Feeds

Hacker group releases software-only Xbox mod details

Spectre of Dreamcast-style 'boot loader' piracy

  • alert
  • submit to reddit

gamesindustry.biz logo Free-X, the Xbox hackers who were at the heart of the controversial attempt to extort a signed Linux boot loader for the console from Microsoft, claim that they have now released details of their software-only Xbox security exploits.

Earlier this week, gamesindustry.biz reported on the group's claim to have discovered a way to run unsigned software - such as pirate games or third party applications, including Linux - on the Xbox without the need for any physical modifications to the console. Free-X was threatening to release this exploit if Microsoft did not relent and release a signed "loader" which would enable the running of Linux on the console.

Last night, in a statement from the Free-X hackers, the team said that its attempts to contact Microsoft had been rebuffed, and a meeting arranged with a Microsoft representative had been cancelled at the last minute. The group is now believed to have released details of its exploit (being called the "Fourth of July hack" in some quarters) onto certain Internet mailing lists.

It's thought that the hack exploits a security hole in the Xbox Dashboard system, and allows the user to run unsigned games and applications on the console by using a simple boot loader burned onto a CD-RW - a very similar attack to the one which allowed Dreamcast pirates the ability to run copied games without mod chips.

This kind of piracy is very worrying for the console, since it would allow pirates to create copies of Xbox discs using simple CD and DVD burning equipment, which run on completely unmodified consoles in exactly the same way that original games do.

In its statement last night, Free-X seemed rather upset with the suggestion that their approaches to Microsoft constituted blackmail. "Since our attempts to contact Microsoft have become public knowledge our team has been accused of attempting to extort or blackmail Microsoft," the statement reads, "this is not true as we have made every attempt possible to make contact with Microsoft."

We're not sure what definition of "blackmail" Free-X are using, but in general blackmailing a person or company does indeed involve making contact with them - usually with a list of demands which you want fulfilled in return for not releasing certain sensitive information. Which is exactly what Free-X did in this situation - so whether they like the tag or not, what the group was engaged in was most certainly blackmail.

Microsoft never really had any choice in this matter - it was obvious that even if Free-X didn't release details of the hack, some other group with even fewer scruples would find it independently and release details of it. It was only ever a matter of time before this information became public, ludicrous demands over Linux boot loaders notwithstanding.

All that now remains to be seen is whether the exploit can be fixed easily in a simple Xbox software upgrade, and just how serious it is. A Dreamcast-style boot loader exploit could have massive consequences for the Xbox software market, but in the absence of solid details of the hack, it's not clear whether it's really that simple to implement and use.

External Link: Free-X Statement in full

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.