Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Hardware Hacking XBox (Games) Hardware

The Hidden Boot Code of the Xbox 284

Posted by CmdrTaco
from the stuff-to-read dept.
Device666 writes "In order to lock out both copied games as well as homebrew software, including the GNU/Linux operating system, Microsoft built a chain of trust on the Xbox reaching from the hardware to the execution of game code, in order to avoid the infiltration of code that has not been authorized by Microsoft. The link between hardware and software in this chain of trust is the hidden "MCPX" boot ROM. The principles, the implementations and the security vulnerabilities of this 512 bytes ROM will be discussed in this wikipedia article entitled How to fit three bugs in 512 bytes of security code."
This discussion has been archived. No new comments can be posted.

The Hidden Boot Code of the Xbox

Comments Filter:
  • Dupe (Score:5, Informative)

    by dkf (304284) <donal.k.fellows@manchester.ac.uk> on Friday August 12, 2005 @08:33AM (#13303178) Homepage
    Thanks for not reading your own site, CmdrTaco
  • by wgray8231 (905984) on Friday August 12, 2005 @08:34AM (#13303187)
    The title of a seminar held on the Redmond, WA campus.
  • Not Wikipedia (Score:5, Informative)

    by c0l0 (826165) on Friday August 12, 2005 @08:35AM (#13303198) Homepage
    Just because some text is available on a Wiki, it's not automatically so on Wikipedia, y'know?
    • Re:Not Wikipedia (Score:5, Insightful)

      by Zeinfeld (263942) on Friday August 12, 2005 @08:47AM (#13303298) Homepage
      The article is completely wrong when it says that the article is on Wikipedia, it is in a Wiki. Which is probably why a lot of people will do what I did and visit the site thinking 'massive NPVO violation'.

      Of course what is really going on here is a massive competence violation on the part of Commander Buritto

      • Not to mention that the article itself sucks. It's informative, yes, but I really can't imagine anyone but Mort or Neil Goldman (from Family Guy) writing it.
  • by SynapseLapse (644398) on Friday August 12, 2005 @08:36AM (#13303200)
    the slashdotrix adjusting itself... Pay no attention to that cat.
  • Wikipedia (Score:5, Funny)

    by mnemonic_ (164550) <<ude.hcimu> <ta> <cemaj>> on Friday August 12, 2005 @08:36AM (#13303202) Homepage Journal
    The principles, the implementations and the security vulnerabilities of this 512 bytes ROM will be discussed in this wikipedia article entitled How to fit three bugs in 512 bytes of security code.

    So it seems someone doesn't know the difference between a page with wiki technology and Wikipedia [wikipedia.org].
  • by afabbro (33948) on Friday August 12, 2005 @08:36AM (#13303204) Homepage
    ...otherwise, the domain would be wikipedia.org. Not every site that runs MediaWiki is the Wikipedia.

    You'd expect "editing" to catch something like that...

  • Not only is this a dupe, but the summary claims that the link is a Wikipedia article. Guess what--not every site running MediaWiki is WIkipedia. In fact, I'm pretty sure that only Wikipedia is Wikipedia.
  • by bigdady92 (635263) on Friday August 12, 2005 @08:37AM (#13303218) Homepage
    512b of space. NExT ON SLASHDOT!
  • by EvilMonkeySlayer (826044) on Friday August 12, 2005 @08:38AM (#13303224) Journal
    The thing everyone needs to remember is that slashdot is akin to Norman Bates, a lot of them are confused, a lot of them crossdress and are very often psychotic.

    So, the next time you see a dupe.. remember, be quiet.. or you could be murdered by a crossdressing psychopath.
    • You say that like it's unusual in IT. Do you mean to say you never interviewed a job candidate named Phred, whose gender could not be determined, and was a source of debate office for weeks afterwards?

      (Note, despite the fact that I wanted to hire him/her, the company owner tossed the resume when he saw that he/she had listed web sites for Gay and Lesbian groups among those she/he had designed, and was giving as resume examples.)
      • I'm curious, is that legal in the U.S.? That is, tossing out a resume because the applicant designed sites for gay and lesbian groups? It certainly isn't in Canada.
        • I can't see why it *would* be illegal. You're not under any obligation to hire someone.
          • You are under an obligation not to discriminate against certain protected groups. Having a policy of never hiring black people would be illegal, for example.
            • And? You're discriminating because you don't like the work someone has done. What's the problem?
              • Oh, I'm sorry, I misunderstood. I thought your boss was discriminating against them not because of their work but because the work was done for gay and lesbian groups. In any case, we are pretty far off-topic here, so I'll drop it.
                • Well for one thing, it's not *my* boss. For another, you are (as I already said) under no obligation to hire someone. If I don't hire you because I just plain don't like you, tough shit.
          • Equal oppertunity laws perhaps.
          • I can't see why it [not hiring someone because of their age, gender, race or sexual orientation] *would* be illegal. You're not under any obligation to hire someone.

            In Europe, while you're under no obligation to hire someone, you cannot legally use considerations of e.g. race or sexual orientation in deciding not to hire them, and if they can prove you did decide not to hire them on such grounds you're in serious shit. This seems to me, on the whole, fairly reasonable.

        • Even if it is illegal in the US, the difficult thing though would be proving it unless the recruiter were stupid enough to say something like "We don't really want any of your people here."
        • Re:Ah, slashdot (Score:3, Informative)

          by doublem (118724)
          It depends on the state. It's discrimination of the first order, but sexual orientation isn't consistently protected across the board. The company's habit of tossing resumes based on "foreign sounding names" was highly illegal, but doing so because the applicant was gay, bisexual or androgynous may not have been.
        • Sexual orientation is not protected in the US, and it's quite a recent addition here in Canada, also.

          On a side note, I did some work years ago with a web design firm that had a lot of lefty gigs. Greenpeace, David Suzuki Foundation, etc. This fact undeniably lost me (and the company) other work.

    • Everytime you masturbate, a Slashdot dupe is posted.

      So, basically, A LOT.
  • by mikeophile (647318) on Friday August 12, 2005 @08:38AM (#13303227)
    Is that over or under Microsoft's par?

  • Anyone able to RTFA? Fatal error: Call to a member function on a non-object in /home/groups/x/xb/xbox-linux/htdocs/w/includes/Obj ectCache.php on line 409
  • by CSHARP123 (904951) on Friday August 12, 2005 @08:50AM (#13303323)
    Easy. Just put one bug in every 170.666666666666667 bytes and you will be done.
  • I haven't finished RTFA yet, but I wonder if this will work with that "MS Appproved Hardware" initiative that I've read about.
  • by Blindman (36862) on Friday August 12, 2005 @08:52AM (#13303354) Journal
    At least Microsoft provides the same level of security to it own hardware as its does yours. You can't accuse Microsoft of playing favorites.
  • by AceJohnny (253840) <jlargentaye@gmai ... minus herbivore> on Friday August 12, 2005 @08:56AM (#13303390) Journal
    Wow. Was it something in the coffee this morning?

    First of all, it a dupe with another article [slashdot.org] in the games section.

    Then it's wrong. The article isn't from wikipedia.

    Finally, nice sensationalist terms:
    - Oh noes, this code locked out GNU/Linux! Bad Microsoft!
    - Hah, Microsoft can't even write 512 bytes of code without bugs!

    Oh, and that last part was only the subtitle of the article, not the real title. But no thanks for pointing it out.

    Read the interesting linked article, or the comments on the original post on games.slashdot, but this article here is exactly what I don't like seeing on Slashdot.
  • That was really interesting, and while it's a dupe it's the first time I've come across it.

    I hadn't really tinkered in my x-box's internals just due to lack of time (I had previous tinkered with my ps1 and n64 a bit.)

    I'm an amateur when it comes to assembly but the way that was presented made it pretty much easily readable for anyone. Kudos to the peeps who made it available.
  • Microsoft has managed to include only three bugs, after all, they had a whole 512 bytes to include much more.

  • I wonder (Score:3, Insightful)

    by bornyesterday (888994) on Friday August 12, 2005 @09:46AM (#13303844) Homepage
    how many times slashdotters can say both "dupe" and "just because it's wiki doesn't mean it's wikipedia" for the same article.
  • Use small bugs, like gnats.
  • The article explains how having lots of internal ROM in an IC is expensive.

    The is absolutely false. I worked on a cellphone product in which the main IC (DSP, MCU, etc) had 4k of internal ROM. The cost of the entire part was less than $15 and remember, this included _all_ of the digital circuitry.

    You can easily have more than 512 bytes of internal ROM.
  • by kurtkilgor (99389) on Friday August 12, 2005 @11:18AM (#13304604)
    So, I have a question actually relevant to this article. The article says that the CPU was supposed to jump to address FFFF_FFFF, turn off the ROM, then roll over to 0000_0000, where the CPU would throw an exception thus halting the CPU. However, says the article, the CPU does not in fact throw an exception in this case.

    So my question is, how did the hackers who reverse engineered this code conclude that it was supposed to trigger an exception? It seems hard for me to believe that the MS engineers would base their entire security mechanism on a feature of the CPU that didn't actually exist.
    • by Geoffreyerffoeg (729040) on Friday August 12, 2005 @02:32PM (#13306467)
      Just a theory...IIRC, the Xbox processor is slightly customized, right? It's not the generic off-the-shelf Celeron? So I suppose that when MS was asking Intel to make Xbox processors, Intel asked the MS guys, "Do you need it to throw an exception when the instructioon pointer overflows? We can make the chip slightly cheaper by removing that feature." MS thought for a second and said, "We're putting security on all the code that goes in, so we can watch for that feature. Besides, the users can't do anything if the CPU halts in a commercial game; it may as well overflow and crash that way. So no, we don't need that feature." And they forgot to ask their security team itself, who was relying on that feature, which was present in the development systems only.

      From the article:
      Apparently the i386 CPU family throws no exception in this case, Microsoft's engineers only assumed it or misread the documentation and never tested it.

      Does anyone know which CPUs actually throw exceptions? I have a feeling the security team tested their code on one that did.
  • 512 bytes is a very small amount of code (it fits on a single sheet of paper!), compared to the megabytes of code contained in software like Windows, Internet Explorer or Internet Information Server. Three bugs within these 512 bytes compromised the security completely - a bunch of hackers found them within days after first looking at the code. Why hasn't Microsoft Corp. been able to do the same? Why? Uh, maybe because they simply don't give a shit?

When you don't know what you are doing, do it neatly.

Working...