Keeping Secrets in Hardware: Xbox Case Study

BS405397 writes "Here is the just released MIT whitepaper on the security holes in the MS X-Box, and for those who are interested, opens up the X-Box pretty nicely." Update: 06/04 17:13 GMT by M : The server appears to be down at the moment. There is a copy of the paper mirrored here. Reuters and other news outlets have now picked up the story, two days after Slashdot.

DMCA...

[Mr.+Smoove]

Doesn't this violate the DMCA?

Security holes in a gaming console?

[Yahiko]

I wasn't aware security was a big issue in gaming consoles. Is this just related to hacking into the hardware and getting the OS off of it or what? (I can't get to the PDF because of the /. effect I think)

Re:Security holes in a gaming console?

[clownshoe]

But what are you trying to secure on an Xbox really? Your saved games?

I have two answers to this.
1) Sure. Would you want some script kiddie to delete a saved game you've spent many hours working on? While it wouldn't be the worst thing in the world, it would be frustrating.

2) Microsoft intends the XBox to be the first of a larger presence in the family home. Imagine when everything in your house runs through the XBox (or similiar device) as MS ultimately envisions. Would you want B1FF to be able to get control over your home security system? Your climate control? Banking info? I wouldn't.

Better Ways to Hack it?!

[IronTek]

Hopefully, this is yet one more step in fully hacking the X-Box (can't tell because the site's been /.ed)

And I don't meant the usual Playstation-like hacking. I couldn't care less about not having to pay for games...

What I can't wait for are things like a DiVX player (DivX movies on TV!), Linux -> and with it all those wonderful applications, DVD Movies without the hardware adapter, etc. and all of this for only 200 bucks!

Many Dreamcasts were sold because of their hacking potential...just imagine what an X-Box is capable of! This, more than any reason, is why I'm hoping the X-Box pulls through and "makes it" among the video game platforms...

XBOX probing...

For those who where unable to see the .PDF, due to the ./ effect...
It is about searching for magic numbers :) probing the LDT/Hyper Transport Bus via an hardware tap board linked to a FPGA based custom sniffer. It seem a bit like a magic... but the only magical thing is the mind operating those (cheap!) hardware! :)

Very intresting read!

Bye!

Re:More from author on MSFT

[Henry+V+.009]

Since copyright has historically covered things that couldn't be generated automatically, I wonder if this guy could publish an algorithm to produce the key? (Besides, it should be short enough for fair use, anyway.)

This entire article is a troll! (in a way...)

[cscx]

OK, I've skimmed the PDF, and while the words "security holes in the XBox" in the article may lead you to think about traditional software buffer-overflow-I've-r00ted-your-box types of security holes... this article is about HARDWARE!! The PDF talks about hacking the hardware and getting around the encryption on the bootloader to be able to load your OS of choice, for example.

Meanwhile I'm reading posts from people who are nearly soiling themselves afraid to plug their XBox into a network for fear of being r00ted. What a joke. I bet when michael saw the words "XBox" and 'security hole' in the same sentence, he became so excited and nervous that he could hardly move his finger to click the button on the mouse. Sheesh.

Not there yet

[Animats]

Note that even after all this, the guy isn't even close to being able to make a disk that will boot on an unmodified XBox. Or a mod that doesn't require soldering.

He now understands the boot process, and can mess with it via hardware mods. But he has only the decryption key, which is the public key of the pair. To make a bootable disc, you need the encrypting (private) key, which is nowhere in the XBox. That key probably exists only in a vault in Redmond.

I don't really care all that much about the XBox, but if the RIAA and MPAA have their way, all audio and video equipment will be protected like this.

Why the security on a game console?

[A+nonymous+Coward]

I guess I am naive here. What is the point of making the X-box or any other game console hard to hack?

I used to believe the old saw that compared game consoles to razors; lose money on the console, make up for it on the games. But I read something recently which seemed (to me) to prove that everyone except M$ was making money on consoles too. So although it might make sense for M$ to prevent hacking for use as other than a game console, why would others do so?

Is it to prevent people from playing ill-gotten copies of games?

Is it to prevent cheating while playing a game?

Is it to prevent reverse engineering of a game?

I guess I just don't get it!

Re:This is great...

[squiggleslash]

Well, actually that's the coolest part. Microsoft is selling X-Boxes at a loss, in the belief that it can make back the money on games (hence the reason for producing the "secure" loader anyway: to prevent the loading of games produced by anyone who hasn't paid the Microsoft royalties.)

If there were a way of loading GNU/Linux or one of the BSDs onto the X-Box, you'd essentially have a working computer system subsidized by the company currently doing the most to harm free software.

Ironically it might even keep the platform "alive" for the users. The business model for the X-Box is screwed, and based on what MS *thought* other console manufacturers were doing rather than what they really are doing. Sony and Nintendo, and Sega for most of its life, sell consoles at cost, and make profits from the games. Someone somewhere decided that "at cost" meant "at a loss" and Microsoft thought that the success of console manufacturers apparently using an "at a loss" business model meant they could potentially succeed at it too.

Sega switched to the "at a loss" model, largely through desperation, and the consequence was that Sega became a publisher, not a manufacturer, because it couldn't subsidize the consoles, it didn't work. Microsoft may have deeper pockets, but few companies will chase an unrealistic business model just for the sake the chasing it, and Microsoft is left with a choice of continuing, and not gaining anything; selling the X-Box at cost in which case it will be substantially more expensive than its competition and probably will not achieve the type of market share Microsoft wants for it, or to drop the project for now and come up with a better idea.

Given Microsoft's past history, I'd say the last of these options is the most likely. This leaves current X-Box users with machines that will be quickly seen as "obsolete" and "unsupported", and while Microsoft will doubtless try to cut its losses by supporting them, I suspect it'll be more and more difficult to get X-Box support through means other than mail order as time goes on.

A project to open the X-Box, and turn it into a real PC, which is what getting the Linux kernel running on the X-Box could achieve, would help the end users, even if it wouldn't help Microsoft.

not quite

[Skuld-Chan]

Sure - but one could easily argue that its main purpose is to keep pirates from running unauthorized (copied) programs on it

and to keep developers from building their own executables without real dev kits (and depriving ms of royalties)

and it keeps game hack systems out - like the gameshark and the codebreaker like devices from running.

And before you bitch and moan about MS being a bunch of bastards - almost every game system that ever came along has had some system to keep developers, hackers, and users from explointing the technology inside. Even Atari was that way - mostly through Atari not releasing all the specs for programming it so their games could look better in comparision - and they sued the first company who dared defy them (I think it was sierra).