A hacker using the name Habibi-Xbox revealed the exploit Saturday in a message posted on the Xbox Hacker Web site. Organizers of the Xbox-Linux Project confirmed the method works.
The trick involves the "save/load game" function in the James Bond game "007: Agent Under Fire," which normally allows players to save a file recording their progress in the game to the Xbox's hard drive and later reload it. Habibi found that by using one of several USB storage devices recognized by the Xbox, the "load game" screen can also be used to load other software, including compact versions of the Linux operating system.
The technique apparently exploits a "buffer overflow" flaw in the 007 game, a technique similar to that used by online vandals to. "Basically, there is a bug in the save handling, which has been found in several games," Habibi wrote in the posting.
Hackers have been working since shortly after the Xbox was released to modify the game console so it will run other types of software. Programmers have been successful inoutfitted with " ," grey-market add-ons that bypass security systems in the Xbox. But most mod chips require extensive and precise soldering work, limiting their appeal. A system that runs homemade software on an unmodified console is seen as essential to popularizing Xbox versions of Linux.
Michael Robertson, founder of Linux company Lindows, has encouraged such work with a two-part contest, each part carrying a $100,000 prize. Part A, for the first team to, has already been met, and a prize committee is selecting the winners.
Part B sets aside $100,000 for the first to run Linux on an unmodified Xbox. British programmer Andy Green, one of the founders of the Xbox Linux Project, confirmed Monday that the 007 exploit works and said it "will qualify for some or all of the prize." A final decision won't be made until the contest expires Dec 31, however, and a prize committee assigned by Robinson assigns credit.