badoccupy.blogg.se

The Secret ROM then 'falls down' to Flash memory where it can be captured.

Another flaw exposed poor decisions around sandboxing games and savegame data. Plenty of Xbox games had buffer vulnerabilities in their savegame handlers.

It is possible to use most USB sticks with the Xbox, and just store hacked savegames on them. It was often as easy as extending the length of strings like the name of the player, and the game would overwrite its stack with data and eventually jump to the code embedded in the savegame. The procedure for the user was then to simply copy a hacked savegame from a USB stick onto the Xbox hard disk, run the game and load the save-game. But after a buffer exploit, we would expect only to be in user mode - but not on the Xbox, as all Xbox games run in kernel mode. The Dashboard loads its files from hard disk, and with savegame exploits modifying hard disk content was possible. The Dashboard and its dependencies were RSA-2048 signed, apart from two files: the fonts. Coupled with the savegame exploit, this made 'cracking' a console as easy as transferring a modified savegame and loading it, running a script to modify the font files.Īn integer vulnerability allowed for unsigned code to be run. Now every time the Xbox is turned on, the Dashboard crashes because of the fonts and runs code embedded in these files. The code reloads the Dashboard with the original fonts, hacks it, and runs it. Modding an Xbox in any manner will void its warranty, as it may require disassembly of the console. Having a modified Xbox may also disallow it from accessing Xbox Live, if detected by Microsoft, as it contravenes the Xbox Live Terms of Use, but most modchips can be disabled, allowing the Xbox to boot in a "stock" configuration. TSOP flashing: reflashing the onboard BIOS chip with a hacked BIOS to circumvent the security mechanisms.Modchip: installing a modchip inside the Xbox that bypasses the original BIOS, with a hacked BIOS to circumvent the security mechanisms.Softmods can be disabled by "coldbooting" a game (having the game in the DVD drive before turning the console on, so the softmod is not loaded) or by using a multiboot configuration.