Xbox 360 Homebrew Exploit Incoming?

[Rock Raiyu]

In rather huge news, we have received an email from the respected developers of the Free60 project who indicate that users should NOT update their 360's with the Summer update. Despite the update being dangerous as it overwrites the first stage bootloader, it will also block out a homebrew hack that the team are planning to release. So DON'T UPDATE!!!

Here is the email we received:

Dangerous Xbox 360 Update Killing Homebrew

On Tuesday, Microsoft has released an Xbox 360 software update that overwrites the first stage bootloader of the system. Although there
have been numerous software updates for Microsoft's gaming console in the past, this is the first one to overwrite the vital boot block. Any failure while updating this will break the Xbox 360 beyond repair.

Statistics from other systems have shown that about one in a thousand bootloader updates goes wrong, and unless Microsoft has a novel
solution to this problem, this puts tens of thousands of Xboxes at risk.

It seems that this update is being done to fix a vulnerability already known to the Free60 Project. This vulnerability has been successfully exploited to run arbitrary code, and a complete end user compatible hack has been in development for some time and is planned to be released on free60.org shortly. It will allow users to take back control of their Xboxes and run arbitrary code like homebrew applications or Linux right after turning on the console and without the need of a modchip, finally opening up the Xbox 360 to a level of hacking as the original Xbox.

Because of the dangerousness of the update and the homebrew lockout, the Free60 Project advises all Xbox 360 users to not update their systems to the latest software version. The Project website at http://free60.org/ will provide the latest information on this ongoing topic, including the final hack software.

Free60 (www.free60.org) is a project that aims to enable Xbox 360 users to run homebrew applications and operating systems like Linux on their consoles. The effort is headed by Felix Domke and Michael Steil, who have a background in dbox2, Xbox and GameCube hacking, and who have spoken at various conferences about their findings. Two years ago, Free60 released a hack that allowed arbitrary code execution using a game ("King Kong Hack") as well as an adapted version of Linux, but this possibility has been disabled by Microsoft in
subsequent updates of the Xbox 360 software.

Felix and Michael have repeatedly argued that game console manufacturers should open up their platforms to Linux and homebrew, similar to what Sony has done with the PlayStation 3.

News Source: Maxconsole

 

[clonesniper666]

Wow that is pretty cool especially for those who do not have a modchip like me. This could be interesting to me if it is somewhst simple to do.

 

[DKAngel]

oh if only i read this 8 hrs ago b4 i updated to the new live system

 

[Rock Raiyu]

Same, I entered the beta and got accepted and updated last week...

 

[dinofan01]

Already updated. Oh well. If worse comes to worse and I feel the need to pirate on the 360 I'll just get a mod chip.

 

[Joe88]

did people who entered the preview already have this exploit patched?
or is there still hope...?

 

[Jon eBegood]

So, some quick news:

We kept on working on this idea, and it worked out. pretty well. We use JTAG to program the DMA target addr, and then SMC to trigger the DMA read. The exploit itself is based on the old 4532 exploit.

The magic is how we launch 4532 - there is a "backdoor" for manufacturing since CB 1920. We have been able to restore the newer CD versions for all hardware types.

This means:
- We can boot own code in HV context ~5s after boot, before any video output, right after the kernel runs.
- we need to reflash the flash, and add 3 resistors for the JTAG (no modchip required! but you might want a dual-nand modchip),
- 8498 kills this by updating the bootloader - it blacklists 4532/4548. it also does hw init stuff which might interefere with the jtag hack, we don't know yet.
- we have a proof of concept hack, we will release it SOON (a matter of hours/days, not more - promised.).
- DON'T UPDATE to summer 09. Did i already say this?
- you don't need to know your cpu key. You can update to all BUT summer '09. you don't need a dvdrom.
- It works on all xenon, zephyr, falcon, opus, jasper. Unless you have updated to 849x. Then you're screwed.

Source

 

[shakirmoledina]

i think tht microsoft a getting more informed about this so more updates will come out to tackle this

 

[DKAngel]

why didnt they come out with it b4 the fucking update :/

 

[hankchill]

I don't care about a homebrew exploit -- any funny activity that would get me banned from Live isn't worth it.

 

[Blue-K]

I updated yesterday...meh, too late. Anyways, what are they thinking? If they release the Exploit, Microsoft will find a way to detect it, and then:

-Ban you from Live.
-Delete it with the next update (already happend).

I'm sorry, but I'm not willing to let me ban from Live for an XBox360 Linux and XBMC. Yes, the XBox would be great for Homebrew (Emulators, XBMC, etc...), but still Microsoft has done a better job than Nintendo, and can ban everyone or destroy the Exploit easely. And no Chance that they would allow this...they want money with "their" Indie-Games, and not free Homebrew-Games/Apps. Micro$oft is and will always be in the better position, because they can say: "Decide: XBox Live or Homebrew!" and most people want Online gaming. I'll stick with Nintendo, they can't and won't do much there against Homebrew.

 

[superrob]

Damm.. well its sad that i just missed homebrew on my 360. Ive been in beta since 2. August.... but well.. im not really sad about it. I have a PC for homebrew and such right beside my 360.

But sad for those who really was waiting for this to happend and updated.

 

[crono999]

Ah who cares witch dash you need, if this hack is real, we al will learn a lot more about the xbox360 and will find a new workaround sooner.
Only hopes this hack gets more excepted then the last one, so more homebrew will emerge.

 

[jaxxster]

Hmm, a few emulators and whatnot or xbox live? Easy decision imo...

 

[War]

Safer just to flash the thing. Besides, they announced it too late. Unless someone was out on vacation or not playing their 360, I don't see why they wouldn't update.

 

[FAST6191]

Haha there was a reason I never let my 360 on the internet. I just hope my friends have not done anything or I will have to fix some of the RROD 360s presently taking up valuable shelf space.

Oh and mandatory 360 security talk video for these sort of situations:
http://www.youtube.com/watch?v=uxjpmc8ZIxM&fmt=22

Also
*crosses fingers for 360 XBMC-a-like*

 

[Canonbeat234]

wow that kind of sucks...although maybe MS is responding this due to the fact of their Natal project...who knows...

 

[amazingnoob]

;_; I just updated before comming on gbatemp

 

[Rock Raiyu]

 

[ganons]

so the new nxe update available renders this hack useless? i dont think i have updated yet