Feeds

Everything you ever wanted to know about Xbox hacking

Cracking gameplay laid bare

Build a business case: developing custom apps

Tamper tantrums

Hardware tampering forms the second class of hacking activity. Hackers tamper with the data on their hardware via hex editing, rehashing and resigning to obtain digital items and products without payment. The tactic is used to artificially inflate account stats, making manipulated IDs a more valuable as a trading item in the underground economy.

"Because you can hook the Xbox up to your PC, people have created custom built tools to not only view the data on the Xbox hard drive, but alter the data through basic hex editing, rehash it (so the console thinks the files are legit) and resign it (which allows someone to use files that are tied to another profile)," Boyd told El Reg. "Not wanting to risk phishing themselves, some hackers will artificially inflate their Gamerscore and then try to sell the accounts on underground forums and even sites such as eBay."

This type of hardware tampering can also be harnessed in phishing attacks, impersonation, and other malfeasance.

"A recent exploit involved tampering with data on the Xbox hard drive which allowed you to join game sessions with a temporary name. The trick allowed phishers to impersonate game developers (whose gamertags are viewable on sites that list the gamerscore data) and ask for logins. By all accounts, the phishers did a roaring trade until this was fixed," Boyd explained.

Another (now closed) flaw involved exploiting Microsoft's Marketplace to obtain items for free. After making just one purchase, hackers developed a technique that involved changed just one line of code which allowed them to unlock every other item without paying for it. Microsoft soon put a kibosh on the ruse, but it does illustrates the fertile environment for hacking that the online gaming environment has become.

Lastly, online gaming environment can be beset with malicious disruption, as the result of hacking tools. Distributed denial of service attacks from botnets can kick players out of online game. It's also possible to purchase hardware that allows the unethical to cheat in games.

"Network disruption is a big part of certain areas in console modding and hacking scene," Boyd explained. "As most games are peer to peer with one gamer being the host, anyone can hook their Xbox to their PC via Internet Connection Sharing then use a combination of tools such as Zone Alarm to place IP addresses into trusted zones and network monitors to see the IP addresses in the first place. From there, they fire up a 'host boater' (which is basically a bonnet command program) which targets port 3074 - the port you need open for Xbox Live to work.

"They hit the flood button, and the hosts connection is flooded out by an army of infected PCs. As the attack targets the IP of the gamer directly and not the Xbox live service, it's very hard to do anything about these attacks," he added.

The essential guide to IT transformation

Next page: DDoS for hire scams

More from The Register

next story
Rupert Murdoch says Google is worse than the NSA
Mr Burns vs. The Chocolate Factory, round three!
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Germany 'accidentally' snooped on John Kerry and Hillary Clinton
Dragnet surveillance picks up EVERYTHING, USA, m'kay?
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
Think crypto hides you from spooks on Facebook? THINK AGAIN
Traffic fingerprints reveal all, say boffins
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.