Jump to content


Photo

Warning Speculation Post: Update Faking


  • This topic is locked This topic is locked
12 replies to this topic

#1 Thedragonfiend

Thedragonfiend

    X-S Enthusiast

  • Members
  • 9 posts
  • Location:Australia
  • Xbox Version:unk
  • 360 version:v1 (xenon)

Posted 01 July 2012 - 10:55 AM

Okay just a few things that popped into my mind one time

They all rely on the fact that the update code has access to the kernal and other areas of the nand which are of importance

Okay heres my ideas:

Fake the update server: Pretty simple this one... somehow redirect the xboxs update request to a fake server which has either a hacked update or a copy of 43xx or whatever had the soft exploit but modified so its detected as a newer update... Then the console updates using the files we gave it.

Hacked update sector: Im sure most of you know that most if not all xbox 360 discs have an update sector used to do an offline update to the required dash/kernal... Now what if we were to hack that... We would just use a firmware flashed drive for it... So the only problem i can see is the update code being signed but then... The above idea has that issue too...

Now to see the banter flow and input be added

Edited by Thedragonfiend, 01 July 2012 - 11:50 AM.


#2 Heimdall

Heimdall

    X-S Legend

  • Members
  • PipPipPipPipPipPipPipPipPip
  • 5,749 posts
  • Location:UK
  • Xbox Version:v1.4
  • 360 version:v4.0 (jasper)

Posted 01 July 2012 - 02:10 PM

All updates have to be signed, and you don't have the signing key.

#3 Thedragonfiend

Thedragonfiend

    X-S Enthusiast

  • Members
  • 9 posts
  • Location:Australia
  • Xbox Version:unk
  • 360 version:v1 (xenon)

Posted 02 July 2012 - 04:58 AM

QUOTE(Heimdall @ Jul 1 2012, 11:10 PM) View Post

All updates have to be signed, and you don't have the signing key.



Hmmm so what if we were to find the signing key... Or somehow trick the console into downgrading this way...

So imagine this scenario... Weve signed and hashed the hacked update... Found a method of invoking the update process manually... Found a way to replace the update files with our hacked copy/copies... All things that... COULD be possible... What stops us then what wall do we have to c4 our way through to make this work.

Edited by Thedragonfiend, 02 July 2012 - 05:06 AM.


#4 Heimdall

Heimdall

    X-S Legend

  • Members
  • PipPipPipPipPipPipPipPipPip
  • 5,749 posts
  • Location:UK
  • Xbox Version:v1.4
  • 360 version:v4.0 (jasper)

Posted 02 July 2012 - 09:27 AM

Let me try this again.

All updates have to be signed, and you don't have the signing key.

#5 Thedragonfiend

Thedragonfiend

    X-S Enthusiast

  • Members
  • 9 posts
  • Location:Australia
  • Xbox Version:unk
  • 360 version:v1 (xenon)

Posted 02 July 2012 - 10:37 AM

QUOTE(Heimdall @ Jul 2 2012, 06:27 PM) View Post

Let me try this again.

All updates have to be signed, and you don't have the signing key.


Okay let me try again What if we had the signing key what stops us then

Also Speculation

#6 Heimdall

Heimdall

    X-S Legend

  • Members
  • PipPipPipPipPipPipPipPipPip
  • 5,749 posts
  • Location:UK
  • Xbox Version:v1.4
  • 360 version:v4.0 (jasper)

Posted 02 July 2012 - 02:49 PM

You don't mean speculation, you mean random and completely uninformed guessing.

Microsoft's signing key is one of the most closely guarded secrets on the planet. It is probably held in only two places, on computers that are completely disconnected from the world. It isn't going to be accidentally released into the wild.

Finding it on your Xbox? It isn't on your Xbox, it's the private key half of a public-private key pair.

Brute force guessing? Read this.

Reverse engineering? Read this, and note that the prize for factoring the 2048 bit semiprime key was unclaimed after 17 years. Note also that the Xbox uses a 4096 bit signing key. You might also want to read this, and maybe do some Googling for background on how digital signatures work, and why the infeasibility of prime factorisation is so important to digital security.

#7 ddsdavey

ddsdavey

    X-S X-perience

  • Members
  • PipPip
  • 328 posts
  • Xbox Version:none
  • 360 version:v4.0 (jasper)

Posted 02 July 2012 - 06:29 PM

I love it when you get some random member with no evident expertise suddenly posting theories on how to cheat a system,ive lost count on the amount of exploit "theories" ive read from people with no apparent depth of technical skill.
Like this "ok but if we had the keys",DUDE,IF WE HAD THE KEYS WE WOULD BE DOING MORE THAN "FAKING UPDATES".
"Ok but if we had the keys" lmfao like its some minor issue.
Ok but if i won the lottery,THEN i can buy a Ferrari,job done no probs!
Not trolling,im sure ideas can only be a positive so i applaude the op for putting the effort in when arrogant pricks like me just ridicule even though we (i) lack substance also!

#8 tomgreen99200

tomgreen99200

    X-S Freak

  • Members
  • PipPipPipPipPip
  • 1,556 posts
  • Location:Florida
  • Xbox Version:v1.6
  • 360 version:v4.0 (jasper)

Posted 02 July 2012 - 09:43 PM

biggrin.gif

#9 Thedragonfiend

Thedragonfiend

    X-S Enthusiast

  • Members
  • 9 posts
  • Location:Australia
  • Xbox Version:unk
  • 360 version:v1 (xenon)

Posted 03 July 2012 - 01:58 AM

Whatever your the ones who failed

I wanted you to poke holes in my theory not repetedly jab at the one place untill i lose faith in your ability to disprove a theory... The scenario i provided means the problem with the signing key doesnt matter the idea is to poke more holes... if you cant then i know the only barrier is the key if you can then it needs more work... Do you get the idea now i dont want to know the first level barrier i want to know every barrier... Okay if we found the signing key whats next... Nothing okay then thanks...

But what if there is another security wall... If we dig down far enough we eventually break through so the idea is to keep poking holes and then i circumvent the hole and try again

And once again to let it sink in poke holes dont finger the one hole

Okay this was a good read tho

Edited by Thedragonfiend, 03 July 2012 - 02:06 AM.


#10 Heimdall

Heimdall

    X-S Legend

  • Members
  • PipPipPipPipPipPipPipPipPip
  • 5,749 posts
  • Location:UK
  • Xbox Version:v1.4
  • 360 version:v4.0 (jasper)

Posted 03 July 2012 - 02:12 AM

It wasn't a theory, it was a badly formed idea that has been proposed and shot down many hundreds of times before. Whatever it is called, we did disprove it. You don't have to disprove all of a "theory" to discard it, you simply have to disprove enough of it to be certain that it is wrong, or not likely to be worth bothering with in your lifetime.

You can't put up a daft idea, then complain that we attack its weakest point. Why would we bother worrying about the detail of what we might do next, when the first hurdle is so insurmountable?

Propose a real theory for how we can get through the first barrier, then it becomes worth talking about what the next steps might be. Before you do that, do some reading of the many discussions on this topic that have littered the Internet since the Xbox 360 was released, so you don't just rework an old theory that has been tried and failed.

Until then you're (note the correct spelling) the only failure here. smile.gif

Edit: But I'm glad you enjoyed reading the RSA Factoring Challenge article. It's a good start.

Edited by Heimdall, 03 July 2012 - 02:14 AM.


#11 tomgreen99200

tomgreen99200

    X-S Freak

  • Members
  • PipPipPipPipPip
  • 1,556 posts
  • Location:Florida
  • Xbox Version:v1.6
  • 360 version:v4.0 (jasper)

Posted 03 July 2012 - 02:25 AM

your != you're

biggrin.gif You really let him have it.

#12 Thedragonfiend

Thedragonfiend

    X-S Enthusiast

  • Members
  • 9 posts
  • Location:Australia
  • Xbox Version:unk
  • 360 version:v1 (xenon)

Posted 03 July 2012 - 02:39 AM

Well the only idea i can come up with is a underflow/overflow using a modified mp3 file but even if we could somehow do that considering the allocated memory size for music data is dynamic we would still need exploitable memory regions nearby and to somehow bypass hypervisor which just isnt happening right now...

So instead ill ask a question... How does the update system work more specifically how does it tell if an update file is for a new update or not... Because while modified/hacked updates is out of the question... Pure copies of 4352 (is that the right one) still have some hope... Assuming its even possible of course to trick the updater of course

Edited by Thedragonfiend, 03 July 2012 - 02:41 AM.


#13 Xombe

Xombe

    X-S Xbox Xombe

  • Head Moderators
  • PipPipPipPipPipPipPipPipPipPipPipPipPipPipPip
  • 10,198 posts
  • Gender:Male
  • Location:PNW
  • Xbox Version:v1.0
  • 360 version:v3.0 (falcon)

Posted 04 July 2012 - 05:57 AM

QUOTE(Thedragonfiend @ Jul 2 2012, 02:37 AM) View Post
What if we had the signing key what stops us then
Nothing.

And that's the point. Which is why we never will*, and the reason for ten years of this and many other communities' efforts. If you'd like to continue discussion about your last question there, please do so in a thread of smaller scope.


*short of armed insurection, but I gather they'd still come out on top




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users