Feeds

Everything you ever wanted to know about Xbox hacking

Cracking gameplay laid bare

The Power of One eBook: Top reasons to choose HP BladeSystem

Tamper tantrums

Hardware tampering forms the second class of hacking activity. Hackers tamper with the data on their hardware via hex editing, rehashing and resigning to obtain digital items and products without payment. The tactic is used to artificially inflate account stats, making manipulated IDs a more valuable as a trading item in the underground economy.

"Because you can hook the Xbox up to your PC, people have created custom built tools to not only view the data on the Xbox hard drive, but alter the data through basic hex editing, rehash it (so the console thinks the files are legit) and resign it (which allows someone to use files that are tied to another profile)," Boyd told El Reg. "Not wanting to risk phishing themselves, some hackers will artificially inflate their Gamerscore and then try to sell the accounts on underground forums and even sites such as eBay."

This type of hardware tampering can also be harnessed in phishing attacks, impersonation, and other malfeasance.

"A recent exploit involved tampering with data on the Xbox hard drive which allowed you to join game sessions with a temporary name. The trick allowed phishers to impersonate game developers (whose gamertags are viewable on sites that list the gamerscore data) and ask for logins. By all accounts, the phishers did a roaring trade until this was fixed," Boyd explained.

Another (now closed) flaw involved exploiting Microsoft's Marketplace to obtain items for free. After making just one purchase, hackers developed a technique that involved changed just one line of code which allowed them to unlock every other item without paying for it. Microsoft soon put a kibosh on the ruse, but it does illustrates the fertile environment for hacking that the online gaming environment has become.

Lastly, online gaming environment can be beset with malicious disruption, as the result of hacking tools. Distributed denial of service attacks from botnets can kick players out of online game. It's also possible to purchase hardware that allows the unethical to cheat in games.

"Network disruption is a big part of certain areas in console modding and hacking scene," Boyd explained. "As most games are peer to peer with one gamer being the host, anyone can hook their Xbox to their PC via Internet Connection Sharing then use a combination of tools such as Zone Alarm to place IP addresses into trusted zones and network monitors to see the IP addresses in the first place. From there, they fire up a 'host boater' (which is basically a bonnet command program) which targets port 3074 - the port you need open for Xbox Live to work.

"They hit the flood button, and the hosts connection is flooded out by an army of infected PCs. As the attack targets the IP of the gamer directly and not the Xbox live service, it's very hard to do anything about these attacks," he added.

Designing a Defense for Mobile Applications

Next page: DDoS for hire scams

More from The Register

next story
DARPA-derived secure microkernel goes open source tomorrow
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.