xbox hacked - Security circumvented, allowing use of competing software

qbert · 06-04-02, 08:42 AM

Quote:

MIT grad student hacks into Xbox
Security circumvented, allowing use of competing software

LOS ANGELES, June 3 — A graduate student at the Massachusetts Institute of Technology said he has found a way to circumvent the security system for Microsoft Corp.’s Xbox video game console, opening the way for hackers to use it to run competing software, according to documents released over the weekend.

THE MIT COMPUTER EXPERT, who posted his report on his university Web site, also questioned the security behind Microsoft’s soon-to-launch online service, Xbox Live, saying hackers could exploit a flaw in the system to identify individual players from their game machines. (MSNBC is a Microsoft - NBC joint venture.)

Andrew Huang, who recently completed a PhD thesis on supercomputer architecture, wrote a memo May 26 describing his efforts to build hardware that would read the Xbox’s internal security system. A link to the 15-page report was posted this weekend at technology news and discussion Web site Slashdot.org.

Computer enthusiasts have been excited about the possibility of using the $199 Xbox, which is technologically similar to a PC, as a stand-alone computer running operating systems like Linux.

Some see it as the ultimate slight against Microsoft — using the software giant’s own hardware to run software that competes against its Windows operating system.

In the memo, Huang said the Xbox’s primary security is contained in what he calls a “secret boot block” that is encoded into a media processor chip built for the Xbox by Nvidia Corp.

Representatives of Microsoft and Nvidia were not immediately available for comment. An MIT spokesman told Reuters the university has not been received any request to take the paper down from its sites.

. . .

In an e-mail to Reuters, Huang said he notified Microsoft in advance he would be publishing the paper, gave them a copy to read, and has been in regular contact with the company. He also said he is not working on any of the attempts to run Linux or other systems on the Xbox.

. . .

Huang also said in the paper he has discovered keys to the identity of the console owner that may, in theory, be vulnerable through an online connection.

Huang said he separately discovered that the console’s serial number is stored in its memory, and that the data might be readable by the central operating system. “What happens to this information when the Xbox is plugged into the Internet?” he said.

linky linky

FonMan · 06-04-02, 09:17 AM

Why do I have a feeling that I should be picking up a couple of extra XBOX's in case MSOFT later decides to "update" the security on new systems. Seems to me that a hacked XBOX has all sorts of possibilities

mlpala · 06-04-02, 09:18 AM

Wow! that is interesting and terrifying at the same time. Imagine, Microsoft trying to gather information on its customers, I feel shocked! Anyways, I have to take a Homer Simpson attitude towards this one, ehh it works and it hasnt bothered me yet.

ipkevin · 06-04-02, 09:59 AM

Uh, exactly how would MS gather any important information on users that it didn't already have? You have to give them your info to get into their gaming network after all. And you have log on to play, which would let them track your gaming usage as well.

boobietheclown · 06-04-02, 10:09 AM

Quote:

Originally posted by ipkevin
Uh, exactly how would MS gather any important information on users that it didn't already have? You have to give them your info to get into their gaming network after all. And you have log on to play, which would let them track your gaming usage as well.

I agree...getting mad about stuff like this just reminds me of my dad.

"Oh no! Im not getting Windows XP, I hear they track your IP address...Pretty soon there gonna get on and steal all my bank records" Dad

*shakes head*

mtucker · 06-04-02, 11:23 AM

Heck, I'd just like to be able to see the XBox hard drive from across the network. It would be a great way to download wma's to the XBox without having to re-rip all the CD's again, and it could possibly be great way to exchange save files and such over the internet.

s}{ammer · 06-04-02, 11:26 AM

While I am not sure to what extent MS will be gathering info here I must say that you guys are wrong. To secretly gather info about the users is not only unethical it is very bad business. MS has done this before though and I am sure they will do it again. I just don't think that an invasion of privacy is such a small thing.

Josh H · 06-04-02, 11:36 AM

The point was that MS won't be gathering information. When you sign up for X-box live, you'll already be giving MS all your personal information. They won't need to hack into your system to get more.

The concern is that other people could get your infomation from your X-box due to a security flaw.

fab · 06-04-02, 11:48 AM

How can the XBOX be hacked to allow the use of competing software? The only real competing software is that of the GCN and the PS2.. there's no way (emulated or otherwise) that we'll ever see the ability to play PS2 or GCN games on the XBOX.

Or was I reading too much into this?
--
fab

elias · 06-04-02, 11:52 AM

fab, I don't think they're talking about playing PS2 games on the XBOX. They are talking about Linux.

"Computer enthusiasts have been excited about the possibility of using the $199 Xbox, which is technologically similar to a PC, as a stand-alone computer running operating systems like Linux.

Some see it as the ultimate slight against Microsoft — using the software giant’s own hardware to run software that competes against its Windows operating system"

goLUCKY · 06-04-02, 01:44 PM

Linux on a Mircosoft PC, now that's funny! They must have seen that coming since the ps2 has a version of linux that can run on it.

TeeSeeJay · 06-04-02, 02:02 PM

Am I the only one that sees no real purpose to running linux on an XBox? And am I the only one who is completely underwhelmed over this revelation?

And as far as security issues w/ the XBox goes -- Who cares? Say the thing's wide open and someone on XBoxLive can hack into my XBox. What GOOD is it going to do them? What, they'll steal my save game files?

Talk about security in a web server, that's one thing. Hack into a video game, and I'm beginning to yawn.

Josh H · 06-04-02, 02:08 PM

Quote:

Originally posted by TeeSeeJay
Am I the only one that sees no real purpose to running linux on an XBox? And am I the only one who is completely underwhelmed over this revelation?

I guess it's just thrilling for computer geeks that cream their pants at the thought of running linux on MS Hardware.

Quote:

Originally posted by TeeSeeJay

And as far as security issues w/ the XBox goes -- Who cares?

Theoretically, couldn't they steal your username and password and log on as you and cause problems?

Or perhaps in the future you'll be able to pay for your subscription through you X-box connection, then you'd have credit card numbers to worry about.

TeeSeeJay · 06-04-02, 02:18 PM

Quote:

Originally posted by joshhinkle

I guess it's just thrilling for computer geeks that cream their pants at the thought of running linux on MS Hardware.

Theoretically, couldn't they steal your username and password and log on as you and cause problems?

Or perhaps in the future you'll be able to pay for your subscription through you X-box connection, then you'd have credit card numbers to worry about.

I concede that there could possibly be issues with subscription information. I don't know the architecture of the Xbox network, I'm just assuming that it matches your xbox serial number to a subscriber database and lets you in. If you store any user/password/billing info on the console itself, that could be a problem, yes.

And "Linux on MS hardware! HA HA HA!" -- There's nothing "microsoft" about that hardware except for the name. That's about as thrilling as saying "I use a Microsoft Mouse on my Linux Box! HA HA HA -- If they only knew! HEE HEE HEE"

MS-bashing and Linux-Rox sentiment just grates on my nerves.

I think the only thing on a video game console that needs to be secure is the media itself. Your content gets cracked, and you become the Dreamcast.

Josh H · 06-04-02, 02:23 PM

Quote:

Originally posted by TeeSeeJay

MS-bashing and Linux-Rox sentiment just grates on my nerves.

I find it ridiculous as well, which is why I said it was only of interest to computer geeks.

mtucker · 06-04-02, 02:37 PM

I think it would be interesting to use an XBox as a standalone computer. I don't think I'd be putting Linux on there however. Perhaps install a version of Windows XP with custom CD-Ripping programs and and FTP server or something. I don't know. The possibility of a $199 computer is fairly intriguing.

Drexl · 06-04-02, 02:52 PM

All I can say is "bring on the emulators!" There's a guy who has developed a port of MAME, but he can't release the software yet.

mtucker, the problem with your suggestion would be that the XBox has only 64 MB's of memory, and I would never think of running XP with that. However, I read that it may be possible to add more...

Applejack · 06-04-02, 03:07 PM

Quote:

Originally posted by TeeSeeJay
Am I the only one that sees no real purpose to running linux on an XBox? And am I the only one who is completely underwhelmed over this revelation?

No, you aren't

duy37 · 06-04-02, 03:13 PM

Won't you need a monitor cable adapter unless you have a HDTV the resolution will be too crappy for analog.

I'm not suprised, i knew Xbox would be hacked one day, in fact i read that there's already modchips available for it that lets you play DVD-RW backups.

reading the article fully, it said he built a 50 dollar add-on board that allows playing unauthorized games. basically, a modchip.

Aghama · 06-04-02, 05:03 PM

Will this get me my Xbox streaming mp3 receiver sooner?

belboz · 06-04-02, 10:18 PM

This got /.'ed yesterday and then Reuters picked it up. I haven't been actively following "bunnie's" efforts, but I recall looking at his page fairly early on back around December. Here's his website for those who are looking for more info:

http://web.mit.edu/bunnie/www/proj/a...oxmod.html#rom

That page chronicles his efforts and is a really interesting read (funny too, if you follow his XBox cartoons links).

Here's a PDF for the paper he actually published:

http://web.mit.edu/bunnie/www/proj/a...M-2002-008.pdf

I finally got some time to read through the updates to his page and through the pape he wrote and I'll sort of summarize it all for those of you who are merely curious.

It turns out that the security measures employed by the XBox, like they are with most consumer devices, are fairly superficial. The whole system is basically locked down by secret code keys and encryption algorithms which are stored in the nVidia MCP chip. That's the one tricky thing MS did. There's a valid boot block in the flash memory (which is the first place any hacker starts), but it's a decoy. When the machine boots, it reads all its code from the flash, but the MCP chip substitutes a secret 512 byte boot block into the code. This is the actual code that's used to boot the machine and load the kernel.

Unfortunately, it was probably too costly/impractical for MS to encrypt the data paths between the chips, so when this guy rigged up a probe (that's the $50 part that he custom built) to sniff the HT bus (he uses LDT which is the old name), he was able to read out the secret boot code in plaintext.

Now, because he has the secret key as well as the encryption algorithm, he's able to decrypt the kernel image that's stored in flash memory. Though, I don't believe he's done so, it would be merely an academic exercise at this point for him to write his own software, encrypt it with the secret key and algorithm, burn it to the flash rom and have the XBox execute it.

So, theoretically, at least, he's cracked the XBox wide open. Practically, however, since there are precious few other people with the skill and equipment to desolder and reprogram surface mounted flash roms, the XBox is fairly safe.

Until- and here we get into a somewhat speculative area -someone reverse engineers the kernel and creates a boot disc. While it's certainly possible that they haven't encountered the last of the security features which may make a boot disc extremely difficult or impossible, I tend to think that won't be the case. And even then, we've still go the mod chips.

BTW, I don't think it's entirely coincidence that this guy publishes his paper and the mod chips debut all within a week or two of one another. Huang has clearly been working with others in the XBox hacking community, some of whom are obviously working on the mod chips. I'm not sure exactly what weakenesses the mod chips exploit, but I'm guessing they all derive from the same research.

06-04-02, 09:59 AM	#4
ipkevin DVD Talk Gold Edition Join Date: Oct 1999 Posts: 2,515	Uh, exactly how would MS gather any important information on users that it didn't already have? You have to give them your info to get into their gaming network after all. And you have log on to play, which would let them track your gaming usage as well. __________________ "Wouldn't be a party without Potato Head!" - Stallone

06-04-02, 11:23 AM	#6
mtucker DVD Talk Gold Edition Join Date: Feb 2000 Location: Greenville, NC Posts: 2,462	Heck, I'd just like to be able to see the XBox hard drive from across the network. It would be a great way to download wma's to the XBox without having to re-rip all the CD's again, and it could possibly be great way to exchange save files and such over the internet. __________________ "Stay away from the cans!"

06-04-02, 11:26 AM	#7
s}{ammer DVD Talk Special Edition Join Date: Mar 2000 Location: AZ Posts: 1,816	While I am not sure to what extent MS will be gathering info here I must say that you guys are wrong. To secretly gather info about the users is not only unethical it is very bad business. MS has done this before though and I am sure they will do it again. I just don't think that an invasion of privacy is such a small thing. __________________ Go Broncos! Xboxlive 360 - Da BrokDikDog My 360's blog

06-04-02, 01:44 PM	#11
goLUCKY DVD Talk Ultimate Edition Join Date: Apr 2000 Location: Austin, Texas XboxLIVE Gamertag: Golucky Timezone: Central (CST) Posts: 4,899	Linux on a Mircosoft PC, now that's funny! They must have seen that coming since the ps2 has a version of linux that can run on it. __________________ Dvdtalk Xbox Gamertag List part III here! Greetings, Starfighter. You have been recruited by the Star League to defend the frontier against Xur and the Ko-Dan armada.

06-04-02, 02:37 PM	#16
mtucker DVD Talk Gold Edition Join Date: Feb 2000 Location: Greenville, NC Posts: 2,462	I think it would be interesting to use an XBox as a standalone computer. I don't think I'd be putting Linux on there however. Perhaps install a version of Windows XP with custom CD-Ripping programs and and FTP server or something. I don't know. The possibility of a $199 computer is fairly intriguing. __________________ "Stay away from the cans!"

06-04-02, 09:17 AM	#2
FonMan Banned Join Date: Mar 2001 Location: Westward Ho, 3-Card Poker table, seat 2 Posts: 951	Why do I have a feeling that I should be picking up a couple of extra XBOX's in case MSOFT later decides to "update" the security on new systems. Seems to me that a hacked XBOX has all sorts of possibilities

06-04-02, 09:18 AM	#3
mlpala Member Join Date: Jan 2002 Posts: 59	Wow! that is interesting and terrifying at the same time. Imagine, Microsoft trying to gather information on its customers, I feel shocked! Anyways, I have to take a Homer Simpson attitude towards this one, ehh it works and it hasnt bothered me yet.

06-04-02, 11:36 AM	#8
Josh H Retired Join Date: May 1999 Posts: 27,389	The point was that MS won't be gathering information. When you sign up for X-box live, you'll already be giving MS all your personal information. They won't need to hack into your system to get more. The concern is that other people could get your infomation from your X-box due to a security flaw.

06-04-02, 11:48 AM	#9
fab Senior Member Join Date: Jun 1999 Location: North Fort Myers, FL Posts: 281	How can the XBOX be hacked to allow the use of competing software? The only real competing software is that of the GCN and the PS2.. there's no way (emulated or otherwise) that we'll ever see the ability to play PS2 or GCN games on the XBOX. Or was I reading too much into this? -- fab

06-04-02, 11:52 AM	#10
elias Senior Member Join Date: Nov 2000 Posts: 818	fab, I don't think they're talking about playing PS2 games on the XBOX. They are talking about Linux. "Computer enthusiasts have been excited about the possibility of using the $199 Xbox, which is technologically similar to a PC, as a stand-alone computer running operating systems like Linux. Some see it as the ultimate slight against Microsoft — using the software giant’s own hardware to run software that competes against its Windows operating system"

06-04-02, 02:02 PM	#12
TeeSeeJay DVD Talk Special Edition Join Date: Jan 2001 Location: Kansas City, MO, USA Posts: 1,651	Am I the only one that sees no real purpose to running linux on an XBox? And am I the only one who is completely underwhelmed over this revelation? And as far as security issues w/ the XBox goes -- Who cares? Say the thing's wide open and someone on XBoxLive can hack into my XBox. What GOOD is it going to do them? What, they'll steal my save game files? Talk about security in a web server, that's one thing. Hack into a video game, and I'm beginning to yawn.

06-04-02, 02:52 PM	#17
Drexl DVD Talk Legend Join Date: Feb 2001 Location: St. Louis, MO Posts: 14,547	All I can say is "bring on the emulators!" There's a guy who has developed a port of MAME, but he can't release the software yet. mtucker, the problem with your suggestion would be that the XBox has only 64 MB's of memory, and I would never think of running XP with that. However, I read that it may be possible to add more...

06-04-02, 03:13 PM	#19
duy37 Senior Member Join Date: Jun 2001 Location: San Diego to Los Angeles Posts: 996	Won't you need a monitor cable adapter unless you have a HDTV the resolution will be too crappy for analog. I'm not suprised, i knew Xbox would be hacked one day, in fact i read that there's already modchips available for it that lets you play DVD-RW backups. reading the article fully, it said he built a 50 dollar add-on board that allows playing unauthorized games. basically, a modchip. __________________ This is duy37 and I approve this signature. Last edited by duy37; 06-04-02 at 03:19 PM.

06-04-02, 05:03 PM	#20
Aghama DVD Talk Limited Edition Join Date: Oct 1999 Location: A suburb² of Miami Posts: 5,944	Will this get me my Xbox streaming mp3 receiver sooner?

06-04-02, 10:18 PM	#21
belboz DVD Talk Gold Edition Join Date: Feb 1999 Location: HB, CA Posts: 2,592	This got /.'ed yesterday and then Reuters picked it up. I haven't been actively following "bunnie's" efforts, but I recall looking at his page fairly early on back around December. Here's his website for those who are looking for more info: http://web.mit.edu/bunnie/www/proj/a...oxmod.html#rom That page chronicles his efforts and is a really interesting read (funny too, if you follow his XBox cartoons links). Here's a PDF for the paper he actually published: http://web.mit.edu/bunnie/www/proj/a...M-2002-008.pdf I finally got some time to read through the updates to his page and through the pape he wrote and I'll sort of summarize it all for those of you who are merely curious. It turns out that the security measures employed by the XBox, like they are with most consumer devices, are fairly superficial. The whole system is basically locked down by secret code keys and encryption algorithms which are stored in the nVidia MCP chip. That's the one tricky thing MS did. There's a valid boot block in the flash memory (which is the first place any hacker starts), but it's a decoy. When the machine boots, it reads all its code from the flash, but the MCP chip substitutes a secret 512 byte boot block into the code. This is the actual code that's used to boot the machine and load the kernel. Unfortunately, it was probably too costly/impractical for MS to encrypt the data paths between the chips, so when this guy rigged up a probe (that's the $50 part that he custom built) to sniff the HT bus (he uses LDT which is the old name), he was able to read out the secret boot code in plaintext. Now, because he has the secret key as well as the encryption algorithm, he's able to decrypt the kernel image that's stored in flash memory. Though, I don't believe he's done so, it would be merely an academic exercise at this point for him to write his own software, encrypt it with the secret key and algorithm, burn it to the flash rom and have the XBox execute it. So, theoretically, at least, he's cracked the XBox wide open. Practically, however, since there are precious few other people with the skill and equipment to desolder and reprogram surface mounted flash roms, the XBox is fairly safe. Until- and here we get into a somewhat speculative area -someone reverse engineers the kernel and creates a boot disc. While it's certainly possible that they haven't encountered the last of the security features which may make a boot disc extremely difficult or impossible, I tend to think that won't be the case. And even then, we've still go the mod chips. BTW, I don't think it's entirely coincidence that this guy publishes his paper and the mod chips debut all within a week or two of one another. Huang has clearly been working with others in the XBox hacking community, some of whom are obviously working on the mod chips. I'm not sure exactly what weakenesses the mod chips exploit, but I'm guessing they all derive from the same research.