Go Back  DVD Talk Forum > Entertainment Discussions > Video Game Talk
Reload this Page >

xbox hacked - Security circumvented, allowing use of competing software

Video Game Talk The Place to talk about and trade Video & PC Games

xbox hacked - Security circumvented, allowing use of competing software

Old 06-04-02, 08:42 AM
  #1  
DVD Talk Gold Edition
Thread Starter
 
Join Date: Feb 2001
Location: ny, ny
Posts: 2,436
Likes: 0
Received 0 Likes on 0 Posts
xbox hacked - Security circumvented, allowing use of competing software

MIT grad student hacks into Xbox
Security circumvented, allowing use of competing software

LOS ANGELES, June 3 — A graduate student at the Massachusetts Institute of Technology said he has found a way to circumvent the security system for Microsoft Corp.’s Xbox video game console, opening the way for hackers to use it to run competing software, according to documents released over the weekend.

THE MIT COMPUTER EXPERT, who posted his report on his university Web site, also questioned the security behind Microsoft’s soon-to-launch online service, Xbox Live, saying hackers could exploit a flaw in the system to identify individual players from their game machines. (MSNBC is a Microsoft - NBC joint venture.)

Andrew Huang, who recently completed a PhD thesis on supercomputer architecture, wrote a memo May 26 describing his efforts to build hardware that would read the Xbox’s internal security system. A link to the 15-page report was posted this weekend at technology news and discussion Web site Slashdot.org.

Computer enthusiasts have been excited about the possibility of using the $199 Xbox, which is technologically similar to a PC, as a stand-alone computer running operating systems like Linux.

Some see it as the ultimate slight against Microsoft — using the software giant’s own hardware to run software that competes against its Windows operating system.

In the memo, Huang said the Xbox’s primary security is contained in what he calls a “secret boot block” that is encoded into a media processor chip built for the Xbox by Nvidia Corp.

Representatives of Microsoft and Nvidia were not immediately available for comment. An MIT spokesman told Reuters the university has not been received any request to take the paper down from its sites.

. . .

In an e-mail to Reuters, Huang said he notified Microsoft in advance he would be publishing the paper, gave them a copy to read, and has been in regular contact with the company. He also said he is not working on any of the attempts to run Linux or other systems on the Xbox.

. . .

Huang also said in the paper he has discovered keys to the identity of the console owner that may, in theory, be vulnerable through an online connection.

Huang said he separately discovered that the console’s serial number is stored in its memory, and that the data might be readable by the central operating system. “What happens to this information when the Xbox is plugged into the Internet?” he said.
linky linky
Old 06-04-02, 09:17 AM
  #2  
Banned
 
Join Date: Mar 2001
Location: Westward Ho, 3-Card Poker table, seat 2
Posts: 951
Likes: 0
Received 0 Likes on 0 Posts
Why do I have a feeling that I should be picking up a couple of extra XBOX's in case MSOFT later decides to "update" the security on new systems. Seems to me that a hacked XBOX has all sorts of possibilities
Old 06-04-02, 09:18 AM
  #3  
Member
 
Join Date: Jan 2002
Posts: 59
Likes: 0
Received 0 Likes on 0 Posts
Wow! that is interesting and terrifying at the same time. Imagine, Microsoft trying to gather information on its customers, I feel shocked! Anyways, I have to take a Homer Simpson attitude towards this one, ehh it works and it hasnt bothered me yet.
Old 06-04-02, 09:59 AM
  #4  
DVD Talk Gold Edition
 
Join Date: Oct 1999
Posts: 2,515
Likes: 0
Received 0 Likes on 0 Posts
Uh, exactly how would MS gather any important information on users that it didn't already have? You have to give them your info to get into their gaming network after all. And you have log on to play, which would let them track your gaming usage as well.
Old 06-04-02, 10:09 AM
  #5  
DVD Talk Special Edition
 
Join Date: Dec 2001
Posts: 1,331
Likes: 0
Received 1 Like on 1 Post
Originally posted by ipkevin
Uh, exactly how would MS gather any important information on users that it didn't already have? You have to give them your info to get into their gaming network after all. And you have log on to play, which would let them track your gaming usage as well.
I agree...getting mad about stuff like this just reminds me of my dad.

"Oh no! Im not getting Windows XP, I hear they track your IP address...Pretty soon there gonna get on and steal all my bank records" Dad

*shakes head*

Old 06-04-02, 11:23 AM
  #6  
DVD Talk Gold Edition
 
Join Date: Feb 2000
Location: Greenville, NC
Posts: 2,462
Likes: 0
Received 0 Likes on 0 Posts
Heck, I'd just like to be able to see the XBox hard drive from across the network. It would be a great way to download wma's to the XBox without having to re-rip all the CD's again, and it could possibly be great way to exchange save files and such over the internet.
Old 06-04-02, 11:26 AM
  #7  
DVD Talk Special Edition
 
Join Date: Mar 2000
Location: AZ
Posts: 1,816
Likes: 0
Received 0 Likes on 0 Posts
While I am not sure to what extent MS will be gathering info here I must say that you guys are wrong. To secretly gather info about the users is not only unethical it is very bad business. MS has done this before though and I am sure they will do it again. I just don't think that an invasion of privacy is such a small thing.
Old 06-04-02, 11:36 AM
  #8  
Retired
 
Join Date: May 1999
Posts: 27,449
Likes: 0
Received 1 Like on 1 Post
The point was that MS won't be gathering information. When you sign up for X-box live, you'll already be giving MS all your personal information. They won't need to hack into your system to get more.

The concern is that other people could get your infomation from your X-box due to a security flaw.
Old 06-04-02, 11:48 AM
  #9  
fab
Senior Member
 
Join Date: Jun 1999
Location: North Fort Myers, FL
Posts: 281
Likes: 0
Received 0 Likes on 0 Posts
How can the XBOX be hacked to allow the use of competing software? The only real competing software is that of the GCN and the PS2.. there's no way (emulated or otherwise) that we'll ever see the ability to play PS2 or GCN games on the XBOX.

Or was I reading too much into this?
--
fab
Old 06-04-02, 11:52 AM
  #10  
Senior Member
 
Join Date: Nov 2000
Posts: 818
Likes: 0
Received 0 Likes on 0 Posts
fab, I don't think they're talking about playing PS2 games on the XBOX. They are talking about Linux.

"Computer enthusiasts have been excited about the possibility of using the $199 Xbox, which is technologically similar to a PC, as a stand-alone computer running operating systems like Linux.

Some see it as the ultimate slight against Microsoft — using the software giant’s own hardware to run software that competes against its Windows operating system"
Old 06-04-02, 01:44 PM
  #11  
DVD Talk Ultimate Edition
 
Join Date: Apr 2000
Location: Austin, Texas XboxLIVE Gamertag: Golucky Timezone: Central (CST)
Posts: 4,899
Likes: 0
Received 1 Like on 1 Post
Linux on a Mircosoft PC, now that's funny! They must have seen that coming since the ps2 has a version of linux that can run on it.
Old 06-04-02, 02:02 PM
  #12  
DVD Talk Special Edition
 
Join Date: Jan 2001
Location: Kansas City, MO, USA
Posts: 1,651
Likes: 0
Received 0 Likes on 0 Posts
Am I the only one that sees no real purpose to running linux on an XBox? And am I the only one who is completely underwhelmed over this revelation?

And as far as security issues w/ the XBox goes -- Who cares? Say the thing's wide open and someone on XBoxLive can hack into my XBox. What GOOD is it going to do them? What, they'll steal my save game files?

Talk about security in a web server, that's one thing. Hack into a video game, and I'm beginning to yawn.
Old 06-04-02, 02:08 PM
  #13  
Retired
 
Join Date: May 1999
Posts: 27,449
Likes: 0
Received 1 Like on 1 Post
Originally posted by TeeSeeJay
Am I the only one that sees no real purpose to running linux on an XBox? And am I the only one who is completely underwhelmed over this revelation?
I guess it's just thrilling for computer geeks that cream their pants at the thought of running linux on MS Hardware.

Originally posted by TeeSeeJay

And as far as security issues w/ the XBox goes -- Who cares?
Theoretically, couldn't they steal your username and password and log on as you and cause problems?

Or perhaps in the future you'll be able to pay for your subscription through you X-box connection, then you'd have credit card numbers to worry about.
Old 06-04-02, 02:18 PM
  #14  
DVD Talk Special Edition
 
Join Date: Jan 2001
Location: Kansas City, MO, USA
Posts: 1,651
Likes: 0
Received 0 Likes on 0 Posts
Originally posted by joshhinkle


I guess it's just thrilling for computer geeks that cream their pants at the thought of running linux on MS Hardware.



Theoretically, couldn't they steal your username and password and log on as you and cause problems?

Or perhaps in the future you'll be able to pay for your subscription through you X-box connection, then you'd have credit card numbers to worry about.
I concede that there could possibly be issues with subscription information. I don't know the architecture of the Xbox network, I'm just assuming that it matches your xbox serial number to a subscriber database and lets you in. If you store any user/password/billing info on the console itself, that could be a problem, yes.

And "Linux on MS hardware! HA HA HA!" -- There's nothing "microsoft" about that hardware except for the name. That's about as thrilling as saying "I use a Microsoft Mouse on my Linux Box! HA HA HA -- If they only knew! HEE HEE HEE"

MS-bashing and Linux-Rox sentiment just grates on my nerves.

I think the only thing on a video game console that needs to be secure is the media itself. Your content gets cracked, and you become the Dreamcast.
Old 06-04-02, 02:23 PM
  #15  
Retired
 
Join Date: May 1999
Posts: 27,449
Likes: 0
Received 1 Like on 1 Post
Originally posted by TeeSeeJay

MS-bashing and Linux-Rox sentiment just grates on my nerves.
I find it ridiculous as well, which is why I said it was only of interest to computer geeks.
Old 06-04-02, 02:37 PM
  #16  
DVD Talk Gold Edition
 
Join Date: Feb 2000
Location: Greenville, NC
Posts: 2,462
Likes: 0
Received 0 Likes on 0 Posts
I think it would be interesting to use an XBox as a standalone computer. I don't think I'd be putting Linux on there however. Perhaps install a version of Windows XP with custom CD-Ripping programs and and FTP server or something. I don't know. The possibility of a $199 computer is fairly intriguing.
Old 06-04-02, 02:52 PM
  #17  
DVD Talk Legend
 
Drexl's Avatar
 
Join Date: Feb 2001
Location: St. Louis, MO
Posts: 16,077
Likes: 0
Received 15 Likes on 13 Posts
All I can say is "bring on the emulators!" There's a guy who has developed a port of MAME, but he can't release the software yet.

mtucker, the problem with your suggestion would be that the XBox has only 64 MB's of memory, and I would never think of running XP with that. However, I read that it may be possible to add more...
Old 06-04-02, 03:07 PM
  #18  
DVD Talk Platinum Edition
 
Join Date: Oct 2000
Posts: 3,507
Received 1 Like on 1 Post
Originally posted by TeeSeeJay
Am I the only one that sees no real purpose to running linux on an XBox? And am I the only one who is completely underwhelmed over this revelation?

No, you aren't

Old 06-04-02, 03:13 PM
  #19  
Senior Member
 
Join Date: Jun 2001
Location: San Diego to Los Angeles
Posts: 995
Likes: 0
Received 0 Likes on 0 Posts
Won't you need a monitor cable adapter unless you have a HDTV the resolution will be too crappy for analog.

I'm not suprised, i knew Xbox would be hacked one day, in fact i read that there's already modchips available for it that lets you play DVD-RW backups.

reading the article fully, it said he built a 50 dollar add-on board that allows playing unauthorized games. basically, a modchip.

Last edited by duy37; 06-04-02 at 03:19 PM.
Old 06-04-02, 05:03 PM
  #20  
DVD Talk Limited Edition
 
Join Date: Oct 1999
Location: A suburb˛ of Miami
Posts: 5,943
Likes: 0
Received 1 Like on 1 Post
Will this get me my Xbox streaming mp3 receiver sooner?
Old 06-04-02, 10:18 PM
  #21  
DVD Talk Gold Edition
 
Join Date: Feb 1999
Location: HB, CA
Posts: 2,600
Likes: 0
Received 0 Likes on 0 Posts
This got /.'ed yesterday and then Reuters picked it up. I haven't been actively following "bunnie's" efforts, but I recall looking at his page fairly early on back around December. Here's his website for those who are looking for more info:

http://web.mit.edu/bunnie/www/proj/a...oxmod.html#rom

That page chronicles his efforts and is a really interesting read (funny too, if you follow his XBox cartoons links).

Here's a PDF for the paper he actually published:

http://web.mit.edu/bunnie/www/proj/a...M-2002-008.pdf

I finally got some time to read through the updates to his page and through the pape he wrote and I'll sort of summarize it all for those of you who are merely curious.

It turns out that the security measures employed by the XBox, like they are with most consumer devices, are fairly superficial. The whole system is basically locked down by secret code keys and encryption algorithms which are stored in the nVidia MCP chip. That's the one tricky thing MS did. There's a valid boot block in the flash memory (which is the first place any hacker starts), but it's a decoy. When the machine boots, it reads all its code from the flash, but the MCP chip substitutes a secret 512 byte boot block into the code. This is the actual code that's used to boot the machine and load the kernel.

Unfortunately, it was probably too costly/impractical for MS to encrypt the data paths between the chips, so when this guy rigged up a probe (that's the $50 part that he custom built) to sniff the HT bus (he uses LDT which is the old name), he was able to read out the secret boot code in plaintext.

Now, because he has the secret key as well as the encryption algorithm, he's able to decrypt the kernel image that's stored in flash memory. Though, I don't believe he's done so, it would be merely an academic exercise at this point for him to write his own software, encrypt it with the secret key and algorithm, burn it to the flash rom and have the XBox execute it.

So, theoretically, at least, he's cracked the XBox wide open. Practically, however, since there are precious few other people with the skill and equipment to desolder and reprogram surface mounted flash roms, the XBox is fairly safe.

Until- and here we get into a somewhat speculative area -someone reverse engineers the kernel and creates a boot disc. While it's certainly possible that they haven't encountered the last of the security features which may make a boot disc extremely difficult or impossible, I tend to think that won't be the case. And even then, we've still go the mod chips.

BTW, I don't think it's entirely coincidence that this guy publishes his paper and the mod chips debut all within a week or two of one another. Huang has clearly been working with others in the XBox hacking community, some of whom are obviously working on the mod chips. I'm not sure exactly what weakenesses the mod chips exploit, but I'm guessing they all derive from the same research.

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Thread Tools
Search this Thread

Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service -

Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.