Jump to content


Photo

Image Viewer


  • Please log in to reply
26 replies to this topic

#1 K.Raikkonen-McLaren

K.Raikkonen-McLaren

    X-S Enthusiast

  • Members
  • 1 posts
  • Xbox Version:unk

Posted 20 November 2005 - 05:02 AM

Howdy,

I dont own an Xbox 360 yet so I cant test. But, because the Xbox has the ability to view images/music/videos. Shouldnt we be able to create a buffer overflow and execute our own code without having the need for a chip?

Similiar to what happend to the PSP.


#2 1nick9

1nick9

    X-S X-perience

  • Members
  • PipPip
  • 398 posts
  • Xbox Version:v1.1
  • 360 version:v1 (xenon)

Posted 20 November 2005 - 05:48 AM

would b good but i think m$ would hav done all they can to prevent this

#3 repoman45805

repoman45805

    X-S Enthusiast

  • Members
  • 17 posts

Posted 20 November 2005 - 06:03 AM

This was done with the PSP in the 2.0 firmware. smile.gif

#4 toolwerx

toolwerx

    X-S Member

  • Members
  • Pip
  • 102 posts

Posted 20 November 2005 - 09:44 AM

QUOTE
Yes, there are additional safeguards in place that will help prevent Xbox 360 from being modified. Stack memory, for instance, is non-executable, which makes buffer overrun issues more difficult to exploit.


they already thought of such attacks.

#5 BlueCELL

BlueCELL

    X-S Senior Member

  • XS-BANNED
  • PipPip
  • 273 posts
  • Xbox Version:unk
  • 360 version:unknown

Posted 20 November 2005 - 07:01 PM

Yeah, you have to keep in mind that MS is a software gaint. They certainly know alot more of the Software part than Sony w/ the PSP.

#6 trey85stang

trey85stang

    X-S Expert

  • Members
  • PipPipPip
  • 576 posts
  • Xbox Version:v1.0
  • 360 version:unknown

Posted 21 November 2005 - 07:13 AM

QUOTE(BlueCELL @ Nov 20 2005, 07:08 PM)
Yeah, you have to keep in mind that MS is a software gaint.  They certainly know alot more of the Software part than Sony w/ the PSP.

View Post




thats like saying cows know a lot about the milk business.

#7 Entropy42

Entropy42

    X-S Enthusiast

  • Members
  • 18 posts

Posted 21 November 2005 - 07:45 AM

QUOTE(BlueCELL @ Nov 20 2005, 02:08 PM)
Yeah, you have to keep in mind that MS is a software gaint.  They certainly know alot more of the Software part than Sony w/ the PSP.

View Post


And yet the constant security holes found in their software indicate that they still don't comprehend buffer overflow attacks.

#8 johnstark

johnstark

    X-S Enthusiast

  • Members
  • 6 posts

Posted 21 November 2005 - 10:13 AM

QUOTE(trey85stang @ Nov 21 2005, 07:20 AM)
thats like saying cows know a lot about the milk business.

View Post



Cows aren't in the milk business you dumbass... cows make milk naturally, they know nothing about it.

MS makes software by choice. They study it, they master it (at least moreso than sony).

Your analogy just plain sucks

Edited by johnstark, 21 November 2005 - 10:13 AM.


#9 rasmithuk

rasmithuk

    X-S Member

  • Members
  • Pip
  • 123 posts
  • Location:U.K.
  • Xbox Version:unk

Posted 21 November 2005 - 03:30 PM

QUOTE(Entropy42 @ Nov 21 2005, 04:52 AM)
And yet the constant security holes found in their software indicate that they still don't comprehend buffer overflow attacks.

View Post



Just for some background info the new C++ compiler from MS includes bounding pages as an option, which will catch most buffer overflow attacks.
Expect the number to drop as more software gets recompiled with it.

#10 krakerx

krakerx

    X-S Young Member

  • Members
  • Pip
  • 32 posts
  • Xbox Version:v1.6

Posted 23 November 2005 - 08:38 AM

I don't know, I think when it comes to Micro$oft, anything is possible. Look at all thier "best" OSs, with every OS release, they said "This is the safest, and most secure version of Windows available." They've been saying that since Win95, they praised the fact for WinMe [which was by far the biggest piece of crap], even saying the same about WinXP, its the reason that WinVista is taking so long to hit the streets. They should just do the smart thing, and follow suite with everybody else, and use a *nix based OS, make it easier on everyone

#11 ImOkRuOk

ImOkRuOk

    X-S Senior Member

  • Members
  • PipPip
  • 264 posts
  • Location:USA
  • Interests:Xbox, games: fighting, action, Gore and blood and guts and death and violence and satan
  • Xbox Version:v1.1
  • 360 version:v4.0 (jasper)

Posted 23 November 2005 - 11:31 AM

... has to be one of the most assinine things i've ever read ... how about we just stick to topic.....

#12 steblublu

steblublu

    X-S Member

  • Members
  • Pip
  • 77 posts
  • Location:Montreal, Canada
  • Xbox Version:v1.6b

Posted 23 November 2005 - 05:28 PM

QUOTE(K.Raikkonen-McLaren @ Nov 20 2005, 05:09 AM)
..But, because the Xbox has the ability to view images/music/videos.  Shouldnt we be able to create a buffer overflow and execute our own code without having the need for a chip? 

Similiar to what happend to the PSP.

View Post



No. on the Xbox360 the stack memory is non-executable and secure hashing is done on memory units.

that will make image/font code injection attack all but impossible.



#13 steblublu

steblublu

    X-S Member

  • Members
  • Pip
  • 77 posts
  • Location:Montreal, Canada
  • Xbox Version:v1.6b

Posted 23 November 2005 - 05:31 PM

[forum lag/double post. delete me!]

Edited by steblublu, 23 November 2005 - 05:43 PM.


#14 d0wnlab

d0wnlab

    X-S Expert

  • Moderator
  • PipPipPip
  • 557 posts
  • Xbox Version:unk

Posted 23 November 2005 - 06:57 PM

QUOTE(steblublu @ Nov 23 2005, 11:35 AM)
secure hashing is done on memory units.

View Post



He's talking about giving the image viewer a custom crafted image, I'm guessing either streamed over the net or (I guess) a digital camera. In either case, there is no secure hashing being done and if there is, so what? The image is what it says it is. The xbox360 has the capability to load pictures to it and view them.. we don't need to try to break the security of the storage device it is stored on.

Edited by d0wnlab, 23 November 2005 - 07:01 PM.


#15 shakaru

shakaru

    X-S X-perience

  • Members
  • PipPip
  • 355 posts
  • Xbox Version:v1.6
  • 360 version:v1 (xenon)

Posted 24 November 2005 - 04:27 AM

QUOTE(d0wnlab @ Nov 23 2005, 07:04 PM)
He's talking about giving the image viewer a custom crafted image, I'm guessing either streamed over the net or (I guess) a digital camera.  In either case, there is no secure hashing being done and if there is, so what?  The image is what it says it is.  The xbox360 has the capability to load pictures to it and view them.. we don't need to try to break the security of the storage device it is stored on.

View Post



Vaild point and theroy. But dont forget that CPU does have a hardware lvl of protection aggainst the use of a buffer underrun error as a method of attack. At the current moment we know far far to little about the security on both a hardware and software level to start working on this method of attack.

No to how you can break the security on the device. I personall belive that a camera would be the best method for an attack. Most early digital cameras have no security check what-so-ever. My Fuji FinePix for exaple has the ability for me to take an altered image from photoshop and view it on the lcd screen of the camera without any problems other that the restraints of resolution.
I did a quick test and made a custome jpeg image inwhich the camera itself did not take. I renamed it to the approiate naming sequence with the other files of the camera and hooked it up to the 360. Image was loaded. So now if we are able to load an coded image file, we might have a way in. I did always belive that it would be a 3rd party that would ruin the 360, not MS.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users