MODDING WEBSITES FOR XBOX 360 MW2 CODE
An integer vulnerability allowed for unsigned code to be run. The Dashboard and its dependencies were RSA-2048 signed, apart from two files: the fonts. The Dashboard loads its files from hard disk, and with savegame exploits modifying hard disk content was possible. But after a buffer exploit, we would expect only to be in user mode - but not on the Xbox, as all Xbox games run in kernel mode. The procedure for the user was then to simply copy a hacked savegame from a USB stick onto the Xbox hard disk, run the game and load the save-game. It was often as easy as extending the length of strings like the name of the player, and the game would overwrite its stack with data and eventually jump to the code embedded in the savegame. It is possible to use most USB sticks with the Xbox, and just store hacked savegames on them. Plenty of Xbox games had buffer vulnerabilities in their savegame handlers. Another flaw exposed poor decisions around sandboxing games and savegame data. The Secret ROM then 'falls down' to Flash memory where it can be captured. visor used XCodes to write the assembly instruction for “jmp 0xFFFF0000” to the memory location 00000000 in RAM, and changed the last four bytes in 2bl, in order to make the secret ROM run the panic code. Hackers from the Xbox Linux team checked with AMD employees and explained that AMD chips throw an exception in the case of EIP overflows, but Intel CPU's do not. All of Microsoft's Xbox prototypes were, in fact, AMD. The 'visor' bug, found by a hacker who never revealed his real name, was a critical flaw found in the console, due in part to Microsoft's decisions around suppliers for the microchips for use in the console. A flaw in the RC4 encryption algorithm implemented by Microsoft, used to encrypt the Secret ROM, gave attackers means to use brute-force attacks effectively, giving access to the console's secret RC4 key, the second part of the bootloader, '2bl', and the kernel. This was possible due to a number of critical flaws. Once this information was available, the code was soon modified so that it would skip digital signature checks and media flags, allowing unsigned code, Xbox game backups, etc., to be run. Within a few months of its release the initial layer of security on the Xbox BIOS (which relied heavily on obfuscation) was broken by MIT student Andrew Huang and the contents of the "hidden" boot ROM embedded on the MCPx chip were extracted using some custom built hardware.
MODDING WEBSITES FOR XBOX 360 MW2 SOFTWARE
The popularity of the Xbox, as well as (in the United States) its comparatively short 90-day warranty, inspired efforts to circumvent the built-in hardware and software security mechanisms, a practice known as "cracking".
0 kommentar(er)
