Slashdot Mirror
New "Secure" Xbox Cracked In Under A Week
ilsie writes "Numbnut says it all in his post at xboxhacker.net. To quote his post, 'On behalf of the Xbox Linux Team, I am proud to announce that at 10:45BST the 'v1.1' secure version of the Xbox was proven to be running arbitrary BIOS code in a normal 256KByte modchip - with no additional hardware required. In short, in under a week we were able to normalize the new box to enable it to interoperate with Linux properly.'"
Sorry but reverse engineering is pretty well established, if it wasn't then modern pc's wouldn't exist as Compaq would not have been able to reverse engineer the IBM bios and AMD would not have been able to reverse engineer the Intel CPU. Now they could try to come after them with the DMCA, but AFAIK these mod chips do not allow access to any protected content, but rather allow you to run arbitrary software on the hardware
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
It never occurred to me until reading the last sentence of your post, doesn't this in essence give Microsoft (and others) the power to create law? By standing behind EULAs it could be argued that governments give corporations a blank cheque to create legislation. "Put it in your EULA and we'll enforce it." (My EULA: IANAL)
It seems that everyone is considering this new xbox revision to be a security upgrade, which it really doesnt seem to be. A few things on the PCB have changed, such as the USB header now being integrated on the main mobo, and few other things.
It seems to me (and others) that MS did a slight revision to cut costs. While they were at it, they did a few (very minor) changes to the BIOS to deter hackers. It's kind of gotten out of hand how people are calling this the 'new version that MS created just to not be hackable'.
--falz
Didn't Nvidia have to write off a bunch of hardware that became obsolete when Microsoft changed the XBox?
Yes, that's definitely a desired attribute of contract law. Since laws that are on the book won't ever be able to cover everything or be able to keep up with the variety of private interactions that can occur that would need legal coverage, private parties can both agree to specific terms that go beyond what's explictely on the books. There is a limit to how extreme contracts can get (eg. you can't say that if you don't hold up your end of the agreement, that the other person gets to kill you), but there's a wide area there for "creating law".
The reason modchips don't fall under the DMCA is because they don't bypass access controls. The dmca defines protection devices as something that "effectively controls access to a work". Since you can't access data on a game CD any better with a modchip, it doesn't bypass anything. IANAL, though, so I might be wrong.
If I remember right, Mr. Gates himself related the story of reverse engineering MSDOS by dumpster diving for source code. There was also the incident of disk compression technology that was lifted from another company. To say that common people can not raise the hood of their own car to see how it works or put in a new engine might be called hypocritical.
These reminds me of one program supposedly protected by a well known hardware key. The thing was roughly this:
... KEY AND RUN PROGRAM}
IF (there is key on parallel port) AND (The key is working) {FORGET THE
A few NOPS and some correction on jump point and the program was running without the key. For an Assembler old timer, it took nearly 15 seconds to Veni Vidi Vici (Julius Cesar phrase - I came, I saw and I won).
Considering that these hacks are slightly similar and that the hack I described is more than ten years old, then one can take an estimation on the level of security in XBox...
Please show me the $199 PC that has a DVD drive, onboard NIC, decent video and sound that I can run into my TV and, while on, is pretty much noiseless that also plays Xbox games. Provide links, if possible, and I'll go buy one instead of the Xbox I was planning on buying (refurb on sale for $159.99 at Electronics Boutique!) today. If you could, please hurry as the sale ends this weekend.
I'm not being entirely sarcastic (if there really is a place that sells comparable $200 PCs, I would buy one), but I am tired of this whole "you can get PCs for the price of an Xbox" argument. My motherboard cost almost that much by itself. My video card cost more than that. Just because I can get a crappy Microtel or whatever at Wal-Mart for $200 bucks doesn't mean it's just as good.
Anyways, all of this hacking stuff is over my head, but I would assume that the challenge is kind of interesting and being part of the group that is a watchdog to the predecessor to Palladium must be at least part of the intrigue. But what do I know. *shrug*
And yet, an application on the IBM4732 was hacked a little under a year ago. Granted it wasn't the processor as such, but a very important application that is delivered with the processor. Getting the whole system right is hard.
If you want more material on why tamper proofing is difficult; Ross Anderson's team at Cambridge is a good resource. (And they have performed a number of nice hacks Markus Kuhn's optical eavesdropping for example).
Stefan Axelsson
It is not tamper proof. The vulnerability is the enivronment sensors, which can be neutralized. The worst design flaw is that the IBM4732 doesn't have a block of thermite sitting on top that destroys the hardware in case of tampering. That wouldn't be fool-proof, but would mean that your lab would destroy a number of them in the initial 'figuring out how it works' stage. (Even better than thermite is a larger bomb that kills your scientists along with destroying the device. But scientists are replacable, so all you are really doing is raising costs.) Without the thermite, your lab only needs to procure one extra, take it apart, find all the tamper sensors and figure out a method to neutralize them. After that, you can take apart all the IC's with impunity. And really at this point your work is done. You duplicate the RAM contents, figure out the private keys (they have to be stored somewhere), and you have all the information. Very expensive process, but doable.
A very interesting historical parallel is the British bomb defusers, who worked on defusing failed German bombs. At first it was dangerous, but still relatively easy. Afterwards the Germans starting figuring out ways to booby-trap the bombs just in case they didn't go off right away. This was defeated. And finally they engineered bombs specifically to kill bomb defuse teams. Even this was defeated. A very interesting history that includes many of the greatest acts of bravery during the war.
I know this is a little bit unscientific, and rather illusory but...
Xbox is small, nitty and costs only $200. It possesses a 3D chip, a not so bad 733MHz processor, ethernet connection and an hard drive. Frankly it is not so bad for a cheap cluster... Sincerly, I have seen a few clusters for which the cluster units were a little worse than XBox...
Maybe the chance for M$ to reach Top 500? Imagine, an horde of penguins helping up Redmond to reach the heights of computer industry...
The fact that we're being called "consumers" instead of "customers" sadly illustrates the cynical attitude of many corporate types. "Shut up and buy our stuff, you nose-picking, beer-guzzling sheep!"
To paraphrase someone else, most people, according to them, "are a bunch of pathetic hamsters who only know to press the pellet bar and chitter excitedly to one another about the size of the pellet they received."
I'm a customer, Mr. Gates, and as far as I'm concerned, entropy will claim the universe before I pay one red cent for another of your products.