Slashdot Mirror

← Back to Stories (view on slashdot.org)

Xbox Private Key Distributed Computing Project

Posted by ryuzaki0 on from the yeah-thats-gonna-work dept.

aeiz writes "The Neo Project has added "The Xbox Public Key Challenge" to it's distributed computing client. The aim is to compute the 2048 bit private key that Microsoft uses to sign Xbox media. If it is a success, modchips wouldn't be necessary. Now many Xbox hacking and scene sites have started groups in order to compete with one another." gee, only 2048 bits? No problem *cough cough*.

18 of 522 comments (clear)

  1. Relating.. by Karamchand · · Score: 5, Insightful

    Could anyone of you tell how much time/processnig power this will need in comparisson to things like the RSA challenge?
    Thank you.

    1. Re:Relating.. by fwr · · Score: 3, Insightful

      Faster than a 3GHz processor, I assume, which would make it about 8 times faster, not 8 orders of magnitude. Plus, it's not taking into account how many ops a P IV or Athlon could do in one cycle...

    2. Re:Relating.. by DarkZero · · Score: 5, Insightful

      I know only a little bit about encryption, so I may be completely talking out of my ass here (and feel free to educate me if I am), but I noticed this one point that you mentioned:

      The RC5-64 project was able to brute force a key in 1757 days using 58,747,597,657 work units tested the winning key was found!

      1,757 days is nearly 5 years, meaning that the project would have had to have started five years ago in order to have already been finished. My memory of where, exactly, computers were in 1997-1998 (depending on when the project finished, I'm not sure) is a little fuzzy, but I remember that in mid-1999, a 700mhz Pentium 3 was considered "high end" and the average Dell/Gateway type of computer was running a low-end processor like a Cyrix at roughly 200-300mhz. By comparison, it isn't out of the ordinary to find a 1.6-2ghz processor in a consumer PC right now and the sort of geeks that would make up a decent portion of this project probably have much faster processors than that and a lot more RAM. In addition to that, if Moore's Law were to hold, processors would be improving by at least 2ghz per year from now on instead of the 500-700mhz that they were in 1999.

      So really, doesn't the RC5-64 project essentially just show us the length of the race track without giving us any data about the speed of the cars that will be driving on it?

  2. sounds illegal to me by Stanley+Feinbaum · · Score: 1, Insightful

    Isn't reverse engineering a company's hardware/cracking encryption a violation of the DMCA? I am not saying I support the DMCA but it would be a shame if unsuspecting people jumped on this project and had the FBI raid their house and throw them in jail.

    Slashdot is guilty here too. Guilty of Bad journalism! Advocating illegal activity is pretty unprofessional.

    --

    Stanley Feinbaum, professional journalist and master debater! God bless the USA!

  3. Gee... by salimma · · Score: 5, Insightful

    1. Provided Microsoft uses a proper public key infrastructure, brute-forcing this thing could potentially take forever

    2. This so that you can feel good subverting an X-Box by making it run Linux

    3. By that time the hardware would be definitely obsolete, or X-Box 2 would be out with programs signed with a different key

    4. And in any case, buying the X-Box already helps Microsoft. The more units sold, the more games developed.

    5. There are tons of other worthwhile distributed computing projects to do out there - Folding@Home, SETI@Home, Mersenne Prime Search etc.

    Grow up folks! Running Linux on a hacked X-Box is cool, yes, but this might be going too far...

    --
    Michel
    Fedora Project Contribut
    1. Re:Gee... by Anonymous Coward · · Score: 1, Insightful

      An unbought Xbox sitting on the shelves is even more devestating.

    2. Re:Gee... by CaptainSuperBoy · · Score: 3, Insightful

      Windows 2000 server ships with a strong encryption library including SSL and filesystem encryption. It also has terminal server which does remote access securely. Windows XP also comes with a VPN client. I'm sorry, what version of Windows have you 'yet to see' ship with encryption?

    3. Re:Gee... by filmcritic · · Score: 2, Insightful

      BZZZT! It doesn't matter where they lose money because they have LOTS to lose. As a matter of fact, the Xbox is already ahead of the GameCube. Check out this link on IGN for the straight scoop. What do they care if they're still losing cash only after 1 year on the market and have taken over 2nd place? Game Informer magazine printed a strong rumor that 3rd party developers are pulling GameCube projects left and right because they don't sell. Very reminicent of the N64.

      It's pretty obvious that the majority of the crowd here are nothing but Linux fanboys blind to reality. They pretend to be great legal minds, wonderful security experts and fantastic coders all because of a niche OS. The real world is quite different than the one portrayed by Stallhead and that bunch of leftover hippies.

      It's time to wake up and realize Microsoft and the DMCA are not the antichrist, and no one cares if Microsoft is losing money on each Xbox sold. That is a meaningless statement to the people who live in the real world. We (those who live in the real world) enjoy playing games on every console, the manufacturer does not matter one bit. Just keep the narrow pinpoint focus and watch where it takes you - right into a pit. And before anyone starts calling me a Microsoft stooge or something like that, I own all 3 consoles and enjoy each one because I don't care who makes them.

  4. Re:But... by Tom7 · · Score: 5, Insightful

    Why would it? The relevant section of the DMCA only bans the circumvention of mechanisms that control access to a copyrighted work. The private key itself isn't such a mechanism, as far as I know, though programs that use it probably would be. The DMCA is a bit vague, but it isn't so vague that it outlaws every possible kind of "hacking."

    It's a good idea to read the DMCA (http://www4.law.cornell.edu/uscode/17/1201.html), because in fact Microsoft or someone probably would make DMCA threats against this kind of activity. In that case it's good to understand the law, because such a letter often sounds pretty convincing and scary!

  5. Re:But... by anthony_dipierro · · Score: 5, Insightful

    The private key isn't a mechanism? Isn't that the essence of DeCSS?

    I think certainly distribution of the actual private key would violate the DMCA. But does distribution of keys which are not the private key qualify? I doubt it.

  6. Re:How to Compute Key Cracking? by Anonymous Coward · · Score: 1, Insightful

    How long does it take to crack the 32-bit key that satisfies this expression:

    (key == 0x1d92bc01)

    2^32/2 tries? You say "If you just try all possible keys", but what if we don't and we exploit the structure of the problem instead?

  7. Re:How is this thing done anyhow? by exhilaration · · Score: 5, Insightful
    Would it be possible to re-use some already signed code from an existing game?

    You'd run into copyright infringement issues - the signed code would be property of the copyright owner, and redistributing it would almost definitely be illegal. No need to take chances; I'm sure Microsoft's IP lawyers are looking for any excuse they can to take this project down.

  8. Re:But... by 91degrees · · Score: 2, Insightful

    You're quite right on the DMCA. They may try an attack based on something along the lines of trade secrets if this attack is actually succesful, but all things considered, it's a pretty secure mechanism, so hopefully MS sees it this way.

  9. Re:How to Compute Key Cracking? by lenski · · Score: 2, Insightful

    It is guaranteed to be the last assuming the search stops on success... </irrestable extAttr="grin">

  10. Never happen by TerryAtWork · · Score: 3, Insightful

    Looks like they smartened up after DVDs lame 40 bit key was cracked.

    If the encryption on the xbox is not broken (and it might be...) you will NEVER crack a 2048 bit key. If it took d.net 4 years to do a 64 bit key I argue that it will take 2^(2048/64) or 4 BILLION times as long to do the 2048 bit key.

    Find another path, this one won't work.

    --
    It's Christmas everyday with BitTorrent.
  11. Lets try a little calculation... by markbthomas · · Score: 5, Insightful

    Let's assume we want to find the key in about one year.

    The keyspace is 2^2048. This means that to find it on average in one year, we need to search (2^2048)/2 keys.

    There are 365 * 24 * 60 * 60 = 31536000 seconds in a year. A current machine, say 2 GHz, will not be able to check keys any faster than 2 billion per second (in practice the number would be much lower than this, but it cannot be any higher, ignoring chips which can parallelise operations). This means we can check 63072000000000000 keys per machine per second.

    This means we need:

    ( (2048^2)/2 divided by 63072000000000000 ) machines to participate.

    That's:
    256191385014832313076443403480704210746 79812491847 0034501286984934080\
    5360450587494704242882065172 6173015536181603483336 1032784430099655323\
    2423908579595405498527942459 9902489291405217648393 6232454940842516362\
    7883076229723065910368797710 4019484459166088424059 6873702316740293441\
    5552151969860441431944756023 7127342032430926831573 9828884343009334529\
    2378237199258154020627668325 9628831104499868523479 9854643717630057264\
    7428213934658612248791246642 4010974519290044145762 9590988748658836010\
    6319531783273982390734283246 1834647652719112497108 8586363327032331220\
    1716731957297646596715233805 68862609019439636890

    That's a lot of machines. In fact, every person in the world would need to have:
    4088182880916853059137581913995608598938002 0574938 1512491823325275367\
    0039983761093737657581366182 3437132028369300928737 2136090488973662885\
    0749520857823194202487813723 5281529166119647272954 3623272112620364581\
    9171026696185476725881661520 6188703489047492973236 7903825810597884676\
    0087066526446068063036669029 6494498088117693882712 8484532375726579806\
    8929812355659309066834995984 8375737098966810233408 2736619960338101994\
    5191141043929531602040535969 8321364177283871960956 9923672820142531423\
    1154135179174732484135445198 3247750938845967420404 6551928328834053889\
    0325273138153871592525085498 7565463644
    machines.

    Good luck :)

  12. The point really isn't to crack the key... by Lethyos · · Score: 4, Insightful

    If it did, that'd be great, but it never will. The point however, would be moot if a genuine attempt was not made.

    The point is thus: to resist technologies that limit what consumers can do with what they legally own.

    Microsoft is a very visible example of an entity trying to tell consumers "you may not do this or that with what you have purchased." In no other industry (save the closely related entertainment industry in this case) do there exist similar shenanigan. If I purchase a computer, I should be damn well permitted to run any type of software on that computer I see fit. The XBox, amongst consoles, is the closest device to a personal computer you can get. And yet, the manufacturer is trying to make it impossible for you to use it how you see fit.

    This project is a protest of such consumer-unfriendly tactics. They will never crack the key, but they are still trying and Microsoft as well as many others will be well aware that they are trying. This is resistance. Microsoft, we will put forth the same effort against DRM technologies like Palladium. We'll never stop.

    Of course, we could all just not buy XBoxes, Windows, Office, and switch to unencumbered/open technologies, but... I digress.

    --
    Why bother.
  13. Re:He's not using Linux, I guess... by Dahan · · Score: 3, Insightful
    since I don't know of a calculator with a "How many digits, you reckon?" button.

    My calculator has one of those buttons... it's an Hewlett-Packard 11C, and the button is labelled "LOG".