Xboxhacker.net quotes the following 'unofficial response':
Due to a few..."parties" pressuring us if you will, we decided to halt the project to stop any legal troubles. We have said from the beginning that if any pressure was put upon us, the project wouldn't go any further.
Well, too bad. we managed to check nearly a billion key, and ranked a good 1.5 years of CPU time in only a few days. thanks to all who participated - and a special thanks to those special people who pumped out amazing packet rates for XboxHacker.net
A billion! So they only had a bazillion gajillion to go.
That's my understanding too: if you can make your edits to an already-signed executable, and then twiddle unused bits until the hash matches the original again then your modified executable will be accepted.
Franz Lehner did have a look at this a while back, with a view to getting some guidence from the hash algorithm as to which bits to change where. The problem was that by design, the hash algorithm loses information in the form of arithmetic carries. It quickly becomes hopeless trying to keep track of what bits are known and what bits are Xs because of carry losses; very quickly the whole thing becomes Xs.
Even so, it seems likely that even randomly twiddling bits looking for a hash collision is massively more likely to give results than the direct factoring method.
Troed, this is what I say, that ''the necessary work for any distro to work with the Xbox'' has been done.
My point was though that to date, Lindows has not been ported as far as I know. So the parent's idea that this is the Xbox Lindows project rather than Xbox Linux seems unfounded.
Besides, it seems unlikely Lindows would release a commericial distro that needs a modchip to run. Although us tinkerers lose sight of it, only a tiny fraction of end users are going to open their box and fit a mod.
Maybe if a way is found to run unsigned code without a modchip there might reasonably be a Lindows distro for the Xbox.
But I don't think that's why the money is being offered. I think MR has his ''Fuck You'' money and has made a nice choice about telling who to fuck themselves.
The key that Bunnie found was an RC4 key that was stored in ROM. He snooped it being read by the CPU. It was this key that allowed the current generation of hacked MS BIOSes found in modchips.
The key being discussed here is a 2048 bit RSA key used to encrypt a hash of executable contents. The executable file will not be run by the Xbox unless the decrypted hash matches that of the file being run. The effect of this is that only people who hold the correct encryption key can 'sign' executables so that the Xbox will run them. If you take a signed executable and change even one bit, the decrypted hash will not match and it will not run.
The public key for the RSA encryption has been recovered from the MS code and is available in the Documentation section of the Xbox Linux site. The bruteforce attack on this will involve trying to decompose this 2048-bit number into two prime factors which were originally multiplied together to form the public key.
If these numbers can be recovered then the owner of the numbers will be able to sign their own executables and the evil 'Microsoft Code Only' Xbox will have been definitively broken.
Troed has it right. The other keys that we have recovered, RC4 keys, have been good quality random gibberish. MS have clearly hired proper cryptographers.
Although 2048 doesn't sound much more than 576, these are of course powers of two we are talking about. I fear the people attacking it aren't quite imagining what these kind of numbers mean.
Still, their chance of cracking it is definitely nonzero, although vanishingly small in a timeframe of a year or ten years: I wish them the best of luck.
The linked article in the parent suggests that this is a sneaky way to deliver an Xbox version of Lindows.
The Xbox Linux team have done the necessary work for any distro to be made to work with the Xbox, and you can download the necessary kernel patches from sourceforge.
But the two main distros that have been made have been Debian, by Ed Hucek, and Mandrake 9, mainly by Michael Steil and Milosch Meriac (both of these distros are available from SF). So this kind of deflates the argument that this is somehow a wheeze to help Lindows.
Many people involved in the Xbox Linux project are not in the US, happily enough. The EUCD is late in.uk and.de.
In any event, things are only 'illegal' when they transgress specific laws. As the DMCA and EUCD are concerned with copyright protection, I really don't see where the problem is if the key is somehow revealed and used to sign a Linux bootloader app. Where is the MS code that is being copied?
Anyway I think the effort to find the key by throwing random numbers at it is practically impossible, however many clients you can muster. This is a 2048-bit number (256 bytes) that you need to factor correctly into two primes.
Its much more likely that the second part of the prize will be won by a buffer overflow or other weakness in one of the games. There are a lot of games, written by people of widely varying experience and skill level. Can MS be sure that not even one of them exposes a buffer overflow weakness?
Re:Reviewer Only Person Caring About this Book
on
Starcraft
·
· Score: 0, Flamebait
Well spotted, dork. Not sure why timothy thought this was news for nerds. Maybe he hasn't done the accept-the-Scientologist-Lady's-offer-of-a-persona lity test-so-you-can-stare-at-her-breasts thing.
I'll just quit, lose my health insurance, my paycheck that feeds my family, and risk a poor reference because my boss doesn't want me to quit. Oh, and in this great economy I'm sure I'll find a better job right away.
Evidently unlike yourself, I did exactly this a year ago, and I'm doing okay. I was working for a US company in the UK office, which had no power in the company. Stupid decisions involving myself were repeatedly taken by stupid people. After fourteen months I wasn't sleeping many nights and deeply unhappy, so I upped and quit.
What you're really saying is that due to your own fears, you must stay regardless of the situation or its longer-term consequences, because they hand out money. You have the benefit of rumination and foresight in order that you can take decisions based on what your head is telling you. This is the counsel of fear.
If your head is telling you that things are irretrieveably fucked up, and that you are stagnating at a post paying good money, then despite this 'local optimum', sometimes the right thing to do is to turn your back on it.
Many people in the higher ranks are directly exploiting the work of people below them in order to make money, I won't bore you with my stories, but suffice it to say that the people above you get that fat wad for keeping you beaten down and available to be pimped.
This is an active campaign to try to stop this kind of evil action by corporations who insist they are the injured party when charging ripoff pricing for their goods and using graft to stop anything at all ever falling out of copyright and into the public domain where all works finally belong.
Take a look at their site at least, consider joining the mailing list.
Definition of Developer
on
Halloween VII
·
· Score: 5, Insightful
ESR says in his preface:
Developer: A non-manager. In this survey, a disjoint category from "IT Pro'. Therefore, it probably means anybody with a technical clue.
In fact by 'Developer' Microsoft means: 'person who writes software'. Its really interesting (in a good way) that ESR makes no mental distinction between a user and someone who can contribute, whereas for MS they are totally different categories.
The RSA Crypto done on the Xbox XBE for example uses a 2048 bit key. It does not take an inordinate amount of time because they do a fast SHA-1 hash of the XBE contents, and then RSA-encrypt just the hash.
This is unbroken because anyone who knows enough to have a go at it can do the 2^2048 math and realize they are doomed, even with a planetful of Space Year 2100 supercomputers.
The fact is that strong crypto is going to lock out anyone other than the keyholder from being able to contribute to whatever platform is being locked up. The ONLY way through it will be implementation problems.
This isn't true, unfortunately. When the implementations of strong hash checking are done properly (everything in one chip, ROM a la Xbox), they WILL succeed in locking everyone else out without very expensive hacks.
Personally I think new law is needed to render this illegal, unless it is under the control of the user.
If you think that sounds extreme, consider that the persistent state for all copyrighted works is that they are in the public domain. It is a temporary aberration of a few years that the works are allowed to be held privately. After that they are meant to be available for everyone. As it is these encrypted fortresses inside consumer products will never yield up their secrets.
Not at all, Phil Dick was in fact quite sure that he was being targetted by the shadowy Government forces. He strongly believed that it was some arm of the government, (which may or may not have been influenced by Proxmen or the terrifyingly named James-James opposed to Valis, the orbiting satellite which fired a pink beam of light into his head and revealed to him that he was actually living in the first century AD and speaking Koine Greek to the poor lady who came to the door) who were responsible for blowing up his safe one day in the seventies and trying to steal his manuscripts, due to the fact he was getting close to The Truth.
I have a complex, personal set of reasons to do this stuff.
Your question is broken though, because here in the UK where I live, comparable PCs simply do not exist at the equivalent price. Even an entry level PC is $100 more.
I am very concerned about the recent advances in law of the rights of copyright holders, and the related issue of software patents. There is a general, historical shift that is happening too slowly for us to notice of rights being leeched away from consumers. For example, the top question on this news item is about the EULA for the device. This is a crazy concept for almost all other things that people buy. When you buy something, you should own that implementation of it. You should be allowed to do with it as you wish; duplication and redistribution perhaps excepted.
Certainly, you should be able to run your own apps or OS on the platform. If MS concentrated on how much functionality they could offer the consumer rather than how effectively they could restrict it, not only would their platform flourish but they would have enhanced what is available to people in the same way that GPL code enhances what is available for other GPL apps to use, a kind of positive feedback loop where everyone benefits.
Instead they are interested only in treating xbox users as passive consumers who are allowed only to issue money into the xbox coinslot, and are specifically prohibited from contributing anything. The worst thing is that you average Joe is quite capable to relax into this mindset and fork out money so he can continue to twitch at the flickering lights.
I would turn the question around. If you find any of these issues equally repulsive, what are you doing about it?
The 1.1 version of the Xbox is certainly designed to be Palladium Lite. The concept is that no code is executed unless it matches a one way hash signature. The only exception is the boot ROM (512 bytes) which lives in the nVidia-designed MCPX chip; this is used to validate the next code to execute, which validates the next code to execute and so on.
Unfortunately for MS (and perhaps nVidia), they chose a hashing algorithm which already had a known flaw. The hash, which works on QWORDS (64-bit quantities) is completely insensitive to b31 and b63 of a QWORD both being inverted.
Doubly unfortunately for MS, the VERY FIRST DWORD of the hashed region is the entry point, and contains a long relative jump. The effect of flipping b31 and b63 on this QWORD is to retarget the jump to RAM.
Triply unfortunately for MS, they have a small interpreter built into their ROM code, whose instruction set is capabel to to IO amd memory r/w before the bootrom is validated and executed. It was trivial to add some memory writes to the interpreted code stream to prep the memory targetted by the modified jump with a jump back into the flash.
The end result is perversion of the hashed region in a way invisible to the hashing algorithm, and execution flow jumping to arbitrary code in the flash.
I urge anyone interested in both the technical detail and the larger issues raised by this to read the threads on http://www.xboxhacker.net as this is a much larger issue than simply another Xbox crack.
Its not clear actually that MS have put up ANY resistance to the modding of Xboxes, other than changing the hardware recently to be incompatible with existing mods.
Certainly no one on the Xbox Linux team has heard a peep out of them, and of the three instances of MS apparently weighing in (a modchip company decided not to make their chip, Xbox Mame, and recently Lik-Sang going almost imperceptibly quiet), only the Xbox Mame one is certain to have come from MS. That apparently took the form of some communication objecting to binaries produced by a pirated XDK, which were then taken down. The other two instances may well have nothing to do with MS on closer inspection.
I think they are very concerned about negative PR snowballing, alienating the consumer and tainting the MS 'brand' as being arrogant, monopolist and exploitative. Truth will out!
''...And according to a lawyer for the record industry, the programmers in Estonia who once possessed a copy of the program's source code told a judge there last week that they no longer had it, but they would not say where it was.''
Your honour, we looked down the back of the sofa. We think maybe the dog ate it.
Slashdot Mirror
Due to a few..."parties" pressuring us if you will, we decided to halt the project to stop any legal troubles. We have said from the beginning that if any pressure was put upon us, the project wouldn't go any further. Well, too bad. we managed to check nearly a billion key, and ranked a good 1.5 years of CPU time in only a few days. thanks to all who participated - and a special thanks to those special people who pumped out amazing packet rates for XboxHacker.net
A billion! So they only had a bazillion gajillion to go.
Dude, how can a prime number bigger than 2 be EVEN? If you can divide it by two then its not prime.
Not so fast. What law do you imagine these guys are actually transgressing?
Its a very slightly modified SHA-1.
You can find an interesting and clear writeup of the exact algorithm in a document by Franz Lehner, on the Xbox Linux site here.
We proved that the validation algorithm is fully known, by reverse engineering it and testing it on known good files.
The C app incorporating the test can be had from CVS at:
http://sourceforge.net/cvs/?group_id=54192
The module name is xbedump. This was work from Franz Lehner and Asterisk, based on the dump app by Michael Steil.
That's my understanding too: if you can make your edits to an already-signed executable, and then twiddle unused bits until the hash matches the original again then your modified executable will be accepted.
Franz Lehner did have a look at this a while back, with a view to getting some guidence from the hash algorithm as to which bits to change where. The problem was that by design, the hash algorithm loses information in the form of arithmetic carries. It quickly becomes hopeless trying to keep track of what bits are known and what bits are Xs because of carry losses; very quickly the whole thing becomes Xs.
Even so, it seems likely that even randomly twiddling bits looking for a hash collision is massively more likely to give results than the direct factoring method.
Troed, this is what I say, that ''the necessary work for any distro to work with the Xbox'' has been done.
My point was though that to date, Lindows has not been ported as far as I know. So the parent's idea that this is the Xbox Lindows project rather than Xbox Linux seems unfounded.
Besides, it seems unlikely Lindows would release a commericial distro that needs a modchip to run. Although us tinkerers lose sight of it, only a tiny fraction of end users are going to open their box and fit a mod.
Maybe if a way is found to run unsigned code without a modchip there might reasonably be a Lindows distro for the Xbox.
But I don't think that's why the money is being offered. I think MR has his ''Fuck You'' money and has made a nice choice about telling who to fuck themselves.
The key that Bunnie found was an RC4 key that was stored in ROM. He snooped it being read by the CPU. It was this key that allowed the current generation of hacked MS BIOSes found in modchips.
The key being discussed here is a 2048 bit RSA key used to encrypt a hash of executable contents. The executable file will not be run by the Xbox unless the decrypted hash matches that of the file being run. The effect of this is that only people who hold the correct encryption key can 'sign' executables so that the Xbox will run them. If you take a signed executable and change even one bit, the decrypted hash will not match and it will not run.
The public key for the RSA encryption has been recovered from the MS code and is available in the Documentation section of the Xbox Linux site. The bruteforce attack on this will involve trying to decompose this 2048-bit number into two prime factors which were originally multiplied together to form the public key.
If these numbers can be recovered then the owner of the numbers will be able to sign their own executables and the evil 'Microsoft Code Only' Xbox will have been definitively broken.
Troed has it right. The other keys that we have recovered, RC4 keys, have been good quality random gibberish. MS have clearly hired proper cryptographers.
Although 2048 doesn't sound much more than 576, these are of course powers of two we are talking about. I fear the people attacking it aren't quite imagining what these kind of numbers mean.
Still, their chance of cracking it is definitely nonzero, although vanishingly small in a timeframe of a year or ten years: I wish them the best of luck.
The linked article in the parent suggests that this is a sneaky way to deliver an Xbox version of Lindows.
The Xbox Linux team have done the necessary work for any distro to be made to work with the Xbox, and you can download the necessary kernel patches from sourceforge.
But the two main distros that have been made have been Debian, by Ed Hucek, and Mandrake 9, mainly by Michael Steil and Milosch Meriac (both of these distros are available from SF). So this kind of deflates the argument that this is somehow a wheeze to help Lindows.
Many people involved in the Xbox Linux project are not in the US, happily enough. The EUCD is late in .uk and .de.
In any event, things are only 'illegal' when they transgress specific laws. As the DMCA and EUCD are concerned with copyright protection, I really don't see where the problem is if the key is somehow revealed and used to sign a Linux bootloader app. Where is the MS code that is being copied?
Anyway I think the effort to find the key by throwing random numbers at it is practically impossible, however many clients you can muster. This is a 2048-bit number (256 bytes) that you need to factor correctly into two primes.
Its much more likely that the second part of the prize will be won by a buffer overflow or other weakness in one of the games. There are a lot of games, written by people of widely varying experience and skill level. Can MS be sure that not even one of them exposes a buffer overflow weakness?
Well spotted, dork. Not sure why timothy thought this was news for nerds. Maybe he hasn't done the accept-the-Scientologist-Lady's-offer-of-a-persona lity test-so-you-can-stare-at-her-breasts thing.
... an anagram of:
Denise M Clark
Seminal Dreck
Evidently unlike yourself, I did exactly this a year ago, and I'm doing okay. I was working for a US company in the UK office, which had no power in the company. Stupid decisions involving myself were repeatedly taken by stupid people. After fourteen months I wasn't sleeping many nights and deeply unhappy, so I upped and quit.
What you're really saying is that due to your own fears, you must stay regardless of the situation or its longer-term consequences, because they hand out money. You have the benefit of rumination and foresight in order that you can take decisions based on what your head is telling you. This is the counsel of fear.
If your head is telling you that things are irretrieveably fucked up, and that you are stagnating at a post paying good money, then despite this 'local optimum', sometimes the right thing to do is to turn your back on it.
Many people in the higher ranks are directly exploiting the work of people below them in order to make money, I won't bore you with my stories, but suffice it to say that the people above you get that fat wad for keeping you beaten down and available to be pimped.
All repeats and no Firefly.
http://ukcdr.org/
This is an active campaign to try to stop this kind of evil action by corporations who insist they are the injured party when charging ripoff pricing for their goods and using graft to stop anything at all ever falling out of copyright and into the public domain where all works finally belong.
Take a look at their site at least, consider joining the mailing list.
Developer: A non-manager. In this survey, a disjoint category from "IT Pro'. Therefore, it probably means anybody with a technical clue.
In fact by 'Developer' Microsoft means: 'person who writes software'. Its really interesting (in a good way) that ESR makes no mental distinction between a user and someone who can contribute, whereas for MS they are totally different categories.
The RSA Crypto done on the Xbox XBE for example uses a 2048 bit key. It does not take an inordinate amount of time because they do a fast SHA-1 hash of the XBE contents, and then RSA-encrypt just the hash.
This is unbroken because anyone who knows enough to have a go at it can do the 2^2048 math and realize they are doomed, even with a planetful of Space Year 2100 supercomputers.
The fact is that strong crypto is going to lock out anyone other than the keyholder from being able to contribute to whatever platform is being locked up. The ONLY way through it will be implementation problems.
This isn't true, unfortunately. When the implementations of strong hash checking are done properly (everything in one chip, ROM a la Xbox), they WILL succeed in locking everyone else out without very expensive hacks.
Personally I think new law is needed to render this illegal, unless it is under the control of the user.
If you think that sounds extreme, consider that the persistent state for all copyrighted works is that they are in the public domain. It is a temporary aberration of a few years that the works are allowed to be held privately. After that they are meant to be available for everyone. As it is these encrypted fortresses inside consumer products will never yield up their secrets.
Xilinx stuff will already work under wine.
See http://www.polybus.com/xilinx_on_linux.html
Not at all, Phil Dick was in fact quite sure that he was being targetted by the shadowy Government forces. He strongly believed that it was some arm of the government, (which may or may not have been influenced by Proxmen or the terrifyingly named James-James opposed to Valis, the orbiting satellite which fired a pink beam of light into his head and revealed to him that he was actually living in the first century AD and speaking Koine Greek to the poor lady who came to the door) who were responsible for blowing up his safe one day in the seventies and trying to steal his manuscripts, due to the fact he was getting close to The Truth.
Despite this, he wrote some GREAT books.
These guys are GOOD!
I have a complex, personal set of reasons to do this stuff.
Your question is broken though, because here in the UK where I live, comparable PCs simply do not exist at the equivalent price. Even an entry level PC is $100 more.
I am very concerned about the recent advances in law of the rights of copyright holders, and the related issue of software patents. There is a general, historical shift that is happening too slowly for us to notice of rights being leeched away from consumers. For example, the top question on this news item is about the EULA for the device. This is a crazy concept for almost all other things that people buy. When you buy something, you should own that implementation of it. You should be allowed to do with it as you wish; duplication and redistribution perhaps excepted.
Certainly, you should be able to run your own apps or OS on the platform. If MS concentrated on how much functionality they could offer the consumer rather than how effectively they could restrict it, not only would their platform flourish but they would have enhanced what is available to people in the same way that GPL code enhances what is available for other GPL apps to use, a kind of positive feedback loop where everyone benefits.
Instead they are interested only in treating xbox users as passive consumers who are allowed only to issue money into the xbox coinslot, and are specifically prohibited from contributing anything. The worst thing is that you average Joe is quite capable to relax into this mindset and fork out money so he can continue to twitch at the flickering lights.
I would turn the question around. If you find any of these issues equally repulsive, what are you doing about it?
Disclaimer: I am numbnut.
The 1.1 version of the Xbox is certainly designed to be Palladium Lite. The concept is that no code is executed unless it matches a one way hash signature. The only exception is the boot ROM (512 bytes) which lives in the nVidia-designed MCPX chip; this is used to validate the next code to execute, which validates the next code to execute and so on.
Unfortunately for MS (and perhaps nVidia), they chose a hashing algorithm which already had a known flaw. The hash, which works on QWORDS (64-bit quantities) is completely insensitive to b31 and b63 of a QWORD both being inverted.
Doubly unfortunately for MS, the VERY FIRST DWORD of the hashed region is the entry point, and contains a long relative jump. The effect of flipping b31 and b63 on this QWORD is to retarget the jump to RAM.
Triply unfortunately for MS, they have a small interpreter built into their ROM code, whose instruction set is capabel to to IO amd memory r/w before the bootrom is validated and executed. It was trivial to add some memory writes to the interpreted code stream to prep the memory targetted by the modified jump with a jump back into the flash.
The end result is perversion of the hashed region in a way invisible to the hashing algorithm, and execution flow jumping to arbitrary code in the flash.
I urge anyone interested in both the technical detail and the larger issues raised by this to read the threads on http://www.xboxhacker.net as this is a much larger issue than simply another Xbox crack.
Its not clear actually that MS have put up ANY resistance to the modding of Xboxes, other than changing the hardware recently to be incompatible with existing mods.
Certainly no one on the Xbox Linux team has heard a peep out of them, and of the three instances of MS apparently weighing in (a modchip company decided not to make their chip, Xbox Mame, and recently Lik-Sang going almost imperceptibly quiet), only the Xbox Mame one is certain to have come from MS. That apparently took the form of some communication objecting to binaries produced by a pirated XDK, which were then taken down. The other two instances may well have nothing to do with MS on closer inspection.
I think they are very concerned about negative PR snowballing, alienating the consumer and tainting the MS 'brand' as being arrogant, monopolist and exploitative. Truth will out!
''...And according to a lawyer for the record industry, the programmers in Estonia who once possessed a copy of the program's source code told a judge there last week that they no longer had it, but they would not say where it was.''
Your honour, we looked down the back of the sofa. We think maybe the dog ate it.