XBox hardware security reveiled.
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: XBox hardware security reveiled.

  1. #1
    Hi mom!
    Join Date
    Aug 2001
    Posts
    1,103

    XBox hardware security reveiled.

    Andrew Shane Huang, nicknamed "bunnie" and PhD-student at MIT, has written a whitepaper on the security holes in the Microsoft XBox's hardware. The paper starts with this abstract:

    This paper discusses the hardware foundations of the cryptosystem employed by the Xbox(TM) video game console from Microsoft. A secret boot block overlay is buried within a system ASIC. This secret boot block decrypts and verifies portions of an external FLASH-type ROM. The presence of the secret boot block is camouflaged by a decoy boot block in the external ROM. The code contained within the secret boot block is transferred to the CPU in the clear over a set of high-speed busses where it can be extracted using simple custom hardware. The paper concludes with recommendations for improving the Xbox security system. One lesson of this study is that the use of a high-performance bus alone is not a sufficient security measure, given the advent of inexpensive, fast rapid prototyping services and high-performance FPGAs.
    Related links:
    bunnies burrow, the author's homepage.
    page dedicated to the XBox at bunnies burrow.
    Slashdot article and forum on the whitepaper.
    PDF version of Whitepaper (http)
    PDF version of Whitepaper (ftp)
    I wish to express my gratitude to the people of Italy. Thank you for inventing pizza.

  2. #2
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    Security by obscurity. Is this what M$ thinks is proper security? Arghh!

    Good thing I'm going for the PS2.

    Nice find by the way....
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  3. #3
    Webius Designerous Indiginous
    Join Date
    Mar 2002
    Location
    South Florida
    Posts
    1,123
    Heh.. I just found that article too.. LOL... Leave it to M$ to drop the ball once again.

    /me points to his sig for furthur proof..

  4. #4
    Senior Member Ouroboros's Avatar
    Join Date
    Nov 2001
    Location
    Superior, WI USA
    Posts
    628

    Post Console Hardware

    Nice data, Guus...I am particularly interested since the X-Box is the only console game system(since 1986, that is...and yes, I even own the TurboGrafx16 and that awful Genesis add-on, the 'SegaCD') that I don't own (in expectation of something like this...the anti-M$ crowd is truly amazing when they get a bone to chew on. ). Although, I'm sure that most folks don't analyze the GC and PS2 like this...but who knows, there are many people in the world that just plain LIKE taking things apart to find out how they work. I could be included, but the last thing that I really disassembled and analyzed was my parents' old PB100. Not much there, sad to say...

    Anyway...thanks for the links...I'll be saving these.

    Ouroboros

    P.S. And as long as I'm thinking about it...InterAct Software is a master at infiltrating and modifying the software components of many systems, hence the GameShark, etc, etc. But, in my experience, they are not worth it. My PS2 had to be replaced, because the GameShark software modified the system drivers, and then CORRUPTED them, in relation to the DVD-ROM drivers...hence rendering my PS2 nearly useless. I haven't yet seen them for the X-Box or GameCube, but my advice is to stay away from them when you are playing on a 'next-gen' system. You don't need to win that badly that it costs you hundreds of dollars to replace your system when their...I hesitate to use the word...MALICIOUS software corrupts your machine.

    O
    "entia non sunt multiplicanda praeter necessitatem"

    "entities should not be multiplied beyond necessity."

    -Occam's Razor


  5. #5
    Banned
    Join Date
    Apr 2002
    Posts
    28
    Uhm, XBOX plays games, who cares who can hack into it? as long as you press a button and the gun fires, isn't that what XBOX is for? Is this site that ANTI microsoft? I mean I know windows isn't as this or that as unix/linux but I'm sorry Bill Gates genius is what made him the billionaire he is today... regardless of who likes who, Bill made sure Microsoft products sold, and that's why they dominate the market regardless of what unix/linux users like to think...

    Just my opinion

    -xposed

  6. #6
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    Um, the Xbox is goin to be able to go online. This in itself is not a bad thing, but if you think that you're going to be safe in some type of M$ bubble then you are truly fooling yourself.

    Security is always a concern. Try not to be too naive, xposed...
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  7. #7
    Banned
    Join Date
    Mar 2002
    Posts
    968
    How proud could a person be, after this scenario happens...

    "One day, I was happily surfing the net with my Xbox to look up some quick codes until all of a sudden a message popped up saying: "\x/0\x/, 1m 1n 4 xb0x! 54y 83y 83y!" and then the Xbox stopped working...."

    At the moment, there might not be any written programs to attack an Xbox, but wait, the more that surf, the more at risk!

    Uhm, XBOX plays games, who cares who can hack into it?
    You could say the same about your computer...

    "Uhm, my PC plays games, prints documents, downloads music, who cares who can hack into it?"

    Well......

    I suggest that you obtain documents like "Why Hack?" to further understand why we're so cautious

  8. #8
    Webius Designerous Indiginous
    Join Date
    Mar 2002
    Location
    South Florida
    Posts
    1,123
    xposed, This site isn't anti-microsoft. Its just that M$ tends to make fools of themselves to people who really know whats going on. The only reason M$ is a big as it is, is because it brings computers into everybodies homes wether they are computer literate or not. This is a good thing, right? Well in M$'s efforts to make the OS user friendly they sacrificed security, plain and simple.

    This is just another example of how microsoft has again dropped the ball when it comes to security. Wether it is an xbox gaming system or a government facility, the security is always a factor. The xbox gaming system has its seriel numbers in the software, if somebody got the seriel number they could then get all your info from the companies databases. Next thing you know that psychopath that you destroyed playing online shows up to your door.

    security through obscurity never works.

  9. #9
    Senior Member
    Join Date
    Feb 2002
    Posts
    1,210
    oh no.. someone's hacked into my xbox...
    hehe.. well not yet..
    but from what i see.. this security issue that "bunnie" found probably won't apply
    to malicious code getting into your box.. wiping out the hd or rom,bios whatever.
    i believe it applies more to reverse engineering.

  10. #10
    Banned
    Join Date
    May 2002
    Posts
    77
    good lord, M$ just made it easier for someone to reverse engineer their product with lame security, and will sue anyone who attempts to earn enough dough to pay for their horribly overpriced software..........Bill Gates loves court appearances, I guess

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •