Xbox 360 Hacked – For Real. Time For Homebrew?

Micrsoft slow off the mark to fix security flaw...

Posted by Staff
Xbox 360 Hacked – For Real. Time For Homebrew?
According to the SecurityFocus website, the hacker from the 23rd Chaos Communication Congress (23C3) who made Mac OS X and a Linux Penguin logos with the legend, ‘Comin Soon’, dance to the screen from the guts of a 360 was not messing.

Since the December 2006 exhibition of Xbox 360 network insecurity, there has been much debate about whether this was actually a true hack or merely some sleight of screen.

Now a ‘security advisory’ has been posted to a few boards – including the aforementioned SecurityFocus – authored by ‘Anonymous Hacker’ – and it is being taken seriously.

The core of the posting is, “We have discovered a vulnerability in the Xbox 360 hypervisor that allows privilege escalation into hypervisor mode. Together with a method to inject data into non-privileged memory areas, this vulnerability allows an attacker with physical access to an Xbox 360 to run arbitrary code such as alternative operating systems with full privileges and full hardware access.”

In short, the 'advisory' indicates that you can run an alternative operating system with full access. If you can code for that operating system with full privilege this could offer a world of opportunity for ‘homebrew’ gaming for the system.

A closer look at the timeline contained in the advisory, however, shows that - while Microsoft took nearly a month from being alerted to the flaw before taking action (the action was only taken after the convention) - it has taken action.

Timeline:
Oct 31, 2006 - release of 4532 kernel, which is the first version containing the bug
Nov 16, 2006 - proof of concept completed; unsigned code running in hypervisor context
Nov 30, 2006 - release of 4548 kernel, bug still not fixed
Dec 15, 2006 - first attempt to contact vendor to report bug
Dec 30, 2006 - public demonstration
Jan 03, 2007 - vendor contact established, full details disclosed
Jan 09, 2007 - vendor releases patch
Feb 28, 2007 - full public release
Patch Development Time (In Days): 6

According to Heise Security however, the homebrew code case may be dead in the water, “Microsoft's update to kernel 4552 also prevents a downgrade to an older, vulnerable version by means of an "electronic fuse" (e-fuse) that blows out in the CPU. Microsoft has implemented this technique to prevent the hole in the hypervisor from being used for arbitrary software. The security advisory only mentions this feature at the very end under the somewhat cryptic recommendation to "remove R6T3". That is a resistor on the Xbox 360's board. If it is removed, the upgrade cannot blow out the e-fuse, which would mean that downgrades would still remain possible. However, this step is not possible if the Xbox has ever downloaded an update from the internet.”




Companies:

Comments

Posting of new comments is now locked for this page.