Slashdot Mirror

← Back to Stories (view on slashdot.org)

Free60 Project Aims for Linux on Xbox 360

Posted by CmdrTaco on from the a-laudable-goal dept.

BlueMoon writes "The Free60 Project wiki and developers mailinglist has been launched. The project aims to port open source operating systems like GNU/Linux and Darwin to the Microsoft Xbox 360 gaming console. The site already contains some interesting details about the Xbox 360 security: per-box key stored on CPU, boot ROM will be on CPU too and a hypervisor verifies the running state of the kernel."

8 of 511 comments (clear)

  1. Sounds like a good warm up by koan · · Score: 5, Insightful

    To cracking the Trusted Computing hardware.

    --
    "If any question why we died, Tell them because our fathers lied."
  2. Re:Erm why? by oneiron · · Score: 5, Insightful

    I think it's a worthy cause to have an open source operating system working on every piece of equipment that is capable of it. Plenty of reasons it might come in handy some day (post-apocolyptic being the most entertaining one to think about)... Of course, the 360 also happens to have a fair amount of horsepower for the price (for now)...

  3. Ooo! Ooo! And a cure for cancer too! by Valdrax · · Score: 5, Insightful

    It would be pretty cool if Linux worked on a 360 but please remind me again why people are trying to make it so? Aren't there enough projects crying out for some decent developer input already? Maybe I am just getting old and grumpy but this seems like a terrible waste of time that could be used to great benefit.

    I consider this the logical equivalent of the question, "Couldn't they be working on a cure for cancer instead?" I cannot abide this sort of arrogant stupidity.

    1) All programmers/scientists/etc. are not equivalent. Life is not some computer strategy game. You can't just wave your mouse around, pull a person off one project, put them on another, and expect the same level of productivity. Maybe the Xbox 360 project will attract people with good hardware hacking skills that aren't really applicable on anything you care about.

    2) What interests you may or may not interest people of technical aptitude. Sure, a cure for cancer would be really great, but not everyone is interested in whatever field of research will finally result in it. Some people might be more interested in entomology than oncology, and some people might be more interested in getting a cheap, powerful Linux home entertainment computer than whatever makes you happy. Your desires are not everyone else's desires.

    3) What doesn't interest you isn't necessarily useless. An Xbox is a very powerful multi-processor system perfect for hooking up to a home entertainment system and well suited for light distributed processing tasks. It's also fantastically cheap for what it's capable of. There are numerous potential uses for it.

    4) Not everything has to be useful to be worth doing. Surprise, surprise -- the people working on this might be doing it for fun! Even if it didn't have a lot of utility, that doesn't mean it isn't worth doing if it brings someone enjoyment to do it.

    In short, stuff it. You're not the dictator of the world, so quit discouraging people from pursuing interests that you don't share.

    </frothing at the mouth>

    --
    If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
  4. Re:Nice try by ultranova · · Score: 5, Insightful

    The OP made a claim, without posting a shred of evidence, and I asked him/her to back it up. I'm genuinely interested to hear where he (or anyone else) thinks flaws might be in the 360's security model.

    There is no absolutely unhackable security model. Even if there is absolutely no bugs in XBOXs software (which I find highly unlikely - this is Microsoft we're talking here), you can always modify the hardware until the code you want to pass passes. Simply replace every single part if nothing else helps.

    The real questions are: is there a hack that requires so little effort from the part of the user that it is worth the trouble, and if so, how long until it is discovered ?

    --

    Forget magic. Any technology distinguishable from divine power is insufficiently advanced.

  5. Re:Source by Helvick · · Score: 5, Insightful

    You're missing the point here - this is supposedly a Trusted Computing architecture. The locks on this are not something as trivial as a serial number that is hard to track down. The core has a cryptographic component that provides for hardware based key management and secure crypto functions. That module will never export its unique private key(s) because the hardware design doesn't provide any instructions that allow that to happen. Good luck attacking it that way, it might be possible if they stuffed up the design but I doubt it.
    Furthermore if it follows the MS TC model then the CPU's crypto store will also have MS X-Box boot and app signing Root certs. All code, especially the boot process will have to be signed by something that will pass a check against those Root Certs. At a guess I'd say they have more than one of each type and they can be revoked via firmware (ie over XBox live, or via code distributed in games) just in case their primary leaks. Finding buffer overflows or figuring out how to code the instructions for an alternative boot firmware wont help unless you can figure out how to sign the code you feed into CPU. If the hardware design is properly secure then that will require breaking a strong crypto system equivalent to that used in X.509 certs in order to compromise those MS owned signing keys. This is a much much harder problem than compromising the original X-Box (which only used software based crypto so it could be subverted by replacing the boot code) or the PSP (which seems to rely on no secure execution model at all). MS certainly know how this should be done, the question is did they actually try to do it and if so did they succeed. That is the main reason I'm interested in this X-Box 360 hacking attempt, it's success will show how serious MS actually are about extreme DRM.
    My guess on that is that the answer is very interested indeed, if they can successfully implement a popular consumer device with a hard TC architecture then there are a lot of people out there who will want them to share it with them - the Cellular Telco's in particular love this stuff and will happily get into bed with MS if they can sell them a proven TC architecture that is resistant to attack.

  6. Let's get hacking. by Aqws · · Score: 5, Insightful

    I don't see why there isn't a lot more enthusiasm behind this project, only 100 posts so far, and hald of them saying why hacking the X-box 360 isn't that important. I thought this site is for nerds, the type of people who would love to get there hands dirty with this type of stuff. How can there be so much exitment about the x-boxs release, not as much exitment about greatly expanding what you can do with your X-box. First off, this allows gamers a much, much larger variety of games... I might end up playing Frespace to this thing. Anything you would be able to do with a PC you could do with an X-box 360 if linux is ported to it. I intend for my next PC to be an X-box 360, microsoft gets the hardware at a reduced cost, and that reduced cost is not only carried over onto you, but is improved upon, microsoft loses $130 for each xbox sold. This is no minimalistic PC, it's much better than my current one. When the security is cracked for linux, it won't be long until mac os X or any of the BSDs are ported to. Plus, it only runs $300 for a base unit. Alright anough dealing with these non-nerds, why aren't you linux experts hacking away at this thing? Think of the boon in linux developers when all these computer users get a taste of linux, because it will so vastly improves there console. Whos' going to care about the X-box when the PS3 comes? The faster it is ported, the more people who will be exposed to Linux, and end up developing it and making it better. Plus, the sooner I get my PC. How can you turn down this challenge? I wish they would have another one of those contests, were that guy got $100,000 for getting linux on the first x-box without a hardware change.

  7. Security isn't about perfection by cgenman · · Score: 5, Insightful

    Parent poster implies a very important point. No security model needs to be perfect. It just needs to be good enough that it isn't worth screwing up whatever the security model is there to protect.

    If it takes 50 solder points and a week of effort, 99.9% of your users won't modify their consoles and your software sales won't be negatively impacted. If it takes a complete code re-write then finding a hash collision to get a modified console online, nobody will do it. Heck, Nintendo found that adding 2 little plastic tabs to the SNES was sufficient to greatly reduce the scope of the import market.

    Security is about dissuading people from doing things, not preventing them.

    --
    The ______ Agenda
  8. Re:Nice try by ArbitraryConstant · · Score: 5, Insightful

    As long as these things play games online the possibility exists of a buffer overflow there as well.

    I know games programmers, and while many are competent, they rarely care/have time to audit their code for security bugs.

    --
    I rarely criticize things I don't care about.