Release List Reviews Shop Join News DVD Giveaways Video Games Advertise
DVD Reviews | Theatrical Reviews | Adult DVD Reviews | Video Game Reviews | Price Search Buy Stuff Here
Video Game Talk
HD Reviews
 



Go Back   DVD Talk Forum > Entertainment Discussions > Video Game Talk

Video Game Talk The Place to talk about and trade Video & PC Games

Reply
 
Thread Tools
Old 06-04-02, 09:42 AM   #1
qbert
DVD Talk Gold Edition
 
Join Date: Feb 2001
Location: ny, ny
Posts: 2,436
xbox hacked - Security circumvented, allowing use of competing software

Quote:
MIT grad student hacks into Xbox
Security circumvented, allowing use of competing software

LOS ANGELES, June 3 — A graduate student at the Massachusetts Institute of Technology said he has found a way to circumvent the security system for Microsoft Corp.’s Xbox video game console, opening the way for hackers to use it to run competing software, according to documents released over the weekend.

THE MIT COMPUTER EXPERT, who posted his report on his university Web site, also questioned the security behind Microsoft’s soon-to-launch online service, Xbox Live, saying hackers could exploit a flaw in the system to identify individual players from their game machines. (MSNBC is a Microsoft - NBC joint venture.)

Andrew Huang, who recently completed a PhD thesis on supercomputer architecture, wrote a memo May 26 describing his efforts to build hardware that would read the Xbox’s internal security system. A link to the 15-page report was posted this weekend at technology news and discussion Web site Slashdot.org.

Computer enthusiasts have been excited about the possibility of using the $199 Xbox, which is technologically similar to a PC, as a stand-alone computer running operating systems like Linux.

Some see it as the ultimate slight against Microsoft — using the software giant’s own hardware to run software that competes against its Windows operating system.

In the memo, Huang said the Xbox’s primary security is contained in what he calls a “secret boot block” that is encoded into a media processor chip built for the Xbox by Nvidia Corp.

Representatives of Microsoft and Nvidia were not immediately available for comment. An MIT spokesman told Reuters the university has not been received any request to take the paper down from its sites.

. . .

In an e-mail to Reuters, Huang said he notified Microsoft in advance he would be publishing the paper, gave them a copy to read, and has been in regular contact with the company. He also said he is not working on any of the attempts to run Linux or other systems on the Xbox.

. . .

Huang also said in the paper he has discovered keys to the identity of the console owner that may, in theory, be vulnerable through an online connection.

Huang said he separately discovered that the console’s serial number is stored in its memory, and that the data might be readable by the central operating system. “What happens to this information when the Xbox is plugged into the Internet?” he said.
linky linky
__________________
and now back to your regularly scheduled life ...
  Reply With Quote
Old 06-04-02, 10:17 AM   #2
FonMan
Banned
 
Join Date: Mar 2001
Location: Westward Ho, 3-Card Poker table, seat 2
Posts: 951
Why do I have a feeling that I should be picking up a couple of extra XBOX's in case MSOFT later decides to "update" the security on new systems. Seems to me that a hacked XBOX has all sorts of possibilities
  Reply With Quote
Old 06-04-02, 10:18 AM   #3
mlpala
Member
 
Join Date: Jan 2002
Posts: 59
Wow! that is interesting and terrifying at the same time. Imagine, Microsoft trying to gather information on its customers, I feel shocked! Anyways, I have to take a Homer Simpson attitude towards this one, ehh it works and it hasnt bothered me yet.
  Reply With Quote
Old 06-04-02, 10:59 AM   #4
ipkevin
DVD Talk Gold Edition
 
Join Date: Oct 1999
Posts: 2,515
Uh, exactly how would MS gather any important information on users that it didn't already have? You have to give them your info to get into their gaming network after all. And you have log on to play, which would let them track your gaming usage as well.
__________________
"Wouldn't be a party without Potato Head!"
- Stallone
  Reply With Quote
Old 06-04-02, 11:09 AM   #5
boobietheclown
DVD Talk Special Edition
 
Join Date: Dec 2001
Posts: 1,329
Quote:
Originally posted by ipkevin
Uh, exactly how would MS gather any important information on users that it didn't already have? You have to give them your info to get into their gaming network after all. And you have log on to play, which would let them track your gaming usage as well.
I agree...getting mad about stuff like this just reminds me of my dad.

"Oh no! Im not getting Windows XP, I hear they track your IP address...Pretty soon there gonna get on and steal all my bank records" Dad

*shakes head*

__________________
The Great Wall of China was originally created to keep Chuck Norris out. It failed miserably.
  Reply With Quote
Old 06-04-02, 12:23 PM   #6
mtucker
DVD Talk Gold Edition
 
Join Date: Feb 2000
Location: Greenville, NC
Posts: 2,462
Heck, I'd just like to be able to see the XBox hard drive from across the network. It would be a great way to download wma's to the XBox without having to re-rip all the CD's again, and it could possibly be great way to exchange save files and such over the internet.
__________________
"Stay away from the cans!"
  Reply With Quote
Old 06-04-02, 12:26 PM   #7
s}{ammer
DVD Talk Special Edition
 
Join Date: Mar 2000
Location: AZ
Posts: 1,816
While I am not sure to what extent MS will be gathering info here I must say that you guys are wrong. To secretly gather info about the users is not only unethical it is very bad business. MS has done this before though and I am sure they will do it again. I just don't think that an invasion of privacy is such a small thing.
__________________
Go Broncos!
Xboxlive 360 - Da BrokDikDog
My 360's blog
  Reply With Quote
Old 06-04-02, 12:36 PM   #8
Josh H
Retired
 
Join Date: May 1999
Posts: 27,449
The point was that MS won't be gathering information. When you sign up for X-box live, you'll already be giving MS all your personal information. They won't need to hack into your system to get more.

The concern is that other people could get your infomation from your X-box due to a security flaw.
  Reply With Quote
Old 06-04-02, 12:48 PM   #9
fab
Senior Member
 
Join Date: Jun 1999
Location: North Fort Myers, FL
Posts: 281
How can the XBOX be hacked to allow the use of competing software? The only real competing software is that of the GCN and the PS2.. there's no way (emulated or otherwise) that we'll ever see the ability to play PS2 or GCN games on the XBOX.

Or was I reading too much into this?
--
fab
  Reply With Quote
Old 06-04-02, 12:52 PM   #10
elias
Senior Member
 
Join Date: Nov 2000
Posts: 818
fab, I don't think they're talking about playing PS2 games on the XBOX. They are talking about Linux.

"Computer enthusiasts have been excited about the possibility of using the $199 Xbox, which is technologically similar to a PC, as a stand-alone computer running operating systems like Linux.

Some see it as the ultimate slight against Microsoft — using the software giant’s own hardware to run software that competes against its Windows operating system"
  Reply With Quote
Old 06-04-02, 02:44 PM   #11
goLUCKY
DVD Talk Ultimate Edition
 
Join Date: Apr 2000
Location: Austin, Texas XboxLIVE Gamertag: Golucky Timezone: Central (CST)
Posts: 4,899
Linux on a Mircosoft PC, now that's funny! They must have seen that coming since the ps2 has a version of linux that can run on it.
__________________
Dvdtalk Xbox Gamertag List part III here!
Greetings, Starfighter. You have been recruited by the Star League to defend the frontier against Xur and the Ko-Dan armada.
  Reply With Quote
Old 06-04-02, 03:02 PM   #12
TeeSeeJay
DVD Talk Special Edition
 
Join Date: Jan 2001
Location: Kansas City, MO, USA
Posts: 1,651
Am I the only one that sees no real purpose to running linux on an XBox? And am I the only one who is completely underwhelmed over this revelation?

And as far as security issues w/ the XBox goes -- Who cares? Say the thing's wide open and someone on XBoxLive can hack into my XBox. What GOOD is it going to do them? What, they'll steal my save game files?

Talk about security in a web server, that's one thing. Hack into a video game, and I'm beginning to yawn.
  Reply With Quote
Old 06-04-02, 03:08 PM   #13
Josh H
Retired
 
Join Date: May 1999
Posts: 27,449
Quote:
Originally posted by TeeSeeJay
Am I the only one that sees no real purpose to running linux on an XBox? And am I the only one who is completely underwhelmed over this revelation?
I guess it's just thrilling for computer geeks that cream their pants at the thought of running linux on MS Hardware.

Quote:
Originally posted by TeeSeeJay

And as far as security issues w/ the XBox goes -- Who cares?
Theoretically, couldn't they steal your username and password and log on as you and cause problems?

Or perhaps in the future you'll be able to pay for your subscription through you X-box connection, then you'd have credit card numbers to worry about.
  Reply With Quote
Old 06-04-02, 03:18 PM   #14
TeeSeeJay
DVD Talk Special Edition
 
Join Date: Jan 2001
Location: Kansas City, MO, USA
Posts: 1,651
Quote:
Originally posted by joshhinkle


I guess it's just thrilling for computer geeks that cream their pants at the thought of running linux on MS Hardware.



Theoretically, couldn't they steal your username and password and log on as you and cause problems?

Or perhaps in the future you'll be able to pay for your subscription through you X-box connection, then you'd have credit card numbers to worry about.
I concede that there could possibly be issues with subscription information. I don't know the architecture of the Xbox network, I'm just assuming that it matches your xbox serial number to a subscriber database and lets you in. If you store any user/password/billing info on the console itself, that could be a problem, yes.

And "Linux on MS hardware! HA HA HA!" -- There's nothing "microsoft" about that hardware except for the name. That's about as thrilling as saying "I use a Microsoft Mouse on my Linux Box! HA HA HA -- If they only knew! HEE HEE HEE"

MS-bashing and Linux-Rox sentiment just grates on my nerves.

I think the only thing on a video game console that needs to be secure is the media itself. Your content gets cracked, and you become the Dreamcast.
  Reply With Quote
Old 06-04-02, 03:23 PM   #15
Josh H
Retired
 
Join Date: May 1999
Posts: 27,449
Quote:
Originally posted by TeeSeeJay

MS-bashing and Linux-Rox sentiment just grates on my nerves.
I find it ridiculous as well, which is why I said it was only of interest to computer geeks.
  Reply With Quote
Old 06-04-02, 03:37 PM   #16
mtucker
DVD Talk Gold Edition
 
Join Date: Feb 2000
Location: Greenville, NC
Posts: 2,462
I think it would be interesting to use an XBox as a standalone computer. I don't think I'd be putting Linux on there however. Perhaps install a version of Windows XP with custom CD-Ripping programs and and FTP server or something. I don't know. The possibility of a $199 computer is fairly intriguing.
__________________
"Stay away from the cans!"
  Reply With Quote
Old 06-04-02, 03:52 PM   #17
Drexl
DVD Talk Legend
 
Drexl's Avatar
 
Join Date: Feb 2001
Location: St. Louis, MO
Posts: 15,259
All I can say is "bring on the emulators!" There's a guy who has developed a port of MAME, but he can't release the software yet.

mtucker, the problem with your suggestion would be that the XBox has only 64 MB's of memory, and I would never think of running XP with that. However, I read that it may be possible to add more...
  Reply With Quote
Old 06-04-02, 04:07 PM   #18
Applejack
DVD Talk Platinum Edition
 
Join Date: Oct 2000
Posts: 3,470
Quote:
Originally posted by TeeSeeJay
Am I the only one that sees no real purpose to running linux on an XBox? And am I the only one who is completely underwhelmed over this revelation?

No, you aren't

  Reply With Quote
Old 06-04-02, 04:13 PM   #19
duy37
Senior Member
 
Join Date: Jun 2001
Location: San Diego to Los Angeles
Posts: 996
Won't you need a monitor cable adapter unless you have a HDTV the resolution will be too crappy for analog.

I'm not suprised, i knew Xbox would be hacked one day, in fact i read that there's already modchips available for it that lets you play DVD-RW backups.

reading the article fully, it said he built a 50 dollar add-on board that allows playing unauthorized games. basically, a modchip.
__________________
This is duy37 and I approve this signature.

Last edited by duy37; 06-04-02 at 04:19 PM.
  Reply With Quote
Old 06-04-02, 06:03 PM   #20
Aghama
DVD Talk Limited Edition
 
Join Date: Oct 1999
Location: A suburb˛ of Miami
Posts: 5,944
Will this get me my Xbox streaming mp3 receiver sooner?
  Reply With Quote
Old 06-04-02, 11:18 PM   #21
belboz
DVD Talk Gold Edition
 
Join Date: Feb 1999
Location: HB, CA
Posts: 2,600
This got /.'ed yesterday and then Reuters picked it up. I haven't been actively following "bunnie's" efforts, but I recall looking at his page fairly early on back around December. Here's his website for those who are looking for more info:

http://web.mit.edu/bunnie/www/proj/a...oxmod.html#rom

That page chronicles his efforts and is a really interesting read (funny too, if you follow his XBox cartoons links).

Here's a PDF for the paper he actually published:

http://web.mit.edu/bunnie/www/proj/a...M-2002-008.pdf

I finally got some time to read through the updates to his page and through the pape he wrote and I'll sort of summarize it all for those of you who are merely curious.

It turns out that the security measures employed by the XBox, like they are with most consumer devices, are fairly superficial. The whole system is basically locked down by secret code keys and encryption algorithms which are stored in the nVidia MCP chip. That's the one tricky thing MS did. There's a valid boot block in the flash memory (which is the first place any hacker starts), but it's a decoy. When the machine boots, it reads all its code from the flash, but the MCP chip substitutes a secret 512 byte boot block into the code. This is the actual code that's used to boot the machine and load the kernel.

Unfortunately, it was probably too costly/impractical for MS to encrypt the data paths between the chips, so when this guy rigged up a probe (that's the $50 part that he custom built) to sniff the HT bus (he uses LDT which is the old name), he was able to read out the secret boot code in plaintext.

Now, because he has the secret key as well as the encryption algorithm, he's able to decrypt the kernel image that's stored in flash memory. Though, I don't believe he's done so, it would be merely an academic exercise at this point for him to write his own software, encrypt it with the secret key and algorithm, burn it to the flash rom and have the XBox execute it.

So, theoretically, at least, he's cracked the XBox wide open. Practically, however, since there are precious few other people with the skill and equipment to desolder and reprogram surface mounted flash roms, the XBox is fairly safe.

Until- and here we get into a somewhat speculative area -someone reverse engineers the kernel and creates a boot disc. While it's certainly possible that they haven't encountered the last of the security features which may make a boot disc extremely difficult or impossible, I tend to think that won't be the case. And even then, we've still go the mod chips.

BTW, I don't think it's entirely coincidence that this guy publishes his paper and the mod chips debut all within a week or two of one another. Huang has clearly been working with others in the XBox hacking community, some of whom are obviously working on the mod chips. I'm not sure exactly what weakenesses the mod chips exploit, but I'm guessing they all derive from the same research.
  Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


All times are GMT -5. The time now is 10:04 AM.

Rules - DVD Talk - Archive - Privacy Statement - Top

Powered by vBulletin® Version 3.7.2
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.2.0
Copyright 2011 DVDTalk.com All Rights Reserved. Privacy Policy and Terms of Use.