Slashdot Mirror

← Back to Stories (view on slashdot.org)

Keeping Secrets in Hardware: Xbox Case Study

Posted by michael on from the peeling-the-onion dept.

BS405397 writes "Here is the just released MIT whitepaper on the security holes in the MS X-Box, and for those who are interested, opens up the X-Box pretty nicely." Update: 06/04 17:13 GMT by M : The server appears to be down at the moment. There is a copy of the paper mirrored here. Reuters and other news outlets have now picked up the story, two days after Slashdot.

3 of 306 comments (clear)

  1. Re:DMCA... by dfn5 · · Score: 4, Insightful

    Then why wouldn't DeCSS fall into that category? I'd say that was a pretty good research project.

    --
    -- Thou hast strayed far from the path of the Avatar.
  2. Abstract by Hast · · Score: 4, Insightful
    A lot of people seem to belive that it's about network security. It is about hacking the boot procedure for the X-Box. This can be grasped just by reading the abstract to the paper.

    Abstract

    This paper discusses the hardware foundations of the cryptosystem employed
    by the Xbox TM video game console from Microsoft. A secret boot block over-lay
    is buried within a system ASIC. This secret boot block decrypts and verifies
    portions of an external FLASH-type ROM. The presence of the secret boot block
    is camouflaged by a decoy boot block in the external ROM. The code contained
    within the secret boot block is transferred to the CPU in the clear over a set of
    high-speed busses where it can be extracted using simple custom hardware. The
    paper concludes with recommendations for improving the Xbox security system.
    One lesson of this study is that the use of a high-performance bus alone is not a
    sufficient security measure, given the advent of inexpensive, fast rapid prototyping
    services and high-performance FPGAs.

    So no need to worry about DDoS or lost savegames. This is about playing unauthorized games, making a DiVX player etc.
  3. very interesting by Dr.+Awktagon · · Score: 5, Insightful

    I read that article and found it very interesting. It seems there's always a weakness in any security system, and a clever person with time on their hands can find it.

    But then it hits me: this "security" is to keep THE OWNER, the PAYING CUSTOMER, out of the product he bought. This "security" doesn't protect my family, me, or my possessions from absolutely anything. It serves no purpose except to make work for somebody at Microsoft and then somebody at MIT. If they left it out, they'd save both parties a lot of effort. I'm sure someone will build on this article and figure out how to easily run arbitrary code on the Xbox, and so the security will be a total waste. So why is it there?