Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Leak Xbox One SDK Claiming Advancement In Openness and Homebrew

Posted by samzenpus on from the open-it-up dept.

MojoKid writes Microsoft, it seems, just can't catch a break. Days after a major hack took its servers offline on Christmas day, and after being lambasted in multiple stories for shipping games like Halo: The Master Chief Collection in nigh-unplayable condition, the company's Xbox One SDK has been leaked to the public by a group calling itself H4LT. H4LT, which apparently objects to being called a hacker group, offered this explanation when asked why it was distributing the SDK. The group claims that "the SDK will basically allow the community to reverse and open doors towards homebrew applications being present on the Xbox One." To be clear, what H4LT has done is a far cry from groups like Lizard Squad. The SDK for any given product is typically available behind some degree of registration, but they don't necessarily cost anything. The SDK is one small component of creating the ecosystem that would be necessary to get homebrew up and running on the platform. Whether or not users will ever pull it off is another question.

50 of 86 comments (clear)

  1. No. by Anonymous Coward · · Score: 3, Insightful

    Zero shits given. By anyone.

  2. Not a hack by Anonymous Coward · · Score: 1

    A ddos is not a hack.

    1. Re:Not a hack by Frnknstn · · Score: 1

      True, except that in practice to DDOS any target of a reasonable size, you need to hack several thousand PCs to create a botnet. The alternative is you pay someone who has a botnet to DDOS for you.

      In any case, a DDOS requires a hack, even if you were not the one to do it.

      --
      If it's in you sig, it's in your post.
    2. Re:Not a hack by Fwipp · · Score: 1

      Or just enough cash to spin them up "in the cloud."

  3. I stopped reading ... by Anonymous Coward · · Score: 2, Insightful

    I stopped reading after it labelled the Christmas DDoS as a "major hack". As for the "leaking": I assume you can already get most stuff just by registering as an indipendent developer (I think it's even free http://www.xbox.com/developers/id) and all stuff by registering as a professional developer.

    1. Re:I stopped reading ... by neoritter · · Score: 1

      Or that GTA Online still has...

  4. Translation by Futurepower(R) · · Score: 4, Insightful

    "Microsoft, it seems, just can't catch a break."

    Translation: Microsoft is poorly managed.

    1. Re:Translation by Opportunist · · Score: 4, Funny

      Every time I read Sith I have to wonder whether it's intentional or due to dyslexia...

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  5. Does it really matter by alvinrod · · Score: 3, Insightful

    Does it really matter if the SDK is available so long as there's no way to run that code? I'm not really up on the latest consoles and how close they are to finding exploits to allow code execution, but it would seem rather premature to claim that this is some great victory. If nothing else it's better that people are spending their time on things like this rather than Launching DDOS attacks against the companies online services.

    1. Re:Does it really matter by marcansoft · · Score: 2

      SDKs are useful to investigate and develop homebrew exploits (they provide information on the system architecture), but they are not useful for actually developing homebrew unless you want to end up with a situation like the Xbox 1 (the original) where all homebrew (except for Linux) was basically illegal because compiling it meant using the SDK and the resulting binaries were not legally redistributable. As a counterexample, the Wii has a fully open source homebrew SDK (though some bits have a questionable history and are arguably non-cleanroom reverse-engineered SDK code from games, but that's a much finer point than outright using the official SDK).

      Given what I've heard of the Xbox One security architecture, it's going to be a tough nut to crack, SDK or not.

    2. Re:Does it really matter by IamTheRealMike · · Score: 1

      Yes there were several exploits, but they were all patched with good success up until the very last round, I think. A lot of them were based on glitching attacks and similar. Quite advanced stuff.

    3. Re:Does it really matter by tepples · · Score: 1

      the original xbox with its highly illegal homebrew was still the largest homebrew scene so far for any M$ console.

      If you think about it, Microsoft has produced a console with a far larger homebrew than any Xbox product. It's called "a PC running Windows."

    4. Re:Does it really matter by tlhIngan · · Score: 1

      The Xbox 360 security system was very impressive and only encountered truly serious problems right at the very end of the consoles much extended lifespan. I've got an interest in computer security so I'm eagerly awaiting talks on how the Xbox One is done, but given the general success of the 360 architecture I suspect the One is very similar, with some tweaks and additional defence in depth.

      I haven't heard of any major security breaks in the Xbox360 - the old ones that were present are still there (reflashing the optical drive to play pirated games). If there's a major break that opened it up, I haven't heard of it.

      The PS3 was completely pwned in 2011 or so whenthey discovered the security keys, but you still can't get online with a hacked Xbox360 because it won't run homebrew still and the dashboard still can detect hacks.

      As for the Xbox One, the Xbox360 and Xbone implement a traditional security system - both run games in user mode (the original Xbox ran code in kernel mode so one game hack opened the entire machine) and in the caose of the Xbox One, runs a hypervisor with two guest OSes - the game OS and the application OS.

      About the only interesting thing would be the fact the Xbox One can also be a dev console.

      And the XDK released appears to be for the ID@Xbox program - the one indie developers use which is probably close to the full thing, and probably fuller than what the eventual Xbox Live Indie Arcade devkit would have.

    5. Re:Does it really matter by Xest · · Score: 1

      Well given that Microsoft originally claimed that every Xbox One was to be a dev kit to allow widespread indie development once they get around to releasing the more broad based anyone can build dev kit then I think the question is do they care?

      The console was always intended to at least some degree to be developed on by everyone and anyone, so I'd wager it was always similarly designed to be hardened for exactly that purpose regardless.

    6. Re:Does it really matter by exomondo · · Score: 1

      Given what I've heard of the Xbox One security architecture, it's going to be a tough nut to crack, SDK or not.

      And what's the point when you can just buy a cheap PC where you dont have to be concerned about cracking security or distribution legalities of linking against an unlicensed SDK or that a new update might close whatever security exploit you were using. Not to mention the available audience is much larger with the PC.

      I can see how deterministic performance and targeting exact hardware is advantageous for game developers so just register as a developer for the platform if that's what you want to do.

  6. Ramifications by stephanruby · · Score: 4, Interesting

    So someone gave a disposable email address, downloaded an Xbox SDK, and then reposted the SDK somewhere else?

    Is this what we're talking about here? Or is there actually more to the story?

    1. Re:Ramifications by Anonymous Coward · · Score: 4, Informative

      No, that's not what we're talking about here. It was either leaked by a Microsoft insider / licensed developer or it was obtained by hacking into some system that had the files on it.

      You can't get the major native-code console SDKs simply by registering. The way it's typically set up is that you have to formally apply to become a licensed developer, which generally involves having a corporate entity (Nintendo used to also require that the entity have its own dedicated commercial-grade office space, i.e. no "garage startups") with some demonstrable track record of publishing commercial-quality games and substantiation of sufficient funding to actually complete development on commercial-quality games. Then you have to drop a decent chunk of money on a short list of approved test/debug hardware in order to actually develop games. There are several levels of security and contracts/NDAs involved that require manual review and execution.

    2. Re:Ramifications by Celarent+Darii · · Score: 1

      AKA Publicity Stunt. They are riding the coat-tails of the Sony hack and want everyone to talk about X Box.

  7. "Leaker" is a shill by linebackn · · Score: 2

    Why bother trying to create an open home brew environment around a closed platform?

    I suspect the so-called leaker is really working for Microsoft.

    BTW, "leaking" is something you do in to a toilet. :P

    1. Re:"Leaker" is a shill by hydrofix · · Score: 2

      Why bother trying to create an open home brew environment around a closed platform?

      Cost and availability of hardware? While the original platform/OS might be closed, it might be possible to root it and get raw access to the underlying hardware. With original Xbox this was super easy, since it was essentially a cheap Intel PC in a console box. There was a very lively hobbyist culture around the original Xbox with many people installing Linux on it to convert it to an affordable HTPC.

    2. Re:"Leaker" is a shill by tepples · · Score: 1

      The XBox is better described as a 'half closed' system. For $100 a year you can be an Indie developer, and get the Indie Dev kit which allows development on the retail hardware platform.

      Last time I checked, App Hub (formerly XNA Creators Club) charged $100 per year per machine. So if you want to test multiplayer with 4 players, that's $400 per year. At least Apple allows provisioning a few dozen devices per Developer Program account. And it was only available in a few countries, largely due to some countries' bans on unrated video games. And all games in the indie program have to be rewritten in C#. And it was for Xbox 360. And Microsoft reportedly hasn't been keeping XNA updated. Or has Microsoft released something new for Xbox One?

    3. Re:"Leaker" is a shill by JackieBrown · · Score: 1

      I suspect the so-called leaker is really working for Microsoft.

      Interesting. For what purpose?

    4. Re:"Leaker" is a shill by exomondo · · Score: 1

      Cost and availability of hardware?

      No you can easily put together a decent system for the $400 a console would cost you.

    5. Re:"Leaker" is a shill by tepples · · Score: 1

      Well what are they supposed to do? Make it available and break the local laws?

      Make available a program that allows for obtaining the compulsory classification but is otherwise identical to the indie program of other countries. Otherwise, how shall developers in those countries earn the experience to be accepted into the "big boys" program? Visa lottery?

  8. The SDK for any given product is typically? by wisnoskij · · Score: 1

    OK, so what is the security around the Xbox One's SDK? It this article seriously about how a "hacker group" downloaded the publicly available SDK, and then, in breach of the licencing agreement, hosted their own copy of it?

    --
    Troll is not a replacement for I disagree.
    1. Re:The SDK for any given product is typically? by Anonymous Coward · · Score: 1

      Security: Only registered video game development companies are given the download link. That's about it. It's not "publicly available", but nor is it seriously locked-down. Any one of thousands of employees at various game dev studios could have leaked this, intentionally or otherwise.

  9. Nigh unplayable? by Anonymous Coward · · Score: 2, Informative

    My son downloaded the Master Chief Collection the day it came out. He has gotten many hours of play out of it. Hasn't had one problem with it. A week ago I asked him about it specifically because of all the online ranting about problems. He knew about the rants, but dismissed them - apparently it was just one part of online matchmaking or something. He had no problems and could not understand what the fuss was. Nigh unplayable? Obviously written by someone who never even tried...

    1. Re:Nigh unplayable? by Suddenly_Dead · · Score: 1

      The "unplayable" comment is a comment on the matchmaking system, yes. If your son solely played the Master Chief Collection offline or in custom matches with friends, he would have had no issues at all. However, if he had tried to play matchmade games (the only way to play with strangers, or to play "ranked" games) he wouldn't have had much luck at all on release day, or several days after that. I saw it take more than an hour to find a single match on release day; a week or so later it was still taking upwards of 30 minutes to find matches.

      This is in the most and least popular unranked matchmaking modes, where previous Halo titles typically took 5 minutes or less to find a match. Online response -- including that from Microsoft itself -- seems to indicate this was the norm, or at least extremely common; if your son actually was successful in these modes, he was lucky, that doesn't invalidate the experiences everyone else had.

  10. Missing the point by bsdasym · · Score: 1

    The SDK is not "publicly available" and not "just anyone" can download it. I fully support this move just because MS is so obnoxious about SDK access that someone really needed to poke them in the eye. To be clear to get sanctioned access to the SDK you at a minimum must submit an application (resume, not program) to MS that "proves" you are an "experienced game developer" on one or more platforms. You must also sign an NDA.

    This is a far cry from developing for other systems like Android, where anyone at all can go download Android Studio and get a full toolchain including virtual devices to test on, without even having to register.

    I have a 360 and a One, and I've long wanted to just "fool around" with developing apps for them, to see how difficult it is. This will potentially make that a possibility on the One at least.

    1. Re:Missing the point by Richard_at_work · · Score: 1

      You could have been "fooling around" on the Xbox 360 from March 2006 when MS released the XNA toolkit to all and sundry, so what was stopping you?

    2. Re:Missing the point by BitZtream · · Score: 1

      I have a 360 and a One, and I've long wanted to just "fool around" with developing apps for them, to see how difficult it is. This will potentially make that a possibility on the One at least.

      Its no more difficult than learning to develop in a compiled language for any other system.

      --
      Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
  11. We're still calling DDOS a hack? by Elite+Override · · Score: 1

    "Days after a major hack took its servers offline on Christmas day"
    Why is it such a difficult concept to grasp? Or is it simply exaggeration to get attention?

    1. Re:We're still calling DDOS a hack? by Megol · · Score: 1

      No WE don't. Idiots that don't know what they are talking about do.

  12. Wasn't MS supposed to do this anyway? by HalAtWork · · Score: 1

    Microsoft said they wanted every Xbox One to be a development platform, I'm sure they were going to do this themselves soon anyway.

    --
    Twinstiq, game news
  13. Original tweet by eulernet · · Score: 2

    The original tweet is not even mentioned, here it is:
    https://twitter.com/notHALT/st...

  14. How about XBMC? by Holammer · · Score: 1

    I know a lot of people that would buy an Xbone right away if they could install that.

  15. XBMC is dead. by bornagainpenguin · · Score: 1

    I know a lot of people that would buy an Xbone right away if they could install that.

    XBMC is dead, there is now only Kodi.

    --
    Have a Virgin Mobile USA smartphone? Give VMRoms.com a try!
  16. One could hope by ssufficool · · Score: 1

    If the SDK includes information on DRM and the XBox Live protocols, one might be able to devise a compatibility layer on top of a standard x86 compute platform to run (not emulate) XBox One games. But, given the hardware specs, I'm not sure if this would be more economical than just buying an XBox One. You would also presumably require a ripped XBox One BIOS.

    8 core AMD Opteron (XBox is custom AMD 8core) = ~$50
    ACS Mobo = ~$30
    8 GB DDR3 = ~80
    8GB Flash Rom = $0 (Emulate via HDD?)
    Blu Ray Drive = ~$60
    500GB HDD = ~$45
    AMD HD 7850 GPU = ~100
    --TOTAL: $365 (Not including Controller, PSU or HTPC Case)
    --Xbox One with game and controller: $350

    But if you already have the hardware, then cross your finders and wait.

    1. Re:One could hope by exomondo · · Score: 1

      It is still not going to work properly and most likely be very inefficient. They aren't using off-the-shelf hardware, it is custom hardware and the software is written to take advantage of this custom functionality that the off-the-shelf hardware does not provide and would then need an additional software emulation layer.

      Not to mention your whole system architecture is different. While the xbox contains its CPU and GPU on the same chip (the APU) and huge chunk of on-die RAM where the setup you listed has a standard desktop CPU connected to the GPU by the system bus. When you have a deterministic hardware setup that you are designing software for you make explicit use of the knowledge that you have X amount and X speed of CPU cache, RAM, GPU RAM and X ms of latency in communication between your processors, etc so just cobbling together off the shelf components into a PC is going to give you something very different.

  17. Re:Stop Buying Colsoles by Fwipp · · Score: 1

    Once the hard-core nerds have left the market it will die

    Is this something you actually believe, or just something you tell yourself as a nerd to make yourself feel better?

  18. What's "experienced"? by tepples · · Score: 1

    To be clear to get sanctioned access to the SDK you at a minimum must submit an application (resume, not program) to MS that "proves" you are an "experienced game developer" on one or more platforms. You must also sign an NDA.

    Can anyone speak to what Microsoft's criteria for "experienced game developer" are, such as how many published PC games it takes for a company to become "experienced"? Or is that part of the NDA too?

  19. Demonstrable track record by tepples · · Score: 1

    The way it's typically set up is that you have to formally apply to become a licensed developer, which generally involves having a corporate entity [and in some cases a commercial office] with some demonstrable track record of publishing commercial-quality games and substantiation of sufficient funding to actually complete development on commercial-quality games.

    How does Microsoft expect a company to demonstrate such a "track record" before becoming accepted to the Xbox developer program for the first time? PC games, Windows Phone games, or something else? Or is Microsoft mostly looking to poach companies from the other two consoles?

    1. Re:Demonstrable track record by exomondo · · Score: 1

      How does Microsoft expect a company to demonstrate such a "track record" before becoming accepted to the Xbox developer program for the first time? PC games, Windows Phone games, or something else? Or is Microsoft mostly looking to poach companies from the other two consoles?

      PC games, mobile games, XBLA/ID@Xbox program titles, etc ... or teams made up of people who have previously delivered titles. But no, you cant get in if you are a complete newbie with no experience.

    2. Re:Demonstrable track record by tepples · · Score: 1

      How many such games from a company are typically needed? And must they be pay games?

    3. Re:Demonstrable track record by exomondo · · Score: 1

      It should be pretty obvious that the number of games would be a silly metric. The FAQ states:

      Q: I want to be a certified Xbox publisher. How do I do that?

      A: Companies interested in becoming a publisher for the Xbox gaming platform should write an email to newpub@microsoft.com. Interested companies will be required to show a strong commitment to retail products and a solid plan for multiple Xbox titles. Applicants will be asked to share that plan along with information about their company’s history and experience.

      So contact them at the provided email address, post back when you get a response.

  20. Why homebrew anymore? by tepples · · Score: 1

    But nowadays I don't see the point of homebrew on a set-top console. The price of PCs has fallen so much that one can buy a set-top PC that will run a media player and indie PC games for no more than the cost of a current console.

  21. Microsoft SHOULD release it free by Billly+Gates · · Score: 1

    Microsoft could monetize it hell of a lot more by taking a cut from the app store with the extra Indie apps.

    The extra apps would give it a leg up over the more proprietary PS4 which would again return the cash back to Microsoft. Monetizing off a few developers is dumb and costs more than it gains.

    If I were at Microsoft I would make universal apps for Windows 10 and the xbox SDK apps cross compatible in the app store. Imagine the marketshare and the gamers who are clinging onto Windows 7 for life now migrate over. Android makes it free for app developers and that is what set it off.

    --
    http://saveie6.com/
  22. Re:Stop Buying Colsoles by Billly+Gates · · Score: 1

    I read just last night about someone getting a $599 Alienware steam box and put it agaisn't the xbox ONE. Not even a real comparison.

    Instead of buying a $400 card for Battlefield 4 or Crysis you can get the same experience for a whole console for cheaper! You can debate with me about specs and of course a $1200 machine can squash it easily but games like Shadow of Mordor require 6 gigs of video ram (not system ram) to even run at 4k?? The 399 xbox one starts it right up.

    Until this changes which it is heading in this direction the consoles offer the best value if you have a limit of $400.

    --
    http://saveie6.com/
  23. Re:Stop Buying Colsoles by Shinobi · · Score: 1

    Except that the Xbox One runs Shadows of Mordor at 720p and 30FPS. An el-cheapo PC built now can run Shadows of Mordor in 1080p and above 60 FPS stable, and with better details etc.

  24. Establishing a track record on PC first by tepples · · Score: 1

    Otherwise, how shall developers in those countries earn the experience to be accepted into the "big boys" program?

    Through another platform (like the PC).

    In 2015, would a PC game intended for play on keyboard or 1-4 USB gamepads sell? Or does the market require PC multiplayer to be online? (PROTIP: PCs have VGA and HDMI out, and TVs have VGA and HDMI in.)

    Though the developer would likely be breaking the local laws unless they obtained classification for their game.

    Lately, some countries have recognized that requiring a separate classification for each of tens of thousands of games in each of dozens of developed countries doesn't scale, especially when the alternative is their citizens having no access to the games and their small businesses having no access to the market. So the Australian Classification Board has delegated rating of downloadable games to the IARC self-rating system that operates without charge. And in New Zealand, any game unlikely to be rated MA15 or higher (which I take as equivalent to ESRB M or high T) can be supplied without a rating label. But Microsoft stopped updating the Xbox 360 environment even before the Xbox One came out.

    Use Unity.

    The Unity version of Assassin's Creed was a debacle. So was the Unity version of Ubuntu Desktop. I understand those were unrelated products, but why does software naming have to be so confusing?