i remember a while back reading something about how it could be possible to hack a 360 through a system update. the only problem(well maybe not just one) would be that if you modified the update code at all it'd break the signature, making it useless.
well i thought perhaps if one could be able to extract an ms-signed signature from an update and then inject it to a modified update (much like the psp's custom firmware) it could be possible foll the 360 into thinking it of an actual update. thus allowing us to run unsigned code on most consoles. it would be much more efficient(and far less time consuming) than a jtag. please don't torch me if this has already been proven impossible.
btw, im pretty sure if we really did some research and experimenting this could very well be possible. post your thoughts, but like i said please don't torch me if its been disproven.
Full Version: Xbox 360 Softmod(theory)
Scenyx Entertainment Community > Xbox360 Forums > Xbox 360 Hacking Forums > Software Exploits Development / Research
You clearly don't understand how digital signatures work. The signature signs the actual code, it isn't an abstract thing that can be extracted and reused. If you change even one byte of the code then the signature doesn't match the code and it fails, so you can't just attach a known signature to a random piece of code and expect it to work.
The only way it might work would be if Microsoft had implemented their digital signature system incorrectly - and they haven't. Consequently, change a byte = signature fails = code doesn't run.
This article might help you understand the basics of digital signatures.
The only way it might work would be if Microsoft had implemented their digital signature system incorrectly - and they haven't. Consequently, change a byte = signature fails = code doesn't run.
This article might help you understand the basics of digital signatures.
it just my theory. perhaps some could build on that though. and u are rite about me knowing nothing about how signing works, i just assumed how it worked lol.
There is nothing to build on.
Just FYI, this attack vector has been thought off before and back in 2005 the answer was no wont work due to the signature on the updates which is the same as today.
Just FYI, this attack vector has been thought off before and back in 2005 the answer was no wont work due to the signature on the updates which is the same as today.
QUOTE(No_Name @ Oct 3 2010, 08:37 AM) 
There is nothing to build on.
Just FYI, this attack vector has been thought off before and back in 2005 the answer was no wont work due to the signature on the updates which is the same as today.
I believe there is something to build on here.
A little far fetched, yes. Impossible, no.
If one could code a re-signer, to then sign that modified code, then one could then install the modified code.
Therefore making this a very good theory, although i personally do not have the knowledge to build a re-signer.
I'm sure there is someone around that could do it.
But would be damn hard,
I'm sure you guys modified Xbox Originals, back when they were top of the line, maybe even modified Halo2 game content, and if you did, you would know that you need to resign the maps proper prior to playing on those modified maps, or you would get a "Failed to load map" message.
It can be done, it's just a matter of will it happen.
Hope my input helps with those who aren't optimistic.
Yet another noob who can't read, can't code, and knows nothing about digital signatures.
Again, for those like you who can't read - THERE IS NOTHING TO BUILD ON.
The difficulty isn't writing the "re-signer", the difficulty is that we don't have the key to sign the code with. Only Microsoft have that key.
If you'd bothered to read the link in my previous post you'd have spotted that you need the signing key, and a bit of common sense would lead to to work out that Microsoft is unlikely to make such a vital piece of information publicly available.
Your "input" hasn't helped at all, because you provided no input - only baseless and uneducated speculation about something you know nothing about.
Again, for those like you who can't read - THERE IS NOTHING TO BUILD ON.
The difficulty isn't writing the "re-signer", the difficulty is that we don't have the key to sign the code with. Only Microsoft have that key.
If you'd bothered to read the link in my previous post you'd have spotted that you need the signing key, and a bit of common sense would lead to to work out that Microsoft is unlikely to make such a vital piece of information publicly available.
Your "input" hasn't helped at all, because you provided no input - only baseless and uneducated speculation about something you know nothing about.
QUOTE(Heimdall @ Oct 28 2010, 09:35 AM)
Your "input" hasn't helped at all, because you provided no input - only baseless and uneducated speculation about something you know nothing about.
Well, at least I'm not being a douche-bag about it.
And sure I can't code, but I do know a thing or two about digital sig's.
And hell, the more you talk about it, the more I think you know less about what your talking about.
And I'm sure one of the coders at Bungie just waltzed out and handed somebody the "formula" to the sig's for Halo2 Maps? And the same with Halo3 Map Variants?
But whatever, I'm going to play some Halo Reach, with some RTH.
Love swaping automatic weapon projectiles with sticky grenades, now if only there were nukes in that game.
[Edit]
Forgot to include this.
http://www.eurasia.nu/wiki/index.php/Xbox360Kernel
Download the system updates, all of the.
compare the sigs
find a pattern
????????
Profit.
QUOTE(Haze666 @ Oct 28 2010, 05:19 PM)
but I do know a thing or two about digital sig's.
Obviously not, as your next statement proves.QUOTE(Haze666 @ Oct 28 2010, 05:19 PM)
Download the system updates, all of the.
compare the sigs
find a pattern
????????
Profit.
compare the sigs
find a pattern
????????
Profit.
There is no "pattern" with digital signatures, and if you knew anything about digital signatures you would know that - it's in every "Digital Signature Design 101" course, book and article as one of the requirements for a good digital signature system. Digital signatures are cryptographic representations of a file, and they remain secure precisely because there is no feasible computational method of creating a signature without the original key, nomatter how many signed files you examine. Get it - there is no pattern.
Now, go back to shooting aliens in your bedroom and leave the real engineering to people who know what they are talking about.
QUOTE(Heimdall @ Oct 28 2010, 11:35 AM)
Obviously not, as your next statement proves.
Sarcasm my friend.
Wouldn't put it like that if i were being serious, Sir.
QUOTE(Haze666 @ Nov 2 2010, 03:50 PM)
Sarcasm my friend.
Wouldn't put it like that if i were being serious, Sir.
You are an idiot. Stop talking.
yes i revived this postg deal with it.
anyways. in defense of the person who actually supported my idea. it could be possible. namly because the ms digutal signiture has to be stored somewhere rite? if it wasnt then how would the 360 know it is a valid code and not some user made one?
anyways. in defense of the person who actually supported my idea. it could be possible. namly because the ms digutal signiture has to be stored somewhere rite? if it wasnt then how would the 360 know it is a valid code and not some user made one?
Not again.
You either haven't bothered to read up on digital signatures, or haven't understood them, in spite of the simplicity of the article I linked to in my first reply.
The digital signature is different for every single file. I'll say it again in a different order in the hope that it might sink in - every single file has a different digital signature. The signature for one file is of no use with another file, because it simply won't match the second file.
It's the public key that's stored on the Xbox, and the public key is used to VERIFY the digital signature of the file. To sign the file you need the private key. Microsoft's private key is probably not stored in one place, is definitely only accessible to a handful of people, and is therefore unlikely to ever be seen outside of Redmond. I'll say that again as well, in the hope that it might sink in; you can only sign a file with the private key, and only Microsoft has the private key, and the private key ISN'T on your Xbox, it's held at a secure Microsoft location.
FYI, in case you were wondering, JTAGs can run unsigned code because they bypass the signature check - broadly the same method that was used on the Xbox 1. That's the only feasible method to get round the signature problem.
So please, stop flogging this dead horse. Your idea (it was never a theory, in spite of the title) simply won't work. To summarise what I said to your equally misguided supporter, if you can't even grasp the basics of digital signatures then you should stop digging yourself further into this hole, and leave the real engineering to people who know what they are talking about.
You either haven't bothered to read up on digital signatures, or haven't understood them, in spite of the simplicity of the article I linked to in my first reply.
The digital signature is different for every single file. I'll say it again in a different order in the hope that it might sink in - every single file has a different digital signature. The signature for one file is of no use with another file, because it simply won't match the second file.
It's the public key that's stored on the Xbox, and the public key is used to VERIFY the digital signature of the file. To sign the file you need the private key. Microsoft's private key is probably not stored in one place, is definitely only accessible to a handful of people, and is therefore unlikely to ever be seen outside of Redmond. I'll say that again as well, in the hope that it might sink in; you can only sign a file with the private key, and only Microsoft has the private key, and the private key ISN'T on your Xbox, it's held at a secure Microsoft location.
FYI, in case you were wondering, JTAGs can run unsigned code because they bypass the signature check - broadly the same method that was used on the Xbox 1. That's the only feasible method to get round the signature problem.
So please, stop flogging this dead horse. Your idea (it was never a theory, in spite of the title) simply won't work. To summarise what I said to your equally misguided supporter, if you can't even grasp the basics of digital signatures then you should stop digging yourself further into this hole, and leave the real engineering to people who know what they are talking about.
Yes idiot, it is stored somewhere, how the **** do you expect them to sign the games we play.
Its probably stored on a secure stand alone system in a secure room, within a secure room within a secure floor of a secure building.
So there you go got going to steal it and then you dont need your 'theory' which as I said is not a new or unique idea people smarter than you had the same idea the very day the 360 came out.
O and before you think of a new idea, no the old game save hacks from the xbox day wont work either.
Its probably stored on a secure stand alone system in a secure room, within a secure room within a secure floor of a secure building.
So there you go got going to steal it and then you dont need your 'theory' which as I said is not a new or unique idea people smarter than you had the same idea the very day the 360 came out.
O and before you think of a new idea, no the old game save hacks from the xbox day wont work either.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.