Xbox Security Keys Changed

anth writes: "A couple a months ago we discussed some reverse engineering of the Xbox which discovered the security code. The last paragraph of this letter from Nvidia says MS changed the code, and that they had to write off chips with old code as a result."

Guess Nvidia didn't read the EULA

MS has the right to update and fix any software bit automaticcaly. :P

Cat and mouse

At some point the technology is just going to progress to the point that these silly hacks are not worth the time nor the money.

blamed

We never blamed Xbox.

Yes, Microsoft is the one. I never blame Windows or Visual Studio.

Hrmmm...

Surely the nVidia Lawyer types should have seen this kind of thing coming, and keeping that in mind, should have built a clause into their contract with Micro$haft stating that they would receive a certain acceptable minimum notice of a Code-Change, so that the manufacturing losses (and hence financial losses) were minimised?

Hindsight, it seems, once again has 20-20 vision!

I doubt the key has changed

I doubt they changed the key as it would be hacked just as easily as the last one. What they've probably done is changed the encryption method to make it harder to do so.. I mean if you're going to scrap a whole lot of chips, you better do it right.

Re:I doubt the key has changed

that would be pointless, the MIT guy didn't even attempt to break MS's 128 bit RC4 encryption in the first place.

their weakness was that the data actually travels un-encrypted along a high speed bus on the mainboard for a very short run, and is checked after that run for a 32 bit "magic number" at the end of their plaintext stream... that is the spot he watched, he made a lil device that plugged into that bus and read the data as it streamed unencrypted.

unless they encrypted traffic on that bus it would be totally pointless, and the MIT guy who did the research also points out all the complications that doing so would cause (latency, power consumption, reliability)

his research [mit.edu] (pdf warning) really is a good read if you havent gone through it yet.

My heart weeps

And that we will be taking an inventory write off in Q2 related to the amount of Xbox MCPs that were made obsolete when MSFT transitioned to a new security code (by way of the MIT hacker) and excess in nForce chipsets that we built in anticipation of higher demand of Athlon-based PCs.

O poor monopoly powers. Entire chip lines and console plans changed by a lone MIT student.

I love it.

This is a nice move from Microsoft

If for the software this changes nothing (and probably does, after all, the games must still play on the console), it probably changes something in the MOD chip. So that means that the new XBOX that is shipped will not be compatible with the old mocdhips. The result? MOD Chip installers will have to thrown away their old supply of mod chips to make new ones, unless there's a simple way to change the keys in the MOD chip. This is surely going to hurt the mod chip companies who will have to throw away their old mod chips and buy new ones. If Microsoft keeps changing the keys in the hardware often enough, the mod chippers are going to run in a lot of troubles determining which mod chip is needed for which XBOX. This is a brilliant move.

Re:This is a nice move from Microsoft

Does anybody have the code from the MOD chips in downloadable form, so we can evaluate it for ourselves? Usually it's just some PIC embedded controller or an FPGA. There should be a site where the code can be downloaded for free and people with the tools can make their own Mod chips.

Or are the Mod chips protected by 'security through obscurity' and hardware locks? If so, isn't that kind of ironic?

Do they learn their lesson

Even a close partner such as Nvidia could be fscked up hard this way, I wonder people would still trust other proprietary security control [slashdot.org] by MS.

A slight changes in code could do such a damage, no wonder why MS want to push DRM and Palladium. :)

geek girl

"My girlfriend and I spent friday night in the lab together"

Oh man :( i wish i had a girlfriend like that. actually... i wish i had a girlfriend lol.

Re:geek girl

It's time like these there should be a "+1, Pitiful" as a moderator option. Or, -1 maybe?

Re:X-Box vs. geek girl

You guys really don't have grilfriends do you?

Compared to the EULA which comes with most females, M$'s EULA might as well read "do anything you want, anytime you want, any way you want".

Let's start with the basic rundown. The standard-issue female comes with a EULA which you "sign" without ever getting to read it. Any use whatsoever (even just looking at said female for very long) is considered signing. You are never allowed to read the EULA, but it will be referred to many times. Even should you abandon, leave or loose your female much of the EULA will remain in effect, and any parts of it can be re-enacted at her choosing at any future date. Even when you are given small glimpses into what this EULA might contain, it is usually encrypted and encoded in a format most males find completely confusing.

I would quote some of the more haneous parts of the female EULA, but my female's EULA promises dire concequences should I do so.

Just goes to show

Doesn't this just prove that anyone who banks millions or billions on having encryption that won't be hacked is a fool? And that's not even to speak of one who believes that their product cannot be reverse-engineered. I swear, the DMCA is setting up an unreasonable belief in companies that their products will never, ever be hacked. Regardless of the morality of the situation, anything more technologically complex than an abacus WILL be hacked by someone, and I have no sympathy at all for people who proceed believing that's not the case.

Re:Just goes to show

Maybe it's also a marketing move. The can claim all the extra stock was not sold due to the need to replace the hardware.

Ie: "it's not we couldn't sell it. We have to ditch the hardware because of piracy. All money lost due to piracy, DoD please help is, they are destroying the industry!"

So they turn an error in they part into something that can help them strategically. This is just a posibility, but with MS you never know (with Windows, they never did a reversion like this. Remember the bug in XP cds, they just release it on schedule even though the shipped version already had security bugs. They just solved them after release)

OpenXbox - PC - Bioxx

I wonder if this will have any affect on this soon to be realeased product. It's supposed to be bios upgradable.

Have a look here: Open Xbox - PC - Bioxx [lik-sang.com]

Odd that it's just now coming out, eh? ;-)

Next

When will they start blaming Microsoft?

The next time they have to write off inventory because of a needed security change. Sure, hackers might not be the best friends to that contractual agreemnt NVidia has going, but at some point, they're going to get tired of writing off inventory and flushing money down the toilet just because Microsoft doesn't want people using the Xbox for ANYTHING but an XBox.

-Restil

Random observations.

This really sucks for Nvidia. They had the Xbox chips ready to go and MS, instead of using up the current supply and then transitioning, forces Nvidia to scrap the line and go with their newly resecured chips.

An analagy to this would be if MS upgraded our operating system in the run of the night and billed us for it; even though we did not consent for them to do this.

What is really funny is that modding consoles does no damage to the companies bottom line. MS makes money from developer fees, developers make money from the games they sell, and hackers get to have fun and maybe download a hacked game. (this assumes they have a dvd burner, which many don't). By doing this MS has made the XBOX look bad to hardware devlopers [who loose when they have to scrap technology], software developers [wouldn't want MS to change something games rely on], and the tech elite[who don't like MS anyway].

Of course this really doesn't matter much when it comes to Xbox sales and games. As the old sayings go, the games speak for themselves. Too bad the Xbox family lacks vocal cords.

Secondsun

Actually, they blame AMD.

excess in nForce chipsets that we built in anticipation of higher demand of Athlon-based PCs..

Never mind that the nForce was hype that never really beat out older motherboards.

It works for them.

This is a great tax write off for them, just think of what they can claim per chip, and the R&D cost.

Labeling circuits

One thing I never understood is why do companies label all the circuits and chips that they put out for productions. I can't think of any reason that a consumer would want the model/serial number of the chips on the printed board, or information about which control lines do what. This only helps in reverse engineering, which most companies do not want. Wouldn't it make more sense to paint with an opaque nonconductive layer and remove the model numbers from any chips that are there?

What the heck did they sign?

I am curious why Nvidia didn't just tell M$ to stick it. Microsoft can't very well switch GPU providers at this point. AFAIK, Nvidia also only gets a kickback on the consoles sold (nothing from licensing fees), so they couldn't care less if the boxes get modded or not. An army of Linux Xbox servers would be great for them.

This came out last week

It has already been discussed by people active in looking at the X-Box here [xboxhacker.net], including a comment by bunnie, the original Hacking God. The current feeling is that until they stop using a commodity CPU, whatever they do can be worked around in greater or lesser time.

does not make sense...?

I'm curious how they could have done this for the Xbox. They can't change the security keys as they already have a widely established installed base that uses the old hardware and keys.

AFAIK, the security codes were a mechanism of authenticating the Xbox software to be genuine - to stop pirate / unauthorised games from being played on the Xbox. There are already a significant number of titles (and machines) out that will use the "old" security codes, presumably the ones that have been cracked.

If they change the codes - suddenly they're going to have new machines out that won't play the old games. Likewise, if they bring out new games - they must be capable of running on the old machines.

Like I said - it doesn't make 100% sense.

Thats great [2 points to make...]

point 1

Not only does MS screw its competitors, MS is causing a ruckus with its *partners*.

Kind of like killing the hen that lays golden eggs....

They have the muscle to be able to do this, but its baad bad business.

=====

point 2

Why wasn't Nvidia thinking ahead on this issue either?
They could use a CMOS-like chip containing the security key/algorhythm, that would be far less costly to produce, especially if its likely it will need to be changed in the future.

Maybe use a Complex Programmable Logic Device [xilinx.com]?

Yes MS kind of screwed Nvidia, but Nvidia appearing to be a "forward thinking" company... why did they get themselves in this position to begin with.

Isn't it obvious?

Everybody's commenting about how all the parts of this story don't add up, that these megacorps wouldn't make such obvious blunders, or handle them so crudely. Hmm. While the old "follow the money" trick may not directly apply in this case, it's close enough.

What is the upshot of this incident, once you filter out all the distractions?

1) Hacker bypasses DRM-type security
2) Company "forced" to retool/change security
3) Direct, demonstrable monetary losses

They need to set precedents that exposing obvious security gaffes (unencrypted signal on the bus in this case) leads directly to major financial losses. Makes future prosecutions much easier.

Buy More XBoxes!

...If you don't like Microsoft.

Remember, it costs Microsoft $300 to make an XBox, but they sell it for $200. That's why:

1. The hardware is so good considering the price
2. They're losing so much money on it
3. They don't like the idea of people hacking the OS in any way
4. Keeping the system totally proprietary is more important to them than even the survival of project

They intend to make money on the games, not on the box itself. They're paying for 1/3 of the box, so they want to keep tight control over what you can do with it.

For reference for those who question the numbers, I got them from a MS programmer: Their employee purchase plan allows them to buy software at a Huge Discount. Their is no discount on the XBox; though they jokingly say you can buy it at cost if you really want to.

Why change the keys?

I somehow don't understand why microsoft needed to do this. First of all, can't the keys be regained using the same technique the MIT student used the first time? If I remember correctly, he used an unencrypted part of the bus to watch as data flew by. Quite stupid on microsoft's part, but brilliant on the student behalf. As for nVidia, I don't think they had anything to worry about when it came to microsoft. I would have told microsft to deal with its problems until the manufactured chips ran out. oh, and one more thing, the student never gave out the codes, so why does microsoft need to change the keys?

Ban logic probes!

It's the only way to stop these hacker-terrorists.
Of course, banning this one malicious tool is not enough,
we also need to ban oscilloscopes, multimeters and everything capable of measuring an electrical current.

For ordinary computer users, this means:
Under linux, run "shutdown now"
Windows users are asked to run a program.

What happen

to those 200,000 unsold XBox stocked in Japan? Landfill? ;)

There must have been another reason

I can't believe they would scrap that many chips over something so stupid. There must have been some bug in the chips that they needed fix and this saves face...

Re:News for Felons. Stuff that's illegal.

There is a huge threat of terrorism in America, the land of the free, right now and you folks are not helping by spreading this illegal material around.

First off, Lets get a "few" things straight.

1. I go out and work my ass off everyday to get money to buy things like CDs, Video Game Consoles, DVDs, DVD Players, etc....

2. I now OWN these items that I have purchased. I am told I can't copy my CDs, rip my DVD's to make a "backup" copy and burn it to a CDR media. Also, I am not allowed to modify any hardware that I own.. (Which by the way it sounds like to me.. That since I bought a computer that runs at a clock speed of 1.4GHz I am not able to overclock it to 1.6Ghz if I want to because it was sold to me as running at 1.4GHz, I dont like that.)

3. Soon if all of this DRM crap goes through I will not beable to install anything that is not approved by certain companies (i.e. Microsoft). Meaning I can't install Linux on a computer that I purchased with Microsoft Windows on it. Even though I OWN the damn thing. I won't beable to add new hardware as I want to, I will have to call Microsoft to let them know I changed my hardware configuration (Windows XP does this now).

When I BUY something, I like to know that I own it and can do anything to it I want. If I want to take it out back and beat it to a pile of junk (Office space senario with copy machine). I should be able to, If I want to change a few settings in the hardware, I should be able to. It is MINE. I PAID for it. I am NOT renting it. If I want to rent something I will go to Blockbuster, or go look for an apartment.

You dont rent your car do you? Atleast with a lease you have an option to BUY it after the lease is up. This is like "insert favorate car manufacturer here" saying you CAN'T change your exhaust on your car that you bought from us, even though you own it now, Oh yea BTW that factory radio you have, you are NOT allowed to put that in either. When you get a flat tire, YOU will put on said brand of tires or we will sue the crap out of you. Do you like being told that crap? I know I do not like it.

So please explain to me how this is "illegal", or any part of "terrorism"? Please also feel free to explain how this is "the land of the free", if I am not able to do any of the above.

- br0ken

Re:News for Felons. Stuff that's illegal.

What is with this site anyways? Everytime I load it up there is a few articles on the main page talking about some criminal or illegal hacking tool.

Maybe you should stop coming here???

Re:News for Felons. Stuff that's illegal.

its not the terrorists that take our freedoms
its us
we let the government have them during wartime, and then when war is over, we just forget that we ever had them and so the government takes more and more freedoms anytime there is a crisis

Re:News for Felons. Stuff that's illegal.

"There is a huge amount of terrorism going on in America"

More like America "Bush @ Co." are terrorising the rest of the world with this new found "Agenda"...

You poor troubled American..

Regards

More and more concerned world citizen (Sydney, Australia)