Microsoft thwarts Xbox 360 hacks with sneaky "update"
by Jeannie Choe 
posted Mar 6th 2007 at 10:58AM
So, Microsoft is officially striking back to halt recent Xbox 360 hack-tivity after having been alerted to recent breach methods of the system's non-privileged memory areas, allowing users to run their own code. With potential homebrews beginning to surface, Microsoft concocted its own brew: a system-wide fix, or as it's officially dubbed, an "online system update," which doesn't mention the vulnerability patch or even what the update is for. The update was unleashed on Xbox Live, can be burned to a DVD or CD from the website, and ships with all games released after February 20. Unsuspecting hax0rz who fall victim to Microsoft's furtive "booyah" will be sent back to the drawing board -- and if they manage to find another loophole, they'd best think twice before installing a patch in update's clothing.[Via CNET]
Filed under: Gaming
Reader Comments (Page 1 of 1)
akintz @ Mar 6th 2007 11:02AM
I hope that no one actually expected them to do nothing. I'm not even surprised they didn't announce it.
Though the "ships with all games..." part is pretty tricky.
kingofwale @ Mar 6th 2007 11:11AM
I only wish they fix all the Vista bugs as quickly
Sergio @ Mar 6th 2007 11:12AM
Hell, kudos to microsoft for fixing all this "hacktivity". Now if only they could do the same for their OS, then maybe more people would buy their OS.... or switch to linux/OS X.
Dave @ Mar 6th 2007 11:18AM
All this vulnerability did was allow users to run unsigned code. There are already methods that allow users to hack the DVD--so pirates who want to copy games already have a method that has NOT been patched. A hack like this would have opened the doors for homebrew software--which is the best thing about my XBox 1.
FrankTheCrank @ Mar 6th 2007 11:19AM
This should sell more systems! *sarcasm
Timothy Tripp @ Mar 6th 2007 11:26AM
I don't understand why this is even news. My PS3 has already had more updates than my 360 and it's been out a lot less time. Preventing unauthorized software from running on consoles has always been a part of the console market, this is just the first round companies have been able to do it online. Consoles are not computers, and they're not designed to be "open" systems. The entire console business model falls apart if the console makers can't make royalties off games, and let's be honest... The vast majority of users who hack their consoles aren't trying to run linux or just learn about hardware, they're trying to steal games. They just don't have the backbone to walk into a store and shoplift, they'd rather do it through mod chips and burned DVDs.
The only solution to this problem is already there, though - online. Since modded systems can't connect to online games (lest they be patched automatically or not allowed to connect) the hacked experience is only half or less what the full experience is. As games continue to move more towards online there just won't be many people who want a stand-alone experience - consider Warhawk, which as we just learned won't even HAVE a single player mode but will ONLY be online, and Crackdown and Gears of War allow online friends to hop in to the single player game in progress.
360 owners have it easy though - both PS3 and 360 require system updates to plug holes like this, but on the PS3, every time it updates I have to plug in my wireless controller to a physical USB port to hit a button to complete the update(!) I'm sure it's some wierd Bluetooth thing but it's really a pain when they update the firmware every few weeks.
CowboyGA @ Mar 6th 2007 11:29AM
I wonder how much influence the 3rd party devopers have in the patches. If the XBox 360 had homebrew, I'd buy it. Right now, the 360 is the "go to" system for developers: It's the hardcore-player system that they know how to develop for. Of course it would increase pirating, but it would also increase actual system sales, and that would still drive game devopers to produce for it.
And since I haven't followed the 360 pirating community, is there currently a reliable (popular) method to copy and play the games? In other words, has that door already been opened for good?
Jason @ Mar 6th 2007 11:38AM
Microsoft doesn't make any money on 360s. If you don't buy games they'd prefer you didn't buy the system.
Dave @ Mar 6th 2007 12:27PM
There are a number of DVD firmware hacks that will allow you to play pirated DVDs of games. I don't think you'd be able to play online, though. Of course, you probably wouldn't be able to play online if you were playing a pirated game on a hacked 360 either. The point, though, is that, if you want to pirate 360 games, this update won't stop you. If you wanted to use homebrew software, it will.
Todd @ Mar 6th 2007 11:30AM
Hey doesn't that hidden update violate Sanes Oxley's "NO undocumented features" rule? The same way Apple had to announce and charge for "dot N" Wi Fi?
Class? Buller? Anyone?
Thomas Chung @ Mar 6th 2007 11:46AM
I guess that's why the news surfaced? At least people now know that there is an inevitable update.
KC @ Mar 6th 2007 11:33AM
They can stop a few measly hackers from running MAME on an xbox 360 but they can't do anything to help the millions of people who fall victim to spyware and viruses. Shows where Microsoft's priorities are.
IOTA @ Mar 6th 2007 12:21PM
However, in this case they control the HW. Also, windows needs to be open enough to allow 3rd party app development (supports the most 3rd party SW of any platform). Not that iMania would allow that to be understood.
Micheal J @ Mar 6th 2007 11:39AM
This is the update from January that was said to have fixed the problem when the exploit was publicly released. Why is this news?
Haanz @ Mar 6th 2007 11:41AM
Um, what the hell? Why are people upset about this?
No homebrew is a small price to pay for no hacking in games, period. If I wanted to play homebrew, I'd do it on my PC, or on my PSP. I honestly don't care about the 360, as long as hacking in games isn't possible.
Sprint General @ Mar 6th 2007 12:06PM
Great now My unpatched 360 that can RUn Homebrew is that much more valuable on eBay thanks Booyah!
Brandon @ Mar 6th 2007 12:10PM
I modded my orginal xbox and got banned from xbox live, so I don't think I'm going to be trying that with my 360 this time around :)
andy @ Mar 6th 2007 12:10PM
You guys spouting about how homebrew and piracy are one in the same are SHILLS. Check your facts.
1. even with this update, you can pirate games on 360 via the DVD hack. NO EFFECT ON PIRACY.
2. the biggest use of homebrew on xbox1 was not piracy, but XBOX MEDIA CENTER. Go and actually look to see what people are using their xbox's for.
3. As stated above, you need the correct dash/bios to play games online, so YOU CANNOT PLAY A HAXORED GAME ONLINE. This does not affect homebrew; see xbox1 for details. Mine runs XBOX MEDIA CENTER, then I MUST put in the HALO2 disc and go online with the STOCK xbox software to play online; no hacking.
In conclusion, fixing a homebrew loophole IS NOT GOOD BUSINESS FOR MICROSOFT. I will buy a 360 once I someone gets xbox media center going on it. Once I do that, it's a no brainer to get Gears of War, Call of Duty, and a bunch of other games. MICROSOFT WOULD PROFIT FROM ALLOWING UNSIGNED CODE TO BE RUN OFFLINE.
I am in full agreement with banning people who are running modd'd files on xbox live. That sucked before they clamped own on that with xbox1. BUT THAT'S NOT WHAT WE'RE TALKING ABOUT HERE. There is no loophole for that since they're checking dash and bios hashes when you log in and banning those with bad hashes.
and again; this DOES NOT FIX THE DVD GAME PIRACY HACK.
Erik Hanson @ Mar 6th 2007 12:23PM
I can't tell you how much I agree with this post. I just bought a PS3 on eBay so I could put Linux on it and get started on playing high-def videos and other stuff using the PS3 hardware. Homebrew is _so_ much more than piracy, in fact, it's really about using the hardware for things the developers never thought about -- e.g, XBMC, installing Apache and making a PS3 webserver -- or didn't consider a core enough business to develop for -- e.g., Linux, video or audio streaming to other computers, whatever!
Long live homebrew!
Jason @ Mar 6th 2007 1:00PM
"2. the biggest use of homebrew on xbox1 was not piracy, but XBOX MEDIA CENTER. Go and actually look to see what people are using their xbox's for. "
Watching pirated movies?
James @ Mar 6th 2007 12:26PM
Wow, some people really get worked up about the piracy angle! As somebody pointed out above, this does NOT stop piracy, just homebrew. Piracy can be done through hacking the DVD drive, and this has never been addressed -- no changes to the security architecture itself are necessary. Homebrew requires execution of unsigned code, which is what this patch stops.
Thing is, PS3 lets you run Linux if you want to, so people who want to write their own e.g. media player can with Sony's blessing (AFAIK). PS3 comes with a web browser (right?), and you could write your own if you wanted to. Clearly, it is possible for a game console to support user-created software. 360 has no such luck, which is a shame. To put it another way: suppose you found out that your car stereo, which isn't advertised as being able to play MP3 CDs, might be able to with a simple change (say, moving a single wire or entering a code via the buttons on the front). But then, the manufacturer took some step to prevent you from doing that (say, bundling a "patch" on every new music CD), ostensibly to prevent "unauthorized use" of your stereo. You never *expected* to be able to play MP3 CDs, you don't have a "right" to do so, but you're still disappointed when it turns out not to. The manufacturer is basically taking affirmative steps to keep you from doing something that can't forseeably harm them.
I'm not saying that people should feel entitled to homebrew -- they voluntarily bought the console under MS's restrictive licensing agreement, after all -- but I reserve the right to feel disappointed when it looks like somebody is going to beat the system, but fails. I'd love to be able to write a better media player (the 360 controller interface for watching movies is *terrible*), or a web browser, or a VNC client, or... but for now, I can't. And I'm disappointed.
Andrew @ Mar 6th 2007 12:58PM
What's the point if it doesn't stop pirated games. (well from MS viewpoint anyway)
Support the Cause. Cure ALS!
http://www.misaoforacause.com
Sergio @ Mar 6th 2007 1:15PM
You win! Good day, sir.
CowboyGA @ Mar 6th 2007 1:07PM
My XBMC has four movies on it, limited songs, thousands upon thousands of ROMs (mostly not-quite-ROM MAMEs), and about a hundred xbox games.
I own the songs.
The "homebrew increases piracy" argument holds true.
andy @ Mar 6th 2007 5:18PM
@CowboyGA
You over did it. You're lying. I do not beleive you have a 1TB drive in your xbox, yet you claim to have that amount of data on your xbox? no way.
again, this update does not stop theives like you because it doesn't fix the dvd player problem.
You've stolen a lot of poeple's hard work. Congratulations.
Josh @ Mar 6th 2007 1:42PM
"In conclusion, fixing a homebrew loophole IS NOT GOOD BUSINESS FOR MICROSOFT. "
Yes it is. Allowing unsigned code opens the door to cheaters. If cheating is rampant on the system, gamers (the people who actually give MS money) stay away.
Also, I'm pretty sure Microsoft knows a bit more about what is good for their company than you do.
andy @ Mar 6th 2007 4:19PM
@Josh
And like I said in my previous post, people who DO NOT UNDERSTAND HOW XBOX LIVE INITIALIZES NEED TO QUIT COMMENTING ABOUT IT. This obviously includes you and your horrible reading comprehension skills.
xbox live (for xbox1 and 360) checks a hash computed by your bios and dash. If either is wrong, they copy your MB serial number and HDD serial number, ban those serial numbers, and flag your gamertag. If you want back on xbox live, you then have to buy a new MOBO and HDD (or a new system).
It is IMPOSSIBLE to cheat on xbox live since it checks for a stock dash and bios.
Please explain again how stopping unsigned code from running OFFLINE affects the integrity of the ONLINE xbox live gaming experience. I missed it the first time you explained it. *sarcasm*
Curse @ Mar 6th 2007 3:30PM
Dude, you guys also already covered the patch when the original SecurityFocus article was published here.
Josh @ Mar 6th 2007 4:28PM
Does it also check to make sure that the game code is unmodified? I honestly don't know. But modification of the dashboard and BIOS surely are not the only ways to cheat.
You make it sound as if it is impossible to cheat on XBox Live with the original XBox, too. Bungie sure doesn't seem to think that this is the case:
http://www.bungie.net/Games/Halo2/page.aspx?section=FAQInfo&subsection=cheat&page=cheat
On that page, Bungie says that people were cheating "using hacked maps or game files."
andy @ Mar 6th 2007 5:13PM
You were only able to access those files running a hacked halo with trainers and related code. The stock dashboard will only let you run from the original dvd which people have not been able to add the hacked trainers and maps to. So, you needed a hacked dash to access files on the hdd.
Now, if someone can load all of the code onto a burned dvd that'll play in the stock bios, they might be able to log into xbox live without being banned. However, like you said, bungee reads the boards. They now check for hacked maps now, and when someone manages this cheating, they'll be banned during the first game they try to play. If they're not currently checking for hacked maps, then expect an update as soon as the hack hits the message boards.
Like someone else said, the online aspect of all of the current games is dynamic, expandable protection against in game hacking which IS BAD. I hate it.
It is not protection against offline hacking, and does not fix the game piracy issue (burned game DVD) with the 360. That update would be understandable.
Extinction @ Mar 7th 2007 1:43PM
" My PS3 has already had more updates than my 360 and it's been out a lot less time"
BS. PS3 has had like 4. 360 has had around 30. 360 games get updated the minute I get them home from the store, I had XBLA games update the day after I downloaded them.
Josh @ Mar 7th 2007 7:01AM
You are talking about game updates. And those are pushed by the game publisher, not MS.
The PS3 has had game updates, too, of course. We aren't talking about game updates, though. We are talking about operating system updates.
The PS3 has seen firmware versions: 1.02, 1.11, 1.30, 1.32, 1.50, 1.51, and 1.54
I don't think that includes the version it shipped with. So that's 7 updates in the span of 4 months. Or about 2 a month.
Kenneth @ Mar 7th 2007 3:31AM
Actually, with the dvd firmware mod, it is possible to play backups online with Xbox Live. I wonder why nobody knew this? Of course, it might be detected by MS eventually, but as time goes by it seems that they are unable to do so...why else would it be left open for so long?
spibox @ Apr 17th 2007 7:11AM
Kenneth
how sure are you that dvd firmware hax can still play online games. Form what i understand it stills asks for an update... if this update is applied will it not stop the game?