Haxxors Attack Xbox 360 Security Again
- Scribbled on August 25th, 2007 by Jonah Falcon
- Filed in Firmware, Industry News, Microsoft Xbox 360, WTF
Hackers keep trying to make everything free for everybody - while harming the people who actually slaved to build it in the first place. In this case, they’ve managed to downgrade the Dashboard to allow them to use the exploitable February glitch.
It would be foolish to try to break SHA1-HMAC (ed: the core security hash key). However the output of a hash usually has to be checked against something that is stored. Thats usually the point of it. This takes (a tiny bit of) time. The thing is many memcmp (ed: data comparison) functions use a byte-wise compare: “as long as no difference in the current byte is detected go to the next byte, but if this byte is different stop”. In other words: it might take (a fraction of a second) longer if the output is similar at the beginning (to the stored value) as opposed to completely different 16-byte values. If it is possible to measure this time difference you could change the first stored byte (up to 256 times) until it takes this fraction longer for the Xbox360 to detect the (16 byte) values are not entirely the same. And you can go on with this until all bytes have been figured out this way.
(Thanks, Xboxic.)
Leave a Comment (NOTE: Comments are moderated)