Xbox 360 Arbitrary Code Execution
An anonymous researcher has published a detailed write-up on how to execute arbitrary code with high privileges on a recent Xbox 360 kernel. The vulnerability exists in the (now patched) system call handler.
There’s no googleprint for anohacker@gmail.com so I’m assuming this person created that email address just for the purpose of disclosing this vulnerability.
Since the report cites 12/30/2006 as the date of “public demonstration”, it’s probably safe to say that the person who posted this report is the same masked (German?) guy that gave the mysterious lightening talk at 23c3 called “Consolen Hacking Suprise“. Pay no attention to the man behind the black bandana! He’s only breaking (one of?) the most technically advanced game console security system ever devised – a security archictecture in which Microsoft has invested tens of millions of dollars.
If anybody has any more technical details or knows where this researcher hangs out on IRC/forums, I’d love to know.
As expected, the Slashdot story has some of the best commentary on the topic:
- Debate over whether Xbox 360 gamers “own” or “license” the system.
- Some idle speculation on why Windows Media DRM and Xbox security vulnerability fixes are pushed out to end users roughly 22 times faster than critical Windows OS vulnerabilities.
- And finally, a proper response to some dillweed who said “we shouldn’t use C anymore! it’s insecure!”
Console security really fascinates me because its a realm where the manufacturer has almost complete control over the design of the entire system, and that system is destined to be in the hands of millions of hackers and homebrew enthusiasts.
I’ll leave the final word to Gerardo Richarte (aka gera) from Core Security who sees the death of the freedom to tinker on the horizon.
- IBM “efuse” technology
- gera’s write-up on a vulnerability in a linksys router that I own. It includes disassembled firmware code and python exploit code. Nice.
