlhIngan]

No. The PS3 also uses a hypervisor to keep Linux out of things Sony doesn't want you to touch. They allow basic framebuffer access, including direct YUV video modes at all of the popular HD resolutions. But 3D is reserved for PS3 games who pay their percentage to Sony. Hard drive access is also regulated to keep Linux inside the portion of the drive reserved for it.

Yes, we really need a crack for the PS3's hypervisor. I believe it's similar to VMWare - Linux on the PS3 runs under a highly virtualized enviro

Re:

[romland]

Yes, absolutely. But there are some things that need to be dealt with first, one being how to prevent the efuse from being blown (prevents kernel from being downgraded).

Re:

[rbarreira]

Wait, you don't even know if the C language was used, yet you are sure that the problem would go away with another language? Oh my god...

Re:

[Reverend528]

What language do you propose as an alternative for implementing hypervisors?

Re:

[Cheesey]

Actually the system call handler was probably written in PPC assembly. The system call handler is an interrupt service routine: it does the following jobs -

1. Save user mode registers (context switch).
2. Manipulate special purpose registers, e.g. re-enable interrupts.
3. Jump to system call service routine, based on the system call number passed as a parameter. This is where the bug was found - the jump destination was being computed incorrectly.
4. Restore registers.
5. Return to user code.

Even C is too high-

Re:

[Dogtanian]

Assuming the whole thing was coded in C

Yes, assuming.

And if it were, can you briefly explain why you believe this flaw to be due to the limitations of C? That is, why it would not have occurred with another language?

Can we please stop using C now?

"Assuming the whole thing was coded in C", are you implying that they should have written the operating system in Java or Ada 95, or Shoot-Em-Up-Construction-Kit instead?

C certainly is certainly far from perfect from a modern perspective, but they probably chose it (assuming they did) for valid performance reasons. Other langua

Re:

[Lisandro]

Amen! I'm not meaning to flame, but i'm sick and tired of people complaining about perfectly good "low level" languages like C just because it gives enough flexibility to the programmer to fuck up. "You mean you actually have to deal with memory management and parameter checks?! Preposterous!!!".

I see this all the time from developers that grow too acostumed to languages like Java and .ASP - which are fine too, but each have their place. You would never develop a web applet in C (if you eve

Re:

[o'reor]

Let me get my cluestick... where is it ? Ah, there [WHACK !] it [WHACK !] is...

The security hole was discovered, not fixed. And it won't be fixed before a loooooong time, Microsoft has a history of letting their security holes unpatched for ages...