Hackers reckon they have come up with a way to circumvent the security of Xbox 360 gaming consoles via an attack that allows them to inject unsigned code into the heart of the system. The so-called Reset Glitch Hack, developed by hackers GliGli and Tyros, creates a means to load code into a console's CPU. This makes it more …
DRM 0 - Hackers... Lost count really.
Some people have so much fun cracking DRM it'll never be effective.
The thing with any encryption is that is has an expected life. People don't design encryption to be primarily uncrackable, they design it to be practically uncrackable for a reasoned lifespan. I wonder how early (or late) this compares to the 360's security.
It's a bit like the developer's dilemma, you can either: Design a perfect system and never release, because you never finish developing it or, design a pretty good system, not perfect and not with all the desired functionality, but release it and sell it, so you can have funding for the next better version.
Despite having a 2:1 Comp. Sci. degree reading that wiki page makes me feel stupid. What did I waste 4 years of my life doing again?
Cheer up mate
Given how much of this is closer to electronic engineering than computer science, I don't think you're being fair on yourself there!
I'm astonished by how smart some of these guys are, though.
On a hardware level, CPUs reset all the time - more so in more complex systems. When a CPU comes back from reset, it asks if the data it left behind was good; if so, it continues on like nothing happened. That's what's being triggered in this case. The CPU executes the following code:
But the hackers reset the CPU and quickly change the program after it's been checked, but before it's been used - thus the clock slowdown, to give them enough time, and let them hit a very specific timing. Since the program they modify is the checksum program, they can do whatever they want at that point.
This has almost nothing to do with computer science, and everything to do with electrical engineering... there isn't any code involved, just wires and custom circuits. Fun stuff :-)
Also, as a note - it's not that this only works on one-out-of-four machines, but that of the machines that it works on, you have to try an average of four times to get it to work.
Then you probably ran into the occasional Dijkstra-ism.
Computer science is no more about computers than astronomy is about telescopes.
Do you mean I2C?
Do you mean I2C?
If it is I2C then I guess connecting 2/3 wires could be required to change the clock speed.
To be fair..
A lot of that was actually electronics - hardware - chat, so a Comp Sciences degree wouldn't give you the required knowledge.
a Comp Sciences degree would guarantee that you are an excellent programmer.
As far I read it...
Does bypassing the "revocation fuses" means that Microsoft can't brick your console if you attempt it, and it works?
By it being named "fuse", can Microsoft brick any xbox360 if they feel like it?
Take note Apple, MPAA, RIAA, Sony
If someone has physical access to a device, you can be as clever as you like, all you are doing is delaying the inevitable, in the same way that if you expect people to be able to play a BluRay, then you should expect that they can rip it as well.
Provide a way for people to use their hardware/media as they see fit, rather than as you do, and you won't be constantly fighting your consumers.
Piracy may drive developers to "OnLive"
I can see console/games developers look to something like OnLive as a method to try and protect revenue streams in the future.
Simplify development with 1 system, piracy limited due to streaming nature of the product and potential to improve revenue generation without the outlay of creating discs etc.
Oh yeah, I'm sure gamers would love playing games with lots of input lag, with questionable picture quality... don't forget the bandwidth, I'm sure ISP's won't hobble the shit out of it...
Ever tried it?
I gave it a test run from the UK a while back. On a reasonably fast cable connection, I found games were almost playable despite the servers being an ocean away. I'm looking forward to trying it when they set up the service on the same land mass. Picture quality's pretty good (never felt short-changed by 720p on consoles) and ISPs will have to adapt or die over the long-term because services like iPlayer, 4oD, LoveFilm and now OnLive aren't going away.
Anyway, as you were, XBox 360 hack, you say?
Most companies are already protecting themselves, though OnLive is not the answer
Most successful games have their multi-player section cordoned off and available to authenticated users only.
So unless you're after a single player experience, piracy won't get you too far.
If piracy were really the huge revenue sink that they make it out to be the developers would have all abandoned the PC gaming market years ago. Or, alternatively, they could build another cartridge based system. That'd be much more difficult to pirate (provided it was a proprietary connector and not just an oddly shaped USB port or something) and with today's memory technology could be just as good as any optical solution currently available.
re: build another cartridge based system
because Nintendo DS is so secure, not. I'd have thought providing an interface for a cartridge probably makes it easier to get in and do whatever you want, not harder.
HANA is the name of the chip on the xbox pcb. I2C is 2 wire serial communication standard, which is what they've used to talk to the HANA chip. (note, the h-online article calls it "12C". El reg doesn't point out this [sic]) The divider registers are used to define how often the clock cycles, so by changing the values in these registers, they've changed the clock speed of anything that uses the clock generated by the HANA chip.
The article is rather sketchy on the details of how this let them execute code. Looks like some kind of errata in the chip perhaps - they tell the chip to reset at an inconvenient time, and it doesn't reset. It does however throw an interrupt that prevents a successful memory compare function, which means something that was supposed to return "Crap no this isn't the right checksum" returns "nah, s'fine".
how do you find out that sort of thing
"they tell the chip to reset at an inconvenient time, and it doesn't reset. It does however throw an interrupt"
or is that standard hacker knowledge
the carefully timed reset may be that some internals on the chip receive and interpret the reset signal and take action on it, but others just interpret the signal as a brief transient, and carry on their merry way?
maybe a bit like switching an electrical device on/off too quickly usually doesn't reset the device properly. I know this isn't the power rails cycling briefly, but could help in explaining what is happening.
A subtle but important difference.
What makes hackers hackers is that they're willing to invest the effort and thought necessary to figure things out that they don't know. It's not that they want to know--it's that they want to learn. There is a big difference.
I don't think MS brick consoles, but they do ban their HW IDs from XBox Live if you are found to be running any modded firmwares. I would think that if this is detectable (maybe if you run a normal XBox 360 title while modded?) then you can expect a ban to follow as usual.
You'd still have your functional 360, but no access to Live. Not a problem for lots of people, but I wouldn't want to risk it.
Blah blah title
@AC They can block your Xbox live access but there are plenty of ways to circumvent this.
Plenty of script kiddies on gaming forums can show you how if need be.
They don't need to block it...
"Microsoft may have its work cut out in blocking the hack because a simple software update would not be enough to block the exploit, according to the hackers."
They wouldn't bother trying to block in current revisions of xbox... they'd just stick something into an update to detect it had been done at some point, log the xbox and profile id, then ban both the xbox and your live profile. Forces you to buy a new xbox if you want to play online, plus pay for another gold membership... at some point they'll rev the hardware and block the hack.. its probably more cost effective.
re: to detect it had been done
How are they going to do that when the box is running someone else's code after each successful hack, but reverts to standard configuration on shutdown?
A waste of time!
What is the point of going to all the trouble of hacking a modern games console to emulate another games console that is both ancient and totally obsolete? What a waste of time and effort.
If you really want to run N64 games ... buy an N64 from eBay!
Getting the console, no problem. Trying to track down that ancient game from your childhood that you absolutely loved? That's hard sometimes. Storing your 50 cartridges? That's not hard, it's just a pain in the ass. With ROMs you can pretty easily collect all your favorites and then some, as well as mods that are sometimes worth it (there are a few absolutely hilarious mods of the original Super Mario Brothers). Plus, if you so desire, you can have thousands of them and they won't take up any more space in your house.
My emulation station (a PC built into the case of a dead NES) sits next to my SNES. I love both of them, but I have to admit that the emulation station gets more use just for the simple fact that ROMs are easier to deal with than cartridges.
What's the point...
of climbing mount everest, it's just a big hill rally and it's not as if you can see anything much from up there and besides some else has already done it
@ well wisher
Trial and error; a lot of chips will behave funny if you turn on and off the reset line mid clock, and if they time that reset to coincide with the checksum check, they can make the chip behave in funny ways. Vary the period of the reset and try it on the different clocks until it passes the check. There was probably a lot of refining to get it down to 1 in 4 times.
Sounds like Smart Card hacking, same theory, glitching and inserting code. No getting around that now though.
Will microsoft start demanding my IP address from youtube if i watch that video?
Or is that just sony...
Why do manufacturers even bother?
I really can't see any point in investing so much time and energy into 'protecting' devices from jail breaking, because, the reality is, only a *tiny* fraction of consumers will bother to jailbreak a device.
Why not leave the devices open (but obviously secure!) to encourage home brew mods?
Heck, hold competitions for modders and embrace the hacks they create, in a kinda open source ethic?
Perhaps, however, as much as some people *love* to tinker with devices and jailbreak them, the engineers and programmers behind the devices derive as much pleasure in protecting them - same type of person?
Who knows, it just all seems like a waste of resource to me - if someone wants to boot a different OS on an Xbox, just let them do it - they bought the damn hardware, they should be able to do what the hell they want with it!
This is why I love Android phones and projects like MythTV - it gives me the power to use devices the way I want to, instead of being dictated to.
Because the console isn't the real money.
It's the games that make the money for console makers. But homebew environments disrupt this model by making it less likely you actually BUY games for the console (that is, OFFICIAL games that earn the console maker the big licensing bucks).
Did an achievement pop-up onscreen when they did it? If so, for how many points?