Keeping Secrets in Hardware: Xbox Case Study

BS405397 writes "Here is the just released MIT whitepaper on the security holes in the MS X-Box, and for those who are interested, opens up the X-Box pretty nicely." Update: 06/04 17:13 GMT by M : The server appears to be down at the moment. There is a copy of the paper mirrored here. Reuters and other news outlets have now picked up the story, two days after Slashdot.

DMCA...

Doesn't this violate the DMCA?

Re:DMCA...

Doesn't this violate the DMCA?

Doesn't everything?

No, it's legal

Note that the paper discusses his consultation with the Electronic Frontier Foundation's lawyers.

Reverse engineering is legal under most circumstances. Prohibiting it would create a new form of intellectual property, which, unlike patents, would not have to be disclosed. Trade secrets are limited in scope; trade secret law is mostly about disclosure by people authorized to know the trade secret.

Re:DMCA...

Then why wouldn't DeCSS fall into that category? I'd say that was a pretty good research project.

Updates?

When the xbox first came out I wondered about the security holes it would have once they rolled out the internet service. Does anyone know if it is setup in a way that it can receive software updates?

Slashdotted

OUCH!...looks like the server went kaboom...ok, who's gonna be the first with a mirror?

Mirror and guys website

Here [mit.edu] is the guys website (bunnie), with a ton of other hacking information not in the whitepaper.

He also has an alternative link [mit.edu] to the paper.

Security holes? In a Microsoft product?

Inconceivable!

Re:Security holes? In a Microsoft product?

You keep using that word. I do not think it means what you think it means.

Re:well

"secret" boat loader

This was obviously a typo. I think he meant to say: secret bloat loader.

With Microsoft's permission

I quote from a posting [siliconice.net] to XBOXHACKER [xboxhacker.net] that quotes "I did the work in february, but it took about three months to get it positioned and cleared with both MIT and Microsoft."

I guess that means the DMCA was not violated although the posting mentions that Microsoft intend on addressing these 'holes' in future revisions of XBOX hardware.

More from author on MSFT

He frequents the Xbox hacker msesage boards. [xboxhacker.net] Heres what else he had to say about Microsoft in this post [166.88.8.240]...

"To answer some specific questions:

no, I will not publish the encryption key or the boot block. That's Microsoft copyright material, and I respect their copyright.

Microsoft is not particularly happy about the paper, but they seemed to concede that well, reverse engineering is protected by law, so there's nothing they can do about it. Let's hope they don't change their opinion...they've been known to go back on their word before. "

also, from his website [mit.edu]...

"You are actually allowed by law to reverse engineer copyrighted code so long as it is necessary to discover the ideas or functional elements behind the code (still, I'm not allowed to post copyrighted code for free distribution). Hey, microsoft...what are the ideas and functional elements behind your BIOS ROM? ... hmm...patent search turns up nil on the Xbox...guess we'll just have to reverse engineer it. (FTR, Nintendo has patented what looks to be the entirety of the N64 console, thus perchance making reverse engineering an N64 illegal--not yet court tested.)"

Intermission

While the rest of the world waits for the site to come available...

Let's all go to the lobby,
Let's all got to the lobby,
Let's all go to the lobby...
To get ourselves a drink!

A lesson to be learned

My favorite game protection of all time was quake 2. First Id software makes this incredible game, with 0 protection against copying, and then release quake 3 with online copy protection and online gameplay only. Thus, suckering in a bunch of people into buying the new version. I wonder if the struggle between companies and consumers will ever end, because the companies always lose :P

Better Ways to Hack it?!

Hopefully, this is yet one more step in fully hacking the X-Box (can't tell because the site's been /.ed)

And I don't meant the usual Playstation-like hacking. I couldn't care less about not having to pay for games...

What I can't wait for are things like a DiVX player (DivX movies on TV!), Linux -> and with it all those wonderful applications, DVD Movies without the hardware adapter, etc. and all of this for only 200 bucks!

Many Dreamcasts were sold because of their hacking potential...just imagine what an X-Box is capable of! This, more than any reason, is why I'm hoping the X-Box pulls through and "makes it" among the video game platforms...

Mirror

here is a mirror [bathroomcity.co.uk]

XBOX probing...

For those who where unable to see the .PDF, due to the ./ effect...
It is about searching for magic numbers :) probing the LDT/Hyper Transport Bus via an hardware tap board linked to a FPGA based custom sniffer. It seem a bit like a magic... but the only magical thing is the mind operating those (cheap!) hardware! :)

Very intresting read!

Bye!

Did somebody say "trustworthy computing"?

Should we start taking bets as to when the "xbox update" web site and service packs start coming out?

MIT slashdotted?

That's pretty impressive, guys. How big is that PDF anyway? I timed out with 7 replies showing.

Mirror:

http://saintaardvarkthecarpeted.com/AIM-2002-008.p df [saintaardv...rpeted.com]

Just in case the guy's web server goes down too...

for those that cant read PDF...

here is a link to convert the paper to HTML

http://access.adobe.com/simple_form.html [adobe.com]

Cool

Does this mean I can hack into some little kid's (Insert-Name-Of-Stupid-Video-Game-Char-Here) and upload a patch to display all opposing characters as completely nude, full-figured women?
Or bust my way over to a Middle-East gaming area and put the head of Osama on all the bosses? Wait, do they still have electricity over there?

Re:Cool

I feel like a little reality check is in order:

Does this mean I can hack into .. and upload a patch to display ... characters as completely nude, full-figured women?

No, but it does mean you can fabricate a little circuit board and solder it to tiny wires on the xbox, connect that to a FPGA and custom-program the FPGA to implement data collecting hardware (including a lot of hand-layout effort to make the FPGA able to collect at 200 MHz). It means you can implement a little state machine also in the FPGA to begin collecting at the right time, ignore a false reset pulse, and tag all collected data with sequence numbers of how many clock cycles elapsed between each data transfer and the CPU reset.

It also means you can spend a lot of time to do statistical analysis on the data and compare to patterns from the flash rom (which you presumably already extracted and read with your EPROM programmer). It means that once you've at least figured out which wires were which bits, you can begin wading through millions of data transfers and try to reconstruct an image of the code the CPU executed.

It means you can disassemble that code (remember, found from analyzing millions of bus transfers) and recognize that it implements RC-4 decryption. It means you can write a "brute force" attack to guess all possible 16-byte patters from the image you extracted and see if any of them decrypts the flash rom data to something other than white noise.

It means that, after all that, you have the algorithm and key used to decrypt the bootloader in the flash rom... and then you can write your own bootloader (by extracting the flash rom chip and changing its contents with an EPROM programmer) and make the xbox run your own code.

The author did mention that Microsoft put test points on the board to access the flash rom, so instead of physically removing the flash rom, you could build a "bed-of-nails" test fixture that you'd just place the xbox circuit board into to reprogram the flash rom (don't forget to design your own EPROM programmer in this process).

But as others have pointed out, the author has been in contact with Microsoft and they are aware of the problem, and they intend to fix it in future revisions to the xbox hardware.

So if you wanna pop up nudie pictures in the middle of someone's game, you'd better get started soldering now. Even after you do all this, you'd barely have your foot in the door. You'll need to do a massive reverse engineering job on the bootloader, and then the rest of the flash rom (which is presumably part of the win2k closed-source kernel). Somewhere along the way, you'll learn about the xbox hardware and MAYBE find a game-independent way to overlay some graphics on the screen. Maybe you'll even find some exploits in the kernel itself, maybe?

But to start, you MUST pull the flash rom chip and reprogram it with your own code. Better hurry before Microsoft changes the secret bootloader or even the hardware itself, now that they know of the weakness.

Modularity and excessive code...

I like this part about MS guy:

The speaker at this talk also indicated that the kernel on the Xbox is a much-stripped-down Win2k derivative (from 12 MB to around 23kB).

(from their website [mit.edu])

Re:Modularity and excessive code...

stripped-down Win2k derivative (from 12 MB to around 23kB).

What'd they do, remove IE?

Xbox Case

What is there to study about the Xbox case? Its butt ugly ;)

Don't Blame MS blame NVidia

Microsoft probably has nothing to do with this "hole"(I am hesitent to call it that). NViDIA is almost certainly the one who laid out the spec that used the bus. MS probably just signed off on it.

This means...

...that we will be able to play NetHack on the xbox?

Some XBox Hacking Links

For those of you just getting into XBox hacking, you might want to check out the following:

• Bunnie's XBox Hacking Site [mit.edu] (he's the guy that wrote the paper)
• XBox Linux Project [sourceforge.net]
• XBawx.org [xbawx.org]
• XBox Linux Mailing List [geocrawler.com]
• XBox Hacker Forum [166.88.8.240]
• Xtreme XBox [xtreme-xbox.net]

What on earth

When I first saw this story. I thought this guy has found some way to get to another Xbox over a network.
After reading the paper, I see all he has found was the secret book block and the non-encrpted bus.
He is yet to decrypt the kernel.
So we are a long way from using he XBox as a cheap PC.
I guess it means he didn't find any security holes that would compromise you system over a network; or any holes would require a service pack from Microsoft.

Thumbs up?

I got a grudging thumbs up, so to speak, from Microsoft on my Xbox reverse engineering work

I think I'd much rather he post what must've been a very entertaining conversation with a Microsoft spokesperson than the bios to the XBox.

Re:Thumbs up?

Weird... that guy sounds exactly like the guy I talked to when my copy of XP wouldn't activate.

They're building an army of clones. You hadn't heard?

Abstract

A lot of people seem to belive that it's about network security. It is about hacking the boot procedure for the X-Box. This can be grasped just by reading the abstract to the paper.

Abstract

This paper discusses the hardware foundations of the cryptosystem employed
by the Xbox TM video game console from Microsoft. A secret boot block over-lay
is buried within a system ASIC. This secret boot block decrypts and verifies
portions of an external FLASH-type ROM. The presence of the secret boot block
is camouflaged by a decoy boot block in the external ROM. The code contained
within the secret boot block is transferred to the CPU in the clear over a set of
high-speed busses where it can be extracted using simple custom hardware. The
paper concludes with recommendations for improving the Xbox security system.
One lesson of this study is that the use of a high-performance bus alone is not a
sufficient security measure, given the advent of inexpensive, fast rapid prototyping
services and high-performance FPGAs.

So no need to worry about DDoS or lost savegames. This is about playing unauthorized games, making a DiVX player etc.

very interesting

I read that article and found it very interesting. It seems there's always a weakness in any security system, and a clever person with time on their hands can find it.

But then it hits me: this "security" is to keep THE OWNER, the PAYING CUSTOMER, out of the product he bought. This "security" doesn't protect my family, me, or my possessions from absolutely anything. It serves no purpose except to make work for somebody at Microsoft and then somebody at MIT. If they left it out, they'd save both parties a lot of effort. I'm sure someone will build on this article and figure out how to easily run arbitrary code on the Xbox, and so the security will be a total waste. So why is it there?

not quite

Sure - but one could easily argue that its main purpose is to keep pirates from running unauthorized (copied) programs on it

and to keep developers from building their own executables without real dev kits (and depriving ms of royalties)

and it keeps game hack systems out - like the gameshark and the codebreaker like devices from running.

And before you bitch and moan about MS being a bunch of bastards - almost every game system that ever came along has had some system to keep developers, hackers, and users from explointing the technology inside. Even Atari was that way - mostly through Atari not releasing all the specs for programming it so their games could look better in comparision - and they sued the first company who dared defy them (I think it was sierra).

Site back up

I'm one of the sysadmins at the AI lab - we had a power shutdown in our building last night through much of today, but the site is back up and ready to get slashdotted.

Not there yet

Note that even after all this, the guy isn't even close to being able to make a disk that will boot on an unmodified XBox. Or a mod that doesn't require soldering.

He now understands the boot process, and can mess with it via hardware mods. But he has only the decryption key, which is the public key of the pair. To make a bootable disc, you need the encrypting (private) key, which is nowhere in the XBox. That key probably exists only in a vault in Redmond.

I don't really care all that much about the XBox, but if the RIAA and MPAA have their way, all audio and video equipment will be protected like this.

Why the security on a game console?

I guess I am naive here. What is the point of making the X-box or any other game console hard to hack?

I used to believe the old saw that compared game consoles to razors; lose money on the console, make up for it on the games. But I read something recently which seemed (to me) to prove that everyone except M$ was making money on consoles too. So although it might make sense for M$ to prevent hacking for use as other than a game console, why would others do so?

Is it to prevent people from playing ill-gotten copies of games?

Is it to prevent cheating while playing a game?

Is it to prevent reverse engineering of a game?

I guess I just don't get it!

XBox Linux?

Has anyone, as alluded to in this article [slashdot.org], booted Linux on an XBox? I don't care if it requires a mod chip. The xbox-linux project [xbox-linux.org] seems to be concentrating on a purely software solution, but I want Linux NOW!

He's almost correct...

From the paper:

"...it is an error to assume that a secret, distributed along with the information it guards, is never revealed."

I don't know about that. It seems to have worked for the Word file format.

Oh no!

My XBox web server is vulnerable? I guess I'll just have to download a patch from windows update!

Booting CDR/DVDR

As was mentioned in several posts, this is bad (for MS) because it may allow two things - non-authorized software development and pirated software. (don't mark me as redundant yet, keep reading :)

That's why Nintendo stuck with cartridges and why they now have a non-standard format for Gamecube games. I am really surprised other console developers haven't done this.... the slight increase in costs to slow piracy is a good trade-off.

Anyone know if it would be possible to burn those mini-dvd's that Nintendo uses?

This is great...

So a LinuX-Box is a little closer to reality now, but with even with that possibility, I still won't buy an X-Box. Microsoft doesn't deserver an another cent of my money.

Fluffi Bunni?

Anybody notice the author's name: Andrew "Bunnie" Huang. Wonder if he's the notorious defacer Fluffi Bunni.

Note the appendix...

Because the "jam buffers" are initialized by the flash eprom *in the clear*, it is possible to initialize them to a faulty state, which causes the boot sequence to abort, and you can then run anything you can put into the eprom.

Case Study

Well, it's black, and has a big "X" on it.

Read this guy's project list

He does far more than reverse-engineer the XBox. Read this guy's project list. [mit.edu] He's cranked out an incredible list of hardware projects. His own RISC CPU. A DES cracker. A controller for a midget submarine. An all-new design PBX for his frat house. Keyboard pedals for EMACS. A Linux-based computer that fits in a Star-Tac phone case (in progress.) Plus he's in a fraternity, plays guitar and violin, and has a blonde girlfriend. And all this while doing a thesis at MIT.

Re:Slashdoted already

I don't even get the login prompt on the MIT FTP server.
Really wanted to read this. sigh.

Re:Security holes in a gaming console?

Well since the article is Slashdotted and I haven't read it, I could be horribly mistaken when I say this. However, I know MS wants to network the XBox. As a stand alone, there's not many holes in it worth worrying about. But when its networked, thats an altogether different story. And I'm sure most Slashdotters are aware of MS's track record on security holes....

Re:Security holes in a gaming console?

The funny thing is this [pcworld.com] PCWorld article that touts PS2 security over XBox and GameCube. The ironic part is when Sony announces their "partnership" with companies such as "America Online" and "RealNetworks." RealNetworks... now THAT's a company I trust with my personal information!

Re:it's a console

First of all, do you spumrags even bother trying to read the links or getting some context before you go off half-cocked? Obviously not. Your message would be better informed if it said "Frost Pist Bitches!"

Second, it should be obvious to anyone with 2 working braincells that the security problem facing the XBox is not network security but instead security against the local user. Particularlly, preventing them from booting non-approved software.

Re:Lame and Dumb

Because when Microsoft makes the networking component available, millions (?) of clueless end users will hook it up to their cable modem connection, totally oblivious that there may even be the _slightest_ chance that there is a single open exploit ready to be taken advantage of for DDoS attacks. And what about the possibility of stored credit card information used for MMORPG -type games? Playing habits of owners? What if Microsoft released personal finance software for the Xbox? Are you saying that can't happen?

Did you stop to think and ask yourself those questions before you generalized this "security feature" of the Xbox console? Or are you one of the millions of lusers I just described? I use MY Win2K box for playing games and ONLY playing games. Does that make my PC simply a GAMING platform?

How would you feel if your Xbox was attacked and all you had to do was "reinstall a few games." The worst that can happen is NOT the point. The fact that it COULD POSSIBLY happen IS.

Bonehead.

Re:it's a console

You're missing the point. With security holes that allow custom code to be loaded it will be possible to run new software on the Xbox. For example, the Xbox-linux [sourceforge.net] project will see some benefits from this paper.

Re:Security holes in a gaming console?

The security discussed in the paper isn't intended to protect the user, it's intended to protect Microsoft's control over the platform -- it's the lockout that keeps software that isn't blessed by MS from running on the XBox. If companies can bypass it, they can ship XBox games without paying royalties.

Re:Lame and Dumb

Yeah, who would want a $200 general purpose computer wiuth built in ethernet and DVD capability? I mean, what are you going to do, get a keyboard working and have a $200 Linux machine that's comprable to most $800 boxen? Or get it to run DivX movies? Or network 5 of them into a $1000 Beowulf cluster?

It's not a gaming system. It's a computer that's been artificially limited to gaming. People want to break into it to remove those limitations, so they can have a very cheap, fairly powerful and flexible computer system.

The article -- the whole console hacking phenomenon -- is not about people breaking into your Xbox of ther internet. If you had read the article, you would have seen that it's about hacking the box to be able to boot custom code. There's no question of "reinstalling a few games" unless someone breaks into your house, reprograms the flash ROM in your Xbox, and turns it into a Linux machine.

-b

Be afraid

I didn't get to see the paper, due to /. effect. However, a few ideas how it could be dangerous.

Packet Sniffer
Distributed Denial of Service attacks
Remote hacking

This entire article is a troll! (in a way...)

OK, I've skimmed the PDF, and while the words "security holes in the XBox" in the article may lead you to think about traditional software buffer-overflow-I've-r00ted-your-box types of security holes... this article is about HARDWARE!! The PDF [mit.edu] talks about hacking the hardware and getting around the encryption on the bootloader to be able to load your OS of choice, for example.

Meanwhile I'm reading posts from people who are nearly soiling themselves afraid to plug their XBox into a network for fear of being r00ted. What a joke. I bet when michael saw the words "XBox" and 'security hole' in the same sentence, he became so excited and nervous that he could hardly move his finger to click the button on the mouse. Sheesh.

Re:Security holes in a gaming console?

I wasn't aware security was a big issue in gaming consoles.

It never has been, because:

a) Most systems only kept data related to the game in a very limited space. (On a memory card say or a cartridge its self in the past) - the X-Box is fitted with a hard drive, so there is access to alot of data beyond the scope of individual games since all the data is likely to be in one place.

b) Once you hook something up to the internet, (Which the X-Box plans to do, or at least a network of some kind) then it opens the door to the data stored on your system. This also means that as well as game data, users are likely to at the very least have emails stored on their systems.

Re:Security holes in a gaming console?

In case you didn't know already, MS is selling Xbox's at a huge loss. Much to my suprise, MS did not get to it's current position by losing money like this. They're planning on making up the lost money by having a sucessful console that sells tons of games and makes up the money there (Sega anyone?), so I believe the "security holes" might be referring to little snafu's so you can put a different OS on it. Because we all know different OS won't run the games. Every time someone buys an Xbox hoping to turn it into a hella cheap PC, MS loses their money on that machine for good, because that person won't be buying any games for it.

A lot of the security features talk about rom encryption, flashing it with a new bios, accessing the hard drives, etc. All of these thing make it more difficult to turn it into a cheap PC, and supports my theory as stated above.

Re:Security holes in a gaming console?

Security is a huge issue in gaming consoles, particularly as they become similar in capability and more competitve with each other.

It's widely agreed that the making or breaking point for any console is the software library available for it. Console makers therefore spend a lot of time, money and effort attempting to win over software developers to their platform.

And regardless of how enticing an offer the developer receives, developers need to sell software to stay in business. The main advantage of the console market (as opposed to the PC gaming market) is that the platforms are closed and proprietary, and (ideally) make piracy virtually impossible without modifying the hardware. The main problem with the security holes isn't that malicious users can compromise a user's data; the problem is that even casual users will be able to pirate games.

This prospect scares the living hell out of developers, and rightfully so. Witness the demise of the Sega Dreamcast, which occurred a surprisingly short time after someone figured out how to boot CD-R's on the console.

The bottom line is that developers won't produce for a platform that facilitates piracy. That is very bad news for Microsoft, particularly in light of their bleeding money out of each console they sell.

Re:it's a console

I would think that they'd want security in there to protect their trade secrets. If information like this gets out (oops) then people will be able to make unlicenced games, and that would trash Microsoft's console business model.

Re:Slashdoted already

I really wish they'd steal a more up to date version from FreeBSD, instead of using one from before 2.2..

it's to play games... GNOME games.

it's to play games

This opening of the Xbox may eventually a fellow run independently developed game software on the Xbox hardware. ("Independently developed" means that Microsoft doesn't get a cut of the revenue. So much for razors and blades business model.) With a port of the GNU/Linux system to Xbox hardware [xbox-linux.org], such games would potentially include the whole gnome-games suite, the freepuzzlearena suite, Tetanus On Drugs, Tux Racer, Quake III Arena, and every NES [zophar.net] and Game Boy Advance game in existence [emuhq.com].

Re:Security holes in a gaming console?

Security in the Xbox case has nothing to do with protecting the consumer's personal property and information from the bad guys.

It uses the new meaning of the word secure. The meaning championed by IP Cartels like the MPAA and RIAA, by initiatives like SDMI and by products like the Secure Digital Memory Card. Jane Consumer buys secure products because she thinks they will prevent access by people she considers thieves. But if her product uses the new meaning of secure then it was designed to prevent access by people the IP Cartels consider thieves... and Jane soon realizes there is really only one person considered a thief -- herself, the Consumer.

The new-meaning-of-secure products are secured against the Consumer -- the buyer and owner of the product.

In the Xbox case, the new Security works like this :
Jane Consumer has just purchased her new secure Xbox and can theoretically play any game that is compatible with her Xbox hardware and OS. Fortunately, any Company that designs games for MS Windows can, with a little effort, figure out how to design Xbox compatible games.

Unfortunately, Jane can't play Xbox hardware+OS compatible games because Xbox security locks her out -- and Microsoft won't sell her a key to open it. MS instead sells the keys to Game Companies through License fees that are passed on to the Consumer. So Jane ends up buying an Xbox, a game and a key to let the game in.

The beauty of this scheme is that Jane can't just buy the key once, open her Xbox, and be done with her new-found security forever. She has to buy the key with every copy of every game that she will ever buy for her Xbox.

The new-meaning-of-secure products are not designed to protect Consumers' property and information. Nor are they designed to harrass and annoy Consumers. They are designed to extract more money from Consumers.

Fortunately for Consumers, unlocking these new secure products, through the modern magic of digital wizardry, requires no additional knowledge or effort. All it takes is a little more money -- Jane & Joe Consumers' money of course...

Face it Folks... if you design unsecured products with lifetime warranties, you are in the wrong business. A Consumer will buy your product about once. But that same Consumer will soon pay an IP fee every time she uses her new IP-Utilizing product. I.E. her new music player, video player, book reader, game console (insert future IP-Utilizing product here).

Jono

Re:Security holes in a gaming console?

> I wasn't aware security was a big
> issue in gaming consoles.

Security has it's place in THIS gaming console

a) it's intended to be connected to the internet
b) it has a HDD

imagine someone writes a nice virus/worm with evil intentions (e.g. download a tiny linux distro, and then take over your XBox , store child pronography on you HDD or start a DOS on www.microsoft.com :-)

XBox != console. XBox == hobbled PC

No. The XBox is a PC designed to work like a console.

Basically it's a PC with these specs:
733MHz Celeron
64MB PC100 RAM
GeForce 2.5...halfway between GeForce 2MX and 3.
8GB HD.
cheap 10/100 base T NIC
non-standard USB (based on 1.1 spec) connections for controllers.

However, for all the efforts to try to hax0r the XBox...and I wish them all well...they are going to have to find a way to make a keyboard work with it. With the tweaked non-standard USB it's not gonna be easy.