Slashdot Mirror
Xbox Private Key Distributed Computing Project
aeiz writes "The Neo Project has added "The Xbox Public Key Challenge" to it's distributed computing client. The aim is to compute the 2048 bit private key that Microsoft uses to sign Xbox media. If it is a success, modchips wouldn't be necessary. Now many Xbox hacking and scene sites have started groups in order to compete with one another." gee, only 2048 bits? No problem *cough cough*.
Could anyone of you tell how much time/processnig power this will need in comparisson to things like the RSA challenge?
Thank you.
Nevermind that the Xbox will likely be scrap by the time they actually crack it. Classic of example of "Hey, cool, but....why?"
what's an xbox?
The story that dealt with this (as an add-on) isn't even off the main page yet. This is as much a dupe as this comment probably is by the time I press submit. sigh
Switch back to Slashdot's D1 system.
--- Begin Microsoft Private Key --- 666666666666666666666666666666666666666666 666666666666666666666666666666666666666666 666666666666666666666666666666666666666666 666666666666666666666666666666666666666666 ... ...
666666666666666666666666666666666666666665
--- End Microsoft Private Key ---
they can borrow my CPU power... an Athlon 1600... that should take care of... let's see... one trillionth of a bit?
Ok this may be a stupid question, but doesn't this violate that DMCA thingy that everyone is all concerned about? Just a thought.
-Majestix-
--- I was far from home, and the spell of the Eastern sea was upon me. -Lovecraft-
I've always wondered how one computes how long it would take to crack a key? For example, how long would it take an top of the line Athlon to crack that 2048 bit key?
3000 dead over past 2 years, still no free Palestinians, still
The Neo Project is being slashdotted today for the second time!
;-)
I wonder if Microsoft is paying for this
Any reason we have to have two stories of very nearly the same subject on the same page (at least by the way mine comes up). Slow Sunday?
Jim Harry
Isn't reverse engineering a company's hardware/cracking encryption a violation of the DMCA? I am not saying I support the DMCA but it would be a shame if unsuspecting people jumped on this project and had the FBI raid their house and throw them in jail.
Slashdot is guilty here too. Guilty of Bad journalism! Advocating illegal activity is pretty unprofessional.
Stanley Feinbaum, professional journalist and master debater! God bless the USA!
There will be an XBOX 4. I'd stick with the modchips, kids. That said, good luck and way to stick it to them.
====
Crudely Drawn Games
I just recieved my Matrix no-solder modchip and 120GB drive. The state of the Xbox scene is white hot. Nifty programs to manage your backups, play your media files, and even run linux are being updated daily, not to mention the activity in alt.binaries.cd.image.xbox The XBox was one hell of a gift this year.
Woo Hoo
1. Provided Microsoft uses a proper public key infrastructure, brute-forcing this thing could potentially take forever
2. This so that you can feel good subverting an X-Box by making it run Linux
3. By that time the hardware would be definitely obsolete, or X-Box 2 would be out with programs signed with a different key
4. And in any case, buying the X-Box already helps Microsoft. The more units sold, the more games developed.
5. There are tons of other worthwhile distributed computing projects to do out there - Folding@Home, SETI@Home, Mersenne Prime Search etc.
Grow up folks! Running Linux on a hacked X-Box is cool, yes, but this might be going too far...
Michel
Fedora Project Contribut
Apparently, this was suggested last may on the Xbox-linux mailing list.
The Neo project was linked to from this article, which is still on the front page. There were serveral comments discussing it. I believe it was also slashdoted by being linked to from that article. Have the editors no mercy?
Centralization breaks the internet.
Maybe with enough encouragement from a topless HAlle Berry, Stanley Jobson would be able to crack that 2048-bit encryption with a multi-headed worm!
N4st0r, trixx0r h0bb1tz0rz! Th3y st0l3 0ur pr3c10uzz!
All we need now is an xbox version of this distributed computing client. I'd love to see the xbox key cracked by a modchipped xbox.
Didn't people complain about the 72bit they are trying? 2048bit would take longer then we have with our own sun. :)
I didn't use the preview button, so get over it!!!!
Mike
If there's a computing project to distribe XBox's private key, then is it really private?
;x
In either case, you don't need the original key. Just get a good locksmithing set. I've never heard of a lock that big though.
All kidding aside however, I've seen a photo of an XBox with the cover off (don't arrest me.) It wasn't gruesome, but it is possible to get inside. What's this hoopla
Cover your eyes and click this link!
[drew@localhost drew]$ cat > bitch.c
/* DUPE */
#include "duplicate_story.h"
#define DUPE
...
#ifdef DUPE
# include "standard_rant.h"
bitch();
#endif
[drew@localhost drew]$ gcc -ansi --pedantic -Wall bitch.c
bitch.c:1:29: duplicate_story.h: No such file or directory
bitch.c:4: parse error before '...' token
bitch.c.7:27: standard_rant.h: No such file or directory
Note to M1-ers: a curt but otherwise insightful message is not "Flamebait" or "Troll".
The question is -- would one really need to crack that key to fool the Xbox? I mean, reading all the data on the disc would be way too slow, so it could only check a part of it. Would it be possible to re-use some already signed code from an existing game? What kind of code is signed, really? (All of it, just not the data?) And of course, how many buffer overflows are there in the signature verification code? =)
/* Steinar */
(This comment is of course GPLed.)
Comment removed based on user account deletion
This is a usefull task for 64Bit machines....
Each key check should take about half the time, because SFAIK the main overhead is the 32bit -> 2048Bit math conversion.
Or am I talking out of my ass.
thank God the internet isn't a human right.
The Neo Project cant even handle the slashdot effect, how are they going to crack a 2048 bit private key. Good luck fellas.
Where I post game reviews, my PSP backgrounds, podca
or otherwise does anyone think RSA would offer $200,000 to anyone able to crack a 2048-bit RSA key generated by them (exactly the same kind of key)?
Join the NFSNET. Our prime goal is making little numbers out of big ones. http://www.nfsnet.org/
Don't forget, there is always a number of people with more than enough time on their hands to pull this crap off... never underestimate the power of the bored stiff.
You need a FREE iPod Nano
You're probably right, especially if Kaplan's precedent holds.
nothing drives innovation like porn and piracy. bring on the flames.
Cracking keys is a very hands-off approach to improving your Xbox or any other device. You bought the hardware, it's yours, so enhance it to your heart's content by installing a hardware mod that makes it general purpose, or get it done for you by a supplier. Voiding the warranty is no issue if you value the extended specification.
It's no different in concept to any other kind of DIY improvements that you carry out at home --- absolutely everything that you buy has patents, trademarks, or other legal constraints, but in no other industry do they see fit to limit what you can do with items that you have purchased, simply because they can. It's your equipment, do with it what you wish. (If you were merely leasing the hardware then it would cost much less and they might have a case, but here they're trying to have their cake and eat it too, take your money for an outright purchase and still lay claim to controlling your possessions. That's simply not right.)
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
Once you've found your car keys, do you keep looking ?
What cracks me up about this dupe is that in the space of a few hours we've gone from "There's still hope: distributed computing can factor the public key" to "Only 2048 bits *cough*. Yeah, that's gonna work."
Pretty impressive flip, especially considering...wait for it...these comments were both in articles posted by CmdrTaco. Yes, our beloved Cmdr actually duped himself!
Ah Slashdot: there's still hope.
FAT FUCKING CHANCE.
I just want to know how long it will take M$ lawyers to file a cease and desist...
I'm only paranoid because everyone is against me...
OK. First, obviously this story is a duplicate... but don't mod me redundant just yet. The story is still on the front page, too. In any case, the same questions get asked here and are not being answered to the extent they were in the other discussion. So here:
1. Could anyone of you tell how much time/processnig power this will need in comparisson to things like the RSA challenge?
Thank you.
Answer: Somewhat more complicated.
2. Doesn't this violate that DMCA thingy?
Answer: RE: DMCA Anyone?
3. How is this done anyhow?
Answer: RE: Buffer Overflow...
I found these comments to be most helpful in the other discussion... certainly surpassing what I've seen here. Who can blame them: who wants to keep posting the same stuff over and over again, even if it is smart writing? Anyway, sorry for the whoring. I'll stop now.
...can't M$ change it to another?
(sorry if im completly wrong...)
I'm a chainsmokin' alcoholic sociopath, so-ci-o-path
...to simply look for a bug of weakness in the key verification software that exists in every xbox?
The object code for this must be readable somehow, and knowing microsoft it probably has some vulnerability, such as taking a few extra clock cycles to reject a key if it's partially correct, increasing as you get closer to the key.
Oh, btw, the legality of reverse engineering software for compatibility purposes is one of the very few rights that are actually enshrined in British law, so those of us who live in this jusridiction can find they key without falling foul of the law.
A pizza of radius z and thickness a has a volume of pi z z a
Which, however, does not mean it's easy. RSA has been running the RSA Challenge for a few years now, the lowest prize being $10,000 for a 576-bit key and up to a whopping $200,000 for a 2048-bit key -- like the one in the Xbox. There have been no takers yet, and the largest RSA key cracked to date remains 512 bits. RSA's own estimate is that you would need 320 million 520 MHz Pentium-class machines to crack a 1024-bit key in one year, and we're talking 2^100 times that for a 2048-bit key!
Cheers,
-j.
This is the first time that I've seen a distributed cracking project that actually tackles an interesting problem with practical real-world implications. All the RSA cracking contests are neat and all, but they don't really have a lot of practical impact on the world. This, if it succeeds would be huge.
Having said that though, that key is enormous, and the odds that they find this key before it becomes irrelevant are extrordinarily slim. Still, it would be interesting to see the nature of the shit that hit the fan if they did indeed get the key.
This sig has been temporarily disconnected or is no longer in service
How about we apply for a national foundation of the arts grant to purchase 10,000 XBoxes which will then be welded together into a giant Tux the Penguin sculpture and put on permanent display in Redmond, WA? A completely legal way to poke Billy Borg in the eye, if in fact Microsoft does sell the XBox at a loss...
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
The lack of a linux client is dissapointing. I mean, they're kind of missing the support of a crowd of geeks who mzny have the habit of owning one or many powerful computers, and of whom many strongly dislike microsoft and would be very very happy to lend a helping hand to this challenge. If they're still around in febuary and have the linux client hten, I'll be back for it :)
Many comments here assume that the time to factor a composite integer N is proprotional to N, which is, happily, quite incorrect. Even by trial division, you only have to test prime divisors <=sqrt(N), and there are many far more efficient factoring methods.
RSA Security Inc. has quite informative FAQs on this subject, for example The RSA Factoring Challenge FAQ or What are the best factoring methods in use today?
A good paper, "A Survey of Modern Integer Factorization Algorithms" by P.L.Montgomery, can be found at Crypto World. It is slightly math-inclined but definitvely a worthwhile read for anyone interested in the topic.
Now for the bad news: 2048 bits can't be done today. Even GNFS, the best algo in town, has only managed to factor a 512 bits RSA key (and a 158 decimal digit number, with a 576 bits RSA coming soon, though) but 2048 bits will be million times harder. Right now there's no way to factor that, if Microsoft has chosen the primes for the key even remotely securely. I'm sorry to say that but with present technology, this project is a waste of time.
Alex
Heisenberg may have been here
For reasonable info on how long it should take, see
Arjen K. Lenstra and Eric R. Verheul, Selecting Cryptographic Key Sizes,
Available on-line from
http://citeseer.nj.nec.com/287428.html
The expected time it should take with the current algorithms, is
not definitively known. Nevertheless, we can say the world's X-
Boxes are not up to the task.
--Bryan Olson
Freelance Cryptographer
I particularly enjoy the mixture between the slashdot-story and the .NET advertisment by microsoft below it. Makes a pretty nice impression on me. What do you want to mix today?
Instead of doing a brute-force crack of the private key, why not use an intelligent algorithm for cracking it? As I understand it, the other distributed.net projects used brute-force just to show that how much time a brute- force could take. If this project is really about discovering the key and not about seeing how long it takes to stumble upon it at random, then shouldn't they use a smart algorithm?
I'm going to go out on a limb here and say MS may just have anticipated this move. Therefore, they would assume it would be done by ordered brute force. So by that logic, they would pick (or at least influence the random generation of) a key that was much later in any type of order. So, finally, to cut back on the number of years this project would take to complete...
Work backwards!
---------------------------
"Therefore, people buying the X-box then not buying any games is pretty devestating."
.001 percent. Somehow I don't think MS will be hurt by the 10-20 people who buy Xbox's but never buy any games for them. Let's not be silly in estimating how many people would actually consider doing this, its just not realistic. Although I guess its possible Larry Ellison has a stack of them in his closet out of spite.
Wealthy idiots who hate Microsoft? I'd venture the amount of people who 1) really want to run linux on Xbox and 2) Are never going to buy game for it, is on the order of
If you wanna get rich, you know that payback is a bitch
Physically break in and steal the key, or just bribe someone. It would be a hell of a lot easier. Not that I would ever advocate anything illegal, of course.
RSA encryption works like this:
You pick two large primes, p and q; multiply them together to get N.
Then, arbitrarily pick an encryption key e (1 < e < N) and calculate the corresponding decryption key d (1 < d < N, d != e).
Make the set {e, N} public but keep d private.
Now, to encrypt a message M you calculate cyphertext C as follows:
C = M ^ e (mod N)
To decrypt, you calculate M' = C ^ d (mod N). The claim is, of course, that M' == M. (Notice that M' = (M ^ e) ^ d (mod N) = (M ^ d) ^ e (mod N), so it's really irrelevant which of {e,d} you make public.)
Anyway, from the public key, you know N and e and you want to figure out d. To do that you need to factor N into p and q (see above), then you can make an easy calculation to get d. Since p and q are primes, those are the only factors of N (other than 1 and N). Further, since we are talking about 2048 bit encryption (N >= 2^2048), the factors p and q can be up to 1024 bits long (2^1024). To brute-force the private key you need to go through 2^1024 (*) possible factors of N until you find one that works.
Now, suppose we have a computer that can check the divisibility of N 1000 times per second. It will need 10 ^ 298 years to go through all possible combinations (though of course it can get lucky and pick the right factor early on). If we have 1,000,000 of these computers, we'll still need 10 ^ 292 years, so don't hold your breath...
(*) It's actually less than 2^2048 because you only need to consider prime numbers, but it's still staggeringly large. Also, given a number x, it's not so easy to tell if it's prime (unless it's even). You need to use an algorithm to determine that, which takes time.
___
If you think big enough, you'll never have to do it.
Why crack encrypted keys?
Why not to write an interesting game,
like robot battle, that include, for example
python virtual machine as robots AI?
Then sign that game in Microsoft.
Then port linux to that Python virtual machine.
It's perfectly legal and OK.
While it sounds good in principle, it is almost certainly wrong. Subject to issues of IP exhaustion, mere ownership of a copy of a work or invention has never granted plenary rights to modify or make derivative works therefrom. The cases simply won't bear out the general proposition suggested here.
On the other hand, it would be quite interesting to imagine how Microsoft would try to stop someone who had discovered the key by legitimate means -- say brute-force efforts -- to produce one's own software to run on the machine. I doubt DMCA would provide Microsoft adequate relief against such an approach -- this key does not protect unlicensed content from copying, but rather permits content to run on a machine. As such, it might not be a measure that ''effectively controls access to a work'' within the meaning of the DMCA, because it may not control access to a copyrighted work per se.
1.) you're going to test each prime between 2 and the square root of the 2048-bit "target"
2.) Convert the target and the prime to be tested into double-precision floating points and devide them. This proves that any prime that doesn't match the first 52 bits of the result can't multiply by the prime being tested to get the "target". That narrows it down a heck of a lot. Find the primes that can match using some sort of efficient indexing algorythm.
3.) If necessary, use a quad-precision floating-point operation to narrow it doen even more
4.) Of the possible matches remaining, multiply the middle one by the prime being tested. If the result is too high, you eliminate all the primes above that. Lather, rinse, and repeat until you either find the match or prove that none of them will match. This will take log(N)/log(2) iterations, where N is the number of primes you had left after narrowing it down with the floating point operations. Since N is limited to around 2^20, it will take 20 iterations or less.
5.) Repeat procedure with the next prime.
If this is implemented properly, it might take only a few hundred processor cycles to test each prime. That means you could test 10^8 primes per second on a 2ghz athlon.
Repeal the DMCA!
Excuse me if I sound ignorant, but couldn't the memory be read out using some hardware probe while the XBox has the key in memory? And if the memory is encrypted, couldn't the hardware be modified in some fashion to allow debugging starting right from boot-up, so the hacker can read the key from memory using software techniques? Obviously someone out there understands the XBox architecture pretty well, or else there wouldn't be mod-chips...
LS
There is a fine line between being a cultivated citizen and being someone else's crop. - A. J. Patrick Liszkie
Remember a little while back a guy actually got this key using a custom, on-board tap? Whats to stop someone from simply using the same method here. I understand microsoft changed the design of the xbox after this to invalidate his results but it should still be possible no? Here's an article from cnet. http://news.com.com/2100-1040-931296.html
This arrangement protects the private key, because it can be kept truly secret instead of being hidden away on every XBox somewhere, but the relationship between the public and private keys is also the algorithm's main weakness: if you know the public key (and you do, because it's somewhere on every XBox), then you can use it to simplify the search for the private key, which is exactly what this project is doing.
That weakness is why RSA keys are so long. A single-key algorithm would be fine with 128-bit keys (perhaps 256 bits if you're feeling unusually paranoid), but with RSA, 1024 bits is on the small side, and 2048 bits (like Microsoft uses) is not unusual.
To get back to your comment: the equivalent of a "locksmithing set" would be a mod chip or some other hardware trick to make the XBox behave. The point of the Neo Project is exactly to make the XBox usable without such an inconvenience. Not all users would be willing to buy or make a mod chip or open up their XBox, but if the private key is found, then any program can be signed with it, and users wouldn't have to do anything special.
Looks like they smartened up after DVDs lame 40 bit key was cracked.
If the encryption on the xbox is not broken (and it might be...) you will NEVER crack a 2048 bit key. If it took d.net 4 years to do a 64 bit key I argue that it will take 2^(2048/64) or 4 BILLION times as long to do the 2048 bit key.
Find another path, this one won't work.
It's Christmas everyday with BitTorrent.
Let's assume we want to find the key in about one year.
6 79812491847 0034501286984934080\2 6173015536181603483336 1032784430099655323\9 9902489291405217648393 6232454940842516362\0 4019484459166088424059 6873702316740293441\3 7127342032430926831573 9828884343009334529\5 9628831104499868523479 9854643717630057264\2 4010974519290044145762 9590988748658836010\6 1834647652719112497108 8586363327032331220\5 68862609019439636890
2 0574938 1512491823325275367\2 3437132028369300928737 2136090488973662885\3 5281529166119647272954 3623272112620364581\0 6188703489047492973236 7903825810597884676\9 6494498088117693882712 8484532375726579806\4 8375737098966810233408 2736619960338101994\9 8321364177283871960956 9923672820142531423\8 3247750938845967420404 6551928328834053889\8 7565463644
:)
The keyspace is 2^2048. This means that to find it on average in one year, we need to search (2^2048)/2 keys.
There are 365 * 24 * 60 * 60 = 31536000 seconds in a year. A current machine, say 2 GHz, will not be able to check keys any faster than 2 billion per second (in practice the number would be much lower than this, but it cannot be any higher, ignoring chips which can parallelise operations). This means we can check 63072000000000000 keys per machine per second.
This means we need:
( (2048^2)/2 divided by 63072000000000000 ) machines to participate.
That's:
25619138501483231307644340348070421074
536045058749470424288206517
242390857959540549852794245
788307622972306591036879771
555215196986044143194475602
237823719925815402062766832
742821393465861224879124664
631953178327398239073428324
171673195729764659671523380
That's a lot of machines. In fact, every person in the world would need to have:
408818288091685305913758191399560859893800
003998376109373765758136618
074952085782319420248781372
917102669618547672588166152
008706652644606806303666902
892981235565930906683499598
519114104392953160204053596
115413517917473248413544519
032527313815387159252508549
machines.
Good luck
Hey, this is Microsoft we're talking about. Why bother cracking a 2048-bit key when all you've got to do is find the right buffer overrun to exploit?
Duh, Same as Bill's luggage... 12345
The difficulty of breaking RSA keys depends on the assumptions you build into the model. Unlike DES cracking factoring does not neatly decompose with trivial parallelism. There are parallel algorithms but there is a tradeoff between the part you do on a loosely coupled parallel box and the part that requires a tightly coupled processor.
The rough equation that is generally used is 512 bits RSA is roughly equivalent to a 56 bit symmetric cipher. 1024 bit RSA is roughly equivalent to a 76 to 80 bit symmetric cipher and 2048 bit RSA is roughly equivalent to a 112 to 128 bit symmetric cipher.
This is on the basis that the breaks of 56 bit DES and 512 bit RSA came at arround the same time and used roughly equivalent amounts of processing. In fact there is a slight discontinuity since only half of the RSA calculation could be farmed out. The farming stage results in a heck of a big matrix that you have to invert which was done on a CM5 I seem to recall.
Unlike the DES challenge there is no chance that you just 'get lucky' after a very small number of trials.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
This is Microsoft we're talking about here. You just *know* that the key to the Xbox is going to be "password" followed by 2000 or so spaces.
Government of the people, by corporate executives, for corporate profits.
It appears to me that a key this large could best be solved with a non-iterative brute force approach, that is if your goal is short-term (needs to be solved before the XBox's successor (XBoxNext) hits the streets)...
On second thought, maybe the lottery analogy is a bad one, because it may be similar to winning a thousand lotteries, anyone here know the right probability?
and the Heart of Gold. We have a *real* job for the Infinite Improbability Drive now.
For those interested:
Here you go.
How exactly these "keys" work?
I hear about them all the time, but I've yet to understand how exactly they work.
And this is where the MSFT legal team would nail anyone who cracks the key.
They will claim that the encryption is a device (under the relevant DMCA terms) which controlled access to a copyrighted work (the XBox bios).
Of course, they might also just claim a trade secret as well. If lawyers fought with conventional weapons, they would use minefields, (claymores) and fragmentation grenade launchers.
You either believe in rational thought or you don't
Your example may be the best data point that we have, but it is only one data point. If this project garners enough computing power to exhaust the keyspace in 7 years, the correct key is just as likely to be found in the first month as it is in the 50th month.
I guess you would have to "get lucky" to break it in the first month, but there is no way to predict it.
Don't moderate flamebait as Troll. Know the difference or you will be Meta-moderated.
Correction: Apparently (according to another poster), you need to add 10 bits to an RSA key to double the strength of the encryption. It would actually only take a little over 10^53 times the age of our universe to crack. So, never mind about having Duke Nukem Forever by then.
Build a quantum computer and do it in less than a second :-)
This may not be do-able, but what if someone wrote an application using Pollard's Rho, the Elliptic Curve algorithm, the .Net or better yet, C# to implement the algorithm and god forbid, actually come up with the key? That would be funny though if someone actually used their own technology against them... :-) Is there any links on MSDN documenting any hidden API, i.e. boolean get_xbox_private_key()? Wishful thinking I guess.
quadratic sieve or the number-field sieve algorithm. On top of this, use
Forget distributed computing, we need to get Hugh Jackman's character from Swordfish, he broke 1024-bit encryption in under a minute. Like this would be any big deal for him? :)
Ten years behind bars maybe??
The race isn't always to the swift... but that's the way to bet!
I thought the NSA had a backdoor all to their selves? :)
I'm just curious if anyone has actually contacted microsoft and ASKED that custom stuff be signed?
Would that even work, for (say) installing Linux to the HD?
It clearly states that they don't know if it is legal or not. Microsoft has the money and power to take them to court, until they're bankrupt (like when the RIAA took Napster to court). Even if it is legal, Microsoft would bury them, and this would never happen in time. Plus, Microsoft would just go ahead and make X-Box II
Defender of Microsoft and Communism!!!
The entire point of public key encryption is that the recipient of an encoded message does not have the private key. In this case, the recipient is any one who has an Xbox. The key that is being sought is nowhere inside the Xbox itself. The Xbox carries the PUBLIC key which is of extremely limited utility in figuring out the PRIVATE key which only MS has. The project is attempting to (futilely IMHO) derive that private MS key from the public key which is already known...possibly from the scenario you envisioned.
Makes hitting Lotto (three times in one day) look like a dead cinch.
They say the first thing to go is your penis. Well, it's either that or your brain. I forget which...
What we need is a beowulf of X-Boxes to crack this
Well, that's a possibility, of course. But, to me, this sounds more like a job for the Starship BistroMath. It'd take a hell of a lot of check pads though. (Not to mention *massive* parallel processing. they'd have to wait for a *very* busy night.) And it would not be very environmentally friendly, I suppose. But ,then again, they could always recycle...
Main Site ( 1.0.600-Xbx
& 576 Stable) Canada
Mirror 1 (1.0.600) Xbox-Scene.com
Mirror 2 (1.0.600) Xboxhacker.net
Mirror 3 (1.0.600) Xboxhackz.net
Mirror 4 (1.0.600) Canada
Mirror 5 - (Sponsored by AMD Users) (1.0.600) United States
Mirror 6 -(Accueilli près support-fr.com) (1.0.515 Stable) - France
Mirror 7 -(Accueilli près SecuriteInfo.com) (1.0.515 Stable) - France
I see everyone talking about the computability of 2048 bit keys, legal issues, etc. But the project organizers tell us on the first page of their site that if they are "aproached by M$"[sic], they "will be ditching the Xbox project all together as we cannot afford the legal fees."
Doesn't everyone agree that Microsoft would be foolish to not to "approach" them and just put this to sleep?
For those who don't speak e+ notation, thats a 3 with six hundred and sixteen zeros behind it.
Here's a quick comparison:
Get the picture now?
nuclear presidential echelon assassination encryption virulent strain
Whizzmo
But wouldn't it be easier to just bribe one of the software developers? You know that if these guys actually by a freak accident were able to crack the key, Microsoft would just change it.
Money for nothing, pix for free
Which version number should I look for in order to stab a little at the XBox?
I'm in a Unix state of mind.
http://www.ipsj.or.jp/members/Trans/Eng/04/2000/41 05/article006.htmle /dkindred/des/bitsli ce.html
http://www-2.cs.cmu.edu/Peopl
Surely something along these lines can be adapted to this application.
Crackers`n`Soup
Everybody on slashdot whines about the DMCA, but activities such as this show that the DMCA is a practical law, even though it is unconstitutional. And people wonder why no one else has sympathy for slashdot causes. Regardless of the intent, these cause end up furthering illegal activity.
Vote for Pedro
bit 0 of p is a 1
bit 1023 of p is also a 1
OK that is 2 bits out of 1024, thats 1/512th of the total
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
I see all these posts that tell us we need 349283948203948209348293842384023856290123 or so computers to find this and this primenumber. Ofcourse it is not possible to find that primenumber by simply bruteforcing all viable possibilities. As what's for RSA, an 512-bit key was supposed to be totally uncrackable for the next 34230492039402934 or so years. But someone made advances in cryptoanalysis which in turn made 512-bit keys with RSA seem a lot less attractive. It might ofcourse be that factorizing of numbers is really a problem that can't be solved, but I don't see that stopping pure cryptoanalysis from finding methods to uhm, turn ciphertext into cleartext in the very near future (100-years, or so). There are cryptographic weaknesses in microsofts implementation; the weakness is just not RSA, so it's kindof funny to see people speculating on whether cracking RSA is viable.
The private key for these xboxes is propably hidden under Bill's pillow, but I'm sure someone will get it even from there, and claim the prizemoney.
Are we forgetting who is making the key? Microsoft is the one making the key! When we look at their programs, we see more bugs than in the Amazon jungle. Is finding the key any different?
What I mean is that a normally you pick a random number for p and q. However would Microsoft really pick a random number? Keeping in mind they are a bunch of college kids fresh out of school and with a distorted view of the real world, I suspect not(either purposely or accidentally). Probably they used a random number generator and didn't seed it properly, or hand picked the key. I suspect that if you find other Microsoft Products with keys(I don't know any) and crack their keys you will see some sort of pattern to the keys. Microsoft loves patterns. If you ever looked at the common Microsoft Interview questions, a lot of them are about finding patterns.
I could just be blowing smoke, but then again there are those who are experts on Microsoft's way of thinking as well as Bill Gates. I think one of them working on the algorithm to find the key would be able to point to good spots in the sample space to use the algorithm on first to increase the probability of that miracle hit.
Or you could call up Microsoft and tell them you are from some software company and you are trying to make an x-box signature or something. After reading the article about the kid who got nuclear materials and information from impersonating a high school physics teacher, as well as the known fact that the easiest vulnerability in any security system to exploit is the ignorant user, I think a pure brute force attack is the wrong form of attack(see previous posts on estimations for how many machines/years/so fourth).
Well, at least it'll take a long time when they're trying to factor the number by running random (!) trial division (!!!). Come on, nobody in their right minds factor large numbers that way. :-) Check this page about ECM factoring instead. :-)
/* Steinar */
(This comment is of course GPLed.)
This assumes that the code is all locked up in a single chip. If not, why not just pull an Xbox to bits, read the binaries out of the ROMs and decompile?
I think the point he was trying to make was that Microsoft hires a lot of programmers fresh out of college, and that the odds of at least one of them making an error in generating an encryption key are far greater than the odds of anybody cracking that key.
At least you can buy a gamecube or PS2 for less...
Candy-Coated Knowledge
Anyone aware of any efforts to map all prime numbers? It seems as though this would be a more worthy use of my computers free cycles and could possbily help efforts like this in the future.
At home and at work I run the United Devices client as it works on the Cancer Research Project. (sorry, Windows clients only)
IT would be very entertaining if the system that finally cracks it is running on XBox Linux, perhaps even a cluster of them.
Gordon Staines
You have all the hardware that's doing the key checking / decrypting. Instead of reverse engineering the key, why not reverse engineer the box?
I seems to me that you have the machine doing the actual calculation on the signed code. Just stop the machine, slow it _way_ down, and watch it do its calculations.
This might necessitate blowing the lid off the chips and actually probing them directly... and this wouldn't be easy by any means... but it would probably be a lot easier than brute-forcing the key.
Where's Bruce Schneir when you need him?
1. 2.
http://saveie6.com/
It has the public key in the XBox. The discs are signed with the private key at the factory. The public key is the mathematical inverse of the private key. So in order to get the other half, you either factor a lot of large primes or steal it from Microsoft.
We need the private key to sign the linux boot CD so that the XBox thinks it is an official XBox product and allows it to boot.
Sure, I would be glad to donate most of the processing power of my 2x1.5 Athlons. But I don't run any proprietary software. It seems utterly ridiculous that a project designed to allow Free Software to run on an x-box (since surely the point of the project isn't simply to run cracked proprietary games -- that would be illegal), is not itself Free Software.
Sure, there are risks in making the client Free Software -- that is, that someone will submit lots of bogus data. But given the forces who want this to fail -- that is, every proprietary game company who makes games for x-box, plus Microsoft -- I don't think not having source code will stop the submission of bogus data. And the forces who usually submit bogus data -- that is, bored 15 year olds -- will actually want this project to suceed.
So, make the client Free Software, and I'll start cracking.
Become a FSF associate member before the low #s are used
Do you have any proof that this was how it "worked for the Samba team"?
Anyway, it's KGS!@#$%
Ok! I dont have too strong a mathematical background but I was wondering let's suppose that we have 5000 computers working on the problem for a month. And each of these computers generates a random key and checks it.
What is the probability in such a scenario that someone will find the key?
---
In Brains we Trust
---
No. It would require factoring a 2048-bit number.
--
"What do you want me to do? Whack a guy? Off a guy? Whack off a guy? Cause I'm married."
A: however unlikely statisticly or otherwise... there is always the possibility that the key will be the first one tried by the first guy to start his machine on searching for it... yes yes... it is beyind statisticly dim, but it is more likely than YOUR DNA forming through all the realms of possibilty in existence.
B: Just because the task is CURRENTLY staggering hardly means it will remain so... computers, software, chip design and even our math sciences are increasing in power and ability nearly exponently, so whos to say some smart person might not find a supirior algorithm? or a not so smart person might come up with a semi-bright idea and happen to have in's on some new hardware to test it on?
The whole damn point is to push humans and our tech to see if we can beat it through our uniquely human chraterisitic which has gotten us so far, ingenuity people.
damn problem with us techies is we become so awed by our own creations we begin to fail to see that they all have flaws, failures, and discernable patterns.
or have you forgotten HAL 9000 already?
--Idiots, Every single one of YOU, A flaming mass of conglomerated morons, hey wait a second, isnt that how RAID works?
If anyone comes up with workable methods to use 12, 24, 100 of these boxes at a time and actually does it... this is the place to post them.
Tech Public Policy stuff
Home users don't use some psuedo-random number generator to generate their private/public keypair when using PGP, they at least use data sampled from random keypresses. I doubt that Microsoft would have used just any random source.
Remember, their control of the monopoly on X-Box games relies on this code. They probably used some very random source, like sampling data from a real-world random source such as the matter emmited by a radioactive isotope or something.
If it did, that'd be great, but it never will. The point however, would be moot if a genuine attempt was not made.
The point is thus: to resist technologies that limit what consumers can do with what they legally own.
Microsoft is a very visible example of an entity trying to tell consumers "you may not do this or that with what you have purchased." In no other industry (save the closely related entertainment industry in this case) do there exist similar shenanigan. If I purchase a computer, I should be damn well permitted to run any type of software on that computer I see fit. The XBox, amongst consoles, is the closest device to a personal computer you can get. And yet, the manufacturer is trying to make it impossible for you to use it how you see fit.
This project is a protest of such consumer-unfriendly tactics. They will never crack the key, but they are still trying and Microsoft as well as many others will be well aware that they are trying. This is resistance. Microsoft, we will put forth the same effort against DRM technologies like Palladium. We'll never stop.
Of course, we could all just not buy XBoxes, Windows, Office, and switch to unencumbered/open technologies, but... I digress.
Why bother.
...or any other form of Unix (or OS/2, or CygWin) that might have bc.
:-) but after thinking for a few seconds (on an Athlon 1800), spat out lots of digits. I use wc to count the digits (and allow for the backslashes) at that scale, since I don't know of a calculator with a "How many digits, you reckon?" button.
GnomeCalc broke trying to figure out how many permutations can be represented by a 300-gene sequence (-: turns out to be at least a 24,000 digit number, so who can blame it?
Got time? Spend some of it coding or testing
Would someone please post the 2048-bit key in here?
-- I was raised on the command line, bitch
So... factor-of-three orders of magnitude impossible to specify given only one universe with which to calculate (ie, not "next to no chance" but 400 orders of magnitude beyond "no chance").
But... factor-of-400 orders of magnitude less impossible than a simple lifeform arising randomly and spontaneously in ideal conditions (at least 23,800 orders of magnitude beyond "no chance"). And that's under ideal conditions and with no stopping for breath. (-:
Got time? Spend some of it coding or testing
It's tough to be Microsoft these days, huh?
No matter what they put on the market or on the Internet is a big fat target for hackers, lawyers and bashers!
--- Surfing the web on my ZX-81.
Build simple game, "Pacman returns"
Sell game for $5 or $10
Ensure save game has easily exploitable buffer overflow
Everyone intending to run Linux will need a copy of your game to avoid copyright infringement! (As a cheap replacement for a mod-chip).
Anonymoumous cowards say something funny
Get a bunch of xboxen (cheap at $250 per) all running this distributed computing project to crack the private RSA key which will allow you to run unsigned software, such as the private key cracking project, which will crack the private RSA key enabling unsigned software...
Vista:XPSP2::ME:98SE
It is 42!
Oh sorry i am wrong, it needs at least 80 digits. That is a big post-it.
Everybody here assumes that you have to use an x86 processor to crack the 2048 bit code. A x86 proc is designed to do all kinds of jobs, right? When you design a proc just to crack such a code, wouldn't it be far more efficient than a x86 proc? Just design a pipeline to do that, than (like Itanium) put 32 pipeline's on one chip, produce 2048 chips, and let them do some maths. Just think you wouldn't 'just design' such a proc... And heck, what would cost it to produce such a thing @ i.e. TSMC? Think lots of more than $100.000 or $200.000...
Whew. And here I was thinking this might be hard to do.
Why not connect the XBox processor to a state monitor and slow the CPU down to single clock steps, then probe the state of the CPU registers and memory buffers after the public key is read from the DVD-ROM when the primes calculation is made in the CPU to compare the public key against the private key ?
"Sony and Nintendo engineers are weenies!"
Beauty is in the eye of the beerholder.
MOD THIS UP.. I don't know enough about the problem to be able to add anything to this.. but perhaps someone else could build on this.
Now what would be really ironic is if the number crunching done to crack the code were to be done by a beowulf cluster of x-boxen
13 year old white supremacists are shitty web designers.
I agree. Running Linux on an XBox (or PS/2) just to run Linux on an XBox (or PS/2) is a stoopid pointless waste of time.
But if I don't give money to MS, how explain to me how can I play Halo?
Damn Microsoft for being savvy enough to buy Bungie and limit it's work to the XBox, and damn Bungie for selling out to Microsoft!
---anactofgod---
"Equal opportunity swindling - *that* is the true test of a sustainable democracy."
How about this: patent the creation of an RSA key for the purposes of copy-protection in console gaming systems.
After your patent is unceremoniously granted, Microsoft will have to release their key in order to prove prior art. If not, just sue them. You'll win, of course.
WWJD? JWRTFA!