Xbox 360 vulnerability found, homebrew could be just around the corner
While we appreciate Microsoft's concessions to the DIY gaming community with the XNA Game Studio Express, that's still small compensation for the fact that at the end of the day, that $400 white box in our living room isn't quite "ours" -- Microsoft still calls the shots as to what code can push that hardware around. At least until today. Apparently a vulnerability has been discovered, and while the jargon is rather over our heads, it doesn't take a hax0r to understand the potential upshot: homebrew on the 360. The word is that there's a "critical vulnerability in Microsoft's Xbox 360 that allows privilege escalation into hypervisor mode." Toss in a method to "inject data into non-privileged memory areas" and you've got "an attacker with physical access to an Xbox 360 to run arbitrary code such as alternative operating systems with full privileges and full hardware access." Sounds like a good time for all! The exploit works in kernel 4532 and 4548, but Microsoft is aware of the flaw, and has patched kernel 4552, which was released on January 9th. We can't quite tell if this will actually mean that Joe consumer will end up with homebrew as a result of this hack, but it's promising all the same.
Filed under: Gaming
Reader Comments (Page 1 of 1)
AceMilo @ Feb 27th 2007 11:38PM
Here's the problem. It only works on older kernels, so if you have updated your 360 in the past 6 months, the hack is useless. If they find a way to downgrade your kernel, then you would still have to give up live. Otherwise, it will be a cat and mouse game of updates and trade-offs. Honestly, I am a big supporter of homebrew, but if it means losing live, its not really worth it.
Matt @ Feb 27th 2007 11:40PM
Homebrew is a euphamism for piracy.
You can thank the PSP tards for that.
hugoliva @ Feb 28th 2007 12:16AM
The best and only software I run in my XBOX this days is XBMC and it is far and away from been "pirated software".
LiQuiD_FuSioN @ Feb 27th 2007 11:47PM
Euphamism*
Making a downgrader for the 360 could take a while though, just like with the PSP and its plethora of Homebrew apps etc. I wouldn't bet on it any time soon though. And AceMilo's right, I wouldn't risk losing my subscription to Live just to try this out either unless I had a spare 360 lying around. ;)
Keith Foederl @ Feb 27th 2007 11:49PM
some guy figured out how to downgrade to the original kernel and dash. BUT the people at Microsoft are wise-asses. After the 4552 update An E-Fuse was popped that limits access to the spare memory banks on the xbox's flash memory.
(CyKiller) Aaron Johnson @ Feb 28th 2007 11:03PM
There is a reason you have to find it in the usual places compiled, it is built with Xbox SDK which is illegal. But it is the best software to date - and seeing it evolved on the 360 could prove to be potentially good.
Dave @ Feb 28th 2007 12:18AM
I'd consider buying a second 360 if they could get this to work. XBMC on the original XBox is utterly amazing. I can only imagine what they could do with a 360.
Marten Kai-Larsen @ Feb 28th 2007 12:21AM
I don't see why this should be any different from running managed code in XNA. It is not like microsoft has to approve your code before you download it to your 360.
AndrewNeo @ Feb 28th 2007 12:29AM
That's because in the XNA, the stuff you run runs ~inside~ the .NET environment, which is the signed program.
Marten Kai-Larsen @ Feb 28th 2007 12:30AM
Oh and yes I forgot, homebrew is allready here. Sure it won't replace the OS but replacing the OS for no benefits is Linuxtalk for sticking it to the man. You don't have to replace the OS to build a Media Center, you could do it with XNA. You do have to replace the OS with a modified version to play pirate games. So if you don't have broadband (XBL) sure go ahead, but don't tell me it is for any other reason than pirated software.
waruwaru @ Feb 28th 2007 5:07AM
Bah, XNA will never have full access to the entire hardware. If that MS makes that possible, none of the devs would pay 5/6 figures for the official dev kits. As it stands right now, you can't build "media center" with XNA (no networking, no dynamic audio). We shall see with the next version if MS will support tcp/ip, or limited network access through the managed interface. Home-brew will probably bring more possibilities than what's currently available.
Marten Kai-Larsen @ Feb 28th 2007 12:34AM
AndrewNeo, sorry I don't understand what you mean with "signed program". Do you mean the 100$ I pay per year? Or are you trying to peddle some sort of conspiracy theory about Microsoft?
Matt @ Feb 28th 2007 12:37AM
XBMP is a euphamism for pirated mp3's and avi's.
Don't kid yourself.
Zorque @ Feb 28th 2007 1:55AM
Or people who want to copy everything to their computer so they can make playlists and not have to shuffle CD's and DVD's around and potentially lose them, or people who want to record TV shows to their DVR and stream them to a different TV, or people who want to watch content on their TV that you could only access from the internet, i.e. flash video.
Tom @ Feb 28th 2007 12:41AM
Here comes the "no fair! that guy must be playing with a modded Xbox 360!" (and they'll probably be right, too). Tom is sad now :(
charlie @ Feb 28th 2007 1:08AM
PS3 officially supports linux... if a good community develops around it, with lots of easy files and tutorials for ps3 users to make their linux useful (support for the USB, the bluetooth, the wifi, playing a variety of media file formats, access to popular file sharing networks and bittorrent, internet, etc) then I could definitely see myself motivated into buying a PS3. $500 for a great blu-ray player, and a multimedia hub computer with an upgradable internal hard drive, file sharing, usb connectivity, etc. Imagine being able to buy a USB TV tuner to turn it into a DVR. Who the fuck cares if there are games.
...Sony... they would lose a shitload of money
Martin @ Feb 28th 2007 1:38AM
You don't need a 500 dollar system to do that ^^^ try 100-150
Dylan @ Feb 28th 2007 1:49AM
Actually, other than the ps3 you need a $1000 + system to do that. A Blu-ray player alone goes for over $800 these days, they'll be coming down to $600 in the summer, but that is still just a standalone blue-ray player without the linux, USB, network and harddrive support. The PS3 is a good deal even without any games.
Martin @ Feb 28th 2007 1:51AM
Actually Dylan what I was referring to was just the server part. But even so you could still add $199 to that and make it an HD-DVD playing server. Still almost half the price of the PS3 and more flexible.
PreGHz @ Feb 28th 2007 3:15AM
How is it more flexible? Aren't you still locked into a format, i.e. HD-DVD? Doesn't the PS3 support several Linux distros that aren't bad?
Could that $200 server/computer crunch the numbers or handle the load required to serve HD content over a network?
Even if you might not like the PS3, you can't deny the cost savings or potential that it brings to the table.
And why are we even talking about this? Isn't the XBox the subject here?
I for one would definitely enjoy a version of Avalaunch for the 360.
Jesse @ Feb 28th 2007 2:00AM
i just hope we can actually save videos on our 360 as opposed to having to stream them
Martin @ Feb 28th 2007 3:28AM
Yes the 200 dollar machine would be capable of streaming HD, of course. You need to fire your IT guy if you can't realize that if the PIII Celeron that was inside the xbox 1 can output HD video then so can a basic Sempron or P4. Hell the HP Z556 records HD and outputs component straight off the motherboard with just a P4. Also with a standard computer configuration you have the option of adding multiple hard drives that would be much faster and cheaper than those you could add via USB. Also not available on the PS3 is the RAID configuration you would want (foolish not to have) on your server. And the native ability to install Windows rounds out the list of reasons why buying a PS3 for any reason at all much less for a file server is FOOLISH. And no you're not locked into HD-DVD you can put any drive you want in there.
So in response to your comment...yes, I can very easily refute any cost savings that the ps3 may bring to the table.
andy @ Feb 28th 2007 9:35AM
@martin
I hate fans. In my theater, silence is necessary. i use an xbox to stream from my server.
A ps3 with an updated xbox media center and some other connectivity (youtube) would rock, and I'd DEFINITELY buy it.
Sony just wants the units installed. They don't care, because they know you'll buy bluray movies which they'll get a cut of, and if you've got a ps3 sitting there, why not buy a game or two.
They know that if they can get it in your living room, they'll get the money back eventually.
Martin @ Feb 28th 2007 3:30AM
I didn't mean straight off the motherboard I really just meant built in component. Clearly the component connections are not directly connected to the motherboard. Oh and it also has DVI output. And btw the capability of streaming HD content would mainly lie with the network setup including the network cards that you have installed in all related computers.
Matt @ Feb 28th 2007 3:46AM
Well, since nobody else mentioned it....
IT'S EUPHEMISM. Christ. Somebody even corrected it incorrectly.
rickramos @ Feb 28th 2007 9:17AM
Hate the guy that is pushing that world of war craft gold crap. E-mail and tell him how you feel.
igolggoodforhelp@gmail.com
supervise@mmospirit.com
mmospiritgoodforhelp@gmail.com
Or waste their operators time on live chat by clicking on the icon on their website
Olivier @ Feb 28th 2007 9:37AM
Why doesn't a true developers house come out with an XBMC for XBOX 360/ I mean something official sold through Arcade for even 2000 Ms points.
Something that plays Avi. I would definitely buy it and everybody would be happy.
Why not?
andy @ Feb 28th 2007 12:04PM
@olivier
control. The 360 only plays wma and wmv. This keeps all of the content providers semi-happy so that they'll offer content on the market place.
MS can't allow someone to use the 360 to its fullest because it *could* be used for piracy which we all know would end the legitimate content market just like it has the legitimate music market. /rolls eyes/
R @ Feb 28th 2007 10:01AM
@ Matt: "Homebrew is a euphamism for piracy. You can thank the PSP tards for that."
Untrue. There are many excellent homebrew apps released everyday that have nothing to do with copyright infringement - and more to do with taking control of your device and getting the most of it (ie) unfettered media streaming, changes to the XMB, etc. Only a very small percentage of PSP users indulge in firmware downgraders anyway. I have not taken that step yet, but I do follow the hard work of talented PSP coders with interest. Personally I'm waiting to see what Sony will do in their firmware updates that may affect those PSP's with hacks installed.
R @ Feb 28th 2007 10:04AM
For example:
http://pspupdates.qj.net/23-legal-ways-to-get-free-PSP-stuff/pg/49/aid/84398
RayMetz100 @ Feb 28th 2007 10:06AM
Oh whooppie! This means I might be able to run a linux command line instead of gears of war. I can't wait. The day 360 homebrew has as good of game as GUN! or even Hexic for that matter, I'll be a monkey's uncle.
Alan Strangis @ Feb 28th 2007 10:35AM
Although my orig Xbox with XBMC is still alive and kicking, I can't help but imagine how cool XBMC 360 would be... but I can't give up the Live... for now. :)
Curry @ Feb 28th 2007 11:19AM
Understandable explanation of the exploit.
Scabies @ Feb 28th 2007 11:35AM
I really want to see the shopping list for this $200 HTPC that calls for all purchased hardware/equipment, no "You already have DDR400 lying around, so throw that in" or "use any hard drive you might have"
case/psu:$?
mobo/(+)video solution:$?
CPU:$?
Memory:$?
HDD:$?
Optical:$?
if you can outline such a thing, I would be glad to buy one. BTW, HD output is a must, as you mentioned this is possible, and more than six channels of audio is bonus points. (and I'm well aware the Xbox can do it, I want to see an OEM assembly)
Martin @ Feb 28th 2007 12:30PM
Here's a preliminary search:
http://cgi.ebay.com/DELL-OPTIPLEX-PIII-FAST-DESKTOP-WIN-XP-OFFICE-ANTIVIRUS_W0QQitemZ250088911938QQihZ015QQcategoryZ140070QQrdZ1QQcmdZViewItem?hash=item250088911938
http://cgi.ebay.com/Dell-Optiplex-GX60-Celeron-2-4GHz-512MB-40GB-DVD-XP-PRO_W0QQitemZ110095072850QQihZ001QQcategoryZ140070QQrdZ1QQcmdZViewItem?hash=item110095072850
http://cgi.ebay.com/DELL-OPTIPLEX-GX240-P4-1-8Ghz-40Gb-256Mb-XP-Pro-More_W0QQitemZ140090076772QQihZ004QQcategoryZ140070QQrdZ1QQcmdZViewItem?hash=item140090076772
In addition to this a lot of times you find retailers selling low end computers after rebates for roughly 200. I know because I WORK at one. These low end machines are PERFECT for file servers. Just add a GIGABIT card
sabih @ Feb 28th 2007 12:36PM
those comps wont be able to run tversity to stream the divx
PreGHz @ Feb 28th 2007 3:35PM
Are you kidding me? This just serves to show that the PS3 is a great value! For four hundred more dollars, you are getting the built-in NIC card/wireless, the far larger hard drive, bluetooth, and a frickin' Blu-Ray drive.
With a linux distro, the value of this system is amazing.
James @ Feb 28th 2007 3:31PM
I just wanted to reiterate something somebody mentioned earlier -- XNA does *not* currently support networking on the 360. This is important because of a few things other people said previously in the thread. "Homebrew is a euphemism for piracy": this is sometimes true, but I have non-piracy-related stuff on my custom-firmware PSP, like a decent file manager with wifi transfer support and an audio player that supports dymanic playlists, including from a networked Windows machine (neither of which are included in the XMB, but both of which should have been). Before my Xbox died, I had XBMC (which, as several people have pointed out, is absolutely fantastic) which I used to view my PERSONALLY RECORDED tv programs from my MythTV server in the other rooms, as well as emulators for SNES and GBA (maybe not 100% legal, but most of the stuff I played on them I owned in cart form). Also, somebody said that they'll "be a monkey's uncle" when homebrew games are as good as commercial ones. May never happen, but a) some have lower production values but are still fun, and b) even if you never run a single homebrew *game*, homebrew *apps* can have a great deal of value (see above).
The result of all these previous comments is that much of the point of homebrew is apps, not games, and many of the cool homebrew apps for other systems have a network focus (since most consoles these days are networked). Couple these facts and you realize that the lack of any networking in the XNA toolkit is a critical flaw, one which gives true homebrew an edge over the crippled (and payware) XNA club.
Martin @ Feb 28th 2007 6:11PM
PreGHz you're clearly a fanboy idiot if you can't understand how much of a ripoff the PS3 is. First of all it makes little sense to have a gaming console be a media server it makes a lot more sense to have a dedicated media server one that can stay on all the time and can also record tv shows while also acting as a file server as well as FTP server. The way the 360 works as a media center extender is a perfect example of the way this should be implemented. But in response to what you're saying, if you were dumb enough to want to use the PS3 as a server it's still way too expensive. Take one of the computers that I linked (or even a new one that you can get after rebates for around 200. They have built in ethernet, multiple pci/pci express slots, upgradable processors as well as graphics cards, and the native ability to run windows. Then, just add a gigabit card and you're DONE!! HD Movies? Simply plug in the 360 HD-DVD drive. You're still 200 dollars less and A LOT more functional. Anyways, regardless of the actual value of turning the PS3 into a server. It really makes the most sense to stick your server in another part of the house and then when use something else (like the 360) to stream all your multimedia off of it. Anyone who is halfway tech savvy would know that to be the ideal solution instead of trying to ghetto rig some POS gaming console to do it.
Cynoclast @ Feb 28th 2007 5:44PM
@Matt:
Nope. I absolutely positively detest "user prohibited actions" that DVDs come with.
Want to skip the previews? Too bad.
Want to skip the DVD menu animations? Too bad.
Want to skip the FBI warning? Too bad.
Don't like the awful seek times of DVDs? Too bad.
Don't like arbitrary "chapters"? Too bad.
I hate watching DVDs to the point that I almost never do anymore. The problem is the movie industry has been spoiled by it's control over media, but they're losing that and think that they can't compete with free. They can, but it just might not be as profitable as it once was, but hey, just because your business model is profitable today doesn't mean you can just sit on your ass and continue to make money hand over fist without ever evolving. The rest of the world will pass you by. I know for one that they could compete against free is by quality. A lot of the movies released to the peer to peer networks are absolutely awful quality. Many people won't even download or watch them. Copyright infringement isn't going away, no matter what they do, so they'd better learn to compete or just learn to deal with it.
Right now ripped movies are better in every respect than the DVDs. They're more user friendly and they're free. It's not like the movie makers aren't still making a shitload of money from product placement. Hell, the could charge more for it since they know even people that don't see the movie in the theater or buy a DVD are still going to see the movie and therefore the placed products. I almost regret mentioning this because it might get back to them and we end up seeing MORE product placements. If I have to tell them this, they deserve to lose money.
There are many reasons to rip movies to a HD, piracy isn't the only one. I won't even watch most of the DVDs I have because they're still in DVD format instead of ripped to a network share. I love my XBMC and I intend to keep using my xbox as a media center until I can use my 360 instead.
PreGHz @ Feb 28th 2007 10:33PM
I see where you're coming from, I do. But you're talking about a media server for four hundred bucks. I'm talking about a media server that can still run fast as a computer, play next-gen games, and isn't hacked together from a bunch of really old parts. I'm saying it's a great value because of what it does beyond what you care to do with it.
But hey, I suppose you hate the PS3/Sony enough to call me a fanboy, which of course I HAVE to be because I like the darned system. I like the Wii and the 360 also, would you call me a fanboy for those systems too?
And I obviously know nothing about computers, because I'm sitting here getting schooled but some ass who keeps reiterating himself, and getting worse with his English with each subsequent post. I can just imagine you sitting there sweating your anger out.
But you know what, I think it's pointless to argue about this within an XBox thread. I've said that before, but you didn't listen. So now I'm gonna take me A+ certification and four+ years of college and leave because you are oh so right. That was sarcasm, by the way.
igolgcheapwowgold @ Mar 1st 2007 9:27PM
Buy the cheapest World of Warcraft Gold(WoW Gold),Enjoy the best service
Click here:World of Warcraft gold
WoW gold
WoW Powerleveling
Bak3donh1gh @ Mar 2nd 2007 8:19PM
Please let this happen!
HughC @ Mar 7th 2007 5:00PM
The PS3 linux thing is a bit of a furphy AFAIK when it comes to Blu-Ray, I can't imagine that there would be any chance of Blu-Ray decoding / playback under linux, due to the secure content path stuff, which more than somewhat limits its usefulness as a media centre. That and lack of driver support for the 3d capabilities of the machine.
Be a pain if you had to leave yr media centre interface and reboot into the original OS every time you wanted to watch a BluRay disk.
Does anyone know more about this?