From http://www.bunniestudios.com/wordpress/?p=74 the man wo break the first XBOX.

At any rate, some very interesting things are afoot. Much of it stems from the discovery of an all-media bootable kiosk demo disk. Many hackers will instantly recognize the value of this, but it’s still interesting to reflect on the significance of this find. Like the original Xbox, the Xbox360 uses a media flag on its executables.

The media flag tells the OS what type of media it should be on; typically, games are released with the flag set to Microsoft’s proprietary secure Xbox DVD format (which is in itself not that secure…). Significantly, only the executable is signed for a game; the data sections typically are not signed (presumably for performance reasons). Thus, one has the ability to fuzz the executable by corrupting the data sections, potentially invoking a buffer overrun or some other unintentional behavior–if one could effectively modify the data sections. Remember that this is normally not possible, since modifying the data segment requires making a copy to a writeable media, and this contradicts the signed media flag.

Thus, the run-anywhere demo disk now enables software hackers to create and test the interaction of signed executables with modified game data using no tool other than a DVD-RW drive (and an Xbox360 console, still considerably rare and difficult to obtain in the US). Some of the more interesting modifiable data regions include Shockwave Flash movies, and the pixel shaders executed by the GPU (more info can be found on the xboxhacker.net website). Of particular interest is the MEMEXPORT shader command in the 360, which could enable people to dump physical memory to the screen (where it can be digitized or extracted with a sniffer upstream of the ANA chip), or to some other peripheral function. Presuming plaintext kernel code can be extracted this way, it bootstraps further efforts in vulnerability analysis of the code running in the Xbox…and so forth. Of course, its quite possible that this hole is plugged, since Microsoft’s NGSCB spec calls for the Northbridge to limit DMA access from the graphics card to main memory. Furthermore, buffer overrun exploits have questionable applicability since each process runs as its own virtual machine and rumors has it that the no-execute bit is used on heap space. Still, I’m very surprised that such a media was even released into the wild by Microsoft…their own worst enemy is their own haste to get to the market and carelessness; security is for naught without consideration of human factors. Very exciting! Perhaps the Xbox360 will be opened without the need for significant hardware hacking.

You might like also

Xbox 360 is running Linux?
From XBOX-SCENE forums " An anonymous person at the German 23C3 Hacker Congress showed what could be an Xbox360 hack/exploit during one of the 'Lightning Talks'. Lightning Talks is a daily event at Chaos Communication Congress (C3/CCC). It consists in one hour of several short (limited to 5mins) talks.In a very short presentation a masked 'hacker' showed an Xbox 360 booting up King Kong (the game, by ubisoft). After loading the game a screen pops up showing an Xbox 360 …
4612 Days ago
No Thumbnail was found
As state by Xbox-scene.comThe hack is a modified firmware of the (original) Xbox Samsung SDG-605B/616T/616F DVD-ROM drive.As you (should) know, all Xbox executables (XBE files) are signed by Microsoft (with a private key only MS has). This means that if you try to change anything to the XBE file, the signature will be wrong and the file will not boot.You will need to combine this hack with The Team-xecuter.com DVD adapter or build Your own following the guide at Team …
4864 Days ago
I have my XBOX premium
Some things that are still missing:Dead or Alive 4a Modchip, Teamxecuter is well place to ship the first one in weeks or months....a way to use it as a media center with an open source softwaresamba share and not proprietary protocol which require XP/MCEAnnoying noisesize of alimentationbut I am able to support it when I play in 720pp on a 5 meters display :-)some sites on hacking:www.free60.org a wiki based site which purpose is to centralize all knowledgewww.xbox-scene.com the referencewww.geux.be …
4959 Days ago