Slashdot Mirror

← Back to Stories (view on slashdot.org)

Behind the Xbox Boot Code

Posted by Zonk on from the bowels-of-the-machine dept.

NiteStar writes "The Xbox-Linux team has up a new article about The Hidden Boot Code of the Xbox. The Xbox console contains a 'chain of trust' to allow only legit Microsoft signed code to run on the Xbox. The hidden 'MCP' boot ROM (just 512bytes) is the link between hardware and software in this chain of trust." From the wiki article: "The Xbox, having an external (reprogrammable) 1 MB Flash ROM chip (models since 2003 have only 256 KB), would normally start running code there as well, since this megabyte is also mapped into the uppermost area of the address space. But this would make it too easy for someone who wants to either replace the ROM image with a self-written one or patch it to break the chain of trust ("modchips"). The ROM image could be fully accessed, it would be easy to reverse-engineer the code; encryption and obfuscation would only slow down the hacking process a bit."

7 of 52 comments (clear)

  1. Excellent read... by Scorpion_1169 · · Score: 1, Insightful

    best tech. description of the XBOX startup process I have ever seen.

  2. A guess by interiot · · Score: 4, Insightful
    Three bugs within these 512 bytes compromised the security completely - a bunch of hackers found them within days after first looking at the code. Why hasn't been Microsoft Corp. been able to do the same? Why?
    I can make a guess. I've worked near a similar security feature implemented in hardware, and they wouldn't let anyone ANYWHERE near any documentation that described how it actually worked. My impression was that no matter how much you know about security, the less the employees know about the implementation, the better, to minimize the possibility for internal leaks. I'm sure they got the minimum 4 people together to inspect the code, per our coding standards, but how experienced were those four?

    In Microsoft's case, their 512 bytes are incredibly high-profile. And based on the extensive nature of the hacks, they had to find a couple of VERY experienced security people to inspect their code, and who they trusted 100% to not disclose inside information. My bet is they didn't choose the right people to inspect their code, and after the inspection, any other employees who showed an interest in making sure the code was secure were treated more with suspicion than anything.

    1. Re:A guess by interiot · · Score: 4, Insightful
      FTFA: After they had learnt their lesson, they designed a pretty good system with the second version of the MCPX - but the implementation still contained at least three security holes

      so, my bet is they just aren't clever enough.

      *shrug* Not necessarily.

      The first shuttle accident was caused by... institutional problems. The engineering issues had already been discovered and discussed, but there were institutional issues that prevented the engineering discoveries to be fully investigated.

      The second shuttle accident was caused by... institutional problems again. Again, the engineering issues had already been discovered and explored as much as the engineers could. Certainly NASA tried to fix their issues the first time, but apparently institutional issues aren't as easy to fix as engineering problems are.

      My bet is that there WERE at least 4 people at Microsoft who were clever enough, they just weren't involved in the code inspections. Even if those four people knew that it was absolutely critical that they be involved in the inspections, they were specifically not permitted to look at the code, because four other people had already inspected the code, and involving more people (especially people who are "eager" to "help") would simply increase the chance of internal leaks. And that's not an engineering problem.

      (on a personal note, at the company I work at, there have been several cases of problems being solved that have well-known solutions, but management puts inexperienced people in charge of the project, and then surround them with many more inexperienced people, ensuring that they never come in contact with someone who can steer them in the right direction. If management doesn't have a process in place to put people with the right knowledge on the problems that really require their expertise (even in an advisory role), then the organization isn't going to perform as well as it otherwise could. (this relates more to the XBox problem... the Shuttle problem is obviously more complex))

  3. Be sure to RTFA...... by HotNeedleOfInquiry · · Score: 2, Insightful

    A brilliant, brilliant piece of stand-up hacking. Perhaps the best that has *ever* appeared in /. I stand in awe...

    --
    "Eve of Destruction", it's not just for old hippies anymore...
  4. Re:remember slashdot, that site that got taken dow by thegrassyknowl · · Score: 3, Insightful

    His point is absurd, but it is a point. As much as we all value freedom of speech, there have been cases here when ISPs and Children (yes, children) have lost in court cases becase a web page belonging to said children contains links to pages (belonging to someone else) that linked to a few copyrighted MP3s.

    The GACs (Greedy-Ass Cu..s) are making legitimite technology harder to develop, deploy and use; write a program that can easily share files and someone will load his entire CD collection into it for all to download... then the GACs will come along and take you to court for "developing software with the specific intent to violate copyright" or somesuch.

    The world is in a sad state of affairs when it comes to matters like this. The (in the US and all countries that entered into free trade agreements with it) DMCA makes it illegal to circumvent any form of encryption, copy protection, etc.

    Slashdot linking to an article that clearly describes the flaws in a copy protection implementation and how to get around it is becoming shaky ground. Gone are the days of free information... the GACs that run the world are making sure of that.

    Be afraid, be very afraid.

    --
    I drink to make other people interesting!
  5. A history by rocketman768 · · Score: 2, Insightful

    Despite some of the smart-aleck replies, this wiki article is a very good history of how the xbox was hacked. I remember when Bunnie was keeping us up-to-date on a day to day basis back in the heyday of xboxhacker.net. When he pulled the bios off the board and posted it on his website, he immediately got a phone call from Macroshaft which he recorded and put on his site. Funny stuff.

    But, the whole point of the article is to prove that you can never lock anything completely down, from cd's to xboxen--they have to be used somehow don't they? And hey, DMCA, you're a menace to the greatest minds of the US (and no, not the minds at Macroshaft).

  6. Re:This is bad news... by KillShill · · Score: 2, Insightful

    you mean before CHEATERS ruin it for everyone again.

    having control over your hardware is not a crime and not immoral in any way. but the future is going to be a real nightmare. education is the answer... tell everyone you know about the evils of TCPA/DRM/Insidiuous Computing/region codes/etc and all the other bullshit that they've been foisting on us.

    education is the answer!

    --
    Science : Proprietary , Knowledge : Open Source