How possible would it be for a virus or worm to target online gaming consoles such as XBox or Playstation2?
Printable View
How possible would it be for a virus or worm to target online gaming consoles such as XBox or Playstation2?
Probably possible because the XBox is basicly a stripped down version of windows 2000.
Well, you may have some trouble getting M$ to digitally sign your virus code. The X-box will not execute unsigned code.(Without a hack of course :))
-Maestr0
Well I'm no X-Box expert :D But you know as well as I do that Online Games have their fair share of problems and are sometimes exploitable. That would open up a foothold for a virus or worm to get in. But without something to store itself it would only run as long as the box stays turned on. CodeRed i.e. does the same, it doesn't drop any files and runs completely from memory but was still able to create havok.
sirdice- While what you are saying is true, the security that is on an xbox is really pretty good. First, no applications will run unless they are digitally signed by MS. That I am aware of, nobody has figured out how to get an illigetimate file signed properly. Now you can alter the BIOS to get around that digital signature, but it requires a hardware modification, or a game-save xploit.
In terms of xbox live, it is my understanding that MS has this service locked down pretty secure. If you are running any type of modified xbox code, your xbox mac will be banned. I really don't see how you could get a virus into that particular network. Xbox connect is totally different, and it is possible that a buffer overflow could be found and exploited.
The X-box stores game information on a regular old joe hard disk. If the xbox was xploited that xploit could include access to the permanent storage media.Quote:
But without something to store itself it would only run as long as the box stays turned on.
A virus could concievably exploit a running piece of signed code (aka an X-box live exploit targeted at a specific game) but even if you were able to store the virus code on the HDD it would still not be signed and would be unable to execute the next time the X-box was started because of a lack of digital signature. It would have to run as SirDice suggested, hopping from box to box which is running the exploitable code. Not sure what you could do with it other than maybe erase savedgames on the victims HDD and propagate, still would be a fun POC if you could find a remote exploit in an X-box live enabled app.
-Maestr0
Lets make one... Oh yah.. ;) Sounds like it can happen, next thing you know NAV is on your XBOX lol.
-Cheers-
SirDIce is right. Only M$ signed code will run on the Xbox unless a mod chip installed. If however a mod chip is installed and in use at the time (as it would be for unsigned code to run) Then you would already have been kicked off Xbox live. So people online gaming should be ok (Especially as new mod chips wont let you dial out to Xbox live while they are active). If however you were running a modded xbox on a network thats connected to the internet then there may be a possability for such a hack.
I been playing my xbox online for a long time now and I never had any promblems with viruses, worms, and trojans nothing malicious like that. But I also have my xbox hooked up to my D-Link Router/Firewall that is configured very well for security purposes of course. Heres a pic of my setup.Quote:
How possible would it be for a virus or worm to target online gaming consoles such as XBox or Playstation2
Hmm so X-box can only connect to the internet via Microsofts X-box live network?
I own an x-box but have never really considered placing it on the net. I prefer the PC for online play. I know Microsoft charges a fee for a subscription but that is your only option? If so then coming from a PC centered online veiw, that simply sucks ass. I guess if you get some yahoo claiming he's going to crash your x-box and your network because you are tempting him with rockets, then the question would definitely come up. Any online gamer has heard and laughed at that one.
Note: I am not knocking the Xbox online play, cause I know there are a lot of die hard users, but in my view it sucks ass. Of course I don't know how much it cost?
I know that if it is possible for us to skin the box software, upgrade the HD space, mod it out, save backups of games on it locally, and a variety of other things. It is only a matter of time until somebody figures it out, digitally signed or not. Fortunatley I have only seen some positive hackers working on breaking down the box.
Until I see somebody break the signature with the mod chip off of course(otherwise you wouldn't be playing xbox live) then I see nothing to worry about.
Xbox live is the only MS approved way to play your xbox online. However, there is a piece of software called xbox-connect that allows you to play network games over the internet with your xbox and a computer. The only game that people seem to play on XBC is halo though. If online gaming is your thing, than using a computer for it is definitely the way to go as even the PS2 online gaming is strictly controlled by Sony. Using a computer just makes it a lot easier to play online without having to pay extra service charges.Quote:
Originally posted here by RoadClosed
Hmm so X-box can only connect to the internet via Microsofts X-box live network?
I own an x-box but have never really considered placing it on the net. I prefer the PC for online play. I know Microsoft charges a fee for a subscription but that is your only option? If so then coming from a PC centered online veiw, that simply sucks ass. I guess if you get some yahoo claiming he's going to crash your x-box and your network because you are tempting him with rockets, then the question would definitely come up. Any online gamer has heard and laughed at that one.
Note: I am not knocking the Xbox online play, cause I know there are a lot of die hard users, but in my view it sucks ass. Of course I don't know how much it cost?
I wouldn't say that the xbox online gaming sucks, it is just much different than a computer in that an unmodded xbox doesn't give you the ability to find other xbox users without xbox live. On a computer you can go to forums, use different chat services, etc.. etc... to find other people to play with. Even then, it still requires a little bit of knowledge to get a network game up and running without having to pay a service charge. Xbox live gaming is really designed for the people who may not have any computer knowledge, but want to play other people in games. And it works really well in that capacity.
If you have a bit of computer knowledge, getting xbox connect up and running is really easy. Just look out for all the arrogant teenagers that seem to inhabit the place.
If you guys want to see a cool as video of some console hacks, ( XBox,PS2 & Game Cube ), go to www.pureescape.net and check out the forum link "Modding up your Game Console".
Enjoy,
--PuRe
Linux was ported to the Xbox, as you can imagine this wasnt digitally signed and a mod chip wasnt needed.
It exploited a buffer overflow in a game, this allowed linux to be booted on the Xbox, Microsoft saw this got annoyed and patched it using the Xbox Live system. Apparently in the Xbox contract/ warrenty (not sure sorry) that your supposed to sign and send off your signing away your write to modify it and allowing MS to patch your Xbox using Xbox live. it was something like that but please correct me if im wrong.
Theres a whole website related to xbox linux, it details what ive just tried to explain better i imagine.
As for the virus, im theres more exploits out there, so if you looked for them you could explit them i suppose....dont see the point personnally.
i2c
I read alot of information on hacking the xbox last year when the e-book was published on the subject. Even after physically moding the box and running linux on it. The microsoft part hasn't been broken. The encryption that is used on the signature is still intact. Now when you go physically changing stuff then of course that leaves it open to other software, like linux and exploits associated with it. To my knowledge no one has broken the encryption embedded into x-box software and an unmodded x-box. If you go opening physical doors then of course you could be subject to xploits and is different from an X-box that has never been tampered with physically.
Another thing is that an XBox (with it's default OS) can only run one process at a time. This is why an XBox emulator hasn't been successful yet. So, to write a virus for an XBox, it'd have to be integrated into an existing application.
Cheers,
cgkanchi
I have many many problems with my xbox,
im using the aladding 2 advanced chip,
Then ived installed evolutionX
unfortunaly the ISO i got hands on. had a "unkown w32k" virus,
so my xbox got infected, and still is, cause my backup is also infected.
tryed "cleaning up" my Backup, but norton has no chance in hell, i just recomends
that i delete a specified file.
So my current situation is.
I Cant use xbox Standard mode.
I can ONLY use chipped mode, if it launches
If it boot good, it sometimes wont run games, then i need to reboot several times,
before the game is running.. totally unable to play dvds(movies) and music.
So now im planning to buy another xbox proberly a used v1.1 or 1.2
and then use the old, for experimenting. :-(
Oh.. BTW Xbox without MODchip runs fine through tunneling networking services like gamespy.
Through lan, (simulates lan games, over gamespy)
there 2 more providers of this than gamesspy, cant remember the name. Sry.
The save game exploit basically lets you flash the onboard tsop to a bios that allows you to run unsigned code. Installing a modchip allows the xbox to function perfectly normal when the chip is uninstalled or turned off. If you flash the TSOP with a save game exploit, you would have to flash the tsop back to the original bios before you could use xbox live.Quote:
Originally posted here by i2c
Linux was ported to the Xbox, as you can imagine this wasnt digitally signed and a mod chip wasnt needed.
It exploited a buffer overflow in a game, this allowed linux to be booted on the Xbox, Microsoft saw this got annoyed and patched it using the Xbox Live system. Apparently in the Xbox contract/ warrenty (not sure sorry) that your supposed to sign and send off your signing away your write to modify it and allowing MS to patch your Xbox using Xbox live. it was something like that but please correct me if im wrong.
Theres a whole website related to xbox linux, it details what ive just tried to explain better i imagine.
As for the virus, im theres more exploits out there, so if you looked for them you could explit them i suppose....dont see the point personnally.
i2c