Lindows CEO Funds XBox Hacking Contest

Kai writes "PCWorld.com recently posted an article on how Lindows CEO Michael Robertson is funding the 'Linux on XBox Hacking Challenge'. He was previously annonymous donor who donated $200,000 to the project. His donation will be split in to two prizes, one to who completes part A of the challenge, and the other to the who completes part B. Part A, running Linux on the XBox, has already been completed, but Part B, running Linux on XBox with no hardware modifications has yet to be completed. Part A of the challenge can be downloaded from Sourceforge." Without a bios change, it seems like part B might be a bit tricky. T. adds: Tricky, but not hopeless. Eric C. writes "The Neo Project recently updated its client so users can use free processor cycles to try and crack the private key that Microsoft uses to sign Xbox software."

Oh that's swell..

[Anonvmous+Coward]

The guy funding the Linux XBOX project is a direct competitor of MS. Kinda cheapens the whole thing, duddn't it? At least that's how I felt.

I mean, if it works it works. But his motivations place him at MS's level.

Re:Oh that's swell..

[rmohr02]

Technically the DMCA shouldn't apply in other countries, but US courts claim jurisdiction over the whole world.

Re:Oh that's swell..

[sporty]

And New Jersey.

Link...

[pangel83]

somebody correct the SF link

Link Problem

[NightRain]

lol. The article points to sourceforget.net, not sourceforge. Might want to fix that :)

Re:Link Problem

[silvaran]

I guess they sourceforgot to check their posts before submitting them to the front page.

DMCA, anyone?

[alpharoid]

I like the project... but is this feasible? Wouldn't cracking the X-Box encryption key violate the DMCA and put a lot of people in trouble? Microsoft could afford the lawyers, you know.

Anyways, good luck to them.

Re:DMCA, anyone?

[warmcat]

Many people involved in the Xbox Linux project are not in the US, happily enough. The EUCD is late in .uk and .de.

In any event, things are only 'illegal' when they transgress specific laws. As the DMCA and EUCD are concerned with copyright protection, I really don't see where the problem is if the key is somehow revealed and used to sign a Linux bootloader app. Where is the MS code that is being copied?

Anyway I think the effort to find the key by throwing random numbers at it is practically impossible, however many clients you can muster. This is a 2048-bit number (256 bytes) that you need to factor correctly into two primes.

Its much more likely that the second part of the prize will be won by a buffer overflow or other weakness in one of the games. There are a lot of games, written by people of widely varying experience and skill level. Can MS be sure that not even one of them exposes a buffer overflow weakness?

The True Intention of Mike Robertson

[cioxx]

This man is very clever. As I understand, he funded the XBox hacking project for company's gain. Still with me? Good.

The way it works is, once the hardware is hackable without any physical modification, Lindows Company buys mass quantities of Xboxes from Wallmart for $199/unit, loads Lindows OS on it, and sells it to consumers for a new low price of $59 dollars at the same Walmart chain.

Sure, they will take a loss of about $140 dollars, but they're counting on the royalty fees from Click'N'Game warehouse with such titles as:

Tux Racer Ultra

Totally Real Tournament 2003

Beyond Tetris eXtreme

Revamped version of Minesweeper in 3d

...and finally, gnuCash.

The most important feature in the upcoming Lindows XBOX of course would be the ability of users to CHANGE THE WALLPAPER and Play Music on it (MP3). Just think of the possibilities. This revolutionary "box" will change the way people experience mediocrity.

Insiders tell me that Lindows, headed by genious Michael Robertson, is moving full scale ahead with this new business plan, plus more. And something about Colonizing Planet Mars and training chimps to be able to write clean C#, server side code for web applications in .NET .. but that's just a rumor iirc.

I find the Neo bit interesting..

[mcc]

I find the part about using an RSA-style collaborative project to crack the X-box permission-to-run keys interesing, in particular becuase it's good practice-- eventually, barring a sudden backlash of informed consumerism against microsoft or some other kind of miracle, we're going to be needing to do this with the Palladium keys. I particularly wonder about a couple things:

1. How many bits are in the x-box "trusted software" permission-to-run keys? What about in Palladium? For these N-bit keys, what is the approximate difficulty of brute-forcing it as compared to, say, brute-forcing RSA?
2. Distributed clients like this one, as far as i am aware, just get parcelled out random blocks of the "possible key" space, and send back which numbers they checked, right? Is there any way to PROVE those numbers were, in fact, correctly checked, besides asking multiple clients to check each individual block and hoping that at least one of the clients tells the truth? Like, is there anything to prevent Microsoft from just randomly calling up the project with a bunch of dummy clients that submit the REAL x-box key a couple times to the "i've checked this and it's not the key" list? ((Well.. okay.. I can think of a way to do that.. but it would require actually USING Palladium, to ensure everyone submitting blocks to the crack-Palladium project is using an unaltered, approved, digitally-signed Palladium-cracking client. So, uh, that's right out.) I know previous distributed projects have had issues with clients lying about their results in order to boost statistics, but this is the first time i'm aware of there has been a massively distributed computational work in which there is a specific party with a vested, active interest in the project being actually sabotaged.
3. Were the Palladium keys to be cracked, is there anything MS could do at that point? Is there any way they could just Windows Update all the Palladium installs out there to suddenly use some new backup key, and invalidate the old one? It would seem the answer is no, becuase it seems that would automatically mean all of the existing palladium software in the entire world would suddenly become "untrusted" and have to be re-compiled at the vendor with the new keys, or something, but maybe there's something i'm missing. Is there something i'm missing? And anyway, aren't the palladium keys going to be stored in hardware, in some special Intel chip? Or something? How is a Palladium app marked as "Trusted By The MS Signing Authority", exactly, anyway? I haven't been following this as closely as i should have been.

I'm confused and ignorant. Please explain things to me.

A triumph for Linux!

[Anand_S]

Mr. Robertson's project is indeed important, but am I the only one having trouble using vi with a gamepad?

Re:A triumph for Linux!

[edgrale]

So use emacs :D

Re:Keys already found?

[warmcat]

The key that Bunnie found was an RC4 key that was stored in ROM. He snooped it being read by the CPU. It was this key that allowed the current generation of hacked MS BIOSes found in modchips.

The key being discussed here is a 2048 bit RSA key used to encrypt a hash of executable contents. The executable file will not be run by the Xbox unless the decrypted hash matches that of the file being run. The effect of this is that only people who hold the correct encryption key can 'sign' executables so that the Xbox will run them. If you take a signed executable and change even one bit, the decrypted hash will not match and it will not run.

The public key for the RSA encryption has been recovered from the MS code and is available in the Documentation section of the Xbox Linux site. The bruteforce attack on this will involve trying to decompose this 2048-bit number into two prime factors which were originally multiplied together to form the public key.

If these numbers can be recovered then the owner of the numbers will be able to sign their own executables and the evil 'Microsoft Code Only' Xbox will have been definitively broken.

FWIW, here is his direct quote:

[gmezero]

http://www.forbes.com/newswire/2003/01/03/rtr83678 5.html

"There is no business justification; that's not why I did it," Robertson told News.com of his rationale behind the contest. "I did it because I thought people should have the choice to run the software they want on the hardware of their choice."

Robertson said that Xbox is designed much like a PC with a closed operating system run on Intel microprocessors. He argues that as it has done with PCs, Microsoft is trying to make its software the defacto operating system in gaming consoles.

"I think Xbox sets a dangerous precedent," he told CNET News.com.

Re:STOP with this Neoproject bullshit!

[ssimpson]

God, where to start....

"RSA requires that you have two true primes to generate they key but the problem is there is no known way to generate a 2048 bit true prime that can't be factored in the same about of time it takes to generate it."

Wrong. Entirely wrong in fact. You should read the Handbook of Applied Cryptography (kindly made available online here). See e.g. section 4.3. Proving a 2048-bit number is prime (I think you mean 2x 1,024-bit numbers, but....) should take a minute or two - not excessive for a one-off operation!

"forget it however there are several publications that indicate that the number of solid pseudo-primes that are 512 bits long is about 2^40 so its key strength is about the same as 40 bits."

Erm, where do you get this stuff from? What's a "solid pseudo-prime"? ;) Also, the number of 512-bit primes is expected to be around 3.7x10^151 (see e.g. here).

"Since we are talking about a 4x as many bits, a good guess of the strenght of a 2048 bit pseudo-prime would be about as hard as guessing a 160 bit DES like key".

Hardly - Certicom reckon that a 128-bit symmetric key is equiv. to a 3072-bit RSA key. Don't forget that, with symmetric keys, the strength usually doubles with each added bit of key material - the same isn't true for RSA or DH keys as there is now a sub-exponential algorithm for solving these problems....

The rest of your post doesn't get much better, but I'm off to eat sunday lunch now....Seriously, read HAC - it's good for you.

Re:Reality check

[ssimpson]

The RSA signature used to sign/for comparison purposes used with Xbox execuatables is 2048 bits long.

Common secure internet traffic, carrying thousands of credit card numbers as we speak, uses 128 bit keys (almost always).

You are confusing symmetric and asymmetric ciphers. SSL (or "secure internet traffic", if you must) uses 128-bit symmetric keys coupled with larger (1,024-bits or greater usually) asymmetric keys.

In case some of your forget: it gets exponetionally harder as the length of the key increases.

"In case some of you forget" should be rephrased to "I'm going to state something authoritative now and hope I'm right". The 2,048-bit key you are alluding to is a asymmetric key (RSA). The fastest algorithms for factoring and computing discrete logs are sub-exponential!