New "Secure" Xbox Cracked In Under A Week

ilsie writes "Numbnut says it all in his post at xboxhacker.net. To quote his post, 'On behalf of the Xbox Linux Team, I am proud to announce that at 10:45BST the 'v1.1' secure version of the Xbox was proven to be running arbitrary BIOS code in a normal 256KByte modchip - with no additional hardware required. In short, in under a week we were able to normalize the new box to enable it to interoperate with Linux properly.'"

Re:EULA changes?

[afidel]

Sorry but reverse engineering is pretty well established, if it wasn't then modern pc's wouldn't exist as Compaq would not have been able to reverse engineer the IBM bios and AMD would not have been able to reverse engineer the Intel CPU. Now they could try to come after them with the DMCA, but AFAIK these mod chips do not allow access to any protected content, but rather allow you to run arbitrary software on the hardware

Re:EULA changes?

[Shelled]

It never occurred to me until reading the last sentence of your post, doesn't this in essence give Microsoft (and others) the power to create law? By standing behind EULAs it could be argued that governments give corporations a blank cheque to create legislation. "Put it in your EULA and we'll enforce it." (My EULA: IANAL)

What about waiting for Palladium ?

[Anonymous Coward]

What about waiting for the first Palladium machines, and hacking those ?

Hacking the X-Box is great, I'm sure. But how much greater to wait for the companies most keen to restrict all our rights to invest a whole lot of money in Palladium - just to see it cracked and made completely useless ? It might even make them completely give up on the whole idea for a long, long time to come.

This new xbox not really done for 'security'

[falzbro]

It seems that everyone is considering this new xbox revision to be a security upgrade, which it really doesnt seem to be. A few things on the PCB have changed, such as the USB header now being integrated on the main mobo, and few other things.

It seems to me (and others) that MS did a slight revision to cut costs. While they were at it, they did a few (very minor) changes to the BIOS to deter hackers. It's kind of gotten out of hand how people are calling this the 'new version that MS created just to not be hackable'.

--falz

It just goes to prove...

[fishlet]

It doesn't matter if you hire the smartest people you can find... theres always someone out there smarter. Microsoft may have put it's best people behind it's security initiative, but there are always going to be people out there that are more intelligent- not to mention more motivated. Or to make this a bit simpler... I think there are more people who want to hack the Xbox then there who don't want it hacked- it's pretty obvious who's gonna win. All MS will do is going to do is make it more challenging and guess what... theres plenty of people who like challenges. The more challenging it is, the more it's "just gotta" be hacked.

It doesnt matter

[Mindcry]

kinda funny how this security thing is a one way arms race... they make better and better security checks, meanwhile crackers (instead of trying to keep up and trick the checks) can simply hex edit the security right out ;)

This may be a bit more invovled, but it proves DRM will never really work, because computers were never originally designed to support restriction management, and retrofitting is too hard to implement since so many people already have really fast (unrestricted) computers/parts/technical knowledge.

Either way, if you can play music, and you have a line out, you can make copies... this is the same kinda thing.

Betcha Nvidia's Pissed

[Jason Earl]

Didn't Nvidia have to write off a bunch of hardware that became obsolete when Microsoft changed the XBox?

Re:What about waiting for Palladium ?

[anonymous coword]

As I stated in an earlier post, palladium can and will be cracked. Cracking the new xbox is proof that microsofts security methods are inferoir. Itwill convince people not to trust microsofts padillum, and will help to discourage it.

Re:EULA changes?

[interiot]

Yes, that's definitely a desired attribute of contract law. Since laws that are on the book won't ever be able to cover everything or be able to keep up with the variety of private interactions that can occur that would need legal coverage, private parties can both agree to specific terms that go beyond what's explictely on the books. There is a limit to how extreme contracts can get (eg. you can't say that if you don't hold up your end of the agreement, that the other person gets to kill you), but there's a wide area there for "creating law".

Re:EULA changes?

[alienw]

The reason modchips don't fall under the DMCA is because they don't bypass access controls. The dmca defines protection devices as something that "effectively controls access to a work". Since you can't access data on a game CD any better with a modchip, it doesn't bypass anything. IANAL, though, so I might be wrong.

Re:Wouldn't celebrate just yet...

[waltc]

Compared to what it costs to create a given security, breaking it costs very little.

The best way to cut down on software piracy, the very best way bar none, is to cut down on the incentive for it. When software makers decide to get really competitive on pricing issues you'll see a big chunk taken out of the piracy market as a result. Especially commercial bootleggers who might see a bright future in investing in the hardware to mass-produce illegitimate copies of software they can retail at $69.95-$499 and higher. Dropping the price in that category drastically would take much of the wind out of the sails of a commercial pirate who has to spend the bucks to setup a successful CD-bootlegging operation. At $19.95 it gets even better, and the pirate has even less incentive.

That's why it's always been difficult for me to believe software piracy is anywhere near as bad as these companies make it out. If it was they'd be lowering prices to drive the bootleggers out of business. Instead of protection against pirates it seems more a case of these companies wanting to build greed-protection mechanisms instead.

Frankly, why should MS care if some hobbyist decides to mod his xBox to run Linux? Linux won't run any of the xBox software MS would receive a royalty for anyway, and in that case selling an xBox to a Linux hobbyist is one more xBox sale MS would not have made otherwise. (Granted I am not such a person so it's possible I've missed something material here.)

Re:EULA changes?

[dattaway]

If I remember right, Mr. Gates himself related the story of reverse engineering MSDOS by dumpster diving for source code. There was also the incident of disk compression technology that was lifted from another company. To say that common people can not raise the hood of their own car to see how it works or put in a new engine might be called hypocritical.

Please can someone explain to me ...

[Tim Ward]

... why anyone should want to run Linux on an Xbox? What will you be able to do with it that you can't do with Linux running on a proper computer?

Re:Some Background

[Ektanoor]

These reminds me of one program supposedly protected by a well known hardware key. The thing was roughly this:

IF (there is key on parallel port) AND (The key is working) {FORGET THE ... KEY AND RUN PROGRAM}

A few NOPS and some correction on jump point and the program was running without the key. For an Assembler old timer, it took nearly 15 seconds to Veni Vidi Vici (Julius Cesar phrase - I came, I saw and I won).

Considering that these hacks are slightly similar and that the hack I described is more than ten years old, then one can take an estimation on the level of security in XBox...

Re:Question for you.

[handsomepete]

Please show me the $199 PC that has a DVD drive, onboard NIC, decent video and sound that I can run into my TV and, while on, is pretty much noiseless that also plays Xbox games. Provide links, if possible, and I'll go buy one instead of the Xbox I was planning on buying (refurb on sale for $159.99 at Electronics Boutique!) today. If you could, please hurry as the sale ends this weekend.

I'm not being entirely sarcastic (if there really is a place that sells comparable $200 PCs, I would buy one), but I am tired of this whole "you can get PCs for the price of an Xbox" argument. My motherboard cost almost that much by itself. My video card cost more than that. Just because I can get a crappy Microtel or whatever at Wal-Mart for $200 bucks doesn't mean it's just as good.

Anyways, all of this hacking stuff is over my head, but I would assume that the challenge is kind of interesting and being part of the group that is a watchdog to the predecessor to Palladium must be at least part of the intrigue. But what do I know. *shrug*

Re:Please can someone explain to me ...

[Squarewav]

Two questions:

1:Can the Linux XBOX even use the Nvidia??

2:With the PS2 Linux can you compile stand alone PS2 games and apps that don't require loading linux first??

Re:This actually _is_ funny.

[lars_stefan_axelsson]

I think that the designers of the IBM 4758 [ibm.com] cryptographic coprocessors might disagree. The IBM4732 is supposed to be tampre proof [rutgers.edu].

And yet, an application on the IBM4732 was hacked [slashdot.org]a little under a year ago. Granted it wasn't the processor as such, but a very important application that is delivered with the processor. Getting the whole system right is hard.

If you want more material on why tamper proofing is difficult; Ross Anderson's [cam.ac.uk] team [cam.ac.uk]at Cambridge is a good resource. (And they have performed a number of nice hacks Markus Kuhn's optical eavesdropping [cam.ac.uk] for example).

food for thought

[stubear]

You know, it's vocal, endorsed and promoted projects like this that give the OSS and free software community a bad name. YOU might view it as tinkering or whatever but the general populace views it as "pissing in the pool" so to speak. The XBOX Linux project might be for running Linux on the XBOX but it is viewed as much for that as it is for harming Microsoft's profits in the gaming console market. Perhaps the OSS and free software community should consider a different approach to establishing their self-image and promoting their cause.

Re:This actually _is_ funny.

[Henry V .009]

It is not tamper proof. The vulnerability is the enivronment sensors, which can be neutralized. The worst design flaw is that the IBM4732 doesn't have a block of thermite sitting on top that destroys the hardware in case of tampering. That wouldn't be fool-proof, but would mean that your lab would destroy a number of them in the initial 'figuring out how it works' stage. (Even better than thermite is a larger bomb that kills your scientists along with destroying the device. But scientists are replacable, so all you are really doing is raising costs.) Without the thermite, your lab only needs to procure one extra, take it apart, find all the tamper sensors and figure out a method to neutralize them. After that, you can take apart all the IC's with impunity. And really at this point your work is done. You duplicate the RAM contents, figure out the private keys (they have to be stored somewhere), and you have all the information. Very expensive process, but doable.

A very interesting historical parallel is the British bomb defusers, who worked on defusing failed German bombs. At first it was dangerous, but still relatively easy. Afterwards the Germans starting figuring out ways to booby-trap the bombs just in case they didn't go off right away. This was defeated. And finally they engineered bombs specifically to kill bomb defuse teams. Even this was defeated. A very interesting history that includes many of the greatest acts of bravery during the war.

Re:food for thought

[tuffy]

You know, it's vocal, endorsed and promoted projects like this that give the OSS and free software community a bad name. YOU might view it as tinkering or whatever but the general populace views it as "pissing in the pool" so to speak.

Judging from the X-Box's market share [gameinfowire.com] (or lack thereof), the general populace cares about as much about the X-Box as they do about Linux (which isn't a whole lot).

And even though the number of people using X-Boxes as cheap PCs is small, Microsoft certainly appreciates not having those consoles as unsold inventory (which would cost them even more).

Some damn idea

[Ektanoor]

I know this is a little bit unscientific, and rather illusory but...

Xbox is small, nitty and costs only $200. It possesses a 3D chip, a not so bad 733MHz processor, ethernet connection and an hard drive. Frankly it is not so bad for a cheap cluster... Sincerly, I have seen a few clusters for which the cluster units were a little worse than XBox...

Maybe the chance for M$ to reach Top 500? Imagine, an horde of penguins helping up Redmond to reach the heights of computer industry...

Re:food for thought

[nagora]

You know, it's vocal, endorsed and promoted projects like this that give the OSS and free software community a bad name.

If you mean by "bad name" that they stand for the right of people that BUY a product to use it without fear of being hounded by an lawbreaking organisation such as Microsoft, or that they aim to defend the written law of fair use from being destroyed by bribes and corruption at the highest levels of the judicial system then I'm all for being called "Mudd".

Perhaps the OSS and free software community should consider a different approach to establishing their self-image and promoting their cause.

Perhaps you should consider your position as a marketing droid's wet dream. Perhaps you should consider your role as an instrument of corporate interferance in everyday life. Perhaps you should consider smelling the coffee.

It would appear that you have lost sight of what (not just) Microsoft are trying do here: they are trying to say "You paid us fair and square for our machine but we still own it and, in fact, we now own a little bit of you because we can tell you what (not) to do with our little box of tricks."

As a great man once said "Fuck that".

TWW

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:It just goes to prove...

[epine]

This is a hierarchy of smarterness. It's a battle of Smaug against riddling hobbits and the arrow of destiny. Be careful where you stand when DRM falls, it will make a big ugly splash.

Eventually the dragons *will* win if they learn hard lessons from every mistake. The only question is whether the dragon, once perfectly armoured, will still be able to fly, or whether it will be so encrusted with layer upon layer of protective armour it can't really hurt anyone who doesn't stumble into its path. Copy protection died in the late eighties when people discovered it was more onerous than advantageous. When copy protection actually works, it drives your legitimate customers crazy. That's my hope for DRM, that it becomes so good no one can stand it.

Re:We need to bring back Guilds..

[Windcatcher]

The fact that we're being called "consumers" instead of "customers" sadly illustrates the cynical attitude of many corporate types. "Shut up and buy our stuff, you nose-picking, beer-guzzling sheep!"

To paraphrase someone else, most people, according to them, "are a bunch of pathetic hamsters who only know to press the pellet bar and chitter excitedly to one another about the size of the pellet they received."

I'm a customer, Mr. Gates, and as far as I'm concerned, entropy will claim the universe before I pay one red cent for another of your products.

Re:EULA changes?

[shepd]

>Instead you'll have a bare minimum sit down with a sales negoiator. You and he will talka bout the contract you will be shortly signing.

That's the idea. If it becomes a major PITA (and this is) to buy products that require a EULA, then people won't. They will prefer to buy products covered by basic copyright law (like GPLd products) and will be happy that they didn't waste their time buying products that take _forever_ to buy.

News?

[fire-eyes]

My feelings for MS are widely know, but for once I'm not trying to troll.

Given the facts, how is this news?

In my eyes, it isn't.

What WOULD be news would be "secure xbox cracked after exhaustive 6 month effort by 3 teams of 1200 people".

Agreed?

Re:Some Background

[ari_j]

Don't correct people if you don't know what you're talking about.

venio, venire, veni, ventum - to come
video, videre, vidi, visus - to see
vinco, vicere, vici, victus - to win (intransitive sense; the transitive gives us the powerful connotation of the word: 'to conquer'; arguably, Caesar was using the transitive form anyhow, but that's beside the point: this is a stronger verb than 'to win' is in English)

These are the 4 principal parts of each verb, as you'd find listed in a Latin dictionary. The third principal part, in each case, is the first person singular perfect indicative active - meaning, in short, that it indicates an action that the speaker undertook by himself at some time in the past. So, "veni, vidi, vici" translates directly to exactly what most people think it does: "I came; I saw; I conquered." However, most people pronounce it wrong. As Caesar would have said it, it is pronounced "we'-nee we'-dee we'-chee".

Also, you spelled Cesar wrong. That spelling refers to the inventor of Cesar salad dressing, in the early 1900's if I remember correctly, but don't quote me on that date since I can't even remember his first name. Caesar is the correct Latin spelling of Gaius Julius Caesar's family name, or 'cognomen' in Latin. And only the Germans got the pronunciation right, with Kaiser.

However, your history is correct enough to pass muster. But I have no idea where you're disagreeing with the parent post on this - and especially what rhetorical device you're trying to employ by saying "Besides, ...". Go learn English. Then Latin. And then you can teach people a Latin lesson in English.