Image Viewer, Buffer Overflow... Possible attack Options

[K.Raikkonen-McLaren]

Howdy,

I dont own an Xbox 360 yet so I cant test. But, because the Xbox has the ability to view images/music/videos. Shouldnt we be able to create a buffer overflow and execute our own code without having the need for a chip?

Similiar to what happend to the PSP.

[1nick9]

would b good but i think m$ would hav done all they can to prevent this

[repoman45805]

This was done with the PSP in the 2.0 firmware.

[toolwerx]

Yes, there are additional safeguards in place that will help prevent Xbox 360 from being modified. Stack memory, for instance, is non-executable, which makes buffer overrun issues more difficult to exploit.

they already thought of such attacks.

[BlueCELL]

Yeah, you have to keep in mind that MS is a software gaint. They certainly know alot more of the Software part than Sony w/ the PSP.

[trey85stang]

Yeah, you have to keep in mind that MS is a software gaint.  They certainly know alot more of the Software part than Sony w/ the PSP.

thats like saying cows know a lot about the milk business.

[Entropy42]

Yeah, you have to keep in mind that MS is a software gaint.  They certainly know alot more of the Software part than Sony w/ the PSP.

And yet the constant security holes found in their software indicate that they still don't comprehend buffer overflow attacks.

[johnstark]

thats like saying cows know a lot about the milk business.

Cows aren't in the milk business you dumbass... cows make milk naturally, they know nothing about it.

MS makes software by choice. They study it, they master it (at least moreso than sony).

Your analogy just plain sucks

This post has been edited by johnstark: Nov 21 2005, 10:13 AM

[rasmithuk]

And yet the constant security holes found in their software indicate that they still don't comprehend buffer overflow attacks.

Just for some background info the new C++ compiler from MS includes bounding pages as an option, which will catch most buffer overflow attacks.
Expect the number to drop as more software gets recompiled with it.

[krakerx]

I don't know, I think when it comes to Micro$oft, anything is possible. Look at all thier "best" OSs, with every OS release, they said "This is the safest, and most secure version of Windows available." They've been saying that since Win95, they praised the fact for WinMe [which was by far the biggest piece of crap], even saying the same about WinXP, its the reason that WinVista is taking so long to hit the streets. They should just do the smart thing, and follow suite with everybody else, and use a *nix based OS, make it easier on everyone

[ImOkRuOk]

... has to be one of the most assinine things i've ever read ... how about we just stick to topic.....

[steblublu]

..But, because the Xbox has the ability to view images/music/videos.  Shouldnt we be able to create a buffer overflow and execute our own code without having the need for a chip? 

Similiar to what happend to the PSP.

No. on the Xbox360 the stack memory is non-executable and secure hashing is done on memory units.

that will make image/font code injection attack all but impossible.

[steblublu]

[forum lag/double post. delete me!]

This post has been edited by steblublu: Nov 23 2005, 05:43 PM

[d0wnlab]

secure hashing is done on memory units.

He's talking about giving the image viewer a custom crafted image, I'm guessing either streamed over the net or (I guess) a digital camera. In either case, there is no secure hashing being done and if there is, so what? The image is what it says it is. The xbox360 has the capability to load pictures to it and view them.. we don't need to try to break the security of the storage device it is stored on.

This post has been edited by d0wnlab: Nov 23 2005, 07:01 PM

[shakaru]

He's talking about giving the image viewer a custom crafted image, I'm guessing either streamed over the net or (I guess) a digital camera.  In either case, there is no secure hashing being done and if there is, so what?  The image is what it says it is.  The xbox360 has the capability to load pictures to it and view them.. we don't need to try to break the security of the storage device it is stored on.

Vaild point and theroy. But dont forget that CPU does have a hardware lvl of protection aggainst the use of a buffer underrun error as a method of attack. At the current moment we know far far to little about the security on both a hardware and software level to start working on this method of attack.

No to how you can break the security on the device. I personall belive that a camera would be the best method for an attack. Most early digital cameras have no security check what-so-ever. My Fuji FinePix for exaple has the ability for me to take an altered image from photoshop and view it on the lcd screen of the camera without any problems other that the restraints of resolution.
I did a quick test and made a custome jpeg image inwhich the camera itself did not take. I renamed it to the approiate naming sequence with the other files of the camera and hooked it up to the 360. Image was loaded. So now if we are able to load an coded image file, we might have a way in. I did always belive that it would be a 3rd party that would ruin the 360, not MS.