Microsoft Aims for Hack-Proof 360

jondaw writes "The BBC is reporting that "Microsoft plans to make its next generation games console, the Xbox 360, as difficult as possible to hack...There are going to be levels of security in this box that the hacker community has never seen before...I'm sure sooner or later someone will work out how to circumvent security. But the way we have done the design doesn't mean that it will work on somebody else's machine.""

Amount of work in design

[Wayne247]

Is simply equal to the amount of work hackers will have to do to get around it.

Claiming something hackproof is like saying a doorlock is tamper-proof. It *can* be opened, it's just how much work are you prepared to do that justifies doing it.

Re:Amount of work in design

[Red+Flayer]

Not claimed to be hackproof in TFA: "'I'm sure sooner or later someone will work out how to circumvent security. But the way we have done the design doesn't mean that it will work on somebody else's machine'[said Chris Satchell]"

So, they say that a hack may work on one machine, but not another? Article implies that this additional security is added through hardware design. What are they doing, putting a combination lock on the circuitry?

No matter what the new security is, I'm sure it'll me that much more rewarding for the person who first publishes the workaround.

MS has to be careful that the console isn't too easily modifiable, or else they'll get slapped with a lawsuit for enabling people to pirate copyrighted works...

Re:Amount of work in design

[jst4fun]

Lets put it this way... Open Invitation for Trouble.

Re:Amount of work in design

[bradbeattie]

They said hack-proof? TFA:

Mr Satchell admitted no system was fool-proof and that, with enough time and dedication, the security on the Xbox 360 would be broken.

"There're some really bright people in the world with some really expensive hardware," he said.

"I'm sure sooner or later someone will work out how to circumvent security. But the way we have done the design doesn't mean that it will work on somebody else's machine."

Re:Amount of work in design

[MindStalker]

Most likly a crypto / unique identifier chip. One chip that has the purpose of allowing games to be played and providing indentification to games that this is an unmodded box. You might be able to unlock the system, but you will be limited to running linux or something hand made to run on this unlocked system.

Re:Amount of work in design

[Iriel]

I have to agree with another reply that this is simply an open invitation taunting every hacker to crack the 360 ASAP. Besides, there's going to be a problem, as with all hackery, that Microsoft, however large their development team is, has to design something that can withstand the combined efforts of at least an entire country of would-be 360 hackers.

The numbers don't look too good for Microsoft on this one.

Re:Amount of work in design

[SilentChris]

"Is simply equal to the amount of work hackers will have to do to get around it."

Uh, no. It's trivial to set up a decent hash. It can days, if not years, to break it.

Re:Amount of work in design

I imagine MS's security will be to modify the hardware in batches of say 100,000 so that a given hack will only work on ones of the same batch but be invalid on others.

Eventually the landscape will have so many different models it would be quite painful to hack each one and hunt down various model numbers.

At least that's how I'd do it...

But MS isn't me, so they'll probably fuck it up.

Re:Amount of work in design

[SirPavlova]

How would they enforce such a system? The chip would be unique, so the identification would have to be algorithmic; this means the algorithm can likely be reverse engineered. If it was a hash like MD5 or SHA1 or something, the number of keys they could use would be too small. Either way, a mod chip could beat it.

Re:Amount of work in design

[MindStalker]

What if the identification was just random, but the identification was then signed by microsofts SSL signature or something to that effect. Could this be broken if the software and Operating system both check this signature?

Re:Amount of work in design

[SirPavlova]

How does a signature work? I really don't know, but the name implies there's a constant which somehow leads to the actual deciding factor in any test of the sig. On the net, an SSL sig can be changed fairly often, right? But on the 360, it's one for the rest of the unit's life - for the game to check it would mean only one, the same for every system. This surely cuts down on the effectiveness? Of course I don't know how hard a signature is to reverse engineer...

The Only Secure System

[TracerRX]

The only secure computer is one that is turned off, locked in a safe and buried 20 feet down in a secret location, and I'm not completely confident of that either. -- Bruce Schneier

Re:The Only Secure System

[uberdave]

The only unhackable computer is a vapourware one.

Re:The Only Secure System

[PedanticSpellingTrol]

Well that settles it, I'm telling my bank to give their next tech contract to Infinium.

Re:The Only Secure System

[Anarcho-Goth]

Off topic, but this got me to thinking, would a computer buried 20 feet underground be safe from an EMP pulse?

This must be...

[Pig+Hogger]

This must be the computerish equivalent of the "Kick-Me" tee-shirt...

Re:This must be...

[MarkGriz]

This must be the computerish equivalent of the "Kick-Me" tee-shirt...

More like the *triple* dog dare.

Re:This must be...

[scubamage]

more like triple *QUEEN* dog dare. Saying something is hackproof to the mod community is about equivilent to laying down gloves and issuing a formal challenge.

In other news...

[Pig+Hogger]

... Scientists (still) looking for cheap room-temperature fusion. Film at 11.

Just keep it up

[oman_]

Just keep on hyping up your new security up until launch. Thay way you look like even bigger 4$$holes when it all comes crashing down.

To test this...

[voxel]

They should (if not already) create a new team, called the XBox Crackers Team. They can use a saltine logo for thier t-shirts.

The saltine group will then comprise of a group of 5 bright individuals, who will be awarded as a whole $200,000 or $40,000 each if they can come up with a hack that would or could end up with a cheap mod-chip solution that could be mass-produced.

They of course have a pre-set deadline, say between now and the actual launch.

Misleading

They aren't trying to make it "Hack Proof" just difficult to hack. That headline will have worthless forum threads going for days...

Let me be the first to say,

[Fr05t]

ahahahahahahahahahahahahahahahahahahah.. oh ok, I'm do..blahahahahahahahahahahahahahahahahahahahahahah ahaha.. *sniff* wahahahahahahahahahahahahah!

This isn't a troll - I'd laugh just as hard (maybe harder) if it was PS3, or Rev.

Re:Let me be the first to say,

[rAiNsT0rm]

Well stated. Mirror's my initial reaction. As if anyone is going to go out and purchase a Media Center Edition PC just to be able to use any of the extra features of the 360. Puh-Lease!

I hope this bastard tanks so hard, and I actually wouldn't mind seeing the PS3 go down with it. These ignorant fucks think they have everything sewn up and that these "next-gen" consoles are so in demand... I can't wait to watch Nintendo and Mario laugh all the way to the bank on this round.

Re:Let me be the first to say,

[RoadDoggFL]

You realize that the article is just stating that they're aiming for a hack-proof machine, right? Just because they're aiming for it doesn't mean they expect to acheive it, they just want to get as close to that goal as possible.

But no, this is stupid Microsoft we're talking about so let's all laugh (seriously).

Why?

[marcus]

I am sure that there are others like me, the only reason I bought an Xbox was because it *was* hackable!

I use it in a 'hacked state' far more often than 'straight'.

Re:Why?

[nb+caffeine]

seconded. XBMC runs more often than games do on my xbox. I know they are including xbmc-like functionality in the 360, but that doesn't do me a bit of good, with my media files stored on a debian based server. Though, its not like my xbox is going to stop working the instant the 360 hits the street. I'll be fine till xbmc360 comes out :)

Re:Why?

[bluephone]

Because like any console, they don't make money of the console sales, they make money on the game sales of which they get a slice. If one can mod their XBox, like you have, and it is no longer a closed system, then they have no lever to force you to buy new content that they profit from. That blows a giant hole in their business plan. The honestly couldn't care less if you EVER use it, they just want you to keep buying new games for it.

Re:Why?

[jinzumkei]

I am sure that there are others like me, the only reason I bought an Xbox was because it *was* hackable!

I use it in a 'hacked state' far more often than 'straight'.

...Because they are OBVIOUSLY marketing this thing to you.

Re:Why?

[marcus]

That might have been a good reason for the Xbox to be made hack proof, but not the 360. Unless I have mis-remembered something, M$ has opted out of the take-a-loss on the console for market share and volume in order to re-coup on game sales business plan. They intend to profit, or at least take no loss, on the console sales. Thus the appreciably higher prices and different levels of factory installed features.

The same hackability is still an attractive feature. Having one GP box that can play DVDs, surf IMDB and weather sites, play tunes and vids from my home file server, play games, etc. without hassling with reconnecting cables and chasing remotes is *very* nice compared to the heat and noise generating, cable tangling mess that is a 'normal' home audio/video/PC/game stack.

Note that I don't especially want to hack it. Instead, I want to use features that are enabled since it has been hacked.

I'm still looking for a box that will do all this and HD. Perhaps a hacked 360 will be it.

Re:Why?

[Pig+Hogger]

Because like any console, they don't make money of the console sales, they make money on the game sales of which they get a slice. If one can mod their XBox, like you have, and it is no longer a closed system, then they have no lever to force you to buy new content that they profit from.

Hey! no one have been twisting their arm to adopt such a hare-brained business scheme...

Re:Why?

[RoadDoggFL]

Yes they have, all the PC gamers with their imaginary "prick-waving" (quotes to avoid "imaginary prick" comments) contests. Console manufacturers (don't know if it started with Sony) realized that they could afford to take a hit on intital unit sales and recover that through software sales in order to make their hardware compare more favorably to current PC setups. The strategy just stuck (Nintendo's a notable exception, I believe).

Re:Why?

[Metal_Demon]

Yes they have, all the PC gamers with their imaginary "prick...

Imaginary prick? Everybody knows girls don't play PC games.

Re:Why?

[bluephone]

No, they don't sell it for a huge loss, but they're still sold for a marginal loss that is recouped on game sales. Even if they sold it AT cost, that's still zero profit, which amounts to a loss when you add incustomer service and warranty repairs. No business sells products at zero cost with no chance of making a profit. The fact remains that the profit is in the after-market, post purchase of the initial unit. They have zero incentive to let you just buy a unit and do anything you like with it, and plenty of incentive to force you into their company store.

Besides, look at all you get in the extra-$100 bundle, way more than $100 worth of kit over the base model. They make money of Live subs, gane sales, extra addons, etc. Even the original NES made Nintendo's riches with game sales, not unit sales.

Re:Why?

[einhverfr]

...Because they are OBVIOUSLY marketing this thing to you.

Maybe they are. Maybe they think that all these people who spend so much time and energy trying to hack the hardware will go buy an XBox360 for the sheer challenge of it (and probably buy enough games to make it worth it to MS).

Then again, the moon could be a giant Russian Teacake.....

hack-proof != difficult to hack

[lysander]

Article: Microsoft plans to make its next generation games console, the Xbox 360, as difficult as possible to hack
Headline: Microsoft Aims for Hack-Proof 360

I would like to think that slashdot would be a place where people (e.g. editors) would know the difference between these two statements.

Re:hack-proof != difficult to hack

[Remillard]

You're new here, aren't you? ;-)

Re:hack-proof != difficult to hack

[jkmiecik]

You must be new here. Stop buying low UIDs off eBay!

Re:hack-proof != difficult to hack

[tgd]

You clearly missed who the editor was who posted it.

Re:hack-proof != difficult to hack

[Sans+Virtue]

'Aims for' != 'is' I would like to think that slashdot would be a place where people (e.g. posters) would know the difference between these two statements. Yes, I'm new here.

Re:hack-proof != difficult to hack

[VividU]

"I would like to think that slashdot would be a place where people (e.g. editors) would know the difference between these two statements."

Ha-Ha, thats a good one. Slashdot is good for lots of things but journalistic integrity ain't one of 'em.

Re:hack-proof != difficult to hack

[einhverfr]

Depends on what "is" means ;-)

As a wise man once said to me :

[LePrince]

"If something was done by a man, another man can undo it". Still holds true, IMHO.

Re:As a wise man once said to me :

[loopback_127001]

Ok. I'm going to burn down the Sistine Chapel.

undo it.

Re:As a wise man once said to me :

[Xarius]

So if I, say, cremate someone, who's the man that can undo this?

Just a though. ;)

Re:As a wise man once said to me :

any man can undo it...but it also requires a woman...and it won't really be undoing so much as replacing

Re:As a wise man once said to me :

So if I, say, cremate someone, who's the man that can undo this?

Hallowed are the Ori.

Re:As a wise man once said to me :

Good luck, it's fire-proof :)

Re:As a wise man once said to me :

[LePrince]

You didn't CREATE anything. My quote wasn't accurate; he said "Whatever a man CREATE, another man can crack it".

Good or bad for sales?

[dividedsky319]

One of the things the Xbox had going for it was that it was easy to mod...

If this does have an effect on sales, it can be looked at in a few ways.

1 - It will result in less sales of hardware. Bad becuase the user base will be less, so less software will be sold.
2 - Modders probably won't buy software anyway... they'll buy the hardware, then pirate games and use the hardware to suit their own needs... And since Microsoft will most likely be losing money for every console sold, they won't make ANY money off of these users.

Hmm, I wonder which would apply more in this situation... I'd say more of #1, because I imagine the majority of modders still purchase most of their games and use the mods to add more functionality to the hardware.

Oh, and let me just add a #3 - Who cares what they say, becuase it's pretty much guaranteed it won't be truly "hack-proof" anyway.

Really, the only way to make it "hack-proof" is to use propriatary media... like the Gamecube did. I believe the GC was eventually hacked, but since it used media that wasn't widespread and easily available, modding didn't run rampant for the system.

Re:Good or bad for sales?

[wandazulu]

IIRC, the only way anybody hacked the GC was through the network port and a copy of Phantasy Star Online...I believe the server was sending actual code to execute, not just data, and a bit of intercepting allowed for some memory mangling that allowed for custom stuff, but the only custom stuff I've heard about was Linux, and it had to be loaded via the network port as well. I don't believe there's a custom disc out there at all.

Re:Good or bad for sales?

[pjl5602]

Actually, there are mod chips out for the GC now...

Re:Good or bad for sales?

[ivan256]

I believe the GC was eventually hacked, but since it used media that wasn't widespread and easily available, modding didn't run rampant for the system.

It's so incredibly easy to add a switch to the Gamecube to allow it to play games from other regions that there was no good reason to make a Gamecube mod-chip.

If hardware manufactures didn't use their copy protection hardware to grant them far more rights than copyright law allows, far fewer people would feel the need to modify their hardware. You want to prevent piracy? Go ahead. You want to prevent people from using a device they bought and own in whatever reasonable way they see fit? Your box is going to get hacked.

Re:Good or bad for sales?

[dividedsky319]

It's so incredibly easy to add a switch to the Gamecube to allow it to play games from other regions that there was no good reason to make a Gamecube mod-chip.

Well, I think we're probably talking about different things... you're talking about playing imports, which, like you said, was easily done for the GC. But I'm sure the majority of people using mod chips are doing so so they can download and burn games... which never really happened for GC like it did with other systems.

Re:Good or bad for sales?

[ivan256]

But I'm sure the majority of people using mod chips are doing so so they can download and burn games...

I'm not convinced of this. There are very few people out there who seriously persue video game piracy on consoles. From what I've seen most people try it out for the geek factor and then don't do much with it. Similarly, you don't really need to mod your Xbox to play pirated games on it. The mod chip was more for using the box as a media center, or other unusual hacks. Everybody I know with a modded PS2 uses it for imports and has few, if any, pirated games. It probably wouldn't have been very difficult to attach some more standard reader to the Gamecube. If somebody wanted it badly enough, it would have happened. Look what effort people went through with the zip-drive for the N64.

If the demand for mod-chips was driven by piracy like you say, I think the Gamecube would have been hacked much more than it was.

Re:Good or bad for sales?

"There are very few people out there who seriously persue video game piracy on consoles."

Uh, I have a pretty good collection of dreamcast CD-Rs and GBA ROMs (with a flash cart). I have a cube too, but no pirated games.

People will pirate games if it's easy and worth doing - i.e. getting games ahead of the European launch for GBA and games unavailable on ebay for the DC (I got it after Sega stopped supporting it).
If I could trivially pirate, say, Fire Emblem or Geist for my cube I would have done it, and, to be honest, the standard for me actually buying a game after I've pirated it is rather higher than games I've never played. So I guess it does have an economic impact on the industry, but it probably results in more cash for the best game houses.

Re:Good or bad for sales?

[blackicye]

"I believe the GC was eventually hacked, but since it used media that wasn't widespread and easily available, modding didn't run rampant for the system."

It was hacked and mod chips are available for the Gamecube.

Also in order to use regular DVD-R media on your modded GC, all you have to do is take off the top half of it, or switch to one of the replacement casings that will sit a regular sized DVD.

Real security

[steveo777]

The first, most obvious measure is price. If people can't afford one, they certainly can't hack one.

The kernel software will, of course, be protected with poor coding that is nigh impossible to navigate.

The box will be made out of the rare metal Adamantium infused with trace particles of kryptonite. Virtully unbreakable, and protected against any Kryptonian hackers.

But the most important security measure of all: Microsoft plans on installing at least half a dozen starving, crazed weasels that will attack anyone who succeeds in opening their boxes.

Re:Real security

[Pig+Hogger]

But the most important security measure of all: Microsoft plans on installing at least half a dozen starving, crazed weasels that will attack anyone who succeeds in opening their boxes.

American Society for the Prevention of Cruelty to Lawyers on line#3 and Weasel Anti-Defamation League on line #2.

Re:Real security

[Jerf]

Microsoft plans on installing at least half a dozen starving, crazed weasels that will attack anyone who succeeds in opening their boxes.

Ah, Weird Al Rights Management. However, I think only 360s shipped to Albuquerque will have this "feature".

If I do manage to hack the 360, will I be stuck in a closet with Vanna White, night after night after night after night?

Re:Real security

[geminidomino]

American Society for the Prevention of Cruelty to Lawyers...

Ok, that's where you lost me.

I think people underestimate the challenge

[EnglishTim]

There seems to be this attitude that a crack will inevitably come out fairly quickly.

I don't think that's the case.

I think many slashdotters are overly confident just because the original Xbox got hacked and we've manage to hack CSS, but you've got to remember a couple of things: Firstly, the original Xbox was the first hardware of that type that Microsoft had created. They put in some protection but it wasn't good enough. I'm sure they have learnt from their mistakes and it will be considerably more difficult to crack this time around. Secondly, with CSS it took quite a long time to get a crack and that was due (IIRC) to a CSS licensor screwing up and leaving the key unprotected in the firmware.

Now, it's possible that Microsoft have screwed up again, but it's by no means a sure thing.

Re:I think people underestimate the challenge

[NotWorkSafe]

I've always thought that the only sure about MS was that they always screw up.

Re:I think people underestimate the challenge

[kisrael]

You make a decent point.

It wasn't as tempting a target for hackers I guess, but Atari put some checksum encryption in the Atari 7800 that, in effect, stymied 3rd party/homebrew cart makers for YEARS. I think they finally got a handle on it, but still. Smart people are making the security, and while they have tremendous obstacles, they might not always bat .000 like people assume.

A more recent example...all those people who like homebrews so they have to be petrified of getting their PSP updated to > 1.5 whatever...

Re:I think people underestimate the challenge

[arkanes]

It's not just overconfidence, it's basic information theory. All the components for cracking the XBox are present in the XBox itself.

CSS was broken very quickly by extracting a valid key from a player. Note that this is not a "cheat" - this is a fundamental hole in this sort of DRM. The key is and must be present to play the DVD, and with the key present it can be extracted.

However, DeCSS does not rely on extracting a key - it's an algorithmic attack on CSS itself.

Re:I think people underestimate the challenge

[tolan-b]

To my knowledge every major console ever released has been cracked. What makes this one so different?

Re:I think people underestimate the challenge

[Have+Blue]

True, but its development was made very much easier by the knowledge of the valid key. The Xbox was also cracked by sidestepping the protection method instead of directly breaking it- a flaw was found in the code that implemented the checksum.

And besides, even if a method is found for compromising the 360, if it's sufficiently more difficult to perform than modding a current-generation console (i.e. if you can't just drop a modchip in the box or take it to the corner electronics store and pay $50 labor) then cracked 360s will be very rare.

Re:I think people underestimate the challenge

[Lehk228]

the 360 wil suck so hard nobody wants to crack it.

*runs away as hoards of xbots attack*

Re:I think people underestimate the challenge

[Flunitrazepam]

Extremely good point. Remember the write up on the XBOX 1 hack posted here a few weeks ago? It seemed to me hacking it to run homemade code was not trivial at all, and the over all impression I got was that Microsoft was fairly close to 'unhackable' with their chain of trust.

I'm actually very surprised to read that they acknowledge months before the system is even launched that it will probably be hacked. The bit about 'what hacks one system may not hack another' is especially thought provoking.

Re:I think people underestimate the challenge

[Troed]

the over all impression I got was that Microsoft was fairly close to 'unhackable' with their chain of trust.

True. If Microsoft hadn't released the v1.0 security system bunnie hacked we probably wouldn't have been able to hack v1.1 since we used a lot of knowledge gained from 1.0 in doing so. One of those things was used to get hold of the code for the hash algorithm. Without that we wouldn't have known it was TEA and thus flawed for hashing.

The Gamecube was only hacked since tmbinc found an extreme implementation flaw. A single "clear register" in their loop would've made the Gamecube unhacked up until this day, in my view.

The reason it's possible to make an "unhackable" console is that they can use hardware security, i.e, "if you cannot extract the key from our little chip here, you're not going to run code on our hardware".

That's secure enough.

Re:I think people underestimate the challenge

[swillden]

DeCSS does not rely on extracting a key - it's an algorithmic attack on CSS itself.

Actually, to be precise, DeCSS is just a reverse-engineered implementation of the decryption algorithm, and must be provided with the correct key. libdvdcss, the open source library widely used to decrypt DVDs, includes not only another (improved) implementation of the decryption algorithm, but also an algorithm that performs a very efficient ciphertext-only attack on a CSS-encrypted DVD title.

DVDJon's original DVD work involved reverse engineering the encryption and decryption algorithms, and extracting a player key from the Zing software DVD player (the player key is used by "legitimate" players to recover the disk key, which is used to recover the title keys, which are used to decrypt the data). Only later was CSS cryptanalyzed and found to be so weak that it's actually more convenient to simply break the title encryption directly rather than ship a player key with libdvdcss.

Re:I think people underestimate the challenge

[einTier]

I used to think everything was crackable. And, to a certain extent, I still believe that, though I realize now that not everything will be hacked.

DirecTV had their orginal F cards hacked, then their H cards, then their HU cards. And that's as far as it went. The new P4 and P5 cards are still encrypted and secure. In my mind, it shouldn't be all that hard to intercept calls through the box and figure out how to write to the card -- but then again, more talented hackers than me have tried and failed, so what do I know?

The second generation of secure big-dish satellite recievers is yet to be hacked as well, despite the fact that it's been over a decade and the first generation boxes were hacked nine ways to Sunday.

Re:I think people underestimate the challenge

[SharpFang]

Well, theoretically true, the door to the safe are locked, you can't forge the key and the only key is in manager's pocket.
You still don't count that the manager can be pickpocketed. Someone hacks into MS network, steals the original key used to sign original games, and all you have to do to run your own app is to sign it with the key you've downloaded from the net. There's no way they could allow for new games to show up and work on the console without having some way to sign them - and if you can lay your hands on their signature system (pickpocket the manager), you're in.

Re:I think people underestimate the challenge

[Troed]

Black box systems generate the key internally, and they can only be used for signing - you cannot extract the key.

Re:I think people underestimate the challenge

[KillShill]

actually the hardware is very sound from a technical perspective. 3 cpus with 3 altiVEC units and a real next gen video processor (the rsx in the ps3 is based entirely on the current 7 series geforece).

both ps3 and 360 have their pros and cons. overall they're about equal.

and eventually, the revolution might end up a major player, simply due to the fact it's much cheaper to make, therefore selling more units.

now if they'd stop being bitches and let people have full access to the chips, then more people would consider buying them. they may even buy a few games while they're enjoying their new workhorse home entertainment devices.

Re:I think people underestimate the challenge

[KillShill]

it requires more sophisticated hardware analysis tools and perhaps revised algorithmic attack vectors.

clearly, they've changed the way it works enough that previous avenues for revealing the mechanism will not work.

try something totally new.

DRM is the most flawed cryptology around for the simple reason that it must be viewable by all people who purchase it. and because of that, it must be on the hardware and software in possession of the customer.

hardware is a lot tougher to crack than software simply because the tools required are more often than not, not able to be acquired by the hackers.

but the difference here is that your hardware which a "console" (read computer) is, has far more uses than trying to "crack" satellite to get free service.

if you can hack a "console", then the person who bought that device, can have full access to their personal property. that's simply not the way it is with satellite access.

all those processors in the "console" can then be put to use to do things like being a MYTH tv box, a node in a render cluster, a home theater silent media center, etc.

they are DENYING the customers their lawful property. to hide behind "well that's not what we're selling" BS. they spend considerable time and money preventing people from having full access to property they purchase.

it's a smokescreen, a red herring if you will. there are other ways to prevent copyright infringement. because the real issue, like it is with the RIAA and the MPAA is not infringement, that's small potatoes. the real reason is for control and having the leverage for other avenues for extorting money.

like when people have cell phones that they cannot upload and download ringtones, pictures etc without having to ask permission from the provider and paying an extortionist fee. i can see where they can block you if you are renting or leasing a phone but not when you buy it outright.

but as you know, they deceive and defraud customers because they don't mention that these consoles are rented or leased with a one time fee. people, virtually 99.9%, including techies assume incorrectly that it's a sale.

there is no "hack" in the sense the public understands. people are just trying to get back what the manufacturers are denying them. they use the law to screw over people and that makes the situation even worse.

it's not "homebrew", call it arbitrary code execution. execution which is legally owed to you by the manufacturers who go out of their way to deny you.

Re:I think people underestimate the challenge

[KillShill]

"their" hardware is sitting in the customer's living room. after having purchased the device in question from a store.

i wonder how they define the word "commerce".

and since it's not a rental or lease but an outright purchase... they don't have any legal legs to stand on. i mean the kind of legality we had before D.C. became lobbyistville.

find another way to prevent copyright infringement of games. if you deny customers their hardware, then infact the manufacturers are the thieves, in the real sense of the word.

Re:I think people underestimate the challenge

[Troed]

Sorry, no. The black box containing the private signing key never leaves the safe where Microsoft put it. The hardware in your living room only contains the public verification key. You can extract interesting stuff from the console itself, but you can never find the actual signing key itself.

Re:I think people underestimate the challenge

[SharpFang]

Then you can extract the whole system.

Re:I think people underestimate the challenge

[Troed]

... seriously. Study before you post. No, it's not that easy.

Re:I think people underestimate the challenge

[MrLint]

I dont recall any news about a crack for the game cube

Re:I think people underestimate the challenge

[tolan-b]

It was, kinda. The different disk format means that you have to stream across ethernet instead of running off the mini-dvd thing.

Re:I think people underestimate the challenge

[MrLint]

freeow, thats hardly worth doing

Working Definition

A lawyer friend once told me that the working definition of "waterproof" was not that something was impervious to water, but that when something was damaged by water the manufacturer was obliged to replace it.

Maybe what Microsoft is saying is that when your Xbox 360 becomes a DDOSing zombie, they will replace it for free*.

*postage paid by end user. Please include a stamped, self-addressed return box. 350 dollar processing fee required. Void in New York, California, and anywhere else those linux loving hippies live.

Re:Working Definition

[Pig+Hogger]

*postage paid by end user. Please include a stamped, self-addressed return box. 350 dollar processing fee required. Void in New York, California, and anywhere else those linux loving hippies live.

Lame. I thought that Microsost would have a more potent disclaimer...

Re:Working Definition

[HTH+NE1]

A lawyer friend once told me that the working definition of "waterproof" was not that something was impervious to water, but that when something was damaged by water the manufacturer was obliged to replace it.

As compared to "bulletproof" where when you die from a bullet penetrating it the manufacturer is obliged to resurrect or reincarnate you at their choice(*).

(*) Some states or other jurisdictions do not allow the substitution of reincarnation for resurrection, so the above vendor option of substitution may not apply to you.

They tend to call them "bullet resistant" rather than "bulletproof" these days due to the difficulty of enforcing those terms.

Microsoft needs a history lesson

[DaFork]

Remember the Oracle 9i "Unbreakable" campaign?

A few months after Oracle 9i was released the hacker community has a dozen or so exploits.

Re:Microsoft needs a history lesson

[DaFork]

Who modded this Offtopic?

Obviously, you don't remember that the Oracle "Unbreakable" campaign was Oracle publicly saying that Oracle 9i was hack proof.

Moron.

I believe it...

[MagicDude]

Microsoft is going to make a hack proof product, I totally believe that. Now if you'll excuse me, I'm going to go pick up my new Hummer. The salesman told me they get 40 miles to the gallon now.

Re:I believe it...

No No, I said said gallons per mile....but it now tops out at Mach 6 .... or was that Warp factor 9?

Explain this to me

[MisterMurphy]

"I'm sure sooner or later someone will work out how to circumvent security. But the way we have done the design doesn't mean that it will work on somebody else's machine."

Doesn't this suggest that the hardware in the systems won't be universal? Isn't it completely mental to have the internal guts of the console differ from unit to unit? Am I misreading this quote?

Re:Explain this to me

[Detritus]

I suspect that it means they will use a locally generated private key to protect vulnerable information. Each box would have a unique key, so cracking one wouldn't compromise them all.

Re:Explain this to me

[sinner6]

But if that were true a hacker would just have to bypass the key mechanism. Thus a bypass would allow all XBox 360 to be compromise. I suspect the PR guy was just blowing wind, misspoke, or just doesn't understand the security measures.

Re:Explain this to me

[SharpFang]

Not necessarily. Run the motherboard project through autorouter 10 times, changing "forbidden" zones each time, so you have 10 XBoxes that are just the same machine in 10 different layouts, making it impossible to use a single, unique modchip (it just won't fit everywhere), making them need to include 10 different modding manuals instead of one, and finally instead of buying 1-2 XBoxes to develop the hack, they would have to buy about 50 (so they get at least one of each kind...), $14.000 instead of $299...

Like Blueray

Wonder if they will do something like blueray and have remote disabling of the machine if you touch it.

Im going to be laughing my ass if someone manages to hack a system like that and disables thousands of Xbox 360s or Playstation 3s.

Hacking never got anyone anywhere, right?

[truthsearch]

Yeah, cause hacking never resulted in the creation of any large software companies... Microsoft thinks there's no way to profit from hobbyists. How was it their company got started again?

Re:Hacking never got anyone anywhere, right?

[papadiablo]

Actually, Microsoft openly admits that it's conceivable for Joe Schmoe working in his garage to put them out of business.

They don't want people hacking the Xbox because if people only buy the Xbox, they don't make money. They make money when people buy the games.

Re:Hacking never got anyone anywhere, right?

[mindstormpt]

The obvious problem is that most modders do it not to run some application but to play pirated games, and nor Microsoft nor the game developers profit from that.

Re:Hacking never got anyone anywhere, right?

[The+Evil+Couch]

I don't know. Most people I know that actually hacked their xbox, as opposed to installing a modchip, use their xbox more as a media center pc than to pirate games.

of course, most of the movies and tv shows they watch are pirate copies, but that's a whole other can of worms.

Re:Hacking never got anyone anywhere, right?

[KillShill]

and since business models are of paramount import to the citizens, they have erected laws that guarantee profitability in perpetuity for businesses once they establish a pattern.

oh, we don't have laws like that? oh you say we're not required to care how they keep making money?

oh you say we have "consumer protection" laws?

Was is the green or red wire?

[vertinox]

"Microsoft plans to make its next generation games console, the Xbox 360, as difficult as possible to hack..."

In a basement in the Midwest...

Hacker1: According to the diagram we are supposed pull the firing pin without shifting it's center of gavity or otherwise the mercury will hit the electrodes on the C4.
Hacker2: Ok. *click* *beep* *beep* *beep* Oh crap! You didn't say anything about a presure plate.
Hacker1: Quick. Cut the wire to the right of the power supply.
Hacker2: Ok. Oh double crap!
Hacker1: What?
Hacker2: There are two wires!
Hacker1: Well just cut one for christ sakes!
Hacker2: Here goes nothing! *clips* *beeping stops* *phew*
Hacker1: Finally... No we put the rom chip here... *xbox starts spewing green smoke*
Hacker2: Oh fark! *coughs* It the posion gas!
Hacker1: *coughs* Does this mean we *coughs* voided the warranty?

Wha? Are they even thinking?

[Rs_Conqueror]

Remember all the buisnesses that were buying Xboxes and turning them into linux servers/clusters back when the first box was hacked? That was money MS wouldn't have gotton otherwise. And people who put linux on servers are likely to keep using linux. So then its really only a matter of who will provide the hardware. So why doesn't microsoft want a piece of the pie?

Re:Wha? Are they even thinking?

Microsoft sells the XBox at a loss hoping to make up for it in the sales of the games, so in fact they were losing money on people like that, genius.

Re:Wha? Are they even thinking?

[RoadDoggFL]

As the above reply stated, Xboxes cost more to manufacture and distribute (I'm assuming that's factored into the "sold at a loss" claim) than they're sold for. So every Xbox bought up by "all the buisnesses that were buying Xboxes and turning them into linux servers/clusters back when the first box was hacked" had to be replaced on the shelves by another Xbox that cost more than MS made from it,

Why on earth doesn't Microsoft want a "piece of the pie"?

Re:Wha? Are they even thinking?

I think you confused a slashdot post with some form or reality. No businesses were running linux clusters on xboxes.

Nothing is ever secure

[segra]

Even if you deadlock all the doors to your house from the inside, you can always smash a window. You can also put bars on the windows, which can always be sawn off...

Re:Nothing is ever secure

[vertinox]

Even if you deadlock all the doors to your house from the inside, you can always smash a window. You can also put bars on the windows, which can always be sawn off...

Although, there comes a point where it might be a tad easier to wait in the bushes and jump them when they've just unlocked the house door to get the newspaper.

Re:Nothing is ever secure

...and bend over to pick it up.

see XBOX 007 exploit allowing for Linux on unmodded xbox

Live

[Taulin]

Since Live is a way for them to determine if the box is hacked, and you can't play hacked games on Live, they should just go ahead and make Live free. It is so cheap already, it would definatly increase sales if people could play on the internet out of the box. They could then save money on R&D for researching hack-proofs that as everyone know will get crached anyways.

Re:Live

Basic, somewhat crippled Live! is free for 360...

what they really mean is...

[advocate_one]

they can't guarantee the 512 byte bootloader will be free of bugs... so they're hoping and praying that the super duper hardware is so obfuscated with a seriously weird state machine that no-one... even them, can figure how on earth it ever works...

can't be done.

[Ruis]

My boss learned a long time ago that the fastest way to get a hacker to do something is to tell them that it can't be done.

a flaw in your logic

[Blaaguuu]

afaik, the Xbox 360 and PS3 will cost more to manufacture than the sale price... this meaning each Xbox 360 sale is more of an "investment" by microsoft, hoping that the average customer will over the life of the 360 buy enough games to make up for the difference. so each of those 360 sales that would be made by hackers, that have no intention of buying games, would actually be costing MS money... so it makes sense that they wouldnt want these people buying their system.

Re:a flaw in your logic

[dividedsky319]

Well, that's not exactly a flaw in my logic... that was my #2 point.

2 - Modders probably won't buy software anyway... they'll buy the hardware, then pirate games and use the hardware to suit their own needs... And since Microsoft will most likely be losing money for every console sold, they won't make ANY money off of these users.

Embedded in this was the fact that they lose money on the hardware, but make money on the software.

That reminds me of a joke from a bad movie

[captaincucumber]

what's the difference between a light bulb and a pregnant woman?

You can unscrew a lightbulb.

Not everything can be undone.

So I guess the question is, will the XBOX 360 be more like a lightbulb or a pregnant woman?

Re:That reminds me of a joke from a bad movie

[DohnJoe]

ah, but a doctor can do an abortion, so technically it can be undone.

Re:That reminds me of a joke from a bad movie

[Sancho]

You must be Catholic.

How hack proof does it need to be?

[rev0102]

If a few dedicated people are able to hack/mod their new XBox 360s, I seriously doubt microsoft will be bothered. The question is, Will any monkey with a soldering iron be able to mod their new console and run homebrew software and pirated games? Having just finished my first xbox mod, I have to say it was staggeringly easy: Solder these pins and these wires here, here, and here. Replace hard drive. Done. I would not have attempted it if it had meant, say, soldering a dozen or so additional wires, desoldering and replacing a chip or two, and maybe dremeling out a section of the case. All they have to do is make sure that the system is difficult and/or expensive to mod so that only the dedicated few are really doing it.

Microsoft is Retarded (tm)

[jo42]

If Microsoft had half a brain between all of their marketing droids, they would make it easy to do stuff to/on the X-thing round circle. They should be selling development tools to anyone with $99.

Would beat the living jeepers out of the competition in this market.

MBA mental maroon idjits.

Hack away ...

[45gramsOfPlastic]

... frankly my dear, i don't give a damn. I'll by the PS3 and the games i want to play. As i have done with the PS2 and the PS.

Re:Hack away ...

[tepples]

I'll by the PS3 and the games i want to play.

What happens when the title you want is not available on any Sony, Microsoft, or Nintendo console because the sequel-oriented major publishers refused to pick it up from the independent developer?

Re:Hack away ...

[KillShill]

hehe

it always makes me laugh to see fanatic adolescent males say things like that.

the cell was engineered from the ground up for DRM and Insidious Computing.

in fact, it might be that the xbox360 is far easier to hack than the ps3.

in either case, both are DRMed up the wazoo.

and don't forget nintendo. they've been DRMing one way or another since the original nes.

Re:Hack away ...

[Saige]

How are you going to afford games after buying the PS3? Kutaragi's already bragged about how people are going to have to work extra hours just to afford the thing... you'll probably have to sell an organ to actually get games for the thing after spending your life savings on the console...

about as hackproof

[834r9394557r011]

as their windows updater security buisness.

Congratulations

[Walker_Boh_Druid]

Congratulations Microsoft! You just made yourself the target of every console hacker on the planet.

One-time costs

[tepples]

They intend to profit, or at least take no loss, on the console sales.

Game consoles nowadays are not sold significantly below marginal cost, though they may be sold below average cost. Remember that the first unit costs several hundred million dollars to make, taking into account research and development and marketing.

$50 development tool for XPox

[tepples]

They should be selling development tools to anyone with $99.

Microsoft plans to sell a $50 "express edition" of its proprietary Visual C++ compiler in conjunction with an effort to raise awareness of Windows gaming, reversing the burial of Windows gaming under the Xbox marketing blitz.

This is brilliant!

[LordOfYourPants]

I am looking forward to this so much! I'm sure the price of games will only be $20-30 since piracy has been blamed in the past for high game prices.

Since it's hackerproof, I'm sure they can put their money where their mouth is.

It's already too late

http://www.joystiq.com/entry/1234000013056275/

Maybe they hired Dan Bernstein to write....

[einhverfr]

the security software....

Or maybe they are just blowing hot air.

Sounds like Sega

Anyone remember the dreamcast? What ungodly ammount did sega spend on anti-piracy measures? somewhere along the lines of a million, right? They wern't even using a standard cdrom and the protection still got broken, i mean we could boot games with no modchip and no boot disc. The gamecube said fuck standards, and wrote to the disc backwards, still a method was found and we were STREAMING games from our PC to the gamcube!!!! No matter who you are, you gotta admit, that's ingenious. No matter what anyone does, short of coating the system with herpes or something, it's gonna get broken. It may take some time, but it'll happen. I don't understand this need to have to spend so much on protection that they even know is gonna be broken. If they just make it so you NEED a modchip to play copied/homebrew, you've already eliminated mass piracy, i'm sure we all know people with an xbox or ps2 that just don't want to mod it.