Bunnie about Xbox 360 Kiosk Demo Disc Options

[Xbox-Scene]

Bunnie about Xbox 360 Kiosk Demo Disc -- Posted by XanTium on January 3 00:45 EST
Bunnie posted some comments on his blog about the recent findings with the Xbox360 Kiosk Demo Disc (read these newsitems to catch-up if you missed it: Disc release, More info, Shaders editing and Run own swf).
Andrew "bunnie" Huang is one of the main guys behind the original Xbox hacking, he's also known for his book "Hacking the Xbox". Here's what he said on his blog:
[QUOTE]
I've also been observing the progress on the Xbox360 hacking, and I'm impressed. The hacking scene is more or less an organized anarchy that is frightfully productive. Now that I've had a little brush with being a manager in my day job, I can see that clarity of purpose obviates the need for management; people just self-organize and things happen. I could ponder on this for many parargaphs, but I'll spare you my treatise on human social behavior.

At any rate, some very interesting things are afoot. Much of it stems from the discovery of an all-media bootable kiosk demo disk. Many hackers will instantly recognize the value of this, but it's still interesting to reflect on the significance of this find.

Like the original Xbox, the Xbox360 uses a media flag on its executables. The media flag tells the OS what type of media it should be on; typically, games are released with the flag set to Microsoft's proprietary secure Xbox DVD format (which is in itself not that secure...). Significantly, only the executable is signed for a game; the data sections typically are not signed (presumably for performance reasons). Thus, one has the ability to fuzz the executable by corrupting the data sections, potentially invoking a buffer overrun or some other unintentional behavior-if one could effectively modify the data sections. Remember that this is normally not possible, since modifying the data segment requires making a copy to a writeable media, and this contradicts the signed media flag.

Thus, the run-anywhere demo disk now enables software hackers to create and test the interaction of signed executables with modified game data using no tool other than a DVD-RW drive (and an Xbox360 console, still considerably rare and difficult to obtain in the US). Some of the more interesting modifiable data regions include Shockwave Flash movies, and the pixel shaders executed by the GPU (more info can be found on the xboxhacker.net website). Of particular interest is the MEMEXPORT shader command in the 360, which could enable people to dump physical memory to the screen (where it can be digitized or extracted with a sniffer upstream of the ANA chip), or to some other peripheral function. Presuming plaintext kernel code can be extracted this way, it bootstraps further efforts in vulnerability analysis of the code running in the Xbox...and so forth. Of course, its quite possible that this hole is plugged, since Microsoft's NGSCB spec calls for the Northbridge to limit DMA access from the graphics card to main memory. Furthermore, buffer overrun exploits have questionable applicability since each process runs as its own virtual machine and rumors has it that the no-execute bit is used on heap space. Still, I'm very surprised that such a media was even released into the wild by Microsoft...their own worst enemy is their own haste to get to the market and carelessness; security is for naught without consideration of human factors. Very exciting! Perhaps the Xbox360 will be opened without the need for significant hardware hacking.
[/QUOTE]

[RocketMBA]

Yes, because "Bunnie" is the authority on life. Still, nice to hear the words of said talking rabbit on said disc.

[NeoJew]

I'm not sure what the sarcasm was there for, but his words were inspiring.

[genecyber]

As for the organization aspect, it is exciting to see that when I make a suggestion of something to try, the result is verysoon posted. We are an organized bunch of creatures, that with the proper tools can organize and progress with considerable speed and determination. There is a socialogical managment thesis that I am working on that has been tested with both the psp dev scene, the pcdvd scene & now the 360 scene that shows that many minds with limited access to adequate tools for a crippled product and the desire for more, will group togather with others who have no access, and form a questions / answers aproach to the problem. Resulting in every posible problem ultimatley being solved.

Pardon me if I'm babbling, I have been with the swf part of the kiosk disc dev since the begining and am very excited to see it grow to an enthusiastic group of organized dev's.

[mrjiggles139]

whats the sarcasm about RocketMBA? id like to see you accomplish/contribute a TENTH of what bunnie has done for the scene. some people...

[Liquidvlade Hiraduo]

As long as we stay together like we did in the "Xbox Scene" we will be fine... and yes Bunnie's words are good news to me =)

[xboxexpert]

Yes, because "Bunnie" is the authority on life. Still, nice to hear the words of said talking rabbit on said disc.

Some people's minds are just not as advanced as others. If you are young and have no idea about flag's and buffer overflow's then don’t comment. This is a very enlightening post from bunny and I hope people take it as a point in the right direction. I my self would be full force on the reverse engineering of the 360 system or any media I could get my hands on …. If I could just find a 360 within a 30 mile radius. Until then keep up the good work people.

[xboxexpert]

Don’t post code of any sort in this thread. Especially Copyrighted code to video games.

[alienindahizouse2]

Wow...your posting this on your main site and allowing us to discuss it here?!?!?!?!?! Holy Moses in a half-shell...I was banned for questioning the mediator on this and your POSTING this info on the main site?!?!?!?!? Somebody fill me in on how the morals actually work around here!


LOLOL

[adeon]

I love this line

Very exciting! Perhaps the Xbox360 will be opened without the need for significant hardware hacking.

!!!

but I still wanna do HARDWARE HACKING.. the xecuter LCD runs off the hardware hacks.. I hope something like this happens with the 360!!..

[luther349]

heh no need to hope there. hardware mods will always happon. now if the 360 gets softmodded it will just be insanly funny.

[flashfreak]

An LCD would be hard to put in the 360. If it was b/n the ring of light and dvd or suttin, there would need to be a hole in the faceplate, and if u changed faceplates then it'd cover up the lcd.

Also, standing it up would stop this working, not stop it but make it...stupid.

But progress is coming along nicely. I was thinking, if i was rich and had millions to throw away, i'd fully pay for an event to get all the best xbox hackers together, some of the best people around, with all the hardware and software necessary. Sounds stupid, but if every1 was together at once, they could probably think the whole mod/hack idea through without even trying it

[TSOPrano]

An LCD would be hard to put in the 360. If it was b/n the ring of light and dvd or suttin, there would need to be a hole in the faceplate, and if u changed faceplates then it'd cover up the lcd.

Also, standing it up would stop this working, not stop it but make it...stupid.

People actually buy LCD hardware add-on's?

Seemed pointless unless one had binoculars.

[Troed]

whats the sarcasm about RocketMBA? id like to see you accomplish/contribute a TENTH of what bunnie has done for the scene. some people...

With all due respect to bunnie, I think I have the discussions on Xbox v1.1 from xboxhacker.net (old version) saved where bunnie clearly states in a thread where Andy, visor, myself and others were discussing the new protections that he (bunnie) didn't feel he had the knowledge to contribute.

There's no single person who did everything with regards to the Xbox. What bunnie did was extremely important (and a huge accomplishment) - but please don't try to make too much of it either. He did one part, others did theirs.

I don't even think these comments on the kiosk disc are especially interesting - since I think he's wrong to assume MS didn't on purpose sign it for use on DVD+-R as well. They're relying, totally, on their other protections - which I feel is obvious since they haven't protected the content on the hard drive.

(And yes, before you reply, I have contributed - have you?)

[modthebox.tk]

Good to here from him. At least we know that he will be our 'guardian' so to speak. If, we mess something up he will inform us and in the this case, he has applauded us.

He may not join us directly, but he will indirectly.

(And yes, before you reply, I have contributed - have you?)

When it is the right time and place I will .