## Bluehat07 @ Microsoft

SEND HELP I”M AT MICROSOFT AND HELD HOSTAGE BY BLUESNIPER!!!!

Okay, so the picture is for real but the caption isn’t. (RSnake has a much better version of the photo here). I am at Microsoft, but the guy on the left isn’t a Microsoft lawyer. He’s John Hering, a founder of Flexilis, inventor of the BlueSniper device for long-range Bluetooth hacking attacks, and all around brilliant guy. John was also a presenter at this years’ Bluehat and he was told to look menacing for a photo…but he just looks so friendly it wasn’t believable. So, I figured I’d add myself to the photo in the executionee pose to give it a little extra flavor.

The picture is actually somewhat apropos because I’ve always believed that Bluetooth will be the death of me (and incidentally, one of the less flattering phonetic translations for chumby in Chinese literally means “execution by gun through the back of the head”. We didn’t use that one.). I’ve been through one frustrating startup designing Bluetooth/802.11b coexistence solutions and now I have this nasty allergic reaction to all things Bluetooth. I have an eye-rolling rant about how there is an eight-inch thick spec and million-transistor radio solutions whose primary application — point to point two-way wireless audio — was solved back in the 60’s with the three-transistor walkie-talkie (OK fine it’s just simplex but you get the idea). With a few thousand very nice CMOS transistors today you could build an extremely low power, low cost single-chip solution that would be so low power it would run for months and so cheap it would be disposable. Talk about a business–disposable fashion headsets that “just worked”–no association headaches, robust performance, etc. Anyways, I could go on for a while about my frustrations with this IrDA of the 00’s but I’ll save you the rant (unless you really want to hear it…)

I was at Bluehat giving a presentation with Felix Domke on various hardware hacking exploits, including silicon hacks, dbox-2, Gamecube, and of course, the Xbox360 (Felix is a genius and a gentleman). Below is a photo of Dinart Morais (whose initials ironically are “drm”), the designer of the Xbox360 security, and Michael Steil, Felix Domke, and me.

It was quite an honor to meet the man who designed such an excellent security system. We had a lot of questions for him, and he was very friendly. I guess since we have given our talk now, there is no more secret about it, some of the folks in the picture above were part of the team that published the February 2007 Xbox360 Hypervisor Priviledge Escalation Vulnerability. Fortunately, Microsoft was very receptive to working with us to fix the vulnerability before it was published and in the end it was a constructive exercise for all parties involved.

omg wtf I’m at Microsoft talking about Xbox hacking??!?!?

Please see Important Clarifications as well. Felix Domke (tmbinc) is the genius behind the Xbox360 hack. Please credit him properly!

### 98 Responses to “Bluehat07 @ Microsoft”

1. What also is very interesting to see, is that they let people present with a MacBook. The world certainly feels upside down from here.

2. Carmack says:

I would really love to hear the ranting about IrDA!
What don’t you build the JustWorks Headset?
Cheers

3. […] Bluehat07 @ Microsoft […]

4. Matt Swann says:

Bunnie, I was in the audience yesterday and loved your talk — thanks for taking the time to come visit us. Glad you had a great time!

Sander: “let people” present with a MacBook? Microsoft doesn’t have any rules about that — their culture is a lot more relaxed than most people expect.

5. Eliot says:

He shouldn’t feel bad; I guess they’re renaming DRM http://www.freedom-to-tinker.com/?p=1156

6. hawkeyeaz1 says:

The last picture is priceless, Microsoft, Apple logo, and Bunnie, one of the first successful XBox hackers and advocate of things not quite Microsoft….

7. Matt: Yes, I am sure it is. It is still an interesting thing to see.

8. JuggaLife says:

I can understand drive hacks.
Homebrew!?
YOU TRAITOR!? HOW COULD YOU DO THIS!?
Why bunny!!!!! Why!?

9. JackAz says:

Wow.

Why would you do this?
Do you want hacking to seize?

Seriously.

10. B T says:

Yeah, really. We could already play copied games. Who were you helping by hurting 360 Linux development?

11. Tom says:

Yes thats correct we can play copied games. But we all cant use Linux. He is a Traitor! Go back to your farm.

12. David says:

Bunny, the posts above raise a valid point. Are you and your associates now against opening console platforms to homebrew and Linux?

Really, you should post a reply to this question.

13. Bill Bob says:

What a group of little pricks.
Oh look m$I found a flaw, can we fix it quick then we can all go to the shower room for a pants around ankles party. Get a proper job man. 14. Lefty says: Hmm working witht he ememy or keeping your ememies close to your chest? Or are you getting paid thats probaly more like it. Im gutted about this followed your shit for years i guess this is like when your fav undergound band get signed to a major label and sell out. 15. NoNoNo says: This is the end of bunie’s god account. You lost your soul! 16. Felix says: Why hurting? Working together with Microsoft actually made it possible to speak about this hack in public at all, and releasing information (including that proof-of-concept) about it. My/our intention was never to spoil homebrew. No, there was no money and no job involved in the disclosure to Microsoft. I have good-paying job, and hacking stops being fun if money is involved, at least for me. (which reminds me about that gray every-day life which will start again after I enter the plane tomorrow – i really had a great time here at Bluehat and Toorcon – thanks Bunnie, thanks microsoft, thanks toorcon and all the other people involved!) The real enemy is not Microsoft in general, they are their lawyers. That are the people I wanted to keep on distance. It worked out. The reason to stay anonymous so long was not that being mysterious is so cool or whatever – it was just about not getting sued. But after Bluehat, it become clear that this was no issue anymore. And my strict demand for working on a project like free60 is that i can publish stuff in public, under my real name, without hiding anything, and still be able to sleep well at night. This would not have been possible if we hadn’t worked together with Microsoft. And I would be the very last person not wanting free60 to become successful. The world is just not that black and white. 17. bunnie says: Actually, we are very strongly for homebrew and Linux. We had a very long talk with the security architects at Microsoft about splitting up security into separate modules for anti-piracy, anti-cheating, DRM, code signing, etc. for the next generation so that homebrew can run, without enabling piracy. Hopefully they have listened. The problem with the exploit is that it can be directly abused for piracy, as their architecture used a single core security module which, when compromised, caused everything to be compromised. The potential liability of such an exploit is immense. The likely crack-down on the homebrew effort due to legal backlash would not have been productive in the long term and there were strong indications of such a possibility — after all, it is the exploit developers who are putting their necks on the line. It is also clear in 20/20 hindsight that if we had not taken the path we did, Microsoft would have quickly reverse engineered our exploit installer and developed a patch, and we would have lost the opportunity to discuss the situation with them while creating potential legal havoc for ourselves due to the ambiguity of our intentions from their standpoint. At least this way we had a chance to share our views. And, to reiterate the obvious, the homebrew-fans would be in exactly the same place as they are now (e.g. having to stop at a certain patch level/potentially buy new hardware) because the “strength” of the exploit wasn’t great enough to stand on its own for more than a few days. Under all circumstances you would eventually have to buy one box to play Xbox Live, and another box to do homebrew, full stop. That’s how good the 360’s security architecture is. Furthermore, it is standard practice in the security profession to contact the vendor to attempt to resolve the issue prior to disclosure. There is no monetary reward for this behavior; it is simple professionalism and an act of good faith. I would like to point out that this is identical to the path we started last time — when I hacked the original Xbox security the first thing we did prior to public disclosure was to notify Microsoft of the vulnerability — but last time Microsoft wasn’t responsive, and furthermore, even if they wanted to do something, they couldn’t because of how they had burned a single key and codebase into every box out there. This time, they have an improved system with sufficient agility to respond to such a threat, and they also listened to us and invited us to their house so they can learn and improve, and hopefully improve relationships with potential developers like the homebrew community. We gladly obliged because as security professionals our ultimate goal is to improve the state of the art and social policy in security, and open negotiation is more productive than a protracted guerilla warfare. Simply put, we are locksmiths, and we love locks. We see locks as protecting possessions, homes, and families. We understand how to pick locks, and we also understand how to make better locks. Locks can be abused by preventing access to public places, but we believe it is best to go to the biggest lock maker and help them improve their locks (for the love of the art) and also help them set policies on deploying locks (for the love of the people). Microsoft will continue to improve their locks with or without us, but I doubt they would ever even consider making a policy change without us. And, I think we left a clear message at Microsoft that until they do provide a signing key to enable homebrew, inevitably every new generation will be attacked until an exploit is found that enables homebrew (and other aspects), possibly by a new adversary that is not as white-hat as us. Creating a multi-faceted security strategy that enables homebrew effectively diffuses the threat model and thereby enhances security. Open hardware platforms are inevitable; hardware is inherently open. Finally, those who are interested in homebrew may have read the security focus bugtraq release back in February and understood that enabling homebrew on your box is as simple as not accepting the latest patch updates. The modest interest the post generated was probably a reasonable indicator that the vast majority of the potentially affected parties didn’t actually care for homebrew, as game copying was already possible for many months now. I apologize to the homebrewers who did miss on the opportunity, but you can probably also still obtain unpatched boxes in the standing inventory of stores today. Because of this, Linux development is still very active in the homebrew community, no new piracy or cheating was enabled, and thankfully we can continue our work with little fear of legal action. I think many would agree that this is in fact probably the best compromise solution available. You can’t make everybody happy, but I think all parties acting true to their stated intentions should be happy. 18. Tom says: I dont think so… Why we should buy another 360 with an old kernel? M$ have enough money! I say thats the wrong way.

You sold the community!

19. LetsHbrew says:

Agreed on all the above except:

“the security focus bugtraq release back in February and understood that enabling homebrew on your box is as simple as not accepting the latest patch updates. The modest interest the post generated was probably a reasonable indicator that the vast majority of the potentially affected parties didn’t actually care for homebrew”

Maybe not necessarily that they didn’t CARE about homebrew

But because the first ever hack was a piracy-enabling one (since it was the only possible vulnerability at the time or whatever) the place has gotten flooded with a less classy crowd of simple game stealers

Little choice but to wait for something to sweep true homebrew ahead where it belongs again, and clean this out before we can return. That would probably take some kind of kernel level hack at this point (not requiring a loader cd every time you want to play homebrew).

The future looks doubtful for the thing where you could power up and automatically have a modded dash running, ready to use the 360’s roaring power for primal non-corporate uses.

Then again, I’m taken back and super-impressed that anyone found a hole through which to play homebrew at all.

20. craig says:

well bunnie ,i think you did the right thing,im on your side

21. Jonesy says:

You took absolutely the correct path Bunnie.

For all you guys who want to do homebrew, take a look at XNA, this is exactly what it is for. The next release will supposedly have network access also. If it doesnt do what you want then feedback to MS and help them improve it!

I for one would rather NOT have Linux on my 360 if it also means not having cheaters on Live, people stealing my live account details, people stealing my credit card, etc etc..

You cant have one without the other people.

22. Jeremy says:

I’m just curious as to what we all mean by “homebrew.” What I really want for my 360 is alternate dashes and the ability to emulate. Would emulators be considered homebrew in this sense or piracy? It would be awesome to have a Dreamcast/Saturn/Ps2/etc… emulator on this machine.

23. TREXX says:

Well hopefully when Linux on the 360 is complete, you can run Linux emulators to achieve the same thing.

24. TREXX says:

Correction, I mean emulators that work on Linux :p

25. Mike says:

“is more productive than a protracted guerilla warfare”

vietnam wons the war with this tactic!!

26. Boomy says:

The problem with XNA is that you have to PAY to use it and run someone else code…

Anyway the only thing I would like to see on the 360 is XBMC. I want to watch other format than Microsoft’s video format :(

27. redeath says:

bunny just simply you sold out
“home brew is important, but thouse that can afford to buy enless amounts of original games, will perchase original titles, and thouse who can,t afford to do so! well”they will play “pirate games” so realy.i dont think piracy is sutch a big problem.yes i understand that you love working with locks,but would you rather work with locks for poeple or for large coperations

me i mod consoles ,and ever day i put a smile on alot of kids faces,you wont get that feeling from large corperations

28. tser says:

And never under estimate the power of stupid tsers/users in large digital crowds! ;)

i would like to disagree with bunnie about the ” you need two..” i think at the end you need one… But for now.. i have two of them too :)

About XNA …It is a great tool, and with the help of network support (did i say, we-really-need-that ?-)) you can make your fun:) and it IS free if you are coding on your pc and targetting pc.. nobody forced you to code only for the 360.. and don’t tell me you don’t have a pc.. you needed one in the first place to run XNA annyway…

and to everybody…you *CAN* execute “”homebrew”” without running linux … if you just had tried doing it! ;)

Live is a game, mod more.

–tser

29. macattec says:

@redeath
hope you don´t charge anything for your moding.

all you guys complaining about bunnie and his actions: try to hack the box on your own instead of complaining about everything. bunnie made microsoft listening and thinking about a way to include homebrew – that´s important.

30. Caster420 says:

Bunnie and crew,

I appreciate all the hard work you have done on this console and the original xbox. I know it has allowed me to gain a lot of insight and knowledge into something that is, for the most part, way above my head.

It is greatly appreciated.

Caster.

31. dno says:

Bunnie got star struck and sold out :(

This quote takes the cake:

We had a very long talk with the security architects at Microsoft about splitting up security into separate modules for anti-piracy, anti-cheating, DRM, code signing, etc. for the next generation so that homebrew can run, without enabling piracy. Hopefully they have listened.

Who are you trying to fool here bunnie?

32. x360LiNuX-STL says:

OOOhhhh, NNNoooo, Please tell me I have to blow my e-fuse?????? Bunnie, I guess, good work??? People is confused about this here… Should I gone head and “update” to the newest nonhackable dash :….(
Or… are you letting M$know WE THE PEOPLE WANT HOMEBREW ENABLED ON THE 360 SOME TYPE OF WAY!!!!! To all who is lucky to have to 4532/4548 dash… Like me, Send M$ a email about splitting the 360 into a dual bootable OS but with no keys for live on the second OS, then people cant cheat on live!!!!! Sh@$ps3 Have “OTHER OS”, why can’t the 360 Have it???? This is the type of socalled “new dashboard” M$ should of came out with instead of this b.s. that is out today, down below!!! M$Needs to think, he could be making more money than he is now if he make the 360 into a bootable: windows X 360/dos X 360/ Linux X360/zune X 360/ mythtv X 360/ mac X 360/ ipod X 360/ mediacenter X 360. This is what people wants nowdays so we need a LOT of people to TELL HIM THIS TYPE OF STUFF SO HE WILL HOPEFULLY LISTEN FOR ONCE AND DO WHAT PEOPLE want him to make instead of the b.s. hes coming with NOW!!!! Just wanted to get that off, anyway, Bunnie, GL if good things happen for you. But I hope you are not leaving the free60.org/ xbox-scene in the cold, Would be sad to you go. Ive learned and OTHERS ALOT from YOU, YES YOU!!!!!! and TMBC!!!!!! Well till someone else hack in the future!!!!! I don’t know if I should be happy or sad about it, so like others Ill just have to wait and see what happens!!! 33. Pirichios says: I really have a lot of respect for you bunnie, tbh im a lucky soul that has an old dash(homebrew compatible)maybe some day being able to boot linux from scratch would be awesome. until then we hope you keep working on bringing true homebrew on the 360 also correct me if im wrong but shouldnt MS biggest concern be piracy? the drive seems to be compromised at this point, and it seems thats one battle they are losing at the moment…. if they released a key for homebrew id be the biggest microsoft fan ever… and in true honesty i dont see how homebrew can hurt them. To be honest though, xna is ok, but not really true homebrew. Making a kickass media player or also some other cool stuff would be awesome, but due to the limitations of xna, i dont see that happening anytime soon.booting into a linux/windows os would make my day a very happy one… 34. Mo says: Bunny No No No No. You did a bad thing. Hang your head in shame. Microsoft will Never ever listen. The whole corporation was built on the principal of making Money from software, by any means necessary. Bill and co did not like the hippies developing at Berkley. 35. TheSpecialist says: Hi Bunnie, I’m happy to see that the relationship between MS and the hacking scene has become this good. Where other companies use their lawyers to keep hackers out, MS shows that they’d rather learn from hackers instead of trying to put us all behind bars :) I think that’s a good thing for everybody and I’m glad you guys represented the hacking scene there. But I do hope you had a chance to install some root kits there ? Lol :) Kind regards, TS 36. corkz says: It’s actually quite sad to see people throwing backlash at bunnie and co. Do any of you people who are calling them sell outs understand how much these individuals have done for the xbox communities without ask of anything in return. Perhaps some of you don’t understand what it’s like to have a multi-billion dollar corporation come at you. They can destroy you if they want to. Literally ruin your life. Despite these risk these people have moved forward with something they believe in, do for free and benefits us all. Everyone should be applauding them for their decisions as it is both the legal and responsible way to conduct themselves and continue doing it at the same time. Four letters “DMCA” Bunnie and Felix I have enjoyed so much of what you have both have done, both from an end user side and the technical side of the exploits themselves. You are exemplary examples of how “hackers” should conduct themselves. Props to both of you and congratulations on your successes as well. Respectfully, corkz 37. K405 says: Yep, totally agree with MO! Stay sharp.. keep focused. It is MICROSOFT! Remember? M$=Evil.. Steve Ballmer called Linux a form of cancer, Bill Gates is the richest man on planet Earth.. How? By stealing ideas and keeping them for himself and crushing annihilating everything and anything in his path.

Saying you want the M$lawyers of your back is bullshit. Tmbinc, what about the Nintendo lawyers? You don´t worry about them at all? I have the deepest respect for you guys, tmbinc, bunny and Michael.. but don´t be naive. Don´t let them fool you. Stay away from M$.

38. NeXuS says:

I don’t think anyone here has the right to bash these boys. They have done so much for our community and have not asked for money or anything in return. We are just going to have to believe him that he did not sell out. He hasn’t lied to us before and yeah I know were all thinkin, “M$has lost of money, they bought out Bunnie and Felix for sure”. Well yeah that would be what most would think after reading this but I saw something Felix said that caught my eye, “As soon as money is involved, hacking stops being fun”. Wanna know why? Because it’s a hobby, nothing more. Are all you nay-sayers that nieve to believe that these boys couldn’t of had a job at M$ pretty much whenever they wanted? Well, they could of and they haven’t, that says alot to me.

39. john says:

give us the key M$!! We can already steal your games… So why stop HB? 40. linux forever says: They are going to blow your asses, now that they know who you are and what you have done (you have already violated the xbox licence in many aspects, reverse engineered it, etc.) and what you want to do. bunnies in a cave of wolves… 41. redeath says: im not worryed if bunnie sold out. how long before some one else stands up to take on the challange,there are always new poeple joining the scene every day,he might be a genuis ! , but im sure in that department his not alone ! 42. n8thegr8 says: wow, I knew the internet was full of retards, but damn, you guys take the cake. Do any of you even understand what you’re saying? You have no idea the kind of work and genious that felix and bunnie put into this, and their contacting microsoft shows their integrity and proves that not all hackers are out to steal games, which will only foster the relationship between ms and the community. Why fight the people that are giving us this console in the first place when we can work with them to make it better? I see comments like these and fear for the future of humanity. Great work guys, keep it up, and maybe one day, our voices will be heard and we’ll have homebrew without cheaters and thieves. 43. POTCaf says: bunnie and felix… Did M$ confirm that they wont BAN users w FW hacks due to the fact that it would put a dent in revenue off their Marketplace and Live? Or perhaps, they indicated they CAN’T kill FW hacks or BAN based on them at all? Disc Jitter?? What about the Specialist’s HDD hack? You all didn’t talk about that either?

Homebrew is homebrew. We know the story. What don’t we know??

I commend you all for your work and inspired passion for what you enjoy, but you’ve spoken at length with these people (your inevitable enemy) about various hot topics. and you’ve had nothing truly important to reveal other than “remove your resistor”?

Obviously, people will trust what you say, but for how long will people trust you in general after this. You won’t persuade M$at all. They used you for using them and their product, and making it something truly unique…you made them question themselves, their beliefs, and their talents. They hate you. 44. xmod says: [quote]wow, I knew the internet was full of retards, but damn, you guys take the cake. Do any of you even understand what you’re saying? You have no idea the kind of work and genious that felix and bunnie put into this, and their contacting microsoft shows their integrity and proves that not all hackers are out to steal games, which will only foster the relationship between ms and the community. Why fight the people that are giving us this console in the first place when we can work with them to make it better? I see comments like these and fear for the future of humanity. Great work guys, keep it up, and maybe one day, our voices will be heard and we’ll have homebrew without cheaters and thieves.[/quote] sorry to disapoint you, but big companies are not out here to play nice! lol M$ is out to make money, was, is, will always ever be!
And thats the issue behind piracy. Fuck homebrew, whats it for anyways, to play super fucking nintendo on a 600$machine! woooooo. or wait, maybe linux, whats up with running linux on every god dam system that comes out, get a freakin PC nerd and get it over with. If your askin me to play nice with M$ in order to have a “better” community, tell them to bring the prices down and to stop charging for every little extra picture!!!! lmfao

as for mr bunnie or whatever, ok, nice work, you made it. now stop publishing it and go to work like a man.

Now who’s gonna crack the PS3 ? eh ?

45. mo says:

No ones denying the great work Bunnie and tmbinc have accomplished, we can only thank them for the immense amount of time and effort they must have put into that.

I know you guys like a challenge but to give away all the secrets you learned, and then say bring more on M$, well that’s just phat. BTW check out Felix’s laptop in the 3rd pic, superb its an Apple at Microsoft you guys sure know how to sock it to the redmond guys. 46. Lee says: Hi, I think these guys are sellouts, and they wanted to go to microsoft, with Msoft knowing what they had done. Wow your so great, if you wouldn’t have done it someone else would have, thats the thing. there is always someone smarter. You guys just think your slick cause you can go to microsoft with this bs. So you sell out everyone who cant afford 70$ games a piece. Im glad you nerds have had your moms basement on lock down for so long that nothing matters. I mean its so ridiculous that you would tell them about it. I say screw live. I have the original xbox, like the earliest version have had it moded since basically you could mod(or not long after). I have bought plenty of games. I just like being able to use my xbox for other things like playing movies and also trying games out before i buy them. But hey you guys do whatever you think will help you sleep at night. Since your so for security why would you hack them in the first place. just so that you can “help” them not get hacked. Cause thats retarded and sounds like a big waste of time. So if you died tomorrow you would want to be remembered for helping Microsoft and Xbox360 be more secure? Thats a great legacy to leave behind. Bill Gates is really losing alot of money over us let me tell you. made another how many million in the time it took me to write this. Obviously lost touch with what its really about. I will always be anti-corporation. Because of corporations like microsoft who use tactics just like these to get nerds like you to do exactly what you did.
Puppets on a string!!!

47. Ranniel says:

I used a chip to hack my xbox 1 console and I had changed the 10 GB HD for one that have 120GB, I use the xbmc and it is the best multimidia player that I have seen , better until that the best player software that I already used on windows , for emulations is like I have all consoles that I already had in only one , not only console how too all the best arcade that I had played in only one console, and I can play it at anywhere, I can say that the xbox1 is the best console , the best multimidia player an the best mounted of manufactures computer that I have seen !
I want see it on xbox360 too!!
Sorry about my english I live in Brazil and here the people don’t speak english.

48. redeath says:

quote:
wow, I knew the internet was full of retards, but damn, you guys take the cake. Do any of you even understand what you’re saying? You have no idea the kind of work and genious that felix and bunnie put into this, and their contacting microsoft shows their integrity and proves that not all hackers are out to steal games, which will only foster the relationship between ms and the community. Why fight the people that are giving us this console in the first place when we can work with them to make it better? I see comments like these and fear for the future of humanity. Great work guys, keep it up, and maybe one day, our voices will be heard and we’ll have homebrew without cheaters and thieves.

m8 you have lost site of the big piture its all abought the consumer not the company who make the products,if there happy, the company makes mony
you just think of all the broke ass poeple out there with famlys to support who want to give there kids the best possible enjoyment there wages can afford,if the have to give them a moded system”well so be it” personaly i think there should be a fine “balance”Do you call these sorts of people theives and cheaters.HOW DARE YOU,and you speak abought humanity

49. TheDude says:

bunny, you have done great work in the past for the homebrew scene, but it is now clear that you want to view yourself as a security specialist, and dont really have any allegiance the the homebrew scene that idolized you. That is all fine and good, use your skills as you see fit, but dont nullify the hard work of others by presenting it to microsoft just so that you can feel that you are still on the cutting edge of hacking the 360. Go ahead and sell out to microsoft if you choose, but dont sell out your peers, and dont be a mole for microsoft.

50. Dez says:

I can’t believe your response on this situation Bunnie! I’ve been a long admirer of your work. First and foremost, Linux will never run on the 360 because of the assistance your giving M$! The future that M$ is interested in is that of any other company. Making loads of money while withholding and limiting the potential of an investment that rightfully belongs to us the consumer! Your position as a forerunner of the “mod” scene is to implement access to the full capabilities of our investment! Instead the example given by a previous user stating that it’s as if your favorite band decides to sign to a major label and sell out fits you perfectly! You deny M$hasn’t paid you a dime or offered you a position briefing there team on there mistakes! Why else would you offer to help? Oh I’m sorry that’s right by helping a money hungry company with there flaws, they will now listen to the scene and decide that running a FREE OS that’s actually better than there own should be allowed to run freely on there system. Yes that makes total and complete sense! Give me a break! Look at the way M$ treats there consumers now; playing games online is not free, creating games on XNA is not free, downloading content you can view on digital cable isn’t even free! But yes Bunnie you continue and “represent” the scene to M$! Shame on you!! I hope Webster updates there definition of the word sellout, now to include bunnie. 51. 94snake says: I think they(Bunnie and co.) are smart for doing what they have done. What they did does not effect the pirates in anyway. They did open up any other ways to steal games and they didn’t close any holes to prevent it. We want homebrew. Or basically the ability to use what we bought in the way we see fit. If this leads to M$ being able to give us some kinda key for a linux launch CD, it would be worth it. They gave us HDMI(even though its cost more for now). When they see how big the homebrew scene is becoming with the PS3 and PSP. They may yet change thier minds.

I know people who would never even consider getting a PSP, till they learned how many other things one can do with it. The PS3 with homebrew will become popular aswell. Usually the format with more to offer becomes the most popular. I really don’t think the xBox1 would have been as big as it is, if it wasn’t for the modding community. People like to tinker with things. They like to find hidden value.

M$has done alot with Live. It is much more than just connecting people who want to play games. I don’t want them to jeopardize what they have going there. But if Bunnie and the gang can get them to see that we(consumers) want more out of the box, it will be a step in the right direction. For most people, this is too much money for a game system. Looking at Wii sales will tell you that. Let us run homebrew M$, please.

52. 94snake says:

EDIT: I meant to say “They did NOT open up any other ways to steal games and they didn’t close any holes to prevent it.”

53. TreyTable says:

Mo, everybody is in it for the money. You just have to understand what is meant by “it”.

Honestly I don’t see what all the fuss is about.

No homebrew, emulators, etc. on the 360? boo-fucking-hoo. No L:inux? wah-wah-wah. Christ, go make your own console and mod the shit out of it. Many people call those PCs.

What this bunnie does is his own business. He came out of the shadows, so maybe it’s time to step out of his.

54. Caligula says:

Sigh…. thanks a lot…. NOT

55. Englishnamja says:

Bunnie If I too had your detailed knowlage of computers I would also be sniffing up M$a**hole presenting myself as some kinda security specialist who wouldnt want a good wage with M$, after all they are the highest paid employeers.. Did you see the movie 300!? Let me claify who you are in the movie.. Youre the gimp/mongolid who wants to be “spartian” but gets rejected and joins the gay persian circus! spartian being the homebrew scene.. we thank your efforts in the past.. and we appricate all you have done.. but dont hinder other peoples efforts please.. and dont…be a mole within the homebrew community.

Thanks…

56. Xbox-Guru says:

To all the haters:

Don’t think for a second that MS weren’t aware of the vulnerabilities before this meeting. You are aware that they have internet access too, yes?

If MS wanted to just plug the hole, they would have done so. Instead, bunnie et al were invited to Microsoft to discuss the situation in more depth.

Remember, the competition allows the running of Linux completely out of the box with no modification required. MS need a reply to this and at present, there isn’t one.

Good work bunnie – hopefully those who matter will listen and we’ll see a better structured security system in the future.

57. flacsbird says:

Bad News . How much M$pay to you? . I don’t like Piracy but I don’t thing that was the correct way colaborate with M$ ( They never was interested in homebrew ) Now you close another way to feel free with M$consoles. 58. meneame.net says: Los hackers de la scene dan una conferencia interna sobre seguridad a Microsoft… Se trata de Mist, responsable de Xbox-Linux; Bunnie, quien rompiera la seguridad de la primera Xbox y Tmbinc, que hizo lo propio con la GameCube. Según ha revelado el propio Bunnie forman parte del grupo que descubrió la vulnerabilidad de Xbox 360, y… 59. no M$ please says:

>
I will always be anti-corporation. Because of corporations like microsoft who use tactics just like these to get nerds like you to do exactly what you did.
>

Amen!

60. Eli68 says:

Why don’t you guys just buy a ps3 for Linux and HB, I also have a 360 but since getting a PS3 haven’t touched the 360, I’am now running Ubuntu on my PS3 plus HB through it all with Sony’s support, MS are just full of crap thank god Sony has won me back and hopefully MS will start losing sales and figure out it’s better to give people an option instead of making a closed system.

61. Phunky says:

My god will so many of you stop your whining about Bunnie and Co going to speak with Microsoft.

Just because YOU want to have the 360 hacked a bit more for what ever reasons, look at it from the point of view.

There not selling out, there trying to get Microsoft on the Homebrewer’s side and show that theres a good place in the market for a console system that can be openly developed on.

62. TinyPete says:

I’m just curious as to why people think it is their RIGHT to run things like Linux on their 360’s or to be able to run games that they haven’t bought

If you can’t afford to buy a product then dont buy it. These are consumer products, not life giving essential items. You dont steal a car you walk past just cos you like it or your friends have it.

The fact that Microsoft has made money has nothing to do with anything – they are a company, like any other, who are trying to make money to pay their employees, who like to eat etc, etc

Just cos they were successful doesn’t mean you should mug them as they walk down the street.

Alas the internet allows people to hide behind the perception of anonymity and do and say things that they would never do in a ‘real-life’ situation.

Bunny and co. found an exploit. It’s their choice what to do about it. If they hadn’t told you they’d discovered it in the first place, then I doubt many of you could have found it yourselves in order to complain about their telling Microsoft about it.

So stop the hating and be happy that they tell you about these things at all.

Peace out.

63. flacsbird says:

They found the exploit and It’s their choice what to do about it but I don’t like their choice. All is the same…  … this is not scene

Bunny you got paid!!1 Good for you get money man. Don’t try to be a triple agent tho. man up about what you did(sell out) It is a free country do you man!!!! I hope you got a million for this. Make them pay you for all your hard work. Just don’t be a lap dog for Bill

65. Eli68 says:

Why don’t you guys stop complaining for gods sake, don’t blame Bunny blame MS for making such a closed system there the ones who don’t give a shit about HB just making money off there system plus there not holding a gun to your head to buy there system, I have a 360 as I know it will only EVER be a game system and i’am cool with that besides I bought my PS3 so I can do all the HB stuff and run Linux. There’s to many shitty xbox fanboys here that can’t believe there beloved MS are not interested in giving them HB without paying a price. Linux will never be running on the 360 FULL STOP

66. I would never deny anyone of getting paid for his honest work if that was his wish. And I honestly belive that Bunny havn’t gotten paid at all for this. He is a true hacker that is in for it just for the fun of it. The reward is in the credit he gets from guys that have an IQ high enough to appreciate the huge investment he is doing in this by spending spare time on something that might gain an anonymous comunity.
If you want to talk negative about someone, make sure you are a better person yourself first.

67. mike says:

@bunnie
i really agree with your explination, i think too many people are looking for a free ride here with no effort on their part.

It’s like when you’re at a red light turning right and are waiting for a clear spot in traffic while the guy behind you is honking for you too go, if you follow his command and jump out there you run the risk of getting in an accident and that guy won’t be there to help pay your bills later, at that point it’s just you.

68. […] Läs hela texten på Bunnies officiella blogg. […]

69. Bill says:

Do we really want to get in to bed with these guys:

http://www.theregister.co.uk/2007/05/14/microsoft_oss_patent_number/

70. XBNormUK says:

Reading some of these comments make me laugh! It really isn’t hard to spot the people who just want shit for free, and those who actually want to enjoy and develop homebrew.
The best laugh is the people who call themselves modders, and are slagging em off, dont make me laugh, you guys just dont get it, it all began with these guys, who quite frankly shit more sense than you guys are making!
You talk about MS being evil, come on get real, you just want your free ride and are pissed cos u cant make any money modding 360’s. Well remember all those xbox 1’s you modded, you wouldnt have been able to do it if it wasnt for the work of these guys so just how about showing a little respect. Hey, maybe all that money u made modding consoles, you should give 5% of every one to bunnie. lol
As regards the 360, I say ban the cheaters on XBLive, I also reckon once MS have it locked down, you will see a few drives playing back ups being detected and a few accounts getting banned, and I cant wait! For those who wanna moan about it, boo hoo, go buy the fucking game they arent even that expensive now and used copies turn up within weeks of new ones hitting the shelf!

71. SoldMySoul4Eva says:

What a pretentious load of crap…

72. Sid says:

Wow !!! So many angry, broke retards posting angry comments to Bunnie.

Bunnie, respect to you man. You live by example of how a hacker should be and how NOT to be a cracker. Ultimately, I want Linux on the 360, just to use it as a powerful media center PC (i.e. xbmc on HD steroids!).

To other guys who justify stealing a game or who think piracy is their “right”, please come to reality. Realize that you are broke and need to work a real job. If you can’t get a real job, you probably are dumb or didn’t get any education. Sorry … I feel for you in this case, but you can’t use that as an arguement. I mean, would you rant to Ferrari, “I work day and night to feed my wife/kids/dog/whatever and I can’t afford your ferrari, so I’m going to steal it. If you call the cops, then you guys are evil”. LOL … if you can’t afford it, then you/your kids don’t deserve that entertainment. This isin’t the only form of entertainment, you’re award of that right? A pack of cards, or a soccer ball are quite cheap.

Anyway, back you bunnie, do you know if MS will be releasing a signed Linux loader or if they will be creating any means for us to load homebrew without aiding piracy? A well designed security system can allow for this, so I’m curious about their ideas/strategy for this system i.e the xbox360 itself and not the “next” next-gen.

73. Interloper says:

Sounds like you guys had fun ;)

-Interloper

74. […] Via: El Otro Lado Via: Bunnie´s Blog […]

75. TriggerTom says:

Bunnie your work is grateful. But for me the problem is the Timeline:

Jan 03, 2007 – vendor contact established, full details disclosed
Jan 09, 2007 – vendor releases patch
Feb 28, 2007 – full public release

76. bunnie says:

There is an important misperception that needs to be corrected.

Many people are viewing the 360 hack as “bunnie’s” work. I did very little technical work on the hack. Felix (tmbinc) is the true technical genius behind the hack — please give him proper credit for his hard work.

You may continue to blame me (properly or improperly) for any diplomatic or political issues you may have with the situation.

77. Sid says:

Do you guys have slides from that event related to the xbox 360 security (technical or political) architecture ?

I’m EXTREMELY curious to know if they are planning on allowing homebrew to work legitimately on the xbox360 (“summer or fall update” anyone?) Eg. have a security policy in the hypervisor that if code with signature is running, block access to “xbox live” network stack (without blocking access to the entire network stack).

78. Dez says:

Ok, this example of stealing a car and blah blah is poposterious! The 360 is an item that we as a consumer own, anything placed on it is to no one’s concern! M$believes that we buy rights to there machine/software which has been a load of crap ever since XP! The example correctly explaining the situation at hand should be, it’s as if you buy a car and are not able to add performance parts to it, based on the fact that the manufactuer states it’s not supposed to operate out of the means they see fit. If you all want to side with M$ that’s fine, you all look retarded doing it. Just remeber this whole thread was noted in a “mod” scene website, what would you be doing in a “mod” site or a modder’s page if you didn’t believe in reverse enginering?

79. chris says:

I don’t understand why you should get into legal trouble by publishing a security hole?

Even publishing a linux-loader etc. should be no problem as long as it contains no MS code.

80. stev says:

Bunnie thank you for all the hard work you have done for us. I think the most people are only disapointed about the situation.

81. Calmiche says:

Honestly, the only thing I want on my 360 is the ability to run homebrew software. I don’t want pirated games! Heck, it’s getting cheaper and cheaper to play games without resorting to piracy. Gamefly is a good source and I wouldn’t be supprised if Amazon, Blockbuster and Netflixs were to get into this arena soon.

82. Cesar says:

I am wondering if such collaboration would allow for the removal of the ping limit, regarding xbox 360 games playing under System Link?

83. Eli68 says:

Why are all you people so DUMB, MS will never allow Linux to run on the 360 neither will they allow HB to work, even if someone finds a security hole it will be plugged with a update to the kernal. MS only want the system to run as a games machine and nothing else. The only system at present to have support is the PS3 which was designed from the beginning to allow Linux to work, I just don’t understand why you idiots expect it is your right to have Linux & HB to run on the 360. I can understand that my 360 will only ever be a games machine and for mucking around with Linux & HB I have my PS3.

84. […] And, to quote Felix, who posted in the comment round on a previous blog entry: […]

85. Sid says:

Dez, the car example is pretty legit. There were a lot of people complaining how bunnie screwed over people who can barely afford the games (hence I’m guessing they want pirated games?). My comment was to them, saying if you can’t afford the xbox, then whatever bunnie did shouldn’t really affect them at all. Pirating isin’t an option. Now I’m not exactly saying Piracy = stealing, because you don’t physically take an object that would other wise been sold elsewhere, but in either ways it’s wrong.

About me being against reverse engineering, by no way. My professional work used to be very close to it and I’ve been on either sides of the fenses. Let me just put it shortly – if you’re reverse engineering in grey/black areas (i.e piracy), any bad news should be taken in your stride. You don’t have any right to crib.

What I’m mad about is that MS doesn’t have a security policy (or a security system to enforce that policy) where Linux can be loaded. We need Linux and Homebrew – but not piracy. I thought they’d learn from Xbox1 and work such a working security system in place.

86. Mr. Nice Guy says:

u just vistited M$, and now the banning starts. 87. Nate says: Good job Bunnie and Felix. It looks like you pissed off the right people (i.e. something for nothing crowd) while releasing the details of your hack with full disclosure. This helps unmask the people hiding behind “I only want to make backups or run Linux” when all they care about is free games. I didn’t see as many complaints when the original 007 hack only allowed booting Linux, not piracy. Sure that got reversed pretty quickly, but for a time no one could complain about it without revealing themselves as a hypocrite. Your disclosure process for this flaw makes the line clear between the real hackers and the freeloaders. Congrats. 88. Kurto2021 says: You people don’t get it. What he did was try to improve the next Xbox’s security but also allow Homebrew a chance to be legit. Create different layers of security the most strict is for retail games and then a much less strict layer of security for homebrew. Currently there is only 1 lock and once that lock is open not only is homebrew enabled so is game copying. I would assume as a people in technical fields they decided that the hard work of the developers should be rewarded and they didn’t want to enable game copying. What this means is Xbox 720 could kick some serious ass!!!! 89. alex says: after the conference in microsoft all the mods xbox 360 got banned what you guys did ? 90. JackAz says: Coincidence that shortly after Bunnie met with M$ that consoles started getting banned?

Console Ban ultimately means more money for M$. You buy an Elite, mod the drive, you get banned. Whether you played online with pirated games or not, and it seems that if you have used your account on a modded xbox the same problem occurs. Now, this is where the Core SKU comes in handy. You just blow all this money on a console, and have to buy another to play LEGIT games online. Hey, Bunnie. How much profit are you making off this? 91. alex says: well not me i wont buy another xbox 360but i keep playing whit my back ups offline and most of the people will do the same 92. Hesit8 says: I’m with alex and Mr. Nice Guy. A coincidence…M$ bans start right after a visit with them? ouch

93. DV8ormods says:

Seems that the bannings are a culmination of time well spent on ms end.
They have been gearing up for this and implemented at the right time before there h3 comes out and there beta become spublic good job ms looks as if there will be the xtreme online fw to use pretty soon hope it works

94. Black Friday says:

Black Friday…

Anyone who lives within their means suffers from a lack of imagination. -Oscar Wilde :o)…

95. income tax says:

I almost accidentally went to this site, but stayed there for a long time. Delayed, because everything is very interesting. Be sure to tell you about all my friends.

96. liberty tax says:

The abundance of interesting articles on your website amazes me! Author – good luck and new interesting posts!

97. Chudo says:

It is interesting, but still would like to know more about it. They like!

98. Hi there, i recently thought i would comment and inform you your weblogs layout. It seems to look fantastic on the Firefox cell phone browser. Anyhow maintain the good work.