xbox one DRM and Unauthorized Console modding/rooting the system Dead?

[HawkMan]

lol @ anyone who thinks consoles are hacked for "homebrew" or Linux.

gullible though. or is that cute...

[ahhell]

Get real. The consoles are cracked for pirating games first.

The whole "homebrew" thing is just a legal scapegoat so that the hackers/crackers can pretend that they have good intentions.

[FiB3R]

I would think the word ignorant is far more fitting (of those that think otherwise).

What ultimately happens with those exploits (by far less capable people), is another matter entirely, but that concept seem to be lost on some people.

Anyway, I am on my second bottle of vino, so I would be wise to let you talk **** amongst yourselves.

Good evening.

[HawkMan]

Get real. The consoles are cracked for pirating games first.

The whole "homebrew" thing is just a legal scapegoat so that the hackers/crackers can pretend that they have good intentions.

but but. there's a website with a linux distro you can install on a 360, it's absolutely useless and no one uses it, but that definitely proves it hacked for linux. ;)

I would think the word ignorant is far more fitting (of those that think otherwise).

What ultimately happens with those exploits (by far less capable people), is another matter entirely, but that concept seem to be lost on some people.

Anyway, I am on my second bottle of vino, so I would be wise to let you talk **** amongst yourselves.

Good evening.

what ultimately happens.... the consoles got hacked, immediately there was piracy. months-years later there was a linux distro and the first crappy homebrew. both made as a proof of concept experiment.

[+Eternal Tempest MVC]

PS3 mostly avoided hacking because it was open / had linux option.

Sony didn't allow access to the gpu memory, and that spurred hacking some hacking to gain access to the other have 1/2 of the Ps3's available memory.

Once they found a potential hole, Sony overreacted (as in fix the exploit) and removed linux from the console with future updates.

This had an effect like throwing down the gauntlet challenges to hackers, which kindly responded in turn.

If I'm not mistaken, Sony has done a good job at blocking exploits on systems that are up to date, but the master hardwired encryption key was discovered / leaked so currently cracked PS3's can be "updated" to the current firmware level while still being cracked.

[+Warwagon MVC]

Modding is the only reason I bought a wii...

I wasn't going to buy one until I could hack it. Then one night I watched a kid show the procedure of installing the homebrew channel. I said "???? It's that easy?" Then within 30 mins, I drove to walmart and bought one. Within another 30 mins I already had it hacked.".

[srbeen]

well the first part in any hacking is actually getting a dump of the software/OS. you cant possibly do anything if you don't know what and when its doing things.

as I understand it, the way the xbox360 OS dump was made was through a dev unit,which allowed access to unencrypted RAM. once the dump was made, holes were found.

the king kong exploit abused a kernel bug found by studying the dump, and used unsigned shaders in the game disc to feed data into memory to perform this hack. the jtag hack uses the gpu jtag and SMC to modify memory to perform the hack.

the RGH glitches the system when the system is doing the bootloader sig checks,and this causes the system to believe the signatures match when in reality the code is not properly signed. none of these hacks would be possible if a dump was not available.

ps3 was dumped by a hack performed in Linux,which allows people to run their own code on the system. once dumped, the first hack used a bug in the USB driver to gain access to the whole system,and this opened the floodgates to other bugs and vulnerabilities that allowed keys to be dumped,which lead to self signing and running other unsigned code. if it weren't for Linux on board, I doubt even today the ps3 is hacked.

im positive current xb1 and ps4 dev units prevent any such memory accesses and third party code is sandboxed from such sensitive areas. the general public will not be allowed to tinker and run their own code on these systems. although I believe you'll be able to run xbox rt apps, I believe this will only be open to select developers who are invited because of their work in the windows 8 store.

unless someone has access to a focused ion beam workstation and has access to chemicals,and other expensive tools to work on 40nm parts, it isn't happening. then again,if someone has access to these things,i doubt they would be hacking consoles .

Everything you say there is true except one detail regarding the hacked 360. The hacked DVD firmware was also required to abuse such a shader signing hole, which was part port of the working xbox DVD flash work for XBL support on their original console, and part 'not locking the firmware' down on MS's end. Without the ability to dump that DVD-ROM firmware the 'JTAG' hole couldn't be used as you can't modify an official disc.

On top of this, there is actual drive to disarm the 360's DRM scheme which is employed with network responses, a security measure not used in previous generations. Im sure it won't be in the clear but any patterns emerging can be just as effective in side-stepping... Of course expect a ban when you go to re-sign in and your system is good to go but MS hasn't seen it for months (PC-side server maybe that could authenticate the xbox as well as pleasing MS so everything aligns)

[FiB3R]

Everything you say there is true except one detail regarding the hacked 360. The hacked DVD firmware was also required to abuse such a shader signing hole, which was part port of the working xbox DVD flash work for XBL support on their original console, and part 'not locking the firmware' down on MS's end. Without the ability to dump that DVD-ROM firmware the 'JTAG' hole couldn't be used as you can't modify an official disc.

On top of this, there is actual drive to disarm the 360's DRM scheme which is employed with network responses, a security measure not used in previous generations. Im sure it won't be in the clear but any patterns emerging can be just as effective in side-stepping... Of course expect a ban when you go to re-sign in and your system is good to go but MS hasn't seen it for months (PC-side server maybe that could authenticate the xbox as well as pleasing MS so everything aligns)

Maybe my beer (wine) goggles are hindering my ability to comprehend what you just wrote. But my current view is that you are talking absolute ******** regarding the JTAG/SMC hack.

No offense intended but my I ask, is English your first language?

[HawkMan]

Maybe my beer (wine) goggles are hindering my ability to comprehend what you just wrote. But my current view is that you are talking absolute ******** regarding the JTAG/SMC hack.

No offense intended but my I ask, is English your first language?

Summary: hadn't MS left the DVD out of the hypervisor, the 360 wouldn't have been possible to hack.

[vcfan]

Everything you say there is true except one detail regarding the hacked 360. The hacked DVD firmware was also required to abuse such a shader signing hole, which was part port of the working xbox DVD flash work for XBL support on their original console, and part 'not locking the firmware' down on MS's end.

that is true, a hacked drive was needed,but it was also needed to be dumped first. this wasn't really Microsoft fault either. the mediatek chip was opened with nitric acid,and the flash die was found floating on top of the dvd controller die in some silicon dioxide with bond wires exposed ready to be probed for dumping, like a ###### with her legs wide open,ready for action.

Without the ability to dump that DVD-ROM firmware the 'JTAG' hole couldn't be used as you can't modify an official disc.

my current view is that you are talking absolute ******** regarding the JTAG/SMC hack.

actually, DARKFIB3R is right. the jtag/smc hack had nothing to do with a hacked drive. its a totally different method. the KK exploit needed the drive yes, to run the game with modified shaders,since you cant modify a pressed retail disc, but not jtag,that was the work of jtag and the nand controller.

Summary: hadn't MS left the DVD out of the hypervisor, the 360 wouldn't have been possible to hack.

the RGH didn't need the drive either.

[slapfacemcdougal]

Summary: hadn't MS left the DVD out of the hypervisor, the 360 wouldn't have been possible to hack.

That's cute that you'd think that.

[BobbyJobs]

I was already thinking of ways to exploit the online system check.

Here are my current ideas:

Time Reset: Example. Go online at 1:00PM you would need to go back online before 1PM the next day. So just reset the date back a few 100 years or the time back a few hours. (I guess there will be a simple way to select the time on console)

Firmware Flash: Flash the DVD Drive to enable playback of copied games. This would mean being not connected to the internet.

Mod console to accept unsigned code: There will be a system flag for online and offline, you could simply just jump this so the xbox thinks it is always online (providing it does not need to get data from the online cloud every 24hs)

Whatever happens the Xbox one will be cracked fairly fast, You will most likely see firmware hacks at first and possibly timebomb hacks before any actual mods.

[Vvo]

It wouldn't matter if the xbox one is modded, ms can still ban your live account and console from accessing xbox live

[slapfacemcdougal]

I was already thinking of ways to exploit the online system check.

Here are my current ideas:

Time Reset: Example. Go online at 1:00PM you would need to go back online before 1PM the next day. So just reset the date back a few 100 years or the time back a few hours. (I guess there will be a simple way to select the time on console)

That will never work. Always online means they're always going to ping a time server to keep your time accurate to your timezone.

[BobbyJobs]

That will never work. Always online means they're always going to ping a time server to keep your time accurate to your timezone.

They say you can play offline 24hs this is what i mean, set the time within that 24hs not connected to the net. Or reset the date back a few days. They have made more stupid mistakes in the past i would not be shocked if they left this open to exploit.

[+InsaneNutter MVC]

that table isn't entirely accurate. 360 hacked for linux and homebrew... eh no. it was hacked for piracy, I have seen noone running linux on it, and extremely little homebrew. also if the dvd drive hadn't been l?eft out of the hypervisor, it wouldn't have been hacked in the first place.

Lest gen was almost hack proof. Next gen is going to take the next step and be even harder to hack.

We had unsigned code and piracy on the 360 within 12 months, sure it was a lot harder to hack, and a lot easier to patch exploits but still it happened in a year...

In regards to unsigned code hacks... the Xbox 360 WAS hacked for Linux / legal homebrew not created by the Microsoft SDK.

To quote tmbinc who had a lot to do with hacking the 360, and XeLL (Xenon Linux Loader):

I will do my very best to prevent the 360 homebrew becoming illegal. That's why i absolutely don't care for XDK homebrew.

I can only ask people to better invest their time into trying to create something free for the 360. I know it will probably not work out, because somebody will write a "XDK loader", but definitely i won't be doing that.

Source

Now of course piracy was going to happen after he released the hack, however his motivation was to keep everything legal:

My personal believe is that the xbox1 scene was so piracy-centric that nobody ever cared much for free alternatives. Linux development, for example, suffered a lot, because it was so easy to just use the XDK.

I believe it's a real pity that really fine projects (like XMBC), who invested a hell of work, cannot publish their binaries. I would be pretty upset if i had worked on some software which would become illegal at compile time.

Source

You are right that most people used the Jtag and RGH hacks to boot a hacked Microsoft kernel and pirate games, that wasn't the intention of the people behind both hacks however.

[n_K]

There's a lot of crap in this thread, pretty unbelievable really.

Anyway, security on consoles is achieved through obscurity or public/private key encryption. Cracking obscurity is hard if you don't have the right tools and knowledge, but if for example you know how to de-pot chips, have a very intensive microscope and somehow to scan the whole chip at a clear level and have enough time to search the chip, you'd be able to de-obscurificate it and crack the encryption. Some academic did that with the PS3 and xbox 360 and got some private keys somehow.

Public/private key is much harded because you need an exploit or the private key really.

[srbeen]

that is true, a hacked drive was needed,but it was also needed to be dumped first. this wasn't really Microsoft fault either. the mediatek chip was opened with nitric acid,and the flash die was found floating on top of the dvd controller die in some silicon dioxide with bond wires exposed ready to be probed for dumping, like a ###### with her legs wide open,ready for action.

You are talking new console revisions there. back in 2006 it was the sammy and hitachi. the sammy wasn't encrypted or even locked (MS25 - the MS28 was locked but overcame in seemingly hours). any SATA controller would happily dump the firmware using slightly modified for the command-existing samsung DVD firmware tools... Hitachi just used a fancy batch script as the TSOP was in the EEPROM or something preventing complete overwrite IIRC, it was also encrypted but easily reversed. Eventually they merged the eeprom and TSOP of the DVD into the mediatek chip and then the real fun began.

[vcfan]

You are talking new console revisions there. back in 2006 it was the sammy and hitachi. the sammy wasn't encrypted or even locked. any SATA controller would happily dump the firmware using slightly modified for the command-existing samsung DVD firmware tools... Eventually they merged the eeprom and TSOP of the DVD into the mediatek chip and then the real fun began.

right,forgot about those ones.

[HawkMan]

I was already thinking of ways to exploit the online system check.

Here are my current ideas:

Time Reset: Example. Go online at 1:00PM you would need to go back online before 1PM the next day. So just reset the date back a few 100 years or the time back a few hours. (I guess there will be a simple way to select the time on console)

Firmware Flash: Flash the DVD Drive to enable playback of copied games. This would mean being not connected to the internet.

Mod console to accept unsigned code: There will be a system flag for online and offline, you could simply just jump this so the xbox thinks it is always online (providing it does not need to get data from the online cloud every 24hs)

Whatever happens the Xbox one will be cracked fairly fast, You will most likely see firmware hacks at first and possibly timebomb hacks before any actual mods.

Time resets haven't worked to reset time bombs for years.

the DVD/BD drive won't be outside the hypervisor this time.

leaving only the last option. and it took a long time for that to happen on the 360 and it required above average skill to mod. chances are they will make this even harder this time around. so I think your fairly fast is going to stretch to at least 3 years, possibly ever.

[vcfan]

There's a lot of crap in this thread, pretty unbelievable really.

Anyway, security on consoles is achieved through obscurity or public/private key encryption. Cracking obscurity is hard if you don't have the right tools and knowledge, but if for example you know how to de-pot chips, have a very intensive microscope and somehow to scan the whole chip at a clear level and have enough time to search the chip, you'd be able to de-obscurificate it and crack the encryption. Some academic did that with the PS3 and xbox 360 and got some private keys somehow.

Public/private key is much harded because you need an exploit or the private key really.

decapping the chips were never done on xbox or ps3 CPUs,it was all software hacking. only the dvd drive ic was decaped. you can decap these main CPUs all you want, unless you have access to expensive tools,then theres no way you're going to be able to work on 40nm parts. the maximum you can see the transistors on optically with a microscope is 350nm. anything smaller and you are exceeding the wavelength of light. if you want to rent time on a focused ion beam workstation,get ready to pay $400+ an hour using such devices. And even then, there are security meshes,5+ layers,light sensors, encrypted busses,invisible roms, all which would take an enourmous amount of time to figure out.

[NightmarE D]

Not everyone who mods their consoles goes straight to pirating games.

Original Xbox, PS2 and the Wii when modded all have the ability to use a HDD to run games. That's the biggest reason I have them all modded. Throw in a large HDD loaded with copies of the games that I PAID FOR and less loading times and no wearing down the optical drive. Extending the life of the consoles and the discs themselves. Same thing with my PSP. Would rather load everything from a 32gb card instead of that idiotic, battery killing, slow-loading UMD drive.

[n_K]

decapping the chips were never done on xbox or ps3 CPUs,it was all software hacking. only the dvd drive ic was decaped. you can decap these main CPUs all you want, unless you have access to expensive tools,then theres no way you're going to be able to work on 40nm parts. the maximum you can see the transistors on optically with a microscope is 350nm. anything smaller and you are exceeding the wavelength of light. if you want to rent time on a focused ion beam workstation,get ready to pay $400+ an hour using such devices. And even then, there are security meshes,5+ layers,light sensors, encrypted busses,invisible roms, all which would take an enourmous amount of time to figure out.

I'm pretty sure it was done, it wasn't done for a crack or whatnot it was academic, can't find anything with some quick searches only loads of links to exploits but I'm sure it was reported on years ago saying security on the 360 was done through obscurity.

[vcfan]

I'm pretty sure it was done, it wasn't done for a crack or whatnot it was academic, can't find anything with some quick searches only loads of links to exploits but I'm sure it was reported on years ago saying security on the 360 was done through obscurity.

could be analysis on the bootloaders,which are actually dumped. that would make sense,because it would take years and years even with the right tools to dig into the chip enough to extract this sensitive data. even the guys that do this for a living and have access to these tools,like chris tarnovsky and karsten khnol take a long time to do this on simple microcontrollers. tarnovsky took 6 months to hack the Infineon TPM chip,which is an 8-16 bit microcontroller,and I believe its in the 200s nm. the PPC chips of last gen are totally different beasts. no way it was done. tarnovsky was asked to do work on the xbox 360 chip actually,and the other party offered $200K,and he turned them down and said no way,thats not enough money.

[n_K]

could be analysis on the bootloaders,which are actually dumped. that would make sense,because it would take years and years even with the right tools to dig into the chip enough to extract this sensitive data. even the guys that do this for a living and have access to these tools,like chris tarnovsky and karsten khnol take a long time to do this on simple microcontrollers. tarnovsky took 6 months to hack the Infineon TPM chip,which is an 8-16 bit microcontroller,and I believe its in the 200s nm. the PPC chips of last gen are totally different beasts. no way it was done. tarnovsky was asked to do work on the xbox 360 chip actually,and the other party offered $200K,and he turned them down and said no way,thats not enough money.

Looked it up and that must be the guy, seems that maybe one article has it a bit wrong and that's the article I read?

http://news.techworld.com/networking/3211829/xbox-360-chip-can-be-hacked-claims-researcher/