Slashdot Mirror
Lindows CEO Funds XBox Hacking Contest
Kai writes "PCWorld.com recently posted an article on how Lindows CEO Michael Robertson is funding the 'Linux on XBox Hacking Challenge'. He was previously annonymous donor who donated $200,000 to the project. His donation will be split in to two prizes, one to who completes part A of the challenge, and the other to the who completes part B. Part A, running Linux on the XBox, has already been completed, but Part B, running Linux on XBox with no hardware modifications has yet to be completed. Part A of the challenge can be downloaded from Sourceforge." Without a bios change, it seems like part B might be a bit tricky. T. adds: Tricky, but not hopeless. Eric C. writes "The Neo Project recently updated its client so users can use free processor cycles to try and crack the private key that Microsoft uses to sign Xbox software."
The guy funding the Linux XBOX project is a direct competitor of MS. Kinda cheapens the whole thing, duddn't it? At least that's how I felt.
I mean, if it works it works. But his motivations place him at MS's level.
somebody correct the SF link
lol. The article points to sourceforget.net, not sourceforge. Might want to fix that :)
I like the project... but is this feasible? Wouldn't cracking the X-Box encryption key violate the DMCA and put a lot of people in trouble? Microsoft could afford the lawyers, you know.
Anyways, good luck to them.
Geoff "Dissonance" Gasior at The Tech Report has made an interesting comment regarding how Lindows could potentially take advantage of open-source "R&D".
The Neo Project recently updated its client so users can use free processor cycles to try and crack the private key that Microsoft uses to sign Xbox software.
Unfortunately the server apears to be slashdotted. Let's hope that just means a lot of people want to help with that task. This of course makes me want to ask about the legality of doing this. Does people risk getting sued by downloading the client?
Do you care about the security of your wireless mouse?
Welcome to a maibox full of "IANAL, but I play one on Slashdot, and..." messages.
Also, the site is slashdotted, but from what I can make out, it seems to be a Windows client. Ironic, nes pas? Does anyone know if it runs under wine?
If you were blocking sigs, you wouldn't have to read this.
That's astronomically more than most BANKS use today
There are two places in the Xbox suspectible to a "no-modchip" attack - but with $100k being offered no real _groups_ of hackers are targetting this yet
it's in my head
The way it works is, once the hardware is hackable without any physical modification, Lindows Company buys mass quantities of Xboxes from Wallmart for $199/unit, loads Lindows OS on it, and sells it to consumers for a new low price of $59 dollars at the same Walmart chain.
Sure, they will take a loss of about $140 dollars, but they're counting on the royalty fees from Click'N'Game warehouse with such titles as:
Tux Racer Ultra
Totally Real Tournament 2003
Beyond Tetris eXtreme
Revamped version of Minesweeper in 3d
...and finally, gnuCash.
.NET .. but that's just a rumor iirc.
The most important feature in the upcoming Lindows XBOX of course would be the ability of users to CHANGE THE WALLPAPER and Play Music on it (MP3). Just think of the possibilities. This revolutionary "box" will change the way people experience mediocrity.
Insiders tell me that Lindows, headed by genious Michael Robertson, is moving full scale ahead with this new business plan, plus more. And something about Colonizing Planet Mars and training chimps to be able to write clean C#, server side code for web applications in
- How many bits are in the x-box "trusted software" permission-to-run keys? What about in Palladium? For these N-bit keys, what is the approximate difficulty of brute-forcing it as compared to, say, brute-forcing RSA?
- Distributed clients like this one, as far as i am aware, just get parcelled out random blocks of the "possible key" space, and send back which numbers they checked, right? Is there any way to PROVE those numbers were, in fact, correctly checked, besides asking multiple clients to check each individual block and hoping that at least one of the clients tells the truth? Like, is there anything to prevent Microsoft from just randomly calling up the project with a bunch of dummy clients that submit the REAL x-box key a couple times to the "i've checked this and it's not the key" list? ((Well.. okay.. I can think of a way to do that.. but it would require actually USING Palladium, to ensure everyone submitting blocks to the crack-Palladium project is using an unaltered, approved, digitally-signed Palladium-cracking client. So, uh, that's right out.) I know previous distributed projects have had issues with clients lying about their results in order to boost statistics, but this is the first time i'm aware of there has been a massively distributed computational work in which there is a specific party with a vested, active interest in the project being actually sabotaged.
- Were the Palladium keys to be cracked, is there anything MS could do at that point? Is there any way they could just Windows Update all the Palladium installs out there to suddenly use some new backup key, and invalidate the old one? It would seem the answer is no, becuase it seems that would automatically mean all of the existing palladium software in the entire world would suddenly become "untrusted" and have to be re-compiled at the vendor with the new keys, or something, but maybe there's something i'm missing. Is there something i'm missing? And anyway, aren't the palladium keys going to be stored in hardware, in some special Intel chip? Or something? How is a Palladium app marked as "Trusted By The MS Signing Authority", exactly, anyway? I haven't been following this as closely as i should have been.
I'm confused and ignorant. Please explain things to me.Irritable, left-wing and possibly humorous bumper stickers and t-shirts
Mr. Robertson's project is indeed important, but am I the only one having trouble using vi with a gamepad?
The key that Bunnie found was an RC4 key that was stored in ROM. He snooped it being read by the CPU. It was this key that allowed the current generation of hacked MS BIOSes found in modchips.
The key being discussed here is a 2048 bit RSA key used to encrypt a hash of executable contents. The executable file will not be run by the Xbox unless the decrypted hash matches that of the file being run. The effect of this is that only people who hold the correct encryption key can 'sign' executables so that the Xbox will run them. If you take a signed executable and change even one bit, the decrypted hash will not match and it will not run.
The public key for the RSA encryption has been recovered from the MS code and is available in the Documentation section of the Xbox Linux site. The bruteforce attack on this will involve trying to decompose this 2048-bit number into two prime factors which were originally multiplied together to form the public key.
If these numbers can be recovered then the owner of the numbers will be able to sign their own executables and the evil 'Microsoft Code Only' Xbox will have been definitively broken.
He has said in interviews recently that he doesn't care which version of Linux is used to achive the goal. It just has to be repeatable. The idea is to prevent Microsoft from jumping ship from the PC to a closed MS hardware platform for PCs which would truely exclude other OSs from the marketplace.
http://www.forbes.com/newswire/2003/01/03/rtr83678 5.html
"There is no business justification; that's not why I did it," Robertson told News.com of his rationale behind the contest. "I did it because I thought people should have the choice to run the software they want on the hardware of their choice."
Robertson said that Xbox is designed much like a PC with a closed operating system run on Intel microprocessors. He argues that as it has done with PCs, Microsoft is trying to make its software the defacto operating system in gaming consoles.
"I think Xbox sets a dangerous precedent," he told CNET News.com.
That's my understanding too: if you can make your edits to an already-signed executable, and then twiddle unused bits until the hash matches the original again then your modified executable will be accepted.
Franz Lehner did have a look at this a while back, with a view to getting some guidence from the hash algorithm as to which bits to change where. The problem was that by design, the hash algorithm loses information in the form of arithmetic carries. It quickly becomes hopeless trying to keep track of what bits are known and what bits are Xs because of carry losses; very quickly the whole thing becomes Xs.
Even so, it seems likely that even randomly twiddling bits looking for a hash collision is massively more likely to give results than the direct factoring method.
When the XBOX starts up, it loads the hash of the header into memory and decrypts a 2048 bit RSA signature and compares this to the header hash. If it matches, the program proceeds and it loads another section and does the same thing. There is no way to get around this either than knowing the private key or a hardware modification.
The RSA signature used to sign/for comparison purposes used with Xbox execuatables is 2048 bits long.
Common secure internet traffic, carrying thousands of credit card numbers as we speak, uses 128 bit keys (almost always).
It's virturally impossible with today's computational power and methods to break a 2048 bit key. Even if you somehow had all the processing power of all the current distributed systems, it would still take many thousands of years to break using classical methods. You either need several thousand years or an optical/DNA computer whose concept hasn't been refined yet.
In case some of your forget: it gets exponetionally harder as the length of the key increases. It's not like you just have to search a 128 bit key space 16 times. There are fancy methods where by you can get away with knowing some of the key like differential analysis, but when you increase the size of the key the performance of those tend to fall off also where you have no increase over brute force and man in the middle attacks.
So don't even think about joining that futile brute force effort, because it will just waste your time. What Lindows should have done is hire a hit man/career criminal to break into Microsoft or a 3rd party who has the key and steal it. Or optionally pay off an Xbox developer or employee who has similar access. Either way, it would be both cheaper and actually give the real key, unlike all of this nonsense.
"I'll just chip in a bit for RedHat: I actually have that installed on my university machine." - Linus, '95
This is true, however, the problem lies in what data must be signed by the private key. Code signing works by making a hash of the code (in this case, the OS loader or the like, which in our case would be the Linux loader) and signing that hash with the private key. The bootrom then uses the Microsoft public key to verify that the OS was signed by the Microsoft private key. Thus, the only ways that this could reasonably be done is by:
1) Getting the microsoft private key
2) Making the hash of the OS the same as the has of the MS OS (nigh unto impossible)
3) Changing the public key in the bootrom (which isn't allowed for this stage of the competition, at least hardware wise)
4) Somehow switching the OS after the initial code signing check is completed
Here's a reference if you want to read more Code signing
We proved that the validation algorithm is fully known, by reverse engineering it and testing it on known good files.
The C app incorporating the test can be had from CVS at:
http://sourceforge.net/cvs/?group_id=54192
The module name is xbedump. This was work from Franz Lehner and Asterisk, based on the dump app by Michael Steil.
Put together a boot loader and ask MS to sign it. If they do not turn around and sue them under the terms of the approved judgement and or a anti-trust suit.
Got Code?
Its strange to consider that Microsoft didn't protect parts of the hardware with fips rated hardware like some crypto cards are. In case you don't know what FIPS means, it is "Federal Information Protection Standard", and parts of it covers secure hardware. Stuff like crypto accellerator boards that self destruct if you attempt to x-ray, or break the hermetricly sealled gel enclosures. Stuff like that protects the boards from people who would attempt to reverse engineer hardware. Microsoft *did* do some things to make life hard for hackers with the way the HDD works. Microsoft does stuff that is more anoying than a barrier to reverse engineering.
Locating the private keys for the games would be the best way to hack an xbox. Considering a modified xbox will not jive with future xbox games, and or network servives... the hardware mod is not desireable.
Further more, hacking contests should be managed by the original vendor, in this case Microsoft. Think of the RSA crypto challenges. Those are fair contests, that actually interest crypto folks to invest serrious effort, and brain power.
It isn't a lie if you belive it.
Fail to understand the use?
First of all, as I recall the Lindows box from Wal-Mart is $299.
The X-Box from Wal-Mart is $199.
X-Box specs:
Coppermine Pentium 3 processor (about 733Mhz as I recall)
Nvidia gpu which falls somewhere between a Geforce 3 and Geforce 4 in power (according to anandtech)
10GB hd
64 MB of RAM
By comparison the Lindows Box has
800Mhz Via C3
40GB hd
onboard graphics (ugh)
128 MB of RAM (I think PC133)
It seems to me that the Pentium will probably outperform the C3, and know the X-Box GPU is far more powerful than what you have in the "Lindows Box." Assuming the extra hd space and RAM makes up for this (it doesn't) the X-Box is still $100 cheaper.
Edge: X-Box