Frequently Asked Forum Questions | ||||
Search Older Posts on This Forum: Posts on Current Forum | Archived Posts | ||||
A programmer's perspective | |
Posted By: Xorian <ken@xorian.net> | Date: 7/22/08 11:58 a.m. |
In Response To: Warning - do not open halo 3 image "im on fire" (sharpsniper99) : The image itself is a mod, or perhaps a overloaded picture (if thats : possible) - either way it causes your xbox to freeze, it has apparently : even caused rrod in older console's. I was a little surprised when I heard about this. I think I might understand one method by which you could do this. There are USB devices you can buy which will allow you to read and write the Xbox 360 memory units from a PC. I've been using one of those for a while to archive Halo 3 content so that I can go past the "100 custom content items" limit. (I have a lot of saved films, film clips, and screenshots.) I've been using this purely for archiving and restoring, but with some extra software I'm sure it's possible to modify the contents on the memory unit. This may be how they're getting arbitrary images into Halo 3 and from there uploaded to file shares. I could definitely understand how an invalid image file could cause the software (either the game or the whole Xbox 360) to freeze. It might even be possible to do more malicious things. Bugs in software that make assumptions about data content can sometimes be exploited to make the software do bad things. (This is usually called code injection.) What surprises me about this is that I would have expected Bungie to anticipate and guard against this sort of injection of images that weren't generated by the Halo 3 theater. The Halo software could have digitally signed each screenshot. The signature could then be checked are various points (by the server when uploading to a file share and by the Xbox when downloading from a file share). Of course maybe there are such protections in place. Maybe the people doing this have managed to extract the private key used to sign the images from the Halo 3 game data and are signing these injected images using it to defeat the signature checking. I'm just guessing.
|
|
Replies: |
The HBO Forum Archive is maintained with WebBBS 4.33. |