QUOTE(d0wnlab @ Nov 23 2005, 07:04 PM)
He's talking about giving the image viewer a custom crafted image, I'm guessing either streamed over the net or (I guess) a digital camera. In either case, there is no secure hashing being done and if there is, so what? The image is what it says it is. The xbox360 has the capability to load pictures to it and view them.. we don't need to try to break the security of the storage device it is stored on.
Vaild point and theroy. But dont forget that CPU does have a hardware lvl of protection aggainst the use of a buffer underrun error as a method of attack. At the current moment we know far far to little about the security on both a hardware and software level to start working on this method of attack.
No to how you can break the security on the device. I personall belive that a camera would be the best method for an attack. Most early digital cameras have no security check what-so-ever. My Fuji FinePix for exaple has the ability for me to take an altered image from photoshop and view it on the lcd screen of the camera without any problems other that the restraints of resolution.
I did a quick test and made a custome jpeg image inwhich the camera itself did not take. I renamed it to the approiate naming sequence with the other files of the camera and hooked it up to the 360. Image was loaded. So now if we are able to load an coded image file, we might have a way in. I did always belive that it would be a 3rd party that would ruin the 360, not MS.