Slashdot Mirror

← Back to Stories (view on slashdot.org)

Lindows CEO Funds XBox Hacking Contest

Posted by CmdrTaco on from the stuff-to-do dept.

Kai writes "PCWorld.com recently posted an article on how Lindows CEO Michael Robertson is funding the 'Linux on XBox Hacking Challenge'. He was previously annonymous donor who donated $200,000 to the project. His donation will be split in to two prizes, one to who completes part A of the challenge, and the other to the who completes part B. Part A, running Linux on the XBox, has already been completed, but Part B, running Linux on XBox with no hardware modifications has yet to be completed. Part A of the challenge can be downloaded from Sourceforge." Without a bios change, it seems like part B might be a bit tricky. T. adds: Tricky, but not hopeless. Eric C. writes "The Neo Project recently updated its client so users can use free processor cycles to try and crack the private key that Microsoft uses to sign Xbox software."

6 of 269 comments (clear)

  1. Link... by pangel83 · · Score: 5, Informative

    somebody correct the SF link

  2. Link Problem by NightRain · · Score: 5, Informative

    lol. The article points to sourceforget.net, not sourceforge. Might want to fix that :)

  3. Re:Keys already found? by warmcat · · Score: 5, Informative

    The key that Bunnie found was an RC4 key that was stored in ROM. He snooped it being read by the CPU. It was this key that allowed the current generation of hacked MS BIOSes found in modchips.

    The key being discussed here is a 2048 bit RSA key used to encrypt a hash of executable contents. The executable file will not be run by the Xbox unless the decrypted hash matches that of the file being run. The effect of this is that only people who hold the correct encryption key can 'sign' executables so that the Xbox will run them. If you take a signed executable and change even one bit, the decrypted hash will not match and it will not run.

    The public key for the RSA encryption has been recovered from the MS code and is available in the Documentation section of the Xbox Linux site. The bruteforce attack on this will involve trying to decompose this 2048-bit number into two prime factors which were originally multiplied together to form the public key.

    If these numbers can be recovered then the owner of the numbers will be able to sign their own executables and the evil 'Microsoft Code Only' Xbox will have been definitively broken.

  4. FWIW, here is his direct quote: by gmezero · · Score: 5, Informative

    http://www.forbes.com/newswire/2003/01/03/rtr83678 5.html

    "There is no business justification; that's not why I did it," Robertson told News.com of his rationale behind the contest. "I did it because I thought people should have the choice to run the software they want on the hardware of their choice."

    Robertson said that Xbox is designed much like a PC with a closed operating system run on Intel microprocessors. He argues that as it has done with PCs, Microsoft is trying to make its software the defacto operating system in gaming consoles.

    "I think Xbox sets a dangerous precedent," he told CNET News.com.

  5. Re:STOP with this Neoproject bullshit! by ssimpson · · Score: 5, Informative

    God, where to start....

    "RSA requires that you have two true primes to generate they key but the problem is there is no known way to generate a 2048 bit true prime that can't be factored in the same about of time it takes to generate it."

    Wrong. Entirely wrong in fact. You should read the Handbook of Applied Cryptography (kindly made available online here). See e.g. section 4.3. Proving a 2048-bit number is prime (I think you mean 2x 1,024-bit numbers, but....) should take a minute or two - not excessive for a one-off operation!

    "forget it however there are several publications that indicate that the number of solid pseudo-primes that are 512 bits long is about 2^40 so its key strength is about the same as 40 bits."

    Erm, where do you get this stuff from? What's a "solid pseudo-prime"? ;) Also, the number of 512-bit primes is expected to be around 3.7x10^151 (see e.g. here).

    "Since we are talking about a 4x as many bits, a good guess of the strenght of a 2048 bit pseudo-prime would be about as hard as guessing a 160 bit DES like key".

    Hardly - Certicom reckon that a 128-bit symmetric key is equiv. to a 3072-bit RSA key. Don't forget that, with symmetric keys, the strength usually doubles with each added bit of key material - the same isn't true for RSA or DH keys as there is now a sub-exponential algorithm for solving these problems....

    The rest of your post doesn't get much better, but I'm off to eat sunday lunch now....Seriously, read HAC - it's good for you.

    --
    "Mary had a crypto key, she kept it in escrow, and everything that Mary said, the Feds were sure to know."
  6. Re:Reality check by ssimpson · · Score: 5, Informative

    The RSA signature used to sign/for comparison purposes used with Xbox execuatables is 2048 bits long.

    Common secure internet traffic, carrying thousands of credit card numbers as we speak, uses 128 bit keys (almost always).

    You are confusing symmetric and asymmetric ciphers. SSL (or "secure internet traffic", if you must) uses 128-bit symmetric keys coupled with larger (1,024-bits or greater usually) asymmetric keys.

    In case some of your forget: it gets exponetionally harder as the length of the key increases.

    "In case some of you forget" should be rephrased to "I'm going to state something authoritative now and hope I'm right". The 2,048-bit key you are alluding to is a asymmetric key (RSA). The fastest algorithms for factoring and computing discrete logs are sub-exponential!

    --
    "Mary had a crypto key, she kept it in escrow, and everything that Mary said, the Feds were sure to know."