Slashdot Mirror

← Back to Stories (view on slashdot.org)

Lindows CEO Funds XBox Hacking Contest

Posted by CmdrTaco on from the stuff-to-do dept.

Kai writes "PCWorld.com recently posted an article on how Lindows CEO Michael Robertson is funding the 'Linux on XBox Hacking Challenge'. He was previously annonymous donor who donated $200,000 to the project. His donation will be split in to two prizes, one to who completes part A of the challenge, and the other to the who completes part B. Part A, running Linux on the XBox, has already been completed, but Part B, running Linux on XBox with no hardware modifications has yet to be completed. Part A of the challenge can be downloaded from Sourceforge." Without a bios change, it seems like part B might be a bit tricky. T. adds: Tricky, but not hopeless. Eric C. writes "The Neo Project recently updated its client so users can use free processor cycles to try and crack the private key that Microsoft uses to sign Xbox software."

14 of 269 comments (clear)

  1. Lindows taking advantage of open-source R&D? by k-hell · · Score: 4, Insightful

    Geoff "Dissonance" Gasior at The Tech Report has made an interesting comment regarding how Lindows could potentially take advantage of open-source "R&D".

  2. Poor neo project by Rogerborg · · Score: 4, Insightful
    • We do not know if it is legal or not to participate in the Xbox challenge, we are looking for some legal advice as a donation to Neo.

    Welcome to a maibox full of "IANAL, but I play one on Slashdot, and..." messages.

    Also, the site is slashdotted, but from what I can make out, it seems to be a Windows client. Ironic, nes pas? Does anyone know if it runs under wine?

    --
    If you were blocking sigs, you wouldn't have to read this.
  3. Re:Oh that's swell.. by kasperd · · Score: 3, Insightful

    He could hire 4 engineers for a year to do that.

    But that would not give him any guarantee of reaching the result. By putting up the reward he will only have to pay if he gets what he wants.

    --

    Do you care about the security of your wireless mouse?
  4. STOP with this Neoproject bullshit! by Troed · · Score: 4, Insightful
    The signing key used for Xbox executables is 2048 bit RSA.


    That's astronomically more than most BANKS use today .. i.e, there's no way - absolutely no way - you can brute-force the Xbox signing key. The Neoproject guys are complete morons without any knowledge about cryptography. This is the third forum in 2 days I've had to post in to put some sense into this.


    There are two places in the Xbox suspectible to a "no-modchip" attack - but with $100k being offered no real _groups_ of hackers are targetting this yet ..

    --
    it's in my head
    1. Re:STOP with this Neoproject bullshit! by thogard · · Score: 1, Insightful


      While I don't know of a case where people have cracked RSA proper, there have been many systems that use RSA that have been cracked wide open. SSH and SET come to mind.

      RSA is rarely used in its described form and that always seems to intorduce weakneses. RSA requires that you have two true primes to generate they key but the problem is there is no known way to generate a 2048 bit true prime that can't be factored in the same about of time it takes to generate it. What gets used is pseudo-primes. These are primes that pass a large number of tests that indicate that the number is very likly prime. These tests are good enough that no one has broken a psuedo-prime in over a decade. The problem is some of the old tests to say a number is a pseudo-prime turned out to be wrong.

      As far as bruteforceing a 2048 bit key, forget it however there are several publications that indicate that the number of solid pseudo-primes that are 512 bits long is about 2^40 so its key strength is about the same as 40 bits. Since we are talking about a 4x as many bits, a good guess of the strenght of a 2048 bit pseudo-prime would be about as hard as guessing a 160 bit DES like key. Harder than modern hardware can scan though but not impossible. With some of the current nibble step attacks on DES, the 40 bit stuff falls though the vector units of a modern processor at rates Deep Crack could only dream of. 2^40 is 1e12 and modern CPUS are doing how many operations a second on a 4e9 hz cpu? Once you stop doing all the decrypto work, you can cut out many steps.

      If I was going to attack the key, I would get as many CPUs as I could find guessing at random numbers and hitting the fast prime tests with them and no coordination. A modern CPU can pick a random number, do a few simple psuedo prime tests and then do part of the factor operation to test very quickly if the key might be good. If it is then hand it off for a better check. A million guesses a second isn't unreasonable with the fastest of todays hardware but that still leaves something in the area of 4e38 hours of cpu time to try them all. Thats well inside the theoretical range of other problems like this that have been solved. It just took a few decades sometimes.

      What if the numbers involved aren't true primes? Then the number of other keys increases. If once is prime and the other has two facotrs then there are 4 keys that will work. If both numbers have two factors, then there are 9 other keys.

      I see this as a way that your computer can pick lottery numbers at random. Maybe it will come up but you can't win if you don't play and this doesn't cost you a $1 per set of numbers.

  5. Re:Oh that's swell.. by blibbleblobble · · Score: 2, Insightful

    "I wanna know how he can get away with encouraging people to violate the DMCA"

    You consider it immoral to try and run the software of your choice on one of your own computers?

  6. Re:The Neo Project by Artifex · · Score: 3, Insightful
    Does people risk getting sued by downloading the client?


    I doubt people will get sued for downloading it. Using it is another matter, and distributing the broken key is more different.

    Personally, I draw a line between the RC contests, like distributed.net participates in, and willfully trying to break a company's security.

    Sure, you bought the hardware, but I don't see you thinking that cracking keys (or generating faked IMSIs) for your GSM phone is legitimate. And most people will admit that screwing around with key card interceptors and other stuff for their DirecTV receivers in order to get free premium channels is illegitimate. So why do you think it's ok to do it to the XBox, except that you want to screw Microsoft?
    --
    Get off my launchpad!
  7. Re:The Neo Project by harks · · Score: 2, Insightful

    I think the difference between cracking xbox to run Linux and using descramblers to get premium channels on TV illegally is that with the latter, you are stealing a service.

  8. Re:Oh that's swell.. by rmohr02 · · Score: 5, Insightful

    Technically the DMCA shouldn't apply in other countries, but US courts claim jurisdiction over the whole world.

  9. Re:I find the Neo bit interesting.. by spacefight · · Score: 3, Insightful
    It suddenly stroke me... is Xbox security a playground for upcoming Palladium?
    One Word: YES.
  10. How DO you get your code authenticated? by Anonymous Coward · · Score: 2, Insightful

    Does anyone know how game developers get the codes to authenticate their executables? Do they just upload them to some secured server of Microsoft, and get the signature back?

    If that's the case, getting into that server might be easier than brute-forcing the key.

  11. Just curious about two things.. by lobsterGun · · Score: 2, Insightful
    Is there any way quantum computing an be used to do this?

    Which of the following is smallest?:
    1. The length of time that it would take to break the key using conventional methods.
    2. The length of time it would take to build a quantum computer to break the key.
    3. The platform lifespan of the XBox.
  12. fips by JDizzy · · Score: 3, Insightful

    Its strange to consider that Microsoft didn't protect parts of the hardware with fips rated hardware like some crypto cards are. In case you don't know what FIPS means, it is "Federal Information Protection Standard", and parts of it covers secure hardware. Stuff like crypto accellerator boards that self destruct if you attempt to x-ray, or break the hermetricly sealled gel enclosures. Stuff like that protects the boards from people who would attempt to reverse engineer hardware. Microsoft *did* do some things to make life hard for hackers with the way the HDD works. Microsoft does stuff that is more anoying than a barrier to reverse engineering.

    Locating the private keys for the games would be the best way to hack an xbox. Considering a modified xbox will not jive with future xbox games, and or network servives... the hardware mod is not desireable.

    Further more, hacking contests should be managed by the original vendor, in this case Microsoft. Think of the RSA crypto challenges. Those are fair contests, that actually interest crypto folks to invest serrious effort, and brain power.

    --
    It isn't a lie if you belive it.
  13. Re:Oh that's swell.. by Anarchofascist · · Score: 3, Insightful

    "But that would not give him any guarantee of reaching the result. By putting up the reward he will only have to pay if he gets what he wants."

    Sort of a no-win no-fee arrangement. I can deal with that. Good luck to him.

    --
    Once more unto the breach, dear friends, once more, Or close the wall up with our American dead!