Slashdot Mirror
Free60 Project Aims for Linux on Xbox 360
BlueMoon writes "The Free60 Project wiki and developers mailinglist has been launched. The project aims to port open source operating systems like GNU/Linux and Darwin to the Microsoft Xbox 360 gaming console.
The site already contains some interesting details about the Xbox 360 security: per-box key stored on CPU, boot ROM will be on CPU too and a hypervisor verifies the running state of the kernel."
To cracking the Trusted Computing hardware.
"If any question why we died, Tell them because our fathers lied."
I mean seriously ... why not put Linux on the XBox? If there are some hackers out there that get their rocks off porting Linux to everything from new architectures to dead badgers, then more power to them if they want to tackle the X360, too.
And IMO it'd be pretty damn cool to have 1) the power and 2) the form-factor in a general-purpose box.
Who doesn't like free music?
microsoft don't care if you run linux on the xbox. they wont loose that much money. (i know that currently they loose a bit on each xbox they sell, but the more they sell, the more they can push manufacturing costs down).
.gov. then they have no competitors.
when 360.0 is cracked, they'll learn how it was done, and make 360.1 more secure. same when people crack 360.1 etc. all the xbox linux code will be open source so they can have a good look at the methods used.
this is all good practice for them so that oneday they'll be able to make a computer that will only run windows and signed code. then they'll claim that anyone not using their secure platform must be a hacker or software/music pirate. then they lobby the
Electrically programmable fuses make this very simple - when the part is tested at wafer/multiprobe, you simply blow in the ID when you are blowing in all your repair solutions - I can guarantee IBM is blowing an ID into the parts anyway for general yield/return tracking purposes.
This ID can probably be accessed through the JTAG port, or accessed internally - the data is going to be in a certain format (Lot #, wafer #, x coord, y coord, or something similar) that would be easy to verify...
You could also make it so reading the id from one place and writing it to another was part of the reset sequence on the chip...
WRT getting the serialid out of the processor, you should be able to read it out through a simple JTAG instruction
I think it's a worthy cause to have an open source operating system working on every piece of equipment that is capable of it. Plenty of reasons it might come in handy some day (post-apocolyptic being the most entertaining one to think about)... Of course, the 360 also happens to have a fair amount of horsepower for the price (for now)...
That's doubletalk for "you must use MS ______ to view this content".
What changed under Obama? Nothing Good
It would be pretty cool if Linux worked on a 360 but please remind me again why people are trying to make it so? Aren't there enough projects crying out for some decent developer input already? Maybe I am just getting old and grumpy but this seems like a terrible waste of time that could be used to great benefit.
I consider this the logical equivalent of the question, "Couldn't they be working on a cure for cancer instead?" I cannot abide this sort of arrogant stupidity.
1) All programmers/scientists/etc. are not equivalent. Life is not some computer strategy game. You can't just wave your mouse around, pull a person off one project, put them on another, and expect the same level of productivity. Maybe the Xbox 360 project will attract people with good hardware hacking skills that aren't really applicable on anything you care about.
2) What interests you may or may not interest people of technical aptitude. Sure, a cure for cancer would be really great, but not everyone is interested in whatever field of research will finally result in it. Some people might be more interested in entomology than oncology, and some people might be more interested in getting a cheap, powerful Linux home entertainment computer than whatever makes you happy. Your desires are not everyone else's desires.
3) What doesn't interest you isn't necessarily useless. An Xbox is a very powerful multi-processor system perfect for hooking up to a home entertainment system and well suited for light distributed processing tasks. It's also fantastically cheap for what it's capable of. There are numerous potential uses for it.
4) Not everything has to be useful to be worth doing. Surprise, surprise -- the people working on this might be doing it for fun! Even if it didn't have a lot of utility, that doesn't mean it isn't worth doing if it brings someone enjoyment to do it.
In short, stuff it. You're not the dictator of the world, so quit discouraging people from pursuing interests that you don't share.
</frothing at the mouth>
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
There is no absolutely unhackable security model. Even if there is absolutely no bugs in XBOXs software (which I find highly unlikely - this is Microsoft we're talking here), you can always modify the hardware until the code you want to pass passes. Simply replace every single part if nothing else helps.
The real questions are: is there a hack that requires so little effort from the part of the user that it is worth the trouble, and if so, how long until it is discovered ?
Forget magic. Any technology distinguishable from divine power is insufficiently advanced.
You're missing the point here - this is supposedly a Trusted Computing architecture. The locks on this are not something as trivial as a serial number that is hard to track down. The core has a cryptographic component that provides for hardware based key management and secure crypto functions. That module will never export its unique private key(s) because the hardware design doesn't provide any instructions that allow that to happen. Good luck attacking it that way, it might be possible if they stuffed up the design but I doubt it.
Furthermore if it follows the MS TC model then the CPU's crypto store will also have MS X-Box boot and app signing Root certs. All code, especially the boot process will have to be signed by something that will pass a check against those Root Certs. At a guess I'd say they have more than one of each type and they can be revoked via firmware (ie over XBox live, or via code distributed in games) just in case their primary leaks. Finding buffer overflows or figuring out how to code the instructions for an alternative boot firmware wont help unless you can figure out how to sign the code you feed into CPU. If the hardware design is properly secure then that will require breaking a strong crypto system equivalent to that used in X.509 certs in order to compromise those MS owned signing keys. This is a much much harder problem than compromising the original X-Box (which only used software based crypto so it could be subverted by replacing the boot code) or the PSP (which seems to rely on no secure execution model at all). MS certainly know how this should be done, the question is did they actually try to do it and if so did they succeed. That is the main reason I'm interested in this X-Box 360 hacking attempt, it's success will show how serious MS actually are about extreme DRM.
My guess on that is that the answer is very interested indeed, if they can successfully implement a popular consumer device with a hard TC architecture then there are a lot of people out there who will want them to share it with them - the Cellular Telco's in particular love this stuff and will happily get into bed with MS if they can sell them a proven TC architecture that is resistant to attack.
I don't see why there isn't a lot more enthusiasm behind this project, only 100 posts so far, and hald of them saying why hacking the X-box 360 isn't that important. I thought this site is for nerds, the type of people who would love to get there hands dirty with this type of stuff. How can there be so much exitment about the x-boxs release, not as much exitment about greatly expanding what you can do with your X-box. First off, this allows gamers a much, much larger variety of games... I might end up playing Frespace to this thing. Anything you would be able to do with a PC you could do with an X-box 360 if linux is ported to it. I intend for my next PC to be an X-box 360, microsoft gets the hardware at a reduced cost, and that reduced cost is not only carried over onto you, but is improved upon, microsoft loses $130 for each xbox sold. This is no minimalistic PC, it's much better than my current one. When the security is cracked for linux, it won't be long until mac os X or any of the BSDs are ported to. Plus, it only runs $300 for a base unit. Alright anough dealing with these non-nerds, why aren't you linux experts hacking away at this thing? Think of the boon in linux developers when all these computer users get a taste of linux, because it will so vastly improves there console. Whos' going to care about the X-box when the PS3 comes? The faster it is ported, the more people who will be exposed to Linux, and end up developing it and making it better. Plus, the sooner I get my PC. How can you turn down this challenge? I wish they would have another one of those contests, were that guy got $100,000 for getting linux on the first x-box without a hardware change.
Those that have a system with the HD and intend to keep it standing vertically, may want to think twice about that.
It was very easy for me to kill a devkit as it fell laterally while the console was on.
I can't imagine the retail system being less sensitive to that, as it's only normal for an HD to get damaged that way.
The problem is that the thing is meant to stand up, but it's light and it doesn't have a wide base.
Watch out.
"La presi e te la pagai (480.000 Lire)"
Parent poster implies a very important point. No security model needs to be perfect. It just needs to be good enough that it isn't worth screwing up whatever the security model is there to protect.
If it takes 50 solder points and a week of effort, 99.9% of your users won't modify their consoles and your software sales won't be negatively impacted. If it takes a complete code re-write then finding a hash collision to get a modified console online, nobody will do it. Heck, Nintendo found that adding 2 little plastic tabs to the SNES was sufficient to greatly reduce the scope of the import market.
Security is about dissuading people from doing things, not preventing them.
The ______ Agenda
As long as these things play games online the possibility exists of a buffer overflow there as well.
I know games programmers, and while many are competent, they rarely care/have time to audit their code for security bugs.
I rarely criticize things I don't care about.
Once you get into hardware probably very few people will attempt it. Too risky.
I don't know what circles you travel in, but I don't know *anyone* who owns an Xbox that is not modded, and that is out of about 20 to 30 Xbox owners.
The benefits of modding (namely, XBMC and the ability to play backups) are just too great to *not* do it.
It will be the same for the 360 - a hardware mod chip will be out in a matter of weeks, and everyone and their dog will have one.
After that, rename your Xbox to "Ship of Theseus".
The real danger is that the 360 represents some of the first real shooting in the DRM wars: a large-scale deployment of hard-wired cryptographic restrictions with the sole purpose of locking consumers out of their own property. Running Linux on this hardware is just a fun side effect of the very important and immediate need to defeat trusted computing and digital restrictions technology -- and to defeat it soundly and rapidly.