Gumball 3000 Rally – 2006 is going to be amazing. Three “missions” will span 3 continents over eight days. On April 30, the rally will begin in London like last year, then jump to east Asia and finally jump again to the United States for a finish on Rodeo Drive in Los Angeles on May 7. I’ll be adding a lot more information on the event as time goes on. Either hit play on the preview video below or download it for later viewing.
Firmware. I doubt you’ll see some kind of OTHER hack soon, that lets you boot unsigned code for example. MS did a very good job on the 360 itself this time. However, they made a big mistake by forgetting about the firmware. They even didn’t remove the debug routines from the FW, quite amazing … The 360 has a little bit more advanced protection in its FW than the original xbox, but still, they did some stupid things (like forgetting about the debug routines, that were very helpful to us, hehe, and most importantly: not signing the firmware). I’m betting they’ll develop the MPU in the drive from scratch for their next gen consoles and sign the code in the FW
It’s no secret that Microsoft, like any major corporation these days, monitors developments in the hacking/mod scene to engineer countermeasures to prevent circumvention of their devices. After seeing the methods used in hacking the original Xbox, Microsoft wanted to be sure their new console would be immune from more causal attempts at modchip creation. They’ve made sure to retain the possbility to push remote updates via Xbox Live! to be able to detect non-standard components running on the machine. Yet, forgetting to sign the firmware and leaving debugging routines seems like gross oversight on Microsoft’s part. According to the postings, any method Microsoft uses to secure the Xbox 360′s will be easily circumvented again due to lax firmware security.
Should Microsoft be worried? For now the answer is no for two reasons.
- The current hack is being done with a hardware that average consumers don’t have access to. However, according to
TheSpecialistsays it is possible:
Currently there’s no method to do it via software, so you’ll need a hardware programmer. However, it’s possible to do it via software, it only has to be researched
TheSpecialistwon’t be releasing the code any time soon as start in this message:
… I highly doubt that the team will release a hacked ‘ready to go’ firmware … I think a lot of hackers (including me) are reluctant to do this. The threat from MS and its lawyers is real. Even though it might be legal in some countries, if you visit the US they can arrest you there (like they arrested that Russian guy when he visited the US) … Well, maybe a text document with bytes differing from original and hacked FW is possible => it’s not a ‘device’ to circumvent copy protection’ and it will only serve eductional purposes of course. That way only the person that is going to use that information to create such a ‘device’ (software) is the one that is doing something illegal and not the hacker I suppose … But again, I’m not a lawyer and it is a VERY slippery slope we’re on here …
Does this mean that we won’t be seeing something like this out in the wild? With the modchip industry waiting to capitalize on this generation of consoles, there is a financial incentive to do the research into creating both hacked firmware and a solution to do software updates to counter Microsoft’s attempts to lock out modified machines. Although
TheSpecialist and his team may not release the actual code, he has confirmed the existence of multiple teams working on this and a hack could be out in the next few weeks.
Unfortunately, I wouldn’t suggest getting too excited about running Linux or custom media center software just yet. Hacking the firmware is the first step in a long process to allow homebrew code running on the Xbox 360. At least the first milestone in achieving that goal has almost been reached.
Update (3.18.2006): It’s done. A video is available showing the Xbox loading a backup disc. As stated before, the firmware won’t be released by this particular team.
Abobe has released an update to Macromedia Flash Player (now owned by Abobe) due to a vulnerability being discovered by Microsoft. The security bulletin provides this summary of the bug:
Critical vulnerabilities have been identified in Flash Player that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. A malicious SWF must be loaded in Flash Player by the user for an attacker to exploit these vulnerabilities. Users are recommended to update to the most current version of Flash Player available for their platform.
This applies to Flash Player 18.104.22.168 and earlier on all operating systems (i.e. Windows, Linux, Solaris). The fixed version (22.214.171.124) can be downloaded at Macromedia’s Player Download Center. Breeze, Shockwave and Flex have also been updated (scroll down to “Details” for download links).
Update your systems before someone figures out exactly how to exploit this flaw.