Mr. Anonymous at the CCC convention in germany demonstrated a 360 running unsigned code via what looks like a savegame exploit with the king kong game. No modchips or addons used at all. Looks like it will be booting linux and macosx pretty soon, and hopefully xbox media center shortly thereafter!

huge WMV download link (http://debian.tu-bs.de/mirror/ccc/23C3-mitschnitte/lightning4-t4s4.wmv)
short but streaming youtube link (http://www.youtube.com/watch?v=4AGAohJuovY)

Woohoo!

If true, someone in the MS QA department is likely not going to have a fun Monday (or Tuesday)

I expect the game to be patched extremely quickly. But once an avenue is found, once you've successfully bypassed the hypervisor, everybody knows it's possible and more holes will be found. And of course you could always buy the game and not connect to live to avoid the patch.

The instant XBMC is released, I'm buying a 360.

I expect the game to be patched extremely quickly. But once an avenue is found, once you've successfully bypassed the hypervisor, everybody knows it's possible and more holes will be found. And of course you could always buy the game and not connect to live to avoid the patch.

The instant XBMC is released, I'm buying a 360.

I'm right there with ya. Of course, I'll probably end up buying it before, but I'll probably have to buy a second one to mod it for XBMC due to the live issue.

The instant XBMC is released, I'm buying a 360.

Ok, I'll bite, what features does XBMC have over using it as an extender? using it as an extender seems pretty slick to me.

It plays everything from a simple SMB mount, including xvid and divx. And it works flawlessly.

And it's on the original XBox just the same basically.

Yeah, except that the original xbox doesn't have the horsepower to play full resolution HD movies and you can't turn it on with the remote control.

Also if I buy a 360 I'll have a 360 to you know, play games on. I can't justify it for the games alone because I'm just not into console gaming that much. But somehow if I can watch bittorrented TV episodes and play gears of war, that $400 purchase becomes justified.

It plays everything from a simple SMB mount, including xvid and divx. And it works flawlessly.

It has a full featured mp3 player/database (that it gets from scanning your MP3 directories) and probably the best visualization you will ever have seen.

XBMC also has lots of cool file format handling features, like the fact that it can parse DVD ISO images and play them (menus and all) off your PC file shares. I've run DVD Shrink on my entire DVD collection and have them all stored on my 2 terabyte (man, hard disks are incredibly cheap these days) file server as .iso images, so I can use my Xbox as a giant DVD jukebox. Achieiving the same thing on the 360 using MCE would take like a billion times more work.

Isn't XBMC x86 code? Are there open-source compilers that work on the crazy-ass x360 architecture?

XBMC is built using a leaked XDK, which is based off Visual Studio. Presumably something similar would happen for a theoretical 360 version.

Anyone not really convinced after seeing the video? Hey look guys, some anonymous guy walked up to the stage and made King Kong flash a different picture.

The youtube comments seem to echo what this really was:


it's pointless. the shaders in the king kong game were never signed. this is not real linux, or any real sort of homebrew code. he just modified the shaders in the game to do that.

He just hacked the DVD firmware and put his own copy of the King Kong with modified shaders.

Granted, I've become cynical about big exposes at hacking conventions. It seems a lot of them lately have been either "busted by the feds" or "look but don't explain". I'd prefer a little more transparency, from large corporations and individuals.

Perhaps, although it seems like a lot of trouble to go to a convention, setup a talk, schlep all the equipment, etc, just to lie about it. Hell, he could have been playing a DVD and not even run the king kong game at all. Or instead of a real xbox 360, he could have popped the insides out and put in miniature spidermonkeys with flashlights. We won't definitively know what we saw on the screen until they release more info.

Perhaps, although it seems like a lot of trouble to go to a convention, setup a talk, schlep all the equipment, etc, just to lie about it. Hell, he could have been playing a DVD and not even run the king kong game at all. Or instead of a real xbox 360, he could have popped the insides out and put in miniature spidermonkeys with flashlights. We won't definitively know what we saw on the screen until they release more info.

And the reason they didn't produce more info at the time? He was anonymous, and disclosure of more information could hasten the running of unsigned code on the 360. It looked more like a magic show than a hacker convention.

The miniature spidermonkeys got cranky and started throwing tiny clumps of faeces in all directions like rapid fire pellet guns, pop-pop-pop-pop-pop-pop-pop! The crowd scattered in fear and disgust. Mr. Anonymous then stopped the show to individually peel over 400 tiny bananas with a razor blade, a pair of tweezers, and a monocle, like Colonel Klink from Hogan's Heroes. When this arduous task was completed, over two hours had passed and the attendees had moved on to another presentation.

Someone needs to hire the XBMC team (or guy or whatever) and pay him to make a dedicated media box + DVR. My Xbox just died and that's what we used for streaming movies and now I have to decide if I should buy another Xbox, wait for the 360 to get cracked (too long), or see what Apple puts out next week with iTV.

I'll probably just buy another modded Xbox. XBMC is the best media center app I've ever used. The time it went into a folder I'd downloaded, rebuilt an .avi from the .rar files, and played it all seamlessly - I didn't even know I had downloaded a .rar package; that's how transparant and fast it was - is a high point of "just make this shit work for me" technology/

I didn't bother looking at the video. All it was was loading different shaders? That doesn't really count as running an unsigned executable, boo.

Ah bummer. I was wondering if there were any killer featuers on from XBMC that the Media Center team was missing. But it sounds like they will not be able to duplicate any of the features ( other than the visualization ).

At least its the Chaos Computer Club (CCC) the oldest Hacker assembly here in germany... so there has to be some truth about it.

http://en.wikipedia.org/wiki/Chaos_Computer_Club

Enh. It may be fake I don't know, and all arguments about transparency aside, running anything unsigned is a decent accomplishment. Rome wasn't built in a day and any future larger and more complex exploits may well be built upon something seemingly small and trivial such as this. Not that this particular exploit (if it is indeed real) will be the Achilles Heel of the 360 or anything, just that small exploits can and often do develop into larger things.

They said that it would lead into booting linux and OSX, so assuming that they aren't lying, it means that security has been totally holed. Once you can run unsigned code, you can run anything.

Shaders running on the GPU aren't the same as executable code running on the CPU. I haven't tried it, but I'd be very surprised if you can modify memory belonging to CPU executable code from the GPU. But I could be wrong.

I would have liked to see what he was executing via his laptop to give it a little more credibility, but I can understand why they might not want to tip their hand so early.