Topic: System Link Overflows? (Read 225 times)

Rustmonkey · « **on:** December 11, 2005, 03:03:00 PM »

Ok, my thougts are that, M$ has probabley covered their butts on the media center end of the 360, blocking the most probable means of attack. However, the x360 is backwards compatible with xbox games and will run system link between these games. Now, theoretically, this gives us a window of attack because we have 1st gen xboxs that are modded. I am deffinately far from being anything close to a programmer, but in essence, I believe we could send almost any kind of code across a system-link connection from our old boxes. The only problem is, a very small amount and nearly insignificant data is actually sent across in the system link protocol. My thoughts are that we may be able to upload an exloit of somesort into the emulation files of the xbox360 - since it has these loaded into memory or a cache when its playing a 1st gen game... this would take alot of code work and reverse engineering of a retail game... but who knows.

This of course is all very theoretical as we don't even know the file structure of a 360 yet, let alone how we could cause an overload of the emulation files. Mainly, this is just a seed of thought to come back to later.

Laterz all,
Rustmonkey

jwin767 · « **Reply #1 on:** December 12, 2005, 02:49:00 AM »

well i can tell you that it you host a modded halo 2 map on the xbox1 the 360 will load the modded map like the xbox1's did on live and system link the first time around

bho76 · « **Reply #2 on:** December 19, 2005, 12:02:00 AM »

i like cancers way of thinking!

sounds complety half assed idea to me! love it!

MaTiAz · « **Reply #3 on:** December 19, 2005, 07:43:00 AM »

Well the problem is, that we (i guess

) don't know yet, how to make any code that could run on a X360, and how would we be able to actually run the FTP server on the 360?

CancerBoy · « **Reply #4 on:** December 19, 2005, 10:13:00 AM »

QUOTE

Please don't take this as flaming because I am very open to ideas but, by doing that you'd only crash the virtual emulation. You won't be able to see any physical files on the hard drive because the emulator is run virtually within the system. That's what I've been told and it does make sense. MS really put alot of work into this box, unlike the other one lol.

I agree, but I believe viewing any files we are not meant to see is beneficial right now. Yes MS put alot of work into it but with something this complex it is easy to make a slip up. After all it is easier to take something apart then it is to build. But I admit my idea probablly wouldn't work running a ftp instead of a map pretty much impossible in my opinion but hey its an idea.

QUOTE

Well the problem is, that we (i guess smile.gif) don't know yet, how to make any code that could run on a X360, and how would we be able to actually run the FTP server on the 360?

Good point, I agree. I doubt overflows will work on a 360 because they will have beefed up there system for this. But the news of modded maps running is cool.

InterestedHacker · « **Reply #5 on:** December 19, 2005, 10:41:00 AM »

I seriously doubt this kind of explot will work. As previously pointed out above, it's likely to just crash the emulator. Because the emulator runs in it's own Virtual Machine, supervised by hypervisor, any overflows will be nipped in the bud, before you can use them in any way.

There are 3 ways in which the XBOX 360 could possibly be 'hacked'. One is to attack the DVD Drive, through either an emulator, or modifiying the firmware on the drive (already under way). The next is by getting control over hypervisor, and working your way down the security model (likely to be extremely difficult, if not impossible), and finally, intercepting the Longhorn-ish boot process and modifiying it, but convincing hypervisor that everything is OK (again damn near impossible). I think you can rule out most other forms of attack. Buffer overflow was our friend, and hypervisor shot him =O

d0wnlab · « **Reply #6 on:** December 19, 2005, 12:08:00 PM »

I've been working on this for a month or two actually, hopefully I get something working at some point. Unlike the majority here I'm actually coding something

. System link traffic uses a lot of security to ensure that packets are not modifed en route so it's annoying to work with.

The goal isn't to see files. We already have a HD dump and can see DVD's, and most of PIRS and XEX files are mapped. Even crashing the emulator would be a large step forward, to be able to interact with the hypervisor and start poking at it. People saying "buffer overflows won't work", well.. you don't know that until you try. Just because stack space is non-executeable doesn't mean we're screwed.

d0wnlab · « **Reply #7 on:** December 19, 2005, 04:14:00 PM »

QUOTE(CancerBoy @ Dec 19 2005, 03:41 PM)

Good stuff.

Thanks

QUOTE

Got any info to share?

In due time

scotty2hotty1124 · « **Reply #8 on:** December 19, 2005, 04:14:00 PM »

you are all talking about trying something like a thing for halo 2...but i just thought of this...what about Far Cry: Instincts? In that game you can create your own map and then you could download it from the other person...so maybe someone could "create a map" and then we could maybe get it from them without as much hassle....

Author Topic: System Link Overflows? (Read 225 times)