First usable Xbox360 exploit in the wild!
Date: Friday, March 02 @ 06:00:19 UTC
Topic: Homebrew
With regards to the big news this week about the hypervisor vulnerability, it was only a matter of time before someone decided to create a Proof-Of-Concept exploit which exploited the vulnerability. And that's exactly what seems to have happened - a relative unknown, crawler360, has released what would be the first homebrew program on the 360. At this point, the code's pretty basic, printing out "Hello World" and opening up the Serial interface so that you can communicate with the 360 through your PC.
This exploit code hides itself inside the shader files in the game King Kong. It was probably a mistake by the creators and Microsoft to leave out a hole which allowed you to edit the shader files and not worry about breaking the signature. This exploit basically crashes the 360, then takes control of the hypervisor to make it jump to a piece of code which isn't signed.
What this means is that today, the unsigned piece of code is a simple "Hello World" app; next week, that piece of code could be a kernel and memory dumper which would dump contents of the RAM through the serial port. Once the hackers have a good look at the innards of the processes, it becomes much more easier to pin-point vulnerabilities.
While I won't go around speculating about the future, it does hold a lot of importance since it's probably the only place where hackers are sure to get quick results. The released proof-of-concept is only for experienced users who know their way around a 360. You'll need to compile the code since it's open source, then you'll have to get a serial connection going between the 360 and your PC - quite a difficult task.
You'll still need one of the older kernels to run the POC since the latest kernel (4552) has this vulnerability patched. With no way to downgrade yet, it's up to the few lucky people with older kernels to try and make the most of this. Apart from that, you'll have to have a hacked DVD drive so that you can run a modified version of the King Kong game with the hacked shaders.
News Source: xbox360.qj.net
|