Hack Ideas

[Marshillboy]

Post hack ideas here, preferably ones that have to do with Zune software, but anything really is fine. This is just to give us some inspiration to get some hacks flowin.

[PityOnU]

Okay, now that we've fully exploited the ZuneLoc.dll, we need to move on to something a bit more higher level

I say our next order of business should be to create an artificial sync program. What I would like everyone to do is to go and get a program called Process Monitor from Microsoft, and a program called USBSnoop (if anyone has a better USB sniffer that is cracked, that would be great). Using these, we need to figure out a way to artificially sync with the Zune. From there, we can make an artificial updater to transfer edited kernels to the Zune.

As soon as I'm done with my Honors World Cultures project on this end, I will post what I got from monitoring the Zune, so you guys can have a look for yourselves.

Try to get those programs.

[lpxxfaintxx]

Yea, this should be our next goal.

[putis]

Quote:

Originally Posted by PityOnU

Okay, now that we've fully exploited the ZuneLoc.dll, we need to move on to something a bit more higher level

I say our next order of business should be to create an artificial sync program. What I would like everyone to do is to go and get a program called Process Monitor from Microsoft, and a program called USBSnoop (if anyone has a better USB sniffer that is cracked, that would be great). Using these, we need to figure out a way to artificially sync with the Zune. From there, we can make an artificial updater to transfer edited kernels to the Zune.

As soon as I'm done with my Honors World Cultures project on this end, I will post what I got from monitoring the Zune, so you guys can have a look for yourselves.

Try to get those programs.

Give me names of programs to search for.
..Since I don't know anything about these matters.

[PityOnU]

Quote:

Originally Posted by putis616

Give me names of programs to search for.
..Since I don't know anything about these matters.

Here is process monitor: http://www.microsoft.com/technet/sys...ssmonitor.mspx

With process monitor, it monitors everything going on in your system. What I found as the easiest way to use it was to start it up before you open the Zune program, and let it sit for a few seconds. Then, tell it to ignore everything it has captured, and open up Zune. This will make it so it will still capture all of the events, but it will only show the Zune.exe processes.

Here is USB Snoop: http://downloads.sourceforge.net/usb...0&big_mirror=0

USB Snoop is kind of hard to set up, and you have to know what your looking for. Read the readme or the help file that comes along with it because I can't really explain it. You have to use regedit to find out what your Zune is called, though.

[putis]

Heh, not for me to use, for me to download for you guys.

Quote:

Originally Posted by PityOnU

...if anyone has a better USB sniffer that is cracked, that would be great... Try to get those programs.

Give some names of programs to look for to have accessible to H&M and/or Rogues.

[PityOnU]

Quote:

Originally Posted by putis616

Heh, not for me to use, for me to download for you guys.

Quote:

Give some names of programs to look for to have accessible to H&M and/or Rogues.

Oh! Duh ;D My bad. I guess we at least have a tutorial now :P

A couple USB Sniffers I have found are Advanced USB Port Monitor (by AGG Software), Source USB (from SourceQuest), and USB Monitor Pro (by FabulaTech). Right now, Advanced USB Port Monitor looks like it's the best.

Thanks for helping out

[ZunePet]

>I say our next order of business should be to create an artificial sync program....
>... From there, we can make an artificial updater to transfer edited kernels to the Zune.

Been there, done that ;->
In fact, in two radically different ways:
#1) hacking the existing Zune software to download my own NK.BIN (and EBoot.bin and Recovery.bin). Software only mod.
#2) directly accessing the hard drive (details: http://zunerama.com/forum/index.php?topic=1273.0 ). Zune disassembly and extra hardware required

FWIW: Trying to trace the USB traffic is another way and may work, but may be the most difficult. If you want to reverse engineer the USB protocol, more power to you!

----
Using either #1 or #2 works for "downgrading" the firmware (eg: downgrade from the 1.2 firmware to the non-WiFi 1.0, both digitally signed by Microsoft, or the 1.1 version or the mysterious pre-1.1 version...)

However, otherwise edited boot files will not boot. The files are digitally signed. I have explained this in many different posts (way back 2+ months ago http://www.zuney.net/zune-hacks-mods....html#post2382 among others).
Unfortunately it has been widely ignored (because it is a very hard problem).

----
We need to find an exploit, like those found for the PSP (eg: the "TIFF" exploit).
We need to get the Zune CPU to crash or otherwise lose control in a predictable way.

[PityOnU]

Imposible you say? We're hackers. This is what we do, people ;D

Yes, it may come down to us having to find an exploit, but we have to try the other ways first to learn how the thing works

Either way, trying to do it is better than doing nothing

[uaktags]

personally..i think the easiest way to crash this thing...is to get its own syncing program, to sync random crap. If we can F with whatever handles the syncing process in the Zune Software, maybe we can get it to not find errors in files, and sync them anyway. This would inturn put curropt files on the Zune, and when it reads them...maybe crash. I kno its something i use to do if i wanted to F with my old programming rivals, i'd look at their programs, see the limits of it, and then keep hitting the limits until the thing busted and showed me a Blue Screen of Death

[ZunePet]

> Imposible you say?
I didn't say that...
Even the digital signature can be cracked with a 2^80 brute force SHA1 crack (2^63 if you apply some tricks). Not impossible, but you will be waiting a very long time ;->

re: corrupt files on the Zune
That's a good idea, and an often successful exploit (like the PSP TIFF hack/exploit). IMHO: Getting the files on the Zune isn't the problem (at least for now). Finding the bug in the Zune firmware that decodes them is the hard part.
If you have any idea of which corrupted data files to try, then please let me know.
The syncing and MTP tranfer process is more-or-less generic. In general the Zune doesn't check the contents of the files (until it tries to use them). It stores them in the media database on the device and does other non-obvious things (which you can't side-step with the so-called 'hard-drive hack')
Of course in the normal use, the ZUNE.EXE app running on the PC does a lot of checking and conversion that can get in the way.

[uaktags]

well i wsa just wondering...if the zune program uses .js to run many of its apps...maybe, just a thought, maybe the zune program uses this basic language too. maybe find a way to currupt images with text files/.js files....curropt videos with .js files/text...idk something like that

[PityOnU]

If we want to get corrupt code on the thing, we have the harddrive hack, could we transfer something with that? I know it won't recognize some of the stuff, but it recognizes picture files, right?

P.S. - Who wants to volunteer to possibly brick their Zune? Not it :P