The Hidden Boot Code of the Xbox

Device666 writes "In order to lock out both copied games as well as homebrew software, including the GNU/Linux operating system, Microsoft built a chain of trust on the Xbox reaching from the hardware to the execution of game code, in order to avoid the infiltration of code that has not been authorized by Microsoft. The link between hardware and software in this chain of trust is the hidden "MCPX" boot ROM. The principles, the implementations and the security vulnerabilities of this 512 bytes ROM will be discussed in this wikipedia article entitled How to fit three bugs in 512 bytes of security code."

This is not a wikipedia article...

[afabbro]

...otherwise, the domain would be wikipedia.org. Not every site that runs MediaWiki is the Wikipedia.

You'd expect "editing" to catch something like that...

Re:Why?!

[rindeee]

Are you serious? Put down the kool-aid for a sec and consider this. If I buy something (a physical something), I own it. It's mine. If I buy and X-Box and am of the ilk that likes to know what makes things tick, it's my prerogative (and certainly within the bounds of morality) to tear it apart and put it back together. If I can make my X-Box boot Linux (which, contrary to your implication can have a very significant and useful purpose) then more power to me. I will certainly share my knowledge with others who wish to do the same. When it comes to stealing games (copyrighted works of "art"), you are dealing with an entirely different issue. That is akin to me being able to throw my buddy's X-Box into a replicator, push a few buttons and voi lah! 2 X-Boxen. Don't confuse the two concepts. Now, commence kool-aid drinking.

Re:Why?!

[Have Blue]

The Xbox lockdown was always about pirated games. MS knows that only a small fraction of the audience cares about homebrew or Linux.

Re:Why?!

[Hoplite3]

I see no philosophical problem with Microsoft locking their BIOS down, using trusted computing to prevent unauthorized code.

What I have a problem with is the law that says I can't try to break the lock on something I own. I have a problem with the law that says I can't talk about this activity.

Now, I prefer to buy robust, user-modifiable devices. I will spend my dollars on my preference. I worry about the marketplace being dominated by TCPA devices, but I don't have a philosophical objection to those things existing.

The DMCA is just beginning to effect our lives. Give it another ten years to poison "intellectual property". If people own ideas, enforcement can only come in the form of thought control.

An actual on-topic comment

[kurtkilgor]

So, I have a question actually relevant to this article. The article says that the CPU was supposed to jump to address FFFF_FFFF, turn off the ROM, then roll over to 0000_0000, where the CPU would throw an exception thus halting the CPU. However, says the article, the CPU does not in fact throw an exception in this case.

So my question is, how did the hackers who reverse engineered this code conclude that it was supposed to trigger an exception? It seems hard for me to believe that the MS engineers would base their entire security mechanism on a feature of the CPU that didn't actually exist.