Jump to content



Photo

DRM and Unauthorized Console modding/rooting the system Dead?

xbox one

  • Please log in to reply
50 replies to this topic

#31 +warwagon

warwagon

    Only you can prevent forest fires.

  • Tech Issues Solved: 2
  • Joined: 30-November 01
  • Location: Iowa

Posted 14 June 2013 - 19:32

Modding is the only reason I bought a wii...

I wasn't going to buy one until I could hack it. Then one night I watched a kid show the procedure of installing the homebrew channel. I said "???? It's that easy?" Then within 30 mins, I drove to walmart and bought one. Within another 30 mins I already had it hacked.".


#32 srbeen

srbeen

    Neowinian

  • Joined: 30-November 11

Posted 14 June 2013 - 19:33

well the first part in any hacking is actually getting a dump of the software/OS. you cant possibly do anything if you don't know what and when its doing things.

as I understand it, the way the xbox360 OS dump was made was through a dev unit,which allowed access to unencrypted RAM. once the dump was made, holes were found.

the king kong exploit abused a kernel bug found by studying the dump, and used unsigned shaders in the game disc to feed data into memory to perform this hack. the jtag hack uses the gpu jtag and SMC to modify memory to perform the hack.

the RGH glitches the system when the system is doing the bootloader sig checks,and this causes the system to believe the signatures match when in reality the code is not properly signed. none of these hacks would be possible if a dump was not available.

ps3 was dumped by a hack performed in Linux,which allows people to run their own code on the system. once dumped, the first hack used a bug in the USB driver to gain access to the whole system,and this opened the floodgates to other bugs and vulnerabilities that allowed keys to be dumped,which lead to self signing and running other unsigned code. if it weren't for Linux on board, I doubt even today the ps3 is hacked.

im positive current xb1 and ps4 dev units prevent any such memory accesses and third party code is sandboxed from such sensitive areas. the general public will not be allowed to tinker and run their own code on these systems. although I believe you'll be able to run xbox rt apps, I believe this will only be open to select developers who are invited because of their work in the windows 8 store.

unless someone has access to a focused ion beam workstation and has access to chemicals,and other expensive tools to work on 40nm parts, it isn't happening. then again,if someone has access to these things,i doubt they would be hacking consoles .


Everything you say there is true except one detail regarding the hacked 360. The hacked DVD firmware was also required to abuse such a shader signing hole, which was part port of the working xbox DVD flash work for XBL support on their original console, and part 'not locking the firmware' down on MS's end. Without the ability to dump that DVD-ROM firmware the 'JTAG' hole couldn't be used as you can't modify an official disc.

On top of this, there is actual drive to disarm the 360's DRM scheme which is employed with network responses, a security measure not used in previous generations. Im sure it won't be in the clear but any patterns emerging can be just as effective in side-stepping... Of course expect a ban when you go to re-sign in and your system is good to go but MS hasn't seen it for months (PC-side server maybe that could authenticate the xbox as well as pleasing MS so everything aligns)

#33 +D. FiB3R

D. FiB3R

    aka DARKFiB3R

  • Tech Issues Solved: 2
  • Joined: 06-November 02
  • Location: SE London
  • OS: Windows 8.1 Pro x64
  • Phone: Lumia 800

Posted 14 June 2013 - 20:23

Everything you say there is true except one detail regarding the hacked 360. The hacked DVD firmware was also required to abuse such a shader signing hole, which was part port of the working xbox DVD flash work for XBL support on their original console, and part 'not locking the firmware' down on MS's end. Without the ability to dump that DVD-ROM firmware the 'JTAG' hole couldn't be used as you can't modify an official disc.

On top of this, there is actual drive to disarm the 360's DRM scheme which is employed with network responses, a security measure not used in previous generations. Im sure it won't be in the clear but any patterns emerging can be just as effective in side-stepping... Of course expect a ban when you go to re-sign in and your system is good to go but MS hasn't seen it for months (PC-side server maybe that could authenticate the xbox as well as pleasing MS so everything aligns)


Maybe my beer (wine) goggles are hindering my ability to comprehend what you just wrote. But my current view is that you are talking absolute ******** regarding the JTAG/SMC hack.

No offense intended but my I ask, is English your first language?

#34 HawkMan

HawkMan

    Badass Viking

  • Tech Issues Solved: 3
  • Joined: 31-August 04
  • Location: Norway

Posted 14 June 2013 - 20:32

Maybe my beer (wine) goggles are hindering my ability to comprehend what you just wrote. But my current view is that you are talking absolute ******** regarding the JTAG/SMC hack.

No offense intended but my I ask, is English your first language?

Summary: hadn't MS left the DVD out of the hypervisor, the 360 wouldn't have been possible to hack.

#35 vcfan

vcfan

    POP POP RET

  • Joined: 12-June 11

Posted 14 June 2013 - 21:36

Everything you say there is true except one detail regarding the hacked 360. The hacked DVD firmware was also required to abuse such a shader signing hole, which was part port of the working xbox DVD flash work for XBL support on their original console, and part 'not locking the firmware' down on MS's end.


that is true, a hacked drive was needed,but it was also needed to be dumped first. this wasn't really Microsoft fault either. the mediatek chip was opened with nitric acid,and the flash die was found floating on top of the dvd controller die in some silicon dioxide with bond wires exposed ready to be probed for dumping, like a ###### with her legs wide open,ready for action.

Without the ability to dump that DVD-ROM firmware the 'JTAG' hole couldn't be used as you can't modify an official disc.




my current view is that you are talking absolute ******** regarding the JTAG/SMC hack.



actually, DARKFIB3R is right. the jtag/smc hack had nothing to do with a hacked drive. its a totally different method. the KK exploit needed the drive yes, to run the game with modified shaders,since you cant modify a pressed retail disc, but not jtag,that was the work of jtag and the nand controller.

Summary: hadn't MS left the DVD out of the hypervisor, the 360 wouldn't have been possible to hack.


the RGH didn't need the drive either.

#36 slapfacemcdougal

slapfacemcdougal

    Neowinian

  • Joined: 12-March 13

Posted 14 June 2013 - 21:40

Summary: hadn't MS left the DVD out of the hypervisor, the 360 wouldn't have been possible to hack.


That's cute that you'd think that.

#37 Vester

Vester

    Neowinian

  • Joined: 06-March 12
  • Location: UK
  • OS: Windows 8.1, Kali Linux
  • Phone: I9000 Custom Rom 4.2.2

Posted 14 June 2013 - 21:45

I was already thinking of ways to exploit the online system check.

Here are my current ideas:
Time Reset: Example. Go online at 1:00PM you would need to go back online before 1PM the next day. So just reset the date back a few 100 years or the time back a few hours. (I guess there will be a simple way to select the time on console)

Firmware Flash: Flash the DVD Drive to enable playback of copied games. This would mean being not connected to the internet.

Mod console to accept unsigned code: There will be a system flag for online and offline, you could simply just jump this so the xbox thinks it is always online (providing it does not need to get data from the online cloud every 24hs)

Whatever happens the Xbox one will be cracked fairly fast, You will most likely see firmware hacks at first and possibly timebomb hacks before any actual mods.

#38 Vvo

Vvo

    nom! nom! nom! Hug a fluffy dolphin!

  • Tech Issues Solved: 1
  • Joined: 28-November 10
  • Location: fluffyland
  • OS: Windows 7/Windows 8/Windows 8.1/Windows XP/ Linux
  • Phone: Samsung Vibrant (android 4.4.2 KK RR Rom)

Posted 14 June 2013 - 21:52

It wouldn't matter if the xbox one is modded, ms can still ban your live account and console from accessing xbox live

#39 slapfacemcdougal

slapfacemcdougal

    Neowinian

  • Joined: 12-March 13

Posted 14 June 2013 - 21:57

I was already thinking of ways to exploit the online system check.

Here are my current ideas:
Time Reset: Example. Go online at 1:00PM you would need to go back online before 1PM the next day. So just reset the date back a few 100 years or the time back a few hours. (I guess there will be a simple way to select the time on console)


That will never work. Always online means they're always going to ping a time server to keep your time accurate to your timezone.

#40 Vester

Vester

    Neowinian

  • Joined: 06-March 12
  • Location: UK
  • OS: Windows 8.1, Kali Linux
  • Phone: I9000 Custom Rom 4.2.2

Posted 14 June 2013 - 22:36

That will never work. Always online means they're always going to ping a time server to keep your time accurate to your timezone.


They say you can play offline 24hs this is what i mean, set the time within that 24hs not connected to the net. Or reset the date back a few days. They have made more stupid mistakes in the past i would not be shocked if they left this open to exploit.

#41 +InsaneNutter

InsaneNutter

    Neowinian Senior

  • Tech Issues Solved: 2
  • Joined: 15-March 03
  • Location: Yorkshire, England
  • OS: Windows 8.1 & OSX 10.9
  • Phone: Galaxy Nexus running CyanogenMod 11

Posted 14 June 2013 - 23:15

that table isn't entirely accurate. 360 hacked for linux and homebrew... eh no. it was hacked for piracy, I have seen noone running linux on it, and extremely little homebrew. also if the dvd drive hadn't been løeft out of the hypervisor, it wouldn't have been hacked in the first place.

Lest gen was almost hack proof. Next gen is going to take the next step and be even harder to hack.


We had unsigned code and piracy on the 360 within 12 months, sure it was a lot harder to hack, and a lot easier to patch exploits but still it happened in a year...

In regards to unsigned code hacks... the Xbox 360 WAS hacked for Linux / legal homebrew not created by the Microsoft SDK.

To quote tmbinc who had a lot to do with hacking the 360, and XeLL (Xenon Linux Loader):

I will do my very best to prevent the 360 homebrew becoming illegal. That's why i absolutely don't care for XDK homebrew.

I can only ask people to better invest their time into trying to create something free for the 360. I know it will probably not work out, because somebody will write a "XDK loader", but definitely i won't be doing that.


Source

Now of course piracy was going to happen after he released the hack, however his motivation was to keep everything legal:

My personal believe is that the xbox1 scene was so piracy-centric that nobody ever cared much for free alternatives. Linux development, for example, suffered a lot, because it was so easy to just use the XDK.

I believe it's a real pity that really fine projects (like XMBC), who invested a hell of work, cannot publish their binaries. I would be pretty upset if i had worked on some software which would become illegal at compile time.


Source

You are right that most people used the Jtag and RGH hacks to boot a hacked Microsoft kernel and pirate games, that wasn't the intention of the people behind both hacks however.

#42 n_K

n_K

    Neowinian Senior

  • Tech Issues Solved: 3
  • Joined: 19-March 06
  • Location: here.
  • OS: FreeDOS
  • Phone: Nokia 3315

Posted 14 June 2013 - 23:30

There's a lot of crap in this thread, pretty unbelievable really.
Anyway, security on consoles is achieved through obscurity or public/private key encryption. Cracking obscurity is hard if you don't have the right tools and knowledge, but if for example you know how to de-pot chips, have a very intensive microscope and somehow to scan the whole chip at a clear level and have enough time to search the chip, you'd be able to de-obscurificate it and crack the encryption. Some academic did that with the PS3 and xbox 360 and got some private keys somehow.
Public/private key is much harded because you need an exploit or the private key really.

#43 srbeen

srbeen

    Neowinian

  • Joined: 30-November 11

Posted 14 June 2013 - 23:30

that is true, a hacked drive was needed,but it was also needed to be dumped first. this wasn't really Microsoft fault either. the mediatek chip was opened with nitric acid,and the flash die was found floating on top of the dvd controller die in some silicon dioxide with bond wires exposed ready to be probed for dumping, like a ###### with her legs wide open,ready for action.


You are talking new console revisions there. back in 2006 it was the sammy and hitachi. the sammy wasn't encrypted or even locked (MS25 - the MS28 was locked but overcame in seemingly hours). any SATA controller would happily dump the firmware using slightly modified for the command-existing samsung DVD firmware tools... Hitachi just used a fancy batch script as the TSOP was in the EEPROM or something preventing complete overwrite IIRC, it was also encrypted but easily reversed. Eventually they merged the eeprom and TSOP of the DVD into the mediatek chip and then the real fun began.

#44 vcfan

vcfan

    POP POP RET

  • Joined: 12-June 11

Posted 14 June 2013 - 23:32

You are talking new console revisions there. back in 2006 it was the sammy and hitachi. the sammy wasn't encrypted or even locked. any SATA controller would happily dump the firmware using slightly modified for the command-existing samsung DVD firmware tools... Eventually they merged the eeprom and TSOP of the DVD into the mediatek chip and then the real fun began.


right,forgot about those ones.

#45 HawkMan

HawkMan

    Badass Viking

  • Tech Issues Solved: 3
  • Joined: 31-August 04
  • Location: Norway

Posted 14 June 2013 - 23:46

I was already thinking of ways to exploit the online system check.

Here are my current ideas:
Time Reset: Example. Go online at 1:00PM you would need to go back online before 1PM the next day. So just reset the date back a few 100 years or the time back a few hours. (I guess there will be a simple way to select the time on console)

Firmware Flash: Flash the DVD Drive to enable playback of copied games. This would mean being not connected to the internet.

Mod console to accept unsigned code: There will be a system flag for online and offline, you could simply just jump this so the xbox thinks it is always online (providing it does not need to get data from the online cloud every 24hs)

Whatever happens the Xbox one will be cracked fairly fast, You will most likely see firmware hacks at first and possibly timebomb hacks before any actual mods.


Time resets haven't worked to reset time bombs for years.

the DVD/BD drive won't be outside the hypervisor this time.

leaving only the last option. and it took a long time for that to happen on the 360 and it required above average skill to mod. chances are they will make this even harder this time around. so I think your fairly fast is going to stretch to at least 3 years, possibly ever.



Click here to login or here to register to remove this ad, it's free!