Xbox 360 Hacks - News, Hacks, Cracks, Mods.

An interesting post has been added to SecurityFocus’ BugTraq which details the concept of running unsigned code on select [unpatched] Xbox360 kernels.

Systems Affected:
All Xbox 360 systems with a kernel version of 4532 (released Oct 31, 2006) and 4548 (released Nov 30, 2006). Versions prior to 4532 are not affected. Bug was fixed in version 4552 (released Jan 09, 2007 - not a Patch Tuesday).

Overview:
We have discovered a vulnerability in the Xbox 360 hypervisor that allows privilege escalation into hypervisor mode. Together with a method to inject data into non-privileged memory areas, this vulnerability allows an attacker with physical access to an Xbox 360 to run arbitrary code such as alternative operating systems with full privileges and full hardware access.

Technical details:
The Xbox 360 security system is designed around a hypervisor concept. All games and other applications, which must be cryptographically signed with Microsoft’s private key, run in non-privileged mode, while only a small hypervisor runs in privileged (”hypervisor”) mode. The hypervisor controls access to memory and provides encryption and decryption services.

The policy implemented in the hypervisor forces all executable code to be read-only and encrypted. Therefore, unprivileged code cannot change executable code. A physical memory attack could modify code; however, code memory is encrypted with a unique per-session key, making meaningful modification of code memory in a broadly distributable fashion difficult. In addition, the stack and heap are always marked as non-executable, and therefore data loaded there can never be jumped to by unpriviledged code.

Unprivileged code interacts with the hypervisor via the “sc” (”syscall”) instruction, which causes the machine to enter hypervisor mode. The vulnerability is a result of incomplete checking of the parameters passed to the syscall dispatcher, as illustrated below.

Read more…

Kai Schtrom has released an update to his Windows app which works in a similar manner to the application you see below. Schtrom360Xtract enables you to quickly dump both Xbox and Xbox360 discs, extract & patch security sectors, etc… Basically all the required actions in preparation for burning & playing your dumped image.

v3.2 changes:

• extraction speed up, caused by increasing the block size extracted in one loop from 16 to 32 sectors, the following applies for XBOX360 discs extracted with “whole disc (stealth xtreme 3.0)” style extraction
  • on the SH-D162C extraction at 16x speed takes 08:33 minutes, V3.1 09:58 minutes
  • on the TS-H943A extraction at 12x speed takes 15:03 minutes, V3.1 16:20 minutes
• images have the iso extension
• predefined filter values for file dialogs removed, you can choose any file (*.*)
• removed annoying message boxes on cancel file dialogs
• titles of predefined custom cdb commands are now listed in ini file order
• options for block and single sector re-reads set to 20 as default, sector mapping for XBOX1 is turned on as default
• DeviceIoControl is now checked for returned status and the returned sense from the drive, this should give better error detection
• fixed Star Trek Legacy and Fusion Frenzy 2 issue, the sizes of video and game partition are now calculated from the pfi and the alternative pfi in the ss, this should give a working image on future games with a different video or game partition size
• options dialog now remembers the last active drive and disc type
• check for NTFS file system on file extractions greater 4 GBs
• any DVD-ROM drive is now displayed in the drive combo box
• extraction of backup discs supported on kreon’s drives and normal DVD-ROM drive
• on the TS-H943A backup extraction is not possible, cause the drive disables 0800 mode on insertion of a backup disc at least for me

It’s just a matter of personal preference from this point.

Download: Schtrom360Xtract v3.2

- source: xbins.org

Ah, ha! Finally something worthwhile posting [again] — Xbox Backup Creator v2.4 Build:0225 by Redline99! The name speaks for itself; easily backup your Xbox/Xbox360 discs to a blank DVD+R DL. Version 2.4 packs a serious punch with its changelog:

Added:

• Image Browser/Extractor
  Right mouse click in Tree/List for extraction options
  Use File menu to load an iso image from HDD
• Region Checking xbe/xex
• Support to burn image in ImgBurn (Currently doesn’t get correct exit code?)
• Support to burn image with Nero (COM component)
• Support to detect identity changing between Hitachi and Samsung
  I’ve been too lazy to hook my Hitachi back up with a modified firmware so this has not been fully tested by myself. :)
• Support to Extract/Inject Video
• Support to read PFI, DMI, SS and whole image off of a backup
• Added - Support for iso’s that dont have PFI, DMI (will substitute standard values)

Changed:

• SPTI Timeout values, hopefully fixes more than creates problems :)
• Drive Open method for burner to Exclusive Access
• Changed verbiage on ISO Tools tab from Merge to Inject
• Relaxed PFI check to allow for oddballs like Star Trek Legacy
• Timeout value when setting layerbreak from 10 seconds to 120
• Method to detect current visible partition, a little slower now though
• Removed SGD-605B until I have the time to properly support it
• Removed Save Firmware button, there are better tools for this
• Removed Get DriveKey button, there are better tools for this

Fixed:

• Not being able to quit if the drive space was low and user selected cancel
• Initial lock state for Kreons drives
• File Handle not being closed after FindFirstFile
• Issue with non-standard video or game partition sizes (Star Trek Legacy)

Everything else — have a look at ReadMe.txt.

Download: Xbox Backup Creator v2.4 Build 0225

Arnezami, a hacker from the Doom9 forum, has successfully discovered the processing key which can be used to access every AACS-locked Blu-Ray & HD-DVD disc. The details have been published online and are viewable at the source link below.

Here is the Processing Key which should work on all HD DVD discs (and maybe even Blu-Ray discs) released so far:

09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

- source: doom9

Apparently “official” word, from Microsoft Australia, has been given to a local Australian retailer that they’ll be receiving the Black Xbox 360 in April. Not only will the unit be black, but it’s rumoured to come with HDMI out and a 120GB hard drive.

The MSRP is reportedly $749 AU, and that converts to $582 USD or $690 CAD.

Again, pure speculation, but hey — it’s interesting. Thanks dlr.

- source: xbox360 fan boy