Slashdot Mirror
New "Secure" Xbox Cracked In Under A Week
ilsie writes "Numbnut says it all in his post at xboxhacker.net. To quote his post, 'On behalf of the Xbox Linux Team, I am proud to announce that at 10:45BST the 'v1.1' secure version of the Xbox was proven to be running arbitrary BIOS code in a normal 256KByte modchip - with no additional hardware required. In short, in under a week we were able to normalize the new box to enable it to interoperate with Linux properly.'"
By any chance, has anyone checked to see if Microsoft modified the EULA when they released the new version of the Xbox? It would be interesting if they stuck anything in there that would strengthen their ability to prosecute and/or seek damages for circumvention of the protection scheme.
-- Button up, your ignorance is showing
and crack it.
We could all benefit from my education.
could these xbox hackers come over and get my ms office from asking for my cd every time i do a 'find' in explorer?
that would REALLY impress me.
It brings me to this following tought: You can't protect anything that user has physical access to. Same situation is observable amongst CD 'copy (mis)protection' . Smart lads crack it in one week session. Maybe people should stop wasting money on copy proections and focus instead on actual product?
Lone Gunmen crew.
Proves that there is nothing microsoft can do to secure the xbox. Oh well, thank god for xbox hackers!
keanmarine.com
The good, hard working, people at Microsoft(tm) have worked long and hard to give you a Video-Game systmem that plays the games you want.
Instead of happily purchasing the system and all twelve games, and three extra HandHurt(tm) controllers - you go and make the poor people at Microsoft(tm) cry.
I think it's time you helped a good American(tm) company like Microsoft, instead of promoting the Communist-Finnish Linux.
Please, don't take food out of a fellow American(tm) - buy your Xbox today!
(MS: Please credit MSDN account #2341 for this post)
Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.
What about waiting for the first Palladium machines, and hacking those ?
Hacking the X-Box is great, I'm sure. But how much greater to wait for the companies most keen to restrict all our rights to invest a whole lot of money in Palladium - just to see it cracked and made completely useless ? It might even make them completely give up on the whole idea for a long, long time to come.
Because the product is an autonomous unit, obviously anybody is free to hit it from any angle until the security is broken.
I'm sure Microsoft doesn't really expect that the XBox product will be totally secure. So it's probably not such a big deal whenever the product is cracked.
However Microsoft's sporatic changes to the XBox security may easily cause confusion to consumers who try to purchase mod chips (because different version exist), which in and of itself it a good tactic. Frustrated consumers are probably less likely to spend money on modifications after they find some mods don't work (because they are meant for a different version of the XBox).
It seems that everyone is considering this new xbox revision to be a security upgrade, which it really doesnt seem to be. A few things on the PCB have changed, such as the USB header now being integrated on the main mobo, and few other things.
It seems to me (and others) that MS did a slight revision to cut costs. While they were at it, they did a few (very minor) changes to the BIOS to deter hackers. It's kind of gotten out of hand how people are calling this the 'new version that MS created just to not be hackable'.
--falz
It doesn't matter if you hire the smartest people you can find... theres always someone out there smarter. Microsoft may have put it's best people behind it's security initiative, but there are always going to be people out there that are more intelligent- not to mention more motivated. Or to make this a bit simpler... I think there are more people who want to hack the Xbox then there who don't want it hacked- it's pretty obvious who's gonna win. All MS will do is going to do is make it more challenging and guess what... theres plenty of people who like challenges. The more challenging it is, the more it's "just gotta" be hacked.
Blender And Linux Fan
Microsoft would avoid the embarrassment by including a Linux CD with each Xbox.
kinda funny how this security thing is a one way arms race... they make better and better security checks, meanwhile crackers (instead of trying to keep up and trick the checks) can simply hex edit the security right out ;)
This may be a bit more invovled, but it proves DRM will never really work, because computers were never originally designed to support restriction management, and retrofitting is too hard to implement since so many people already have really fast (unrestricted) computers/parts/technical knowledge.
Either way, if you can play music, and you have a line out, you can make copies... this is the same kinda thing.
Didn't Nvidia have to write off a bunch of hardware that became obsolete when Microsoft changed the XBox?
"WHY would you want to run Linux on your X-Box? That is beyond me. You can get a fast PC for under $300. And a monitor - TVs have totally shitty resolution"
Answer (for some)
Find me a PC that can do progressive scan and/or component-out for under 300$. Now, hooked up to a nice plasma/front projector, etc etc, I can
- Run emulator's, yum!
- Watch any type of media that I please, full screen
That's just for starters. There is always a legit counter point. For me, I could pick up the new AIW 9700 with component-out, but I've already spent 300$ right there.
This is what excites joe-blows like me, no more having to drag the PC into the den and run a shitty s-video/whatever output to my HDTV.
I hope I've helped people to see one appeal for going through the long process of getting the xbox ready to run Linux, then running 100's of things thru that, including W2K.
It doesn't matter wether Palladium gets cracked or not, because for the vast majority of users, there will be no difference. The security may be "good enough" so that it can only cracked by using illegal hardware.
If the majority ("average users") can't break the security, then any solution is useless.
Don't you get it? The Xbox is Microsoft's test case for Palladium. They try their best to secure the Xbox and wait for the hackers to bust it. They keep on doing this until they find a way to lock it down to the point were nobody can hack it. Then they role out Palladium with all the safe-guards in place and hacker tested. You XBox hackers are just a tool of Microsoft!
Disclaimer: I am numbnut.
The 1.1 version of the Xbox is certainly designed to be Palladium Lite. The concept is that no code is executed unless it matches a one way hash signature. The only exception is the boot ROM (512 bytes) which lives in the nVidia-designed MCPX chip; this is used to validate the next code to execute, which validates the next code to execute and so on.
Unfortunately for MS (and perhaps nVidia), they chose a hashing algorithm which already had a known flaw. The hash, which works on QWORDS (64-bit quantities) is completely insensitive to b31 and b63 of a QWORD both being inverted.
Doubly unfortunately for MS, the VERY FIRST DWORD of the hashed region is the entry point, and contains a long relative jump. The effect of flipping b31 and b63 on this QWORD is to retarget the jump to RAM.
Triply unfortunately for MS, they have a small interpreter built into their ROM code, whose instruction set is capabel to to IO amd memory r/w before the bootrom is validated and executed. It was trivial to add some memory writes to the interpreted code stream to prep the memory targetted by the modified jump with a jump back into the flash.
The end result is perversion of the hashed region in a way invisible to the hashing algorithm, and execution flow jumping to arbitrary code in the flash.
I urge anyone interested in both the technical detail and the larger issues raised by this to read the threads on http://www.xboxhacker.net as this is a much larger issue than simply another Xbox crack.
Compared to what it costs to create a given security, breaking it costs very little.
The best way to cut down on software piracy, the very best way bar none, is to cut down on the incentive for it. When software makers decide to get really competitive on pricing issues you'll see a big chunk taken out of the piracy market as a result. Especially commercial bootleggers who might see a bright future in investing in the hardware to mass-produce illegitimate copies of software they can retail at $69.95-$499 and higher. Dropping the price in that category drastically would take much of the wind out of the sails of a commercial pirate who has to spend the bucks to setup a successful CD-bootlegging operation. At $19.95 it gets even better, and the pirate has even less incentive.
That's why it's always been difficult for me to believe software piracy is anywhere near as bad as these companies make it out. If it was they'd be lowering prices to drive the bootleggers out of business. Instead of protection against pirates it seems more a case of these companies wanting to build greed-protection mechanisms instead.
Frankly, why should MS care if some hobbyist decides to mod his xBox to run Linux? Linux won't run any of the xBox software MS would receive a royalty for anyway, and in that case selling an xBox to a Linux hobbyist is one more xBox sale MS would not have made otherwise. (Granted I am not such a person so it's possible I've missed something material here.)
... why anyone should want to run Linux on an Xbox? What will you be able to do with it that you can't do with Linux running on a proper computer?
Actually, the paddalium is what Bill Gates will shortly be applying to the bottoms of these naughty hackers.
lethal voltages in the system will be microsofts next security measure
"Sic Semper Tyrannosaurus Rex."
This post is not meant as a flame or insult, I'm genuinely curious.
There are a few possible reasons for this hack:
It's cool.
Because it's there.
Because you want to piss off M$.
You didn't have anything better to do.
But, using the XBox as a cheap Linux PC isn't one of them as PCs can be found for $199. So, my question is; what is your motivation to spend so much time hacking the XBox?
I would recommend you read up on the legal issue of reverse engineering because it is under attack and it is not at all obvious that it will survive. I believe the latest issue of ACM Communications has an excellent article on the topic. Recent US Government laws are very disconcerting.
640x480 = 480p
1280x720 = 720p
1920x1080 = 1080i
(I borrowed the 720p and 1080i from some site, so I'm not sure if they will work)
(and I can't remember any others, but there are)
On http://www.epanorama.net/ if you look you can find something like:
(From http://www.epanorama.net/links/videocircuits.html
You can also find links for going component to RGB if you want to run an Xbox (or PS2 or DVD player).
FWIW this is a starting reference, don't try something unless you are willing to take a chance that it might screw something up really bad.
unless, of course, he's half of a two-person team of hackers...
mmm... yeah... You see, we're putting the cover sheets on all TPS reports now before they go out...
Mr. Gates himself related the story of reverse engineering MSDOS by dumpster diving for source code
That's theft of trade secrets, if true. "Reverse engineering" is treating the object in question (program or device) as a black box with inputs and outputs and reproducing its behavior exactly, without access to source documents.
This would be really cool if Microsoft had not shut Lik Sang down, because without a mod chip this doesn't really do me much good.
Pretty much every mod chip out has always made the systems skip their "authentic CD/DVD" check, so a backup (or illegal copy...) of a game will work. Now, with XBox Linux, there are definitely legitimate and legal uses for a modded XBox, which in a reasonable legal system would mean that DMCA wouldn't have an effect here. But we all know that DMCA and reasonable don't belong in a sentence together...
Judging from the X-Box's market share (or lack thereof), the general populace cares about as much about the X-Box as they do about Linux (which isn't a whole lot).
And even though the number of people using X-Boxes as cheap PCs is small, Microsoft certainly appreciates not having those consoles as unsold inventory (which would cost them even more).
Ita erat quando hic adveni.
I don't recall the EB guys hounding me to sign some sort of contract when I bought my Xbox. In fact, I don't recall any sort of contract in the box with it that I signed.
The closest thing I could find was the ABOUT XBOX in the dashboard, which talks about how the softvare on the Xbox is protected by copyright law. Since I have no intention of pirating the Xbox dashboard, I think I'm legal.
Plus, once I own something, it's mine. As I've said before, I could rip off the top of my Xbox, put all my night soil in there, and grow flowers from the rich loam. Microsoft can't say anything to me about the use of it, because I own it.
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
I know this is a little bit unscientific, and rather illusory but...
Xbox is small, nitty and costs only $200. It possesses a 3D chip, a not so bad 733MHz processor, ethernet connection and an hard drive. Frankly it is not so bad for a cheap cluster... Sincerly, I have seen a few clusters for which the cluster units were a little worse than XBox...
Maybe the chance for M$ to reach Top 500? Imagine, an horde of penguins helping up Redmond to reach the heights of computer industry...
If you mean by "bad name" that they stand for the right of people that BUY a product to use it without fear of being hounded by an lawbreaking organisation such as Microsoft, or that they aim to defend the written law of fair use from being destroyed by bribes and corruption at the highest levels of the judicial system then I'm all for being called "Mudd".
Perhaps the OSS and free software community should consider a different approach to establishing their self-image and promoting their cause.
Perhaps you should consider your position as a marketing droid's wet dream. Perhaps you should consider your role as an instrument of corporate interferance in everyday life. Perhaps you should consider smelling the coffee.
It would appear that you have lost sight of what (not just) Microsoft are trying do here: they are trying to say "You paid us fair and square for our machine but we still own it and, in fact, we now own a little bit of you because we can tell you what (not) to do with our little box of tricks."
As a great man once said "Fuck that".
TWW
"Encyclopedia" is to "Wikipedia" what "Library" is to "Some people at a bus stop"
Comment removed based on user account deletion
Why the bear went over the mountain.
The answer is to see what he could see.
If you do not understand the zen of running Linux an whatever you want to after a little effort, then do not comment.
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
On the contrary. This is simply enabling the Xbox to do something that the PS2 already does. If anything, it should increase Xbox sales.
RMN
~~~
The fact that we're being called "consumers" instead of "customers" sadly illustrates the cynical attitude of many corporate types. "Shut up and buy our stuff, you nose-picking, beer-guzzling sheep!"
To paraphrase someone else, most people, according to them, "are a bunch of pathetic hamsters who only know to press the pellet bar and chitter excitedly to one another about the size of the pellet they received."
I'm a customer, Mr. Gates, and as far as I'm concerned, entropy will claim the universe before I pay one red cent for another of your products.
My feelings for MS are widely know, but for once I'm not trying to troll.
Given the facts, how is this news?
In my eyes, it isn't.
What WOULD be news would be "secure xbox cracked after exhaustive 6 month effort by 3 teams of 1200 people".
Agreed?
-- Note: If you don't agree with me, don't bother replying. I won't read it.
This new revision had the security key changed. Microsoft had to scrap a lot of the older parts to make this change. The change had only been implemented in the plant that supplies Australia and it's already cracked. That's why it's news.
"They keep on doing this until they find a way to lock it down to the point were nobody can hack it. "
It costs them big money (or rather NVIDIA in this case - Microsoft is trying to stick them with the bill) to change the locks. break it often enough and MS look like idiots.
Even if they finally solve this, nobody will buy copyprotection from idiots.
Anyone know of a crack for Mathematica? Since you basically have to have a PhD in Math to get even a secretarial position at Wolfram, let alone a programming job, they're the real baseline for 'hiring the smartest people you can find'.
As I said, I was not trying to flame or insult you, or anyone else. Despite my disclaimer, I still got a few flames (I love Slashdotters) :^)
But, thanks for your answer, I appreciate your time. I really wanted to know what your personal motivation was, and now I know. I do agree with your views regarding MS and their licensing. As for what I am doing about it, I'm NOT purchasing their products. They can take Licensing 6.0 and stuff it!
Can it still play X-Box games? It might be fun to try, but the reason I bought the X-Box was for games. of course, I only own one game. Still waiting for that killer app...
You were mistaken. Which is odd, since memory shouldn't be a problem for you
How long until Tengen makes an unlicensed version of Tetris for Xbox that's better than the official version?
It is in the latest issue. It says 'reverse engineering under siege,' It doesn't attempt to predict who will win the legal matters, but explains what the threat is and how it will cause extreme harm to the tech industry if reverse engineering is taken away. Most slashdotters probably know most of that, but it is an interesting read.
"Never, never suspect the dreams within the dreams of dreaming children." ~The Amazon Quartet
Comment removed based on user account deletion
Security through obscurity:-2
Determined hackers:+2
This will work out exactly like the sat piracy in the BUD (Big Ugly Dish) era. It's now general knowledge that General Instruments was making all of the 'pirate' chips for the Video Cipher hacks, then breaking them again a few months later. The chaos that ensued with having to replace your hacked chips every few months eventually caused all but the most diehard to give up. And I wouldn't be all that suprised to learn DirecTV tried to do the same thing except it got out of hand. No fear though, although the bootleggers got a few years of free signal with only a few forced upgrades, they will eventually close that back down.
Same thing here. M$ doesn't care if numbnut gets Linux going on his X-Box. The hardcore will always suceed at a unrealistic cost in time and money. So long as they discourage joe average end user they win.
Of course the difference here is Sat TV needs a hack that can decode the signals coming down NOW. An X-Box hack only needs to be able to work once. Changes the odds towards the hacks, but does it do enough? How many want to look up their box in ranges of manufacturing dates & serial numbers to see IF their machine is hackable and which mod they need to get. Especially considering those lists will become notorious for inaccuracy.
Democrat delenda est
Sorry, I made a mistake in my phonetic spelling. The 'ch' in the last word should have been a 'k'. They'd be pronounced the same in Latin, but not in English.
Subtitle: Cracked in 60 seconds.
.. is like an unbreakable rope. It doesn't exist.
Get used to it. (MS is hopefully now learning something most of us learned long ago...)
I have no problem with your religion until you decide it's reason to deprive others of the truth.
Even that wouldn't stop the security mechanisms from being cracked in theory, but with harsh enough consequences, it's unlikely you'd find a person insane enough to keep trying.
File under 'M' for 'Manic ranting'
At the time I could not find the word in a dictionary. I agree it seems valid. However as you may have guessed English is not my strong point. The [sic] was on me. As in: "This word might not exists, but I am going to use it anyway. My english teacher be damned!"
And MSIE was innovated from NCSA Mosaic via Spyglass. FTP/Telnet/TCPIP were innovated from UC Berkeley, disk compression was innovated from Stacc, and so on. Even Frontpage, Powerpoint, and others were innovated.
Let's see a laundry list of the original companies. A complete list of products or components and the original company or institutions from which Microsoft later innovated would be very interesting. Oh, and the purchase prices would be interesting as well.
'Scuse me while I go innovate some office supplies.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
Form factor
The Xbox is in a form factor that's decent for an entertainment center. It's big as far as consoles go, but it's far smaller/more portable than your average PC.
There are PCs with such form factors, you say?
You'll be spending a lot more than $300 for a PC with the appropriate form factor. (The good Shuttle units are around $300 alone and that's without CPU, HDD, and DVD drive)
retrorocket.o not found, launch anyway?
Seems the perfect time to bring up a couple of interesting resources that point exactly along these lines.
There are a fascinating group of documentaries and a book about the rise of consumerism in America (/the world) and how it is adversely affecting us. I highly recommend the book Affluenza: The All-Consuming Epidemic and the two documentaries on which it is based; Affluenza: The Disease of Materialism and Escape from Affluenza.
An interesting and disturbing part of the first film shows a marketing conference from Disney (actual footage) called "Kid Power" in which the head "marketeer" of Disney talks about how Disney owns America's children and how anti-social behavior in pursuit of a product in young consumers is a good thing. If junior wants a Disney product and is willing to lie, cheat, and steal to get it, then you know you have them. Creepy stuff.
I would also recommend the book Culture Jam How to Reverse America's Suicidal Consumer Binge-And Why We Must from the editor of Adbusters Magazine.