XBOX360 Hypervisor vulnerability found in kernel versions 4532 and 4548
If there was a race as to which console get an exploit first, the Xbox 360 now gets the dubious honor of having the first publically available exploit usable by anyone who manages to jump all the hurdles while creating a proof-of-concept.
In case people don’t know, the 360 has a hypervisor which basically keeps all the running software in check, making sure that it’s all signed. If you’re Microsoft, one of the biggest advantages of a hypervisor is that it doesn’t allow hackers to use buffer overflows for exploits.
These buffer overflows have been the bane for Sony on the PSP. Anyone who owns a PSP would know that practically all the exploits have been using a buffer overflow to get their unsigned code to run.
What it does, and what you need to know after the jump!
If there was a race as to which console get an exploit first, the Xbox 360 now gets the dubious honor of having the first publically available exploit usable by anyone who manages to jump all the hurdles while creating a proof-of-concept.
In case people don’t know, the 360 has a hypervisor which basically keeps all the running software in check, making sure that it’s all signed. If you’re Microsoft, one of the biggest advantages of a hypervisor is that it doesn’t allow hackers to use buffer overflows for exploits.
These buffer overflows have been the bane for Sony on the PSP. Anyone who owns a PSP would know that practically all the exploits have been using a buffer overflow to get their unsigned code to run.
Some anonymous hackers have succeeded in getting unsigned code to run by exploiting the hypervisor, allowing it to run unsigned, unencrypted code. While the hack details itself are pretty technical, here are a few things which I’m sure everyone will understand:
Systems Affected: All Xbox 360 systems with a kernel version of 4532 (released Oct 31, 2006) and 4548 (released Nov 30, 2006). Versions prior to 4532 are not affected. Bug was fixed in version 4552.
We have discovered a vulnerability in the Xbox 360 hypervisor that allows privilege escalation into hypervisor mode. Together with a method to inject data into non-privileged memory areas, this vulnerability allows an attacker with physical access to an Xbox 360 to run arbitrary code such as alternative operating systems with full privileges and full hardware access.
Unprivileged code interacts with the hypervisor via the “sc” (“syscall”) instruction, which causes the machine to enter hypervisor mode. The vulnerability is a result of incomplete checking of the parameters passed to the syscall dispatcher.
Now the question most of you have in mind: “Will I be able to run the hack on my 360?”. The answer is “yes” if your kernel version is one of the two which has been affected (4532 and 4548). If you’ve recently been on Xbox Live, you’ve probably upgraded your kernel to version 4552. You can check it by going to the “System” blade on the Dashboard and selecting the last option – “System Info”. The last line will tell you the dashboard and kernel versions of your 360’s OS. Here’s a picture I took:
As you can see, my 360’s kernel has been upgraded to version 4552, which means I won’t be able to use the hack until something new is found. As for questions about possibly downgrading your kernel, if you’ve already upgraded to 4552, there is no way to downgrade it. If you’re one of the lucky ones to have an older kernel version, you can remove a resistor on the 360’s motherboard before upgrading. The resistor “R6T3”, once removed, will allow you to downgrade your 360’s OS even after you’ve upgraded it to 4552.
For more technical info, make your way to the SecurityFocus site using the link below.