Slashdot Mirror

← Back to Stories (view on slashdot.org)

Keeping Secrets in Hardware: Xbox Case Study

Posted by michael on from the peeling-the-onion dept.

BS405397 writes "Here is the just released MIT whitepaper on the security holes in the MS X-Box, and for those who are interested, opens up the X-Box pretty nicely." Update: 06/04 17:13 GMT by M : The server appears to be down at the moment. There is a copy of the paper mirrored here. Reuters and other news outlets have now picked up the story, two days after Slashdot.

3 of 306 comments (clear)

  1. This entire article is a troll! (in a way...) by cscx · · Score: 4, Interesting

    OK, I've skimmed the PDF, and while the words "security holes in the XBox" in the article may lead you to think about traditional software buffer-overflow-I've-r00ted-your-box types of security holes... this article is about HARDWARE!! The PDF talks about hacking the hardware and getting around the encryption on the bootloader to be able to load your OS of choice, for example.

    Meanwhile I'm reading posts from people who are nearly soiling themselves afraid to plug their XBox into a network for fear of being r00ted. What a joke. I bet when michael saw the words "XBox" and 'security hole' in the same sentence, he became so excited and nervous that he could hardly move his finger to click the button on the mouse. Sheesh.

  2. Not there yet by Animats · · Score: 5, Interesting
    Note that even after all this, the guy isn't even close to being able to make a disk that will boot on an unmodified XBox. Or a mod that doesn't require soldering.

    He now understands the boot process, and can mess with it via hardware mods. But he has only the decryption key, which is the public key of the pair. To make a bootable disc, you need the encrypting (private) key, which is nowhere in the XBox. That key probably exists only in a vault in Redmond.

    I don't really care all that much about the XBox, but if the RIAA and MPAA have their way, all audio and video equipment will be protected like this.

  3. not quite by Skuld-Chan · · Score: 5, Interesting

    Sure - but one could easily argue that its main purpose is to keep pirates from running unauthorized (copied) programs on it

    and to keep developers from building their own executables without real dev kits (and depriving ms of royalties)

    and it keeps game hack systems out - like the gameshark and the codebreaker like devices from running.

    And before you bitch and moan about MS being a bunch of bastards - almost every game system that ever came along has had some system to keep developers, hackers, and users from explointing the technology inside. Even Atari was that way - mostly through Atari not releasing all the specs for programming it so their games could look better in comparision - and they sued the first company who dared defy them (I think it was sierra).