Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Microsoft

X-Box Private Key Challenge Ended 322

powerlord writes "The Neo Project (mentioned in a recent slashdot article) recently stopped its bid to recover the X-Box private key citing legal reasons: "Due to legal reasons, we will no longer be hosting or participating in the xbox challenge." DCers.com, a site devoted to distributed computing sheds some light on Neo's sudden flip-flop with a blurb claiming that: "... many legitiment DC'ers that have been working this project since it started that have decided to quit because of the new Neo client that also tries to crack the X-Box encryption." and that they believed this might ultimately kill The Neo Project."
This discussion has been archived. No new comments can be posted.

X-Box Private Key Challenge Ended

Comments Filter:
  • by CaseyB ( 1105 ) on Tuesday January 07, 2003 @10:30AM (#5032220)
    It's sad that the reason it shut down is for "legal reasons" instead of "the realization that it was utterly futile".
    • Re:Legal reasons (Score:4, Informative)

      by warmcat ( 3545 ) on Tuesday January 07, 2003 @11:27AM (#5032608)
      Xboxhacker.net [xboxhacker.net] quotes the following 'unofficial response':

      Due to a few..."parties" pressuring us if you will, we decided to halt the project to stop any legal troubles. We have said from the beginning that if any pressure was put upon us, the project wouldn't go any further. Well, too bad. we managed to check nearly a billion key, and ranked a good 1.5 years of CPU time in only a few days. thanks to all who participated - and a special thanks to those special people who pumped out amazing packet rates for XboxHacker.net

      A billion! So they only had a bazillion gajillion to go.

      • So, translated, their philosophy was: "Hey you nasty people out there, don't challenge us in any way on this, or we'll just back down! So there!"

        Ummm... Something's wrong with their approach. Advertising the fact that you'll fold under the slightest pressure isn't the way to keep an effort going.

        Can't say as I blame them though.
      • A billion! So they only had a bazillion gajillion to go.

        Which, of course, is a hojillion.
      • A billion! So they only had a bazillion gajillion to go.

        What if the encryption was broken anonymously? A group could form and distribute software using a Freenet [freenetproject.org]-style network and the page providing the files and info for the project could also be hosted on Freenet.
  • by HaloZero ( 610207 ) <protodeka@gma i l .com> on Tuesday January 07, 2003 @10:30AM (#5032222) Homepage
    I mean, they HAD been working for a few days. Perhaps they got the key! :-P

    "Yeah. We, um. Well. We're going to stop now. And cite an obvious legal reason, though we ignored that same reason when we first started. Because we wanted the key. But... now we don't. Or something. Look, I don't care, explain it to yourself. Just know that we've stopped, and are happy. Ok? Ok. Good. Now, onto other news..."
  • Anyways.... (Score:4, Funny)

    by Veovis ( 612685 ) on Tuesday January 07, 2003 @10:31AM (#5032228)
    I guess the XBox commercial slogan "Life is short" applies to everything xbox related, and not just the console itself
    • Life is Short (Score:2, Flamebait)

      by muyuubyou ( 621373 )
      I guess the XBox commercial slogan "Life is short" applies to everything xbox related, and not just the console itself

      "Life is Short" applies to anything Micro$haft dislike in the slightest. With the backing of the lobbyism and a rightist government, life is easy.

      Netscape, Java, freedom anyone?
  • by JimDabell ( 42870 ) on Tuesday January 07, 2003 @10:31AM (#5032231) Homepage
    Anybody else automatically assume that it had ended because they found the key?
    • Re:Legal reasons? (Score:5, Interesting)

      by AyeRoxor! ( 471669 ) on Tuesday January 07, 2003 @10:40AM (#5032302) Journal
      "Anybody else automatically assume that it had ended because they found the key?"

      While I'm not sure this is probable, I will agree that not posting the legal threat is highly unusual. They need to distribute a copy if only for posting on ChillingEffects.org [chillingeffects.org]. Also, my first call would be to the EFF. But I guess some people stick more firmly to their principles than others...
    • by saider ( 177166 ) on Tuesday January 07, 2003 @10:57AM (#5032407)
      Code monkey 1: I found the combination!

      Code monkey 2 : What's the combination?

      Code monkey 1: One, two, three, four, five.

      Code monkey 2 : One, two, three, four, five? That's the combination that an idiot has on his luggage.

      <later>

      Neo Lead Developer : Have you got the combination?

      Code monkey 1 : Yes, sir. It's 'one, two, three, four, five'.

      Lead : One, two, three, four, five? My god! That's the same combination I have on my luggage! Retract our challenge and change the combination on my luggage!
  • by Znonymous Coward ( 615009 ) on Tuesday January 07, 2003 @10:32AM (#5032239) Journal
    I wish I could read slashdot.org's Apache access_log to see how many times a day Microsoft visits

  • by sutch ( 63437 ) on Tuesday January 07, 2003 @10:34AM (#5032256) Homepage
    A posting by Mike Curry (who's on The NEO Development Team) states: "We will not be answering questions or commenting anymore on this subject." See XBOX Challenge - Back to 576! [theneoproject.com]
  • Neo Project (Score:5, Funny)

    by screenbert ( 253482 ) <screenbert@hotmaBOYSENil.com minus berry> on Tuesday January 07, 2003 @10:35AM (#5032262) Homepage Journal
    hmmm see if anyone else can connect the dots:
    Neo Project
    Futuristic technology
    Hacking
    Crack the X-box encryption(i.e. the matrix)

    Microsoft IS the matrix....

    I'm going to hang up my controllers now.... be afraid, be very afraid.... (Cool Music here)
  • Does anyone, perhaps close to the Neo Project, have any idea why the stopped trying to crack the XBox key? They state legal reasons, but I don't see any specifics. As far as I knew, this was legal. After all, isn't this what The Neo Project does all the time? Why is the key being on the XBox any different?
  • yea... (Score:3, Insightful)

    by mschoolbus ( 627182 ) <travisriley@@@gmail...com> on Tuesday January 07, 2003 @10:47AM (#5032342)
    and that they believed this might ultimately kill The Neo Project.

    So, if you remove the main purpose of the Neo Project, it may kill the project? Obviously.

    Well it was a good idea guys, time to shutdown...
  • by Chester K ( 145560 ) on Tuesday January 07, 2003 @10:49AM (#5032348) Homepage
    recently stopped its bid to recover the X-Box private key citing legal reasons

    Well duh . You don't think Microsoft (or any company, for that matter) would just sit back and let you crack a private key they use for actual business? It's one thing to crack a key in a challenge specifically presented for that purpose, but it's another thing to try to, in effect, come up with a way of forging Bill Gates' signature.
    • Well, you may be a yungin', but I rememeber a day not too long ago where copyright protection only stood on technical merit, eg. the bad guys didn't have an advantage over the good guys. A couple years ago, this definitely was not a "well duh".
      • I rememeber a day not too long ago where copyright protection only stood on technical merit,

        When it comes to signatures, forgery has always been illegal, despite the fact that writing your name on a piece of paper has no technical merit when it comes to difficulty in duplicating. The fact that they're trying to come up with the tool to forge a digital signature (and with the stated intent to use it that way) should make no difference in the eyes of the law.
        • When it comes to signatures, forgery has always been illegal

          From wordnet:
          forgery n 1: a copy that is presented as the original [syn: imitation, counterfeit]

          2: criminal falsification by making or altering an instrument with intent to defraud

          Forgery is illegal, but this isn't forgery. There's no fraud; we just want the right to use our hardware as we will.
    • Not so fast. What law do you imagine these guys are actually transgressing?
  • by c0nman ( 573940 ) on Tuesday January 07, 2003 @10:50AM (#5032360)
    more info [wickedsecurity.net]
  • I'm sure plenty of people would still like to crack this key. I propose modifying the Neo Client into a decentralized system so anyone still interested can still donate those CPU cycles.

    • The NEO client is a piece of garbage.

      One PC using the Quadratic Sieve can out-factor all the computer
      power in the world using the NEO trial-divide method. (The
      current best factoring algorithm for large composites is the
      General Number Field Sieve.)

  • Umm... (Score:4, Insightful)

    by ThrasherTT ( 87841 ) <thrasher@deathmatc h . net> on Tuesday January 07, 2003 @10:54AM (#5032385) Homepage Journal
    If you didn't see this coming, you have some serious reality issues. This is the first thing that popped into my head when I saw the initial annoucement of the cracking attempt.
  • by Anand_S ( 638598 ) on Tuesday January 07, 2003 @11:06AM (#5032459)
    Oh, man. Does this mean no more Linux on the X-Box? This news wouldn't be so devastating if there were perhaps some other device capable of running Linux.
    *cough*
  • The client (Score:5, Interesting)

    by Turmio ( 29215 ) on Tuesday January 07, 2003 @11:23AM (#5032583) Homepage
    One thing that indicate the level of professionalism of these people is that the Neo client is written in VisualBasic (check their forums for reference, last night it was _so slow_ that I don't bother linking the thread here). VisualBasic has uses but not here I'm afraid. Yeah, why not lock out all the *nix clusters with cool admins that are the biggest contributors to distributed cracking projects by letting their clusters crack stuff when they otherwise would be idle. I guess they were developing a new portable client from the scratch with C... But still, no sympathy from me.
  • by stratjakt ( 596332 ) on Tuesday January 07, 2003 @11:26AM (#5032603) Journal
    It doesn't seem to me just as simple as 'signing' some code and burning it to a disc. I don't have the full info with me, but I've seen the dev kit and there is a completely custom layout to an xDVD, with big blocks of sectors reserved for security features. It's reminiscent of the PSX's scheme - 'bad' sectors on the disc that cant be replicated with a burner (they all automatically recalculate ECC info).

    Short of having your own pressing facility, the key would do virtually no good. So who would benefit? Asian pirates on a commercial level - they could start pressing counterfeit XBOX titles en masse, just like they did with Dreamcast. They arent going to be selling silvers of debian linux for 5$ a pop on the streets of hong kong, believe me.

    Modchips enable those who want the ability to backup their software and run homebrew applications, and I'm wholly in favor of that. If this project succeded, it'd just put mass commercial counterfeiting in the hands of bad guys, which I'm absolutely not in favor of.

    (Now, in theory, one could use a no-solder type mod (pogo pins on the lPC header), install some sort of dashboard replacement to install the new linux BIOS and run it. That'd be about it, since you cant modify the original xbox' bios in RAM, you'd never be able to run unsigned native code from a CD/DVD-R. Since you'd have to temporarily mod the console to get linux on there anyways, you might as well flash the TSOP while yer at it)
    • Modchips enable those who want the ability to backup their software and run homebrew applications, and I'm wholly in favor of that. If this project succeded, it'd just put mass commercial counterfeiting in the hands of bad guys
      You're just thinking of hackers and pirates, it seems. What about commercial developers?

      Maybe someone wants to develop XBox games (or any other sort of software, I guess) and not pay for Microsoft's expensive "services." If you can boot Linux on an xBox w/out any hardware mods, you can boot anything (or just use Linux as a loader or whatever) and don't have to worry about code signing anymore. So the only expenses you have are the "usual" ones: developing the software, somehow pressing the DVDs, etc. No payment to MS, no weird agreements with MS, etc. Just freedom.

      As long as hardware mods are the only way to do this, such projects can't be commercially feasible. You can't easily sell a game at S-Mart to the masses, that only runs on hardware-modified XBoxes. Most of the type of people who buy XBoxes aren't going to be willing to mess with their hardware.

      Although if this project had succeeded, neither non-Microsoft-licensed developers nor piracy would have been the big stories of the day. The big story of the day would be the earthshattering sound of thousands of other projects that depend on RSA, scrambling to replace it with something else. The XBox would just be a relatively minor and obscure mote within all the global chaos and confusion. ;-)

      • Maybe someone wants to develop XBox games (or any other sort of software, I guess) and not pay for Microsoft's expensive "services."

        The point is if you want to develop on a [insert proprietary console here], you have to pay your dues. It's illegal not to. Even if you could break the commercial countermeasures, you'd still get a [legitimate] lawsuit from MS>
        • The point is if you want to develop on a [insert proprietary console here], you have to pay your dues. It's illegal not to.
          Illegal, except for one little loophole: that there's no law against it.
          • Sure there is, it's called copyright law. In order to make an XBox game you need to have the license to use certain copyrighted code in order to work with the system. So, unless you have a hardware modification that turns the XBox into something else (like a pseudo PC), than it is illegal. It's also illegal to sell a game which claims to A) be XBox compatible and B) have the XBox logo or any other XBox related designation without licensing them from Microsoft. The same, trivial, rules apply to Nintendo and Sony systems as well.
    • You don't get it - do you ?

      We do not want to crack it to make pirate copies. And the asians can probably make them already if they want.

      We want it cracked so that the people who bought the hardware can run 3rd party hardware of their own choice on their own hardware.

      Would you be happy if MS said that you are not allowed to use any non-MS software on your Windows PC ? And started shipping only Windows to run on hardware protected PCs ?
      • You want to run third party applications on your XBox? Too damned bad. You shouldn't have bought one. You knew going in (or you should have) that the XBox was designed and built to do the following:
        • Play Microsoft licensed XBox game titles.
        • Play DVDs (with the DVD remote)
        • Play audio CDs.
        That's it. That's all it does (without hacking it). You want to run Linux ion it? You really should have bought a PC and saved the money you just wasted.

        XBoxes are NOT PCs (and I know it uses an Intel CPU, a nVidia GPU, an IDE HDD and DVD, that doesn't make it a PC, get over it). They come with very limited licesnses. You don't like the license, don't but the damned thing! Jebus!

        • They come with very limited licesnses. You don't like the license, don't but the damned thing!
          Uh, since when does a piece of hardware come with a binding license? I didn't sign anything when I bought it.

          Everyone likes to spout off about how MS has the right to dictate how their hardware is used, because they were so generous in bringing it to us, the consuming hordes; but nobody can show how this is legally the actual case.

      • I'd wager you'd be in the minority.
    • by terrymr ( 316118 ) <terrymr&gmail,com> on Tuesday January 07, 2003 @12:41PM (#5033170)
      If you have the equipment then encryption keys and strange disc formats aren't going to stop you copying discs en masse. The only people it stops are private developers and casual copiers. Any determined pirate with enough time & hardware will find a way to exactly copy those discs. The reasoning behind the encryption & disc protection is not to stop copying but to stop people other than MS producing software for it. This has been the normal behaviour with console manufacturers for years. It has little to do with piracy and everthing to do with controlling the flow of software. The reason for this is that the boxes are sold at a massive loss - maybe $200 or more per unit and the only way to make money is to sell lots of software at inflated prices. Once again this is an example of a corporation expected the law to protect a ludicrous business model i.e. we want to sell these at a whopping great loss but make money off of selling things for it without anybody else being able to sell things for it.
  • by Michalson ( 638911 ) on Tuesday January 07, 2003 @12:03PM (#5032849)
    So they want to crack an encryption key? No harm there, open source, information wants to be free, heros right?

    Replace the words "Microsoft" with "First Bank of America"[/Your Bank], and "XBox" with "ATM". Of course they are doing this because they want to do their banking transactions from Linux, and those evil closed sourced ATMs were preventing it. It's all fair use
  • by usurper_ii ( 306966 ) <eyes0nly&quest4,org> on Tuesday January 07, 2003 @12:14PM (#5032934) Homepage
    Why couldn't you have a bootable version of Linux hidden in an x-box game? After the game gets licensed and on the market, someone posts the cheat code to boot Linux. And it's all legal because it was licensed to run on an x-box!

    It seems to me that if this happened, the person who designed this "game" would get 200,000.00 from Michael Robertson for having Linux running on an unmodded X-box, too.

    It almost seems like Red Hat or someone would throw in some time and money on a project like this. After all, the amount of free press someone would get by putting one over on MS in this fashion would be unbelievable. This would be toward the top of the list for the all time best hack!

    Usurper_ii
    • More legal variation of this, as I already posted.
      Create a game, for which a virtual machine with assembler and virtual hard disk is ESSENTIAL
      (for example, some kind of graphical Core Wars
      or some Robot Programming).
      Then sign the game by Microsoft and publish it.
      Then port Linux to that Virtual Machine.
      Voila!
  • by fredrikj ( 629833 ) on Tuesday January 07, 2003 @12:15PM (#5032936) Homepage
    Late last night, a person was caught attempting to burglarize Microsoft's headquarters in Redmont. When interrogated, he confessed that he was a participant in the X-Box hacking project, and that his mission was to steal a floppy containing the key required to hack the game console. Apparently, the person had realized how long time it would take to brute-force the key. Microsoft set an ultimatum that the X-Box hacking project would have to be shut down, or Microsoft would lock the project's founders in a cellar with nothing but a Pentium-166 computer running Windows 98.
  • What if somehow someone got the key, and Microsoft would claim that this key was theyr intelectual property, and process them under copyright law? Just an hypothesis, could you copyright an encryption key? Do you have to make something public before claiming your copyright over it? Well, you could have copyright over sentences and trade marks, and most of them are shorter then a 2048 bit key.
  • Alternative (Score:3, Interesting)

    by Fembot ( 442827 ) on Tuesday January 07, 2003 @12:35PM (#5033094)
    Does anyone know of any alternative distributed computing projects hoping to crack the key?
  • Atoms in the moon (Score:3, Informative)

    by MrScience ( 126570 ) on Tuesday January 07, 2003 @01:01PM (#5033354) Homepage
    I thought that I would come up with a reference number so that laypeople could see how big the problem space of 10^616 combinations was. I was coming up with some pretty "small" numbers (something like 10^48) of atoms in the moon. I finally came across the number of atoms in the earth (10^50)... and then the observable universe... 10^78.

    I don't think that it's possible to fathom 10^616. Other than, "wow. That's... big"
  • Dammit (Score:4, Informative)

    by pclminion ( 145572 ) on Tuesday January 07, 2003 @01:11PM (#5033495)
    For public-key cryptosystems, a 2048-bit keyspace does not imply 2^2048 possible keys (as it does for most symmetric-key systems). An RSA key is a pair of numbers. One of these numbers must be the product of precisely two primes. Not all numbers can be written as the product of precisely two primes.

    It's still a huge keyspace, but it has nowhere near 2^2048 keys in it.

  • I think that the audience interested in getting cheaper Xbox games, and the audience who dabbles in high strength math and complex technology may have a decidedly lesser coincedent subset than many here assume. An MIT student has already gone to all the trouble of recovering the key and explaining how to use it. He published a REALLY complete document on how he recovered the key and how it could be used and included the fact that if the key is changed, the architecture is such that it could be recovered again. While he doesnt actually give the key (he was discouraged from doing so after discussing his paper with M$), it would seem the measures needed would cost MUCH less than 100K for someone motivated. You can find your holy grail here: http://web.mit.edu/bunnie/www/proj/anatak/AIM-2002 -008.pdf
    • I think you may find he recovered the symetric RC4 key for bootblock signing and not the assymetric private part used for signing applications, which is the one people really want.

      The RC4 key could be used for running new boot ROM's which in turn could run unsigned applications but it requires changes to each xBox to benefit from this.

      Sam
  • ...the key was just something obvious along the lines of "All work and no play makes Bill a dull boy" repeated until the bit count was reached.

    Whatever, is anyone really surprised over the outcome of this? That/B would really surprise me...
  • Saved Face (Score:3, Insightful)

    by Euphonious Coward ( 189818 ) on Tuesday January 07, 2003 @03:40PM (#5034743)
    That was a good face-saving move.

    Now, they can say they would have broken it if if wasn't so scary to try.

    Otherwise, they would have to admit it would have taken them forty-leven trillion centons just to try out the easy combinations like "haxorz begone", before moving on to the non-alphabetic "hard" ones.

  • Or maybe someone with a clue pointed out to them that it would take greater than the lifetime of the Universe and require more disk space than currently exists?
  • I would have thought that they would have been targeted by the lawyers in a matter of minutes after announcing something as blatent as this..

    This is just the beginning people, hold on to your hats.

  • Can't someone just analyze an X-Box disc that already has the code on it? Or copy the first however many bits on the DVD and program new games from there?

"Marriage is like a cage; one sees the birds outside desperate to get in, and those inside desperate to get out." -- Montaigne

Working...