Forgot your password?
typodupeerror
Linux Software

Linux Running on Xbox Without Modchip! 282

Posted by CmdrTaco
from the kinda-anyway dept.
NiteStar writes "It looks like people on xbox-scene.com and xboxhacker.net managed to run Xbox-Linux on a non-modded Xbox console. It requires no soldering at all - you don't even have to open up the Xbox. They are using an exploit in the saved game handling of the EA xbox game '007 Agent Under Fire'. It requires the original version of the 007 game and a memorycard you can connect to PC like the mega-X-key or datel's action replay. Apparently you can even build this memorycard yourself using a standard USB memstick." Frankly it seems like just soldering in the modchip would be easy, but big points for being clever!
This discussion has been archived. No new comments can be posted.

Linux Running on Xbox Without Modchip!

Comments Filter:
  • by Call Me Black Cloud (616282) on Sunday March 30, 2003 @09:49AM (#5625959)

    Here's the announcement [xboxhacker.net] in a forum...
  • A bufferoverflow (Score:5, Informative)

    by rveno1 (470619) on Sunday March 30, 2003 @10:04AM (#5625997)
    ok all this is, is a buffer overflow exploit.

    a link to the code is:
    http://www.xbox-scene.com/007linux.txt
    it is uuencoded

    enjoy!
  • It's slashdotted. (Score:0, Informative)

    by anonymous coword (615639) on Sunday March 30, 2003 @10:19AM (#5626036) Homepage Journal
    Here is the article text (don't forget to remove the spaces from the uuencoded file)
    Subject : Project B Solved !
    Ladies and Gentlemen,
    I'm happy to present the first solution found for the Xbox Linux Project B:
    Here is a way to run Xbox Linux on an unmodded, unopened Xbox !
    Inlcuded is a uuencoded zip file containing all the necessary files. Here is
    what you need:
    - - You need an unmodded XBOX (not sure it works with modded bios)
    - - You need the game 007 Agent Under Fire (*NOT* NIGHTFIRE, those are two
    different games!)
    - - You need a way to transfer a save to a memory card (that is, xbox-save.com's
    hardware, or usb<>xbox cable + usb stick + xbox-save software, or you can
    use a standard memory card too if you can put files on it (with EvoX for
    instance).
    - - You need to get the "Xbox Linux Live" small distro.
    Got all this? Let's party!
    - - Unzip 007linux.zip
    - - Extract the Xbox Linux Live ISO with a STANDARD ISO extractor (ie WinISO)
    - - Copy the Xbox Linux Live files into the UDATA41000d<!--POST BOX-->00000000000\
    directory (including "boot" subdirectory) (don't copy the file "plugin.img"
    or it won't fit on a standard memory card).
    - - Now, replace the first 0x380 bytes of the default.xbe with the 0x380 bytes
    contained in the "default.patch" from the included zip file
    - - Copy the whole 4541000d directory to your memory card (starting from 4541000d,
    not UDATA. UDATA directory is here so it works with xbox-save.com's software)
    - - Use the Xbox Dashboard to copy the 007 save from the memorycard to the HD
    - - Run 007 on the Xbox
    - - In main menu choose "Load Mission", then "Xbox Hard Disk"
    - - Et Voila ;-) If things went well you should get a Black Screen, and Xbox LED
    turning to orange (this is done when linux kernel is loaded), and after a
    couple of seconds you should heard the Xbox Live Linux "loading sounds"
    Just take this as a "proof of concept", there won't be anything on screen
    because video has to be initialised in Linux like it is in Xromwell, but as
    there is no "official version" of Xromwell I found, I prefer to use Xbox
    Linux Live as example as everybody can find it.
    Basically there is a bug in the save handling, which has been found in several
    games, I just took 007 because only one save is needed for both US and PAL
    game version - for other games you usually need two (or even more).
    More explanations on how it works, how to make other linux distro work
    and GPL sourcecode will follow!
    I'm already anticipating some questions:
    Q: Will it run my backup games without a modchip ?
    A: No, it won't. This trick works for running Xbox Linux ONLY.
    Q: Is it real?
    A: YES.
    Q: What if MS removes 007 Agent Under Fire from the shelves now ?
    A: 007 Agent Under Fire is just one of the several games with this bug, so
    don't worry :-)
    Enjoy!
    Will.
    Use uudecode to extract the following file,

    begin-base64 644 linux007.txt
    KiBnIG8gYSB0IHMgZSB4ICogZyBvIGEgdCBz IGUgeCAqIGcgbyBhIHQgcyBl
    IHggKiAKZyAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAg
    ICAgICAgICAg ZyAgCm8gLyAgICAgXCAgICAgICAgICAgICBcICAgICAgICAg
    ICAgLyAgICBcICAgICAgIG8gIAphfCAgICAgICB8ICAgICAgIC AgICAgIFwg
    ICAgICAgICAgfCAgICAgIHwgICAgICBhICAKdH wgICAgICAgYC4gICAgICAg
    ICAgICAgfCAgICAgICAgIHwgIC AgICAgOiAgICAgdCAgCnNgICAgICAgICB8
    ICAgICAgICAgIC AgIHwgICAgICAgIFx8ICAgICAgIHwgICAgIHMgIAplIFwg
    IC AgICAgfCAvICAgICAgIC8gIFxcXCAgIC0tX18gXFwgICAgICAg OiAgICBl
    ICAKeCAgXCAgICAgIFwvICAgXy0tfn4gICAgICAg ICAgfi0tX198IFwgICAg
    IHwgICAgeCAgCiogICBcICAgICAg XF8tfiAgICAgICAgICAgICAgICAgICAg
    fi1fXCAgICB8ICAg ICogIApnICAgIFxfICAgICBcICAgICAgICBfLi0tLS0t
    LS0t Ll9fX19fX1x8ICAgfCAgICBnICAKbyAgICAgIF
  • by FristPr0st (662486) on Sunday March 30, 2003 @10:36AM (#5626071)
    Here is the website which has the 007 saved games, a movie file, and instructions. http://kotisivu.mtv3.fi/vilz/unmod/ [mtv3.fi]
  • Re:Hmm... (Score:1, Informative)

    by Anonymous Coward on Sunday March 30, 2003 @11:02AM (#5626153)
    im no expert or anything so im just going to shoot in the dark. they modify a save game and when the game starts to load the savegame there is a bufferoverflow. then they know where the programmpointer is and they load some bootloader code in that memmory area.
  • by Anonymous Coward on Sunday March 30, 2003 @01:29PM (#5626696)
    Do you think that an average app is going to deal with /dev/psaux and /dev/input/mouse0 when the two use entirely different protocols?

    No, I would expect them to use X events, gpm or at a pinch, /dev/mouse (Which although the driver which drives /dev/mouse may change, does not mean that the software interface to the device node changes)

    The number of people who people who don't understand the basic premise of device abstraction is scary.
  • Re:I Predicted This (Score:1, Informative)

    by Anonymous Coward on Sunday March 30, 2003 @01:49PM (#5626790)
    Teasing what key out? The only key stored on the xbox is the public key, and that key is well known IIRC. What we need is the private key that is used to sign the code of games.
  • Mega X-Key (Score:3, Informative)

    by savvy (8628) on Sunday March 30, 2003 @02:31PM (#5626965) Homepage
    http://www.xbox-saves.com/ [xbox-saves.com] is where you can find more info on the Mega X-Key mentioned in the article, and they also have the save needed to get linux going in their saves archive.
  • by janda (572221) <janda@kali-tai.net> on Sunday March 30, 2003 @03:20PM (#5627169) Homepage
    The exploit uses a buffer overflow to insert new code after the game has been verified as "being good". If you want to play something else, all you'd need to do is remove 007 game, insert new game, press "reset".
  • Not quite... (Score:2, Informative)

    by boola-boola (586978) on Sunday March 30, 2003 @05:51PM (#5627967)
    "Frankly it seems like just soldering in the modchip would be easy, but big points for being clever!"

    This depends on whether or not you are actually good at soldering. I for one have destroyed many PSX's in the past due to my clumsiness. Regardless, CT forgot one important fact: if you mod your XboX, you will _permanently_ (well, without some creative hacking and another Xbox, which, in having one already defeats the purpose) lose the ability to use Xbox Live, as the Xbox's unique,internal serial number will become banned.

Make sure your code does nothing gracefully.

Working...