Xbox Security Keys Changed

anth writes: "A couple a months ago we discussed some reverse engineering of the Xbox which discovered the security code. The last paragraph of this letter from Nvidia says MS changed the code, and that they had to write off chips with old code as a result."

Guess Nvidia didn't read the EULA

[SmallFurryCreature]

MS has the right to update and fix any software bit automaticcaly. :P

blamed

[mmThe1]

We never blamed Xbox.

Yes, Microsoft is the one. I never blame Windows or Visual Studio.

I doubt the key has changed

I doubt they changed the key as it would be hacked just as easily as the last one. What they've probably done is changed the encryption method to make it harder to do so.. I mean if you're going to scrap a whole lot of chips, you better do it right.

Re:I doubt the key has changed

[martissimo]

that would be pointless, the MIT guy didn't even attempt to break MS's 128 bit RC4 encryption in the first place.

their weakness was that the data actually travels un-encrypted along a high speed bus on the mainboard for a very short run, and is checked after that run for a 32 bit "magic number" at the end of their plaintext stream... that is the spot he watched, he made a lil device that plugged into that bus and read the data as it streamed unencrypted.

unless they encrypted traffic on that bus it would be totally pointless, and the MIT guy who did the research also points out all the complications that doing so would cause (latency, power consumption, reliability)

his research (pdf warning) really is a good read if you havent gone through it yet.

My heart weeps

[jmd!]

And that we will be taking an inventory write off in Q2 related to the amount of Xbox MCPs that were made obsolete when MSFT transitioned to a new security code (by way of the MIT hacker) and excess in nForce chipsets that we built in anticipation of higher demand of Athlon-based PCs.

O poor monopoly powers. Entire chip lines and console plans changed by a lone MIT student.

I love it.

This is a nice move from Microsoft

[JFMulder]

If for the software this changes nothing (and probably does, after all, the games must still play on the console), it probably changes something in the MOD chip. So that means that the new XBOX that is shipped will not be compatible with the old mocdhips. The result? MOD Chip installers will have to thrown away their old supply of mod chips to make new ones, unless there's a simple way to change the keys in the MOD chip. This is surely going to hurt the mod chip companies who will have to throw away their old mod chips and buy new ones. If Microsoft keeps changing the keys in the hardware often enough, the mod chippers are going to run in a lot of troubles determining which mod chip is needed for which XBOX. This is a brilliant move.

Re:This is a nice move from Microsoft

[SN74S181]

Does anybody have the code from the MOD chips in downloadable form, so we can evaluate it for ourselves? Usually it's just some PIC embedded controller or an FPGA. There should be a site where the code can be downloaded for free and people with the tools can make their own Mod chips.

Or are the Mod chips protected by 'security through obscurity' and hardware locks? If so, isn't that kind of ironic?

geek girl

[t_allardyce]

"My girlfriend and I spent friday night in the lab together"

Oh man :( i wish i had a girlfriend like that. actually... i wish i had a girlfriend lol.

Re:geek girl

[Raul654]

It's time like these there should be a "+1, Pitiful" as a moderator option. Or, -1 maybe?

When will they start blaming Microsoft?

[Restil]

The next time they have to write off inventory because of a needed security change. Sure, hackers might not be the best friends to that contractual agreemnt NVidia has going, but at some point, they're going to get tired of writing off inventory and flushing money down the toilet just because Microsoft doesn't want people using the Xbox for ANYTHING but an XBox.

-Restil

Random observations.

[secondsun]

This really sucks for Nvidia. They had the Xbox chips ready to go and MS, instead of using up the current supply and then transitioning, forces Nvidia to scrap the line and go with their newly resecured chips.

An analagy to this would be if MS upgraded our operating system in the run of the night and billed us for it; even though we did not consent for them to do this.

What is really funny is that modding consoles does no damage to the companies bottom line. MS makes money from developer fees, developers make money from the games they sell, and hackers get to have fun and maybe download a hacked game. (this assumes they have a dvd burner, which many don't). By doing this MS has made the XBOX look bad to hardware devlopers [who loose when they have to scrap technology], software developers [wouldn't want MS to change something games rely on], and the tech elite[who don't like MS anyway].

Of course this really doesn't matter much when it comes to Xbox sales and games. As the old sayings go, the games speak for themselves. Too bad the Xbox family lacks vocal cords.

Secondsun

Re:News for Felons. Stuff that's illegal.

There is a huge threat of terrorism in America, the land of the free, right now and you folks are not helping by spreading this illegal material around.

First off, Lets get a "few" things straight.

1. I go out and work my ass off everyday to get money to buy things like CDs, Video Game Consoles, DVDs, DVD Players, etc....

2. I now OWN these items that I have purchased. I am told I can't copy my CDs, rip my DVD's to make a "backup" copy and burn it to a CDR media. Also, I am not allowed to modify any hardware that I own.. (Which by the way it sounds like to me.. That since I bought a computer that runs at a clock speed of 1.4GHz I am not able to overclock it to 1.6Ghz if I want to because it was sold to me as running at 1.4GHz, I dont like that.)

3. Soon if all of this DRM crap goes through I will not beable to install anything that is not approved by certain companies (i.e. Microsoft). Meaning I can't install Linux on a computer that I purchased with Microsoft Windows on it. Even though I OWN the damn thing. I won't beable to add new hardware as I want to, I will have to call Microsoft to let them know I changed my hardware configuration (Windows XP does this now).

When I BUY something, I like to know that I own it and can do anything to it I want. If I want to take it out back and beat it to a pile of junk (Office space senario with copy machine). I should be able to, If I want to change a few settings in the hardware, I should be able to. It is MINE. I PAID for it. I am NOT renting it. If I want to rent something I will go to Blockbuster, or go look for an apartment.

You dont rent your car do you? Atleast with a lease you have an option to BUY it after the lease is up. This is like "insert favorate car manufacturer here" saying you CAN'T change your exhaust on your car that you bought from us, even though you own it now, Oh yea BTW that factory radio you have, you are NOT allowed to put that in either. When you get a flat tire, YOU will put on said brand of tires or we will sue the crap out of you. Do you like being told that crap? I know I do not like it.

So please explain to me how this is "illegal", or any part of "terrorism"? Please also feel free to explain how this is "the land of the free", if I am not able to do any of the above.

- br0ken

Isn't it obvious?

[BandwidthHog]

Everybody's commenting about how all the parts of this story don't add up, that these megacorps wouldn't make such obvious blunders, or handle them so crudely. Hmm. While the old "follow the money" trick may not directly apply in this case, it's close enough.

What is the upshot of this incident, once you filter out all the distractions?

1) Hacker bypasses DRM-type security
2) Company "forced" to retool/change security
3) Direct, demonstrable monetary losses

They need to set precedents that exposing obvious security gaffes (unencrypted signal on the bus in this case) leads directly to major financial losses. Makes future prosecutions much easier.

Re:Just goes to show

[fferreres]

Maybe it's also a marketing move. The can claim all the extra stock was not sold due to the need to replace the hardware.

Ie: "it's not we couldn't sell it. We have to ditch the hardware because of piracy. All money lost due to piracy, DoD please help is, they are destroying the industry!"

So they turn an error in they part into something that can help them strategically. This is just a posibility, but with MS you never know (with Windows, they never did a reversion like this. Remember the bug in XP cds, they just release it on schedule even though the shipped version already had security bugs. They just solved them after release)

Re:X-Box vs. geek girl

[SkyLeach]

You guys really don't have grilfriends do you?

Compared to the EULA which comes with most females, M$'s EULA might as well read "do anything you want, anytime you want, any way you want".

Let's start with the basic rundown. The standard-issue female comes with a EULA which you "sign" without ever getting to read it. Any use whatsoever (even just looking at said female for very long) is considered signing. You are never allowed to read the EULA, but it will be referred to many times. Even should you abandon, leave or loose your female much of the EULA will remain in effect, and any parts of it can be re-enacted at her choosing at any future date. Even when you are given small glimpses into what this EULA might contain, it is usually encrypted and encoded in a format most males find completely confusing.

I would quote some of the more haneous parts of the female EULA, but my female's EULA promises dire concequences should I do so.