Xbox Security Keys Changed

anth writes: "A couple a months ago we discussed some reverse engineering of the Xbox which discovered the security code. The last paragraph of this letter from Nvidia says MS changed the code, and that they had to write off chips with old code as a result."

Guess Nvidia didn't read the EULA

[SmallFurryCreature]

MS has the right to update and fix any software bit automaticcaly. :P

Re:Guess Nvidia didn't read the EULA

[Phil+Wilkins]

> About time they returned some of their ill gotten gains to the consumer. ...except that it's actually going down the toilet, not back to the consumer.

blamed

[mmThe1]

We never blamed Xbox.

Yes, Microsoft is the one. I never blame Windows or Visual Studio.

Hrmmm...

[vofka]

Surely the nVidia Lawyer types should have seen this kind of thing coming, and keeping that in mind, should have built a clause into their contract with Micro$haft stating that they would receive a certain acceptable minimum notice of a Code-Change, so that the manufacturing losses (and hence financial losses) were minimised?

Hindsight, it seems, once again has 20-20 vision!

Re:Hrmmm...

[SmallFurryCreature]

The lawyers probably would have seen had the glaring dollars signs from the sales people not blinded them. The Desktop GIANT planting an order 6 million + chips? Even if the lawyers saw it anything they said would have been drowned out be the cash registers.

The odd thing is that their tech guys didn't spot this. After all why should the graphics ship have the code hardcoded in it?

Re:Hrmmm...

[geirhe]

The odd thing is that their tech guys didn't spot this. After all why should the graphics ship have the code hardcoded in it?

Power consumption.
Speed.
Ease of programming.

The reasons for putting things in microcode or hardware are not hard to see if you are an ASIC designer.

I doubt the key has changed

I doubt they changed the key as it would be hacked just as easily as the last one. What they've probably done is changed the encryption method to make it harder to do so.. I mean if you're going to scrap a whole lot of chips, you better do it right.

Re:I doubt the key has changed

[martissimo]

that would be pointless, the MIT guy didn't even attempt to break MS's 128 bit RC4 encryption in the first place.

their weakness was that the data actually travels un-encrypted along a high speed bus on the mainboard for a very short run, and is checked after that run for a 32 bit "magic number" at the end of their plaintext stream... that is the spot he watched, he made a lil device that plugged into that bus and read the data as it streamed unencrypted.

unless they encrypted traffic on that bus it would be totally pointless, and the MIT guy who did the research also points out all the complications that doing so would cause (latency, power consumption, reliability)

his research (pdf warning) really is a good read if you havent gone through it yet.

Re:I doubt the key has changed

[Waffle+Iron]

If it is just a key change, they would have been better off if they had used one-time PROM cells inside the chip to hold the key. Then, the key could be set as the last step before the box leaves the factory. No need to throw away chips.

My heart weeps

[jmd!]

And that we will be taking an inventory write off in Q2 related to the amount of Xbox MCPs that were made obsolete when MSFT transitioned to a new security code (by way of the MIT hacker) and excess in nForce chipsets that we built in anticipation of higher demand of Athlon-based PCs.

O poor monopoly powers. Entire chip lines and console plans changed by a lone MIT student.

I love it.

Re:My heart weeps

[kubla2000]

Well, entire branches of the Linux kernal, and various other software projects, like Apache, are changed as a result of security exploits.

The ever-so-subtle distinction between your observation and that of the original posting is that when security holes force rethinkings and reworkings of applications and protocols in the Open Source world, there isn't an entire great big monopoly suffering, just some geeks losing sleep reworking code... as opposed to thousands and thousands of stock holders all of whom are wringing their teeth and gnashing their hands in hopeless, helpess despair as one whipper-snapper post-grad at MIT all but destroys their hopes and dreams of infinite wealth and world peace and dogs and cats loving each other... and god dammit I just can't go on for the shame...

This is a nice move from Microsoft

[JFMulder]

If for the software this changes nothing (and probably does, after all, the games must still play on the console), it probably changes something in the MOD chip. So that means that the new XBOX that is shipped will not be compatible with the old mocdhips. The result? MOD Chip installers will have to thrown away their old supply of mod chips to make new ones, unless there's a simple way to change the keys in the MOD chip. This is surely going to hurt the mod chip companies who will have to throw away their old mod chips and buy new ones. If Microsoft keeps changing the keys in the hardware often enough, the mod chippers are going to run in a lot of troubles determining which mod chip is needed for which XBOX. This is a brilliant move.

Re:This is a nice move from Microsoft

[SN74S181]

Does anybody have the code from the MOD chips in downloadable form, so we can evaluate it for ourselves? Usually it's just some PIC embedded controller or an FPGA. There should be a site where the code can be downloaded for free and people with the tools can make their own Mod chips.

Or are the Mod chips protected by 'security through obscurity' and hardware locks? If so, isn't that kind of ironic?

Re:This is a nice move from Microsoft

[Space+cowboy]

Not by end users. I suspect that the equipment to reprogram them costs more than an xbox

Actually FPGA's are normally programmed using EPROM's. Most FPGA's these days are actually static RAM cells, which are programmed at power up by reading data from an EPROM. EPROM burners are pretty cheap...

But in any case, FPGA hardware is ridiculously cheap. Go to fpgacpu.com and see for yourself - a 300,000-gate FPGA environment complete with programmer and s/w for ~$170 US. If you want a cheaper one, you can get 150k-gate ones for ~$120 US. Considering that a 32-bit CPU is ~20k-gates, that's pretty good :-)

Simon

Re:This is a nice move from Microsoft

[ivan256]

Yeah, more likely it'll provoke contract disputes or legal actions from nvidia, who doesn't want to have to throw out chips it's already made. If microsoft keeps this up, they'll never get nvidia to lower the price.

Is there really a big xbox game pirating scene?

This is all silly anyway. I remember when I was younger (under 16) I used to "pirate" video games. Of course back then that meant a 1-300k download. Probably took just as long though. As soon as I was old enough to have a job, and money I stopped doing it, and started actually paying for the games I wanted. It seems to me that beyond basic anti-piracy efforts, companies are wasting money on copy protection. The people that they stop can't afford the games anyway, and the "software pirates" that can afford the games tend to be the people who will use the money to break the new protection rather then purchase the game. It would be interesting to see a study that looked for a correlating revenue increase when a new copy protection scheme comes out. More importantly, how much cheaper would my games be if I wasn't shelling out a SafeDisc 2 royalty for every one of them?

Re:Do they learn their lesson

[Badanov]

Maybe Microsoft is getting ready to get into the video card/chip manaufacturing business and their logical first step would be to hose Nvidia.

geek girl

[t_allardyce]

"My girlfriend and I spent friday night in the lab together"

Oh man :( i wish i had a girlfriend like that. actually... i wish i had a girlfriend lol.

Re:geek girl

[Raul654]

It's time like these there should be a "+1, Pitiful" as a moderator option. Or, -1 maybe?

OpenXbox - PC - Bioxx

[nesthigh]

I wonder if this will have any affect on this soon to be realeased product. It's supposed to be bios upgradable.

Have a look here: Open Xbox - PC - Bioxx

Odd that it's just now coming out, eh? ;-)

Next

When will they start blaming Microsoft?

[Restil]

The next time they have to write off inventory because of a needed security change. Sure, hackers might not be the best friends to that contractual agreemnt NVidia has going, but at some point, they're going to get tired of writing off inventory and flushing money down the toilet just because Microsoft doesn't want people using the Xbox for ANYTHING but an XBox.

-Restil

Random observations.

[secondsun]

This really sucks for Nvidia. They had the Xbox chips ready to go and MS, instead of using up the current supply and then transitioning, forces Nvidia to scrap the line and go with their newly resecured chips.

An analagy to this would be if MS upgraded our operating system in the run of the night and billed us for it; even though we did not consent for them to do this.

What is really funny is that modding consoles does no damage to the companies bottom line. MS makes money from developer fees, developers make money from the games they sell, and hackers get to have fun and maybe download a hacked game. (this assumes they have a dvd burner, which many don't). By doing this MS has made the XBOX look bad to hardware devlopers [who loose when they have to scrap technology], software developers [wouldn't want MS to change something games rely on], and the tech elite[who don't like MS anyway].

Of course this really doesn't matter much when it comes to Xbox sales and games. As the old sayings go, the games speak for themselves. Too bad the Xbox family lacks vocal cords.

Secondsun

not really.

Modchips cost $5.
29F040 chips loaded with a proper .bin work fine.

dunno how much money im loosing here....

And when the next xbox rev. is hacked, and the next chips costs $5 as well, everyone will be laughing, because we all know Microsoft can't create a secure system if their lives depended on it

It works for them.

[Martigan80]

This is a great tax write off for them, just think of what they can claim per chip, and the R&D cost.

Re:News for Felons. Stuff that's illegal.

There is a huge threat of terrorism in America, the land of the free, right now and you folks are not helping by spreading this illegal material around.

First off, Lets get a "few" things straight.

1. I go out and work my ass off everyday to get money to buy things like CDs, Video Game Consoles, DVDs, DVD Players, etc....

2. I now OWN these items that I have purchased. I am told I can't copy my CDs, rip my DVD's to make a "backup" copy and burn it to a CDR media. Also, I am not allowed to modify any hardware that I own.. (Which by the way it sounds like to me.. That since I bought a computer that runs at a clock speed of 1.4GHz I am not able to overclock it to 1.6Ghz if I want to because it was sold to me as running at 1.4GHz, I dont like that.)

3. Soon if all of this DRM crap goes through I will not beable to install anything that is not approved by certain companies (i.e. Microsoft). Meaning I can't install Linux on a computer that I purchased with Microsoft Windows on it. Even though I OWN the damn thing. I won't beable to add new hardware as I want to, I will have to call Microsoft to let them know I changed my hardware configuration (Windows XP does this now).

When I BUY something, I like to know that I own it and can do anything to it I want. If I want to take it out back and beat it to a pile of junk (Office space senario with copy machine). I should be able to, If I want to change a few settings in the hardware, I should be able to. It is MINE. I PAID for it. I am NOT renting it. If I want to rent something I will go to Blockbuster, or go look for an apartment.

You dont rent your car do you? Atleast with a lease you have an option to BUY it after the lease is up. This is like "insert favorate car manufacturer here" saying you CAN'T change your exhaust on your car that you bought from us, even though you own it now, Oh yea BTW that factory radio you have, you are NOT allowed to put that in either. When you get a flat tire, YOU will put on said brand of tires or we will sue the crap out of you. Do you like being told that crap? I know I do not like it.

So please explain to me how this is "illegal", or any part of "terrorism"? Please also feel free to explain how this is "the land of the free", if I am not able to do any of the above.

- br0ken

Isn't it obvious?

[BandwidthHog]

Everybody's commenting about how all the parts of this story don't add up, that these megacorps wouldn't make such obvious blunders, or handle them so crudely. Hmm. While the old "follow the money" trick may not directly apply in this case, it's close enough.

What is the upshot of this incident, once you filter out all the distractions?

1) Hacker bypasses DRM-type security
2) Company "forced" to retool/change security
3) Direct, demonstrable monetary losses

They need to set precedents that exposing obvious security gaffes (unencrypted signal on the bus in this case) leads directly to major financial losses. Makes future prosecutions much easier.

Re:News for Felons. Stuff that's illegal.

[shepd]

Illegal doesn't equate to immoral. However, you seem to have those confused in your mind.
It is immoral to do physical harm to others. Many of us consider guns (most especially handguns) to be nothing more than a device intended to cause physical harm to others. This is immoral.
A device like a modchip is not intended to do physical harm to others. When I use a modchip, does Bill Gates bleed? Nope.
If you can't see the difference between a device that causes physical harm to someone, and a device that causes absolutely no physical harm to someone, you have a morality problem, and are part of the problem, not the solution.
You aren't one of those people who go around telling people that "Guns don't kill people. Death kills people." Are you? Because if you do, you're the nutcase.

that doesn't make sense

[RelliK]

Remember, it costs Microsoft $300 to make an XBox, but they sell it for $200. That's why:

The problem is that Microsoft already spent $300 to make an xbox. They lose that money no matter what. If you buy an xbox they will get $200 and partially recover their losses.

In short, Microsoft loses $100 on an xbox if you buy it. They lose $300 if you don't buy it.

Re:Just goes to show

[fferreres]

Maybe it's also a marketing move. The can claim all the extra stock was not sold due to the need to replace the hardware.

Ie: "it's not we couldn't sell it. We have to ditch the hardware because of piracy. All money lost due to piracy, DoD please help is, they are destroying the industry!"

So they turn an error in they part into something that can help them strategically. This is just a posibility, but with MS you never know (with Windows, they never did a reversion like this. Remember the bug in XP cds, they just release it on schedule even though the shipped version already had security bugs. They just solved them after release)

Re:X-Box vs. geek girl

[SkyLeach]

You guys really don't have grilfriends do you?

Compared to the EULA which comes with most females, M$'s EULA might as well read "do anything you want, anytime you want, any way you want".

Let's start with the basic rundown. The standard-issue female comes with a EULA which you "sign" without ever getting to read it. Any use whatsoever (even just looking at said female for very long) is considered signing. You are never allowed to read the EULA, but it will be referred to many times. Even should you abandon, leave or loose your female much of the EULA will remain in effect, and any parts of it can be re-enacted at her choosing at any future date. Even when you are given small glimpses into what this EULA might contain, it is usually encrypted and encoded in a format most males find completely confusing.

I would quote some of the more haneous parts of the female EULA, but my female's EULA promises dire concequences should I do so.