X-Box Private Key Challenge Ended 322
powerlord writes "The Neo Project (mentioned in a recent slashdot article) recently stopped its bid to recover the X-Box private key citing legal reasons: "Due to legal reasons, we will no longer be hosting or participating in the xbox challenge." DCers.com, a site devoted to distributed computing sheds some light on Neo's sudden flip-flop with a blurb claiming that: "... many legitiment DC'ers that have been working this project since it started that have decided to quit because of the new Neo client that also tries to crack the X-Box encryption." and that they believed this might ultimately kill The Neo Project."
Legal reasons (Score:5, Funny)
Re:Legal reasons (Score:4, Informative)
Due to a few..."parties" pressuring us if you will, we decided to halt the project to stop any legal troubles. We have said from the beginning that if any pressure was put upon us, the project wouldn't go any further. Well, too bad. we managed to check nearly a billion key, and ranked a good 1.5 years of CPU time in only a few days. thanks to all who participated - and a special thanks to those special people who pumped out amazing packet rates for XboxHacker.net
A billion! So they only had a bazillion gajillion to go.
Great approach (Score:3)
Ummm... Something's wrong with their approach. Advertising the fact that you'll fold under the slightest pressure isn't the way to keep an effort going.
Can't say as I blame them though.
Re:Legal reasons (Score:2)
Which, of course, is a hojillion.
Re:Legal reasons (Score:2)
What if the encryption was broken anonymously? A group could form and distribute software using a Freenet [freenetproject.org]-style network and the page providing the files and info for the project could also be hosted on Freenet.
Perhaps they already broke it. (Score:5, Interesting)
"Yeah. We, um. Well. We're going to stop now. And cite an obvious legal reason, though we ignored that same reason when we first started. Because we wanted the key. But... now we don't. Or something. Look, I don't care, explain it to yourself. Just know that we've stopped, and are happy. Ok? Ok. Good. Now, onto other news..."
Re:Perhaps they already broke it. (Score:5, Funny)
Re:Perhaps they already broke it. (Score:5, Funny)
Perhaps if you had an infinite improbability drive...
Re:Perhaps they already broke it. (Score:3, Funny)
The odds that every female in the world will beat a path to your door: Highly Improbable.
Their odds of doing so without knowing about your money: Very Highly Improbable.
The odds that you would have enough money if all of the above were true: Impossible.
Re:Perhaps they already broke it. (Score:2)
Re:Perhaps they already broke it. (Score:2, Funny)
Re:Perhaps they already broke it. (Score:3, Funny)
ah, the days of yesteryear 8) (Score:2)
http://www.astaserials.com/?search=xbox%20priva
came up with a keygen !
Short answer to "how long?": (Score:4, Funny)
Re:Perhaps they already broke it. (Score:3, Informative)
Of course, cunning techniques will possibly reduce this number quite considerably, and it's probably really nowhere near that high, but wer're still talking about such a huge amount of time that the age of the universe seems irrelevent.
Anyways.... (Score:4, Funny)
Life is Short (Score:2, Flamebait)
"Life is Short" applies to anything Micro$haft dislike in the slightest. With the backing of the lobbyism and a rightist government, life is easy.
Netscape, Java, freedom anyone?
Legal reasons? (Score:5, Funny)
Re:Legal reasons? (Score:5, Interesting)
While I'm not sure this is probable, I will agree that not posting the legal threat is highly unusual. They need to distribute a copy if only for posting on ChillingEffects.org [chillingeffects.org]. Also, my first call would be to the EFF. But I guess some people stick more firmly to their principles than others...
Re:Legal reasons? (Score:5, Funny)
Code monkey 2 : What's the combination?
Code monkey 1: One, two, three, four, five.
Code monkey 2 : One, two, three, four, five? That's the combination that an idiot has on his luggage.
<later>
Neo Lead Developer : Have you got the combination?
Code monkey 1 : Yes, sir. It's 'one, two, three, four, five'.
Lead : One, two, three, four, five? My god! That's the same combination I have on my luggage! Retract our challenge and change the combination on my luggage!
Re:give credit where credit is due (Score:2)
It's offical, Microsoft reads /. (Score:4, Funny)
Re:Of course they do. (Score:2)
Creating a consistent and unhypocritical outlook on copyright, ownership, property, etc., is going to be important to the success of Linux.
No information at The NEO Project (Score:4, Informative)
Neo Project (Score:5, Funny)
Neo Project
Futuristic technology
Hacking
Crack the X-box encryption(i.e. the matrix)
Microsoft IS the matrix....
I'm going to hang up my controllers now.... be afraid, be very afraid.... (Cool Music here)
Great ! (Score:2, Funny)
what legal reasons? (Score:2, Insightful)
Re:what legal reasons? (Score:3, Funny)
yea... (Score:3, Insightful)
So, if you remove the main purpose of the Neo Project, it may kill the project? Obviously.
Well it was a good idea guys, time to shutdown...
Most Obvious Event of The Year (Score:5, Insightful)
Well duh . You don't think Microsoft (or any company, for that matter) would just sit back and let you crack a private key they use for actual business? It's one thing to crack a key in a challenge specifically presented for that purpose, but it's another thing to try to, in effect, come up with a way of forging Bill Gates' signature.
Re:Most Obvious Event of The Year (Score:2)
Re:Most Obvious Event of The Year (Score:2)
When it comes to signatures, forgery has always been illegal, despite the fact that writing your name on a piece of paper has no technical merit when it comes to difficulty in duplicating. The fact that they're trying to come up with the tool to forge a digital signature (and with the stated intent to use it that way) should make no difference in the eyes of the law.
Re:Most Obvious Event of The Year (Score:2)
From wordnet:
forgery n 1: a copy that is presented as the original [syn: imitation, counterfeit]
2: criminal falsification by making or altering an instrument with intent to defraud
Forgery is illegal, but this isn't forgery. There's no fraud; we just want the right to use our hardware as we will.
Re:Most Obvious Event of The Year (Score:2)
Re:Most Obvious Event of The Year (Score:2)
from the topic in #theneoproject on efnet (Score:3, Informative)
who still wants to crack this key? (Score:5, Insightful)
Re:who still wants to crack this key? (Score:2, Informative)
The NEO client is a piece of garbage.
One PC using the Quadratic Sieve can out-factor all the computer
power in the world using the NEO trial-divide method. (The
current best factoring algorithm for large composites is the
General Number Field Sieve.)
Re:who still wants to crack this key? (Score:2)
we're talking about something that the combined computer power of the world cannot achive in the currently known age of the universe.
Get it kids? We are more likely to suffer human mass-extinction due to an asteroid
hitting the earth in the next few years than seeing this public key brute-forced.. ok?
Re:who still wants to crack this key? (Score:2)
[W]e're talking about something that the combined computer power of the world cannot achive in the currently known age of the universe."
Yeah! And it would take over 640k of ram! Nobody will EVER need over 640k of ram, ever!
Be careful of hyperbole, and that 'never' word, especially when it comes to computing power. Chances are you'll eventually get a laugh-o-gram from Mr. Moore's Law Offices...
Re:who still wants to crack this key? (Score:2)
Ok. Please turn to chapter ten in your high-school
math textbooks: "Exponentials"
Um, we're talking about numbers in the range of 2^50 times the age of the universe here..
Make all the computers in the world a billion times faster..
One billion is slightly less than 2^30, so
that brings us down to 2^20 times the age of the universe, a nice round number,
a number of million times.
Of course, if Moores law holds forever (making it more fundamental than the laws of physics)
we might just make it with this approach just before the human race gets killed off when the sun dies out.
With current methods, you are not going to make it.
Perhaps a quantum computer with Shor's factoring algorithm will be able to do it some day,
but that is a completly different technology.
(to which Moores law cannot be applied either)
Being smart-alecky in the face of common sense is very silly.
Re:who still wants to crack this key? (Score:2)
Well, ya got me there. I like to be a smart-ass, and I like to be silly. But still, I like to counter those aspects of my personality by making valid points.
Statatistics aside, people still win the lottery. Statistics can't say when it will happen; they just say the probability. Combine increasing computer speeds with searching the probability field at random, and there's no way to say if it won't happen tomorrow, next week, or just maybe the end of the known universe. The chances can be 1 in infinity-1, but the chance that it will happen in a small amount of time is still 1, still non-zero, age-of-the-universe irrelevant.
Statistics. (Score:2)
Say we're talking about a state lottery, picking six numbers out of forty-four for the jackpot. That's about seven million possibilities, call that k. Thus, the probability of any one randomly-selected ticket being the winning one is 1/k, which we'll call p.
The probability of at least one ticket hitting the jackpot, with n tickets sold, is 1-(1-p)^n.
One million tickets sold: 13.2% chance of a winner.
Five million: 50.7% chance of a winner.
Ten million: 75.7% chance of a winner.
Twenty million: 94.1% chance of a winner.
These numbers are pretty plausible for a state lottery. To sum up: The chance of you winning the lottery is microscopic. The chance of someone winning the lottery is plausible, and even likely.
(Note that if, for instance, the jackpot is above about seven and a half million dollars, and usually only a million tickets are sold at $1 each, it makes sense to buy all seven million possible combinations. (The expected return value on the investment is greater than zero.) I'm told the Mafia used to do this in New Jersey.)
--grendel drago
Re:who still wants to crack this key? (Score:2)
(I would assume they ran genkey -rsa and asked it for a 2048 bit key.)
Umm... (Score:4, Insightful)
What? It's over? (Score:5, Funny)
*cough*
The client (Score:5, Interesting)
Why I *DONT* want to see the key cracked. (Score:5, Insightful)
Short of having your own pressing facility, the key would do virtually no good. So who would benefit? Asian pirates on a commercial level - they could start pressing counterfeit XBOX titles en masse, just like they did with Dreamcast. They arent going to be selling silvers of debian linux for 5$ a pop on the streets of hong kong, believe me.
Modchips enable those who want the ability to backup their software and run homebrew applications, and I'm wholly in favor of that. If this project succeded, it'd just put mass commercial counterfeiting in the hands of bad guys, which I'm absolutely not in favor of.
(Now, in theory, one could use a no-solder type mod (pogo pins on the lPC header), install some sort of dashboard replacement to install the new linux BIOS and run it. That'd be about it, since you cant modify the original xbox' bios in RAM, you'd never be able to run unsigned native code from a CD/DVD-R. Since you'd have to temporarily mod the console to get linux on there anyways, you might as well flash the TSOP while yer at it)
Re:Why I *DONT* want to see the key cracked. (Score:3, Funny)
Maybe someone wants to develop XBox games (or any other sort of software, I guess) and not pay for Microsoft's expensive "services." If you can boot Linux on an xBox w/out any hardware mods, you can boot anything (or just use Linux as a loader or whatever) and don't have to worry about code signing anymore. So the only expenses you have are the "usual" ones: developing the software, somehow pressing the DVDs, etc. No payment to MS, no weird agreements with MS, etc. Just freedom.
As long as hardware mods are the only way to do this, such projects can't be commercially feasible. You can't easily sell a game at S-Mart to the masses, that only runs on hardware-modified XBoxes. Most of the type of people who buy XBoxes aren't going to be willing to mess with their hardware.
Although if this project had succeeded, neither non-Microsoft-licensed developers nor piracy would have been the big stories of the day. The big story of the day would be the earthshattering sound of thousands of other projects that depend on RSA, scrambling to replace it with something else. The XBox would just be a relatively minor and obscure mote within all the global chaos and confusion. ;-)
Re:Why I *DONT* want to see the key cracked. (Score:2)
The point is if you want to develop on a [insert proprietary console here], you have to pay your dues. It's illegal not to. Even if you could break the commercial countermeasures, you'd still get a [legitimate] lawsuit from MS>
Re:Why I *DONT* want to see the key cracked. (Score:2)
Re:Why I *DONT* want to see the key cracked. (Score:2)
Re:Why I *DONT* want to see the key cracked. (Score:3, Insightful)
We do not want to crack it to make pirate copies. And the asians can probably make them already if they want.
We want it cracked so that the people who bought the hardware can run 3rd party hardware of their own choice on their own hardware.
Would you be happy if MS said that you are not allowed to use any non-MS software on your Windows PC ? And started shipping only Windows to run on hardware protected PCs ?
Don't buy one! (Score:2)
XBoxes are NOT PCs (and I know it uses an Intel CPU, a nVidia GPU, an IDE HDD and DVD, that doesn't make it a PC, get over it). They come with very limited licesnses. You don't like the license, don't but the damned thing! Jebus!
Re:Don't buy one! (Score:2)
Everyone likes to spout off about how MS has the right to dictate how their hardware is used, because they were so generous in bringing it to us, the consuming hordes; but nobody can show how this is legally the actual case.
Re:Why I *DONT* want to see the key cracked. (Score:2)
Re:Why I *DONT* want to see the key cracked. (Score:5, Insightful)
Re:Why I *DONT* want to see the key cracked. (Score:2)
Your cell phone contract is usually the thing that stops you changing networks on your phone but once free of the contract there's nothing to stop you doing that.
As for DSL - my router is mine and I don't have a contract so I suppose I could take it to another provider anytime.
Re:Why I *DONT* want to see the key cracked. (Score:2, Insightful)
You could never burn a bootable xDVD, signature or no signature. The best you could do is mod the console, install linux on the HDD, then remove the mod - and whats the point of that? You still void the warranty and have to go through the mess of installation and removal.
The only people who could create a bootable xDVD with the signature would be those with commercial production facilities.
Lets try and put things in perspective (Score:3, Insightful)
Replace the words "Microsoft" with "First Bank of America"[/Your Bank], and "XBox" with "ATM". Of course they are doing this because they want to do their banking transactions from Linux, and those evil closed sourced ATMs were preventing it. It's all fair use
Why not hide Linux in an x-box game? (Score:5, Interesting)
It seems to me that if this happened, the person who designed this "game" would get 200,000.00 from Michael Robertson for having Linux running on an unmodded X-box, too.
It almost seems like Red Hat or someone would throw in some time and money on a project like this. After all, the amount of free press someone would get by putting one over on MS in this fashion would be unbelievable. This would be toward the top of the list for the all time best hack!
Usurper_ii
Re:Why not hide Linux in an x-box game? (Score:2)
Create a game, for which a virtual machine with assembler and virtual hard disk is ESSENTIAL
(for example, some kind of graphical Core Wars
or some Robot Programming).
Then sign the game by Microsoft and publish it.
Then port Linux to that Virtual Machine.
Voila!
Why a lawsuit? (Score:2)
The real legal reason (Score:3, Funny)
Could you use copyright over encryption keys? (Score:2)
Alternative (Score:3, Interesting)
Atoms in the moon (Score:3, Informative)
I don't think that it's possible to fathom 10^616. Other than, "wow. That's... big"
Dammit (Score:4, Informative)
It's still a huge keyspace, but it has nowhere near 2^2048 keys in it.
Someones already done the work: heres the URL (Score:2, Informative)
Re:Someones already done the work: heres the URL (Score:2)
The RC4 key could be used for running new boot ROM's which in turn could run unsigned applications but it requires changes to each xBox to benefit from this.
Sam
maybe... (Score:2)
Whatever, is anyone really surprised over the outcome of this? That/B would really surprise me...
Saved Face (Score:3, Insightful)
Now, they can say they would have broken it if if wasn't so scary to try.
Otherwise, they would have to admit it would have taken them forty-leven trillion centons just to try out the easy combinations like "haxorz begone", before moving on to the non-alphabetic "hard" ones.
Legal challenge? (Score:2)
Took them longer then expected (Score:2)
This is just the beginning people, hold on to your hats.
Simpler way? (Score:2)
Re:Neo Project (Score:2)
Re:On XBOX Emulation (Score:5, Insightful)
This isn't, indeed cannot be the case. Grab a legitimate XBox game disc off your shelf, any one whatsoever. Stick it in your nearest DVD player. See how it plays? If its capable of streaming that animation off the disc in full 5.1 surround, then there must be at least some info on there in a normal fashion.
Re:On XBOX Emulation (Score:3, Informative)
It's believed because know-nothing geek wannabe's think spinning backwards would be some kind of impenetrable protection scheme - believe me, if that's all there was to it, it'd be hacked just as long as it takes to reverse polarity to the motors. GCN isn't hacked (yet) because all of it's custom circuitry is smushed into two ICs and people still havent fully deciphered what does what, like where the GPU ends and CPU begins and where the BIOS/bootblock is, etc..
As if Nintendo, Sony, or Microsoft would needlessly spend the billions in building new production facilities for what would be an absolutely idiotic and worthless protection scheme - what piglatin is to the world of ciphers, essentially.
I have all 3, and I can guarantee that they all do, in fact, spin in the same 'normal' direction.
Cutitout with this spins backwards nonsense. Just becuase you read it on the 'net doesn't make it true.
Re:On XBOX Emulation (Score:2)
Re:On XBOX Emulation (Score:2, Funny)
AOL (Score:2)
"Did you hear what happens if you play an AOL CD backwards? It has satanic messages. But it's even worse if you play it fowards:
it installs AOL"
Re:On XBOX Emulation (Score:2)
Yep. But XBox DVDs are written with track 1 on the outside so that the more important data can be read faster. Nintendo made their DVDs small, so a normal DVD+RW wouldn't fit inside the machines. Both had a thought of copy protection in the making.
Re:On XBOX Emulation (Score:2)
GTRacer
- Almost as silly as encrypting the key ON the disk!
Re:On XBOX Emulation (Score:2)
From what I could find on the 'net it seems that some of the bulbs are threaded backwards, but it's because they're 230V.
Re:On XBOX Emulation (Score:5, Funny)
Re:On XBOX Emulation (Score:2)
Re:On XBOX Emulation (Score:2)
No. If you play it backwards, you'll hear the opposite of what you'd normally expect from Microsoft. So you'll hear God speaking.
:-),
Schwab
Re:No biggie, it's cracked anyway (Score:2)
Re:No biggie, it's cracked anyway (Score:3, Informative)
Here's how the key is generated:
1. Generate two large random primes, p and q, of approximately equal size such that their product n = pq is of the required bit length, e.g. 1024 bits.
2. Compute n = pq and phi = (p-1)(q-1).
3. Choose an integer e, 1 e phi, such that gcd(e, phi) = 1.
4. Compute the secret exponent d, 1 d phi, such that ed ß 1 (mod phi).
5. The public key is (n, e) and the private key is (n, d). The values of p, q, and phi should also be kept secret.
- n is known as the modulus.
- e is known as the public exponent or encryption exponent.
- d is known as the secret exponent or decryption exponent.
So, factoring n into it's parts (p and q... which are prime) and the public key would give you all the information you need to determine the private key.
Re:LOL (Score:2)
Enjoy your laugh now. I have a strong feeling that the code will be broken soon, and the customers will be laughing last...
Granted I don't want to see anyone buy an Xbox for any reason. I don't care if Microsoft looses money on every one sold! It still helps their marketshare; so in a weird way I kinda like that it has been taken down.
Re:LOL (Score:2)
- Its 2048bit encryption. Thats 2 megabits.
ahem..*cough*.. Kilobits!! *cough*
Excuse me.
A point worth noting when making such comparisons is that public key cryptography requires more bits than symetric cryptography for equivalent security levels. A 1024 bit public key is considered by most scholars to be roughly equivalent to a 128 bit symetric cipher key. In a symetric cipher, every possible bit combination is a valid key. In PKI, you've got a smaller starting set, since certain components must be prime. Not all bit combinations would make a valid key.
Re:I had this idea... (Score:2)
Re:It was stopped because it's a crime. (Score:2)
Which is of zero relevance to most of the world, especially the vast majority of the human population who don't happen live in the USA.
Re:Do something productive (Score:2)
You make a very good point, and post some good links. However, you are wrong on the above, there are valid reasons to do this. Check out sourceforge for some X-Box projects, such as media players. Currently, you need to install a mod chip to make use of these. This project would have allowed people to run code of their choosing on a piece of hardware that they legally bought. Quite frankly, I can do what I want with it. (if I owned one). I can open it up, urinate on it, use it as a footstool, run my own code on it, and so on.
However, there is a flip side to this; the most interesting project is the XBox media player. Ironically, most of the content that will be played on it is probably pirated!
past precedent (Score:5, Interesting)
Seems like more than ample past case law to make hardware modding "legal". In the cars cases it might have required the hotrodder to completely disassemble the entire car, see how every single part worked and how it was designed, then decide how they wanted to do it better or different to suit their needs. It's more than legal, it's commonplace and no one thinks twice about it, it's a huge business and millions of people do it as a hobby.
Microsoft is seeking to become a huge exception to the past rules, as are a slew of other computer hardware and software companies. They can't have it both ways, if they actually are selling a product, then said product must be covered by a consumer warranty, and last I looked microsoft insists their products are as-is, no warranty unless they deem to do allow it at their leisure, ie, the "designed software" and "hard coded into the hardware" part. It's one or the other, if they want all the rights of a sellable consumer product, then they must accept normal useability warranties that are applied to every other "product" out there, and they most definetly DON'T accept that, so the courts should tell them (and ALL those other companies that insist on propietary excuslivity "rights" to their warez) to get stuffed until they do. As to modding the hardware itself, it's the same, either you get to OWN a piece of stuff or you don't, you can't half own something. Case precedence should have been set a long time ago, but it wasn't, now it's a big ole mess because it's become entrenched into computer-dom that they can have their cake and eat it too, something no other product has, and only one private business in the US currently enjoys (outside utilities and that gets into what is a utility), and that's major league baseball, which is goofy enough but exists.
Re:past precedent (Score:2)
Altough, it is the market that will decide wether they will be sucessful or not. For example, say you have two choices of hardware to buy, one is the Xbox, with all the DRM crap enabled, and the other is some taiwanese clone, with no DRM or restrictions, and also a lot cheaper. What would you choose? Notice that this is already happening with DVD players, "good-brand" ones come with RPC, but "el-cheapo" taiwanese ones comes with no RPC, or sometimes with some easily-disabled RPC, just pro-forma. And they usually work (and sell) pretty well.
I think as soon the Xbox is popular enough, some clones will start to appear, or, if computing power is enough, MAME will let us play xbox games. It's all a matter of time.
As for this kind of crap becoming a standard for computers (Palladium), just imagine what would you choose as your computing platform: USA/M$ controlled hardware running WindowsPalladium(TM) or some ASUS board running Linux,BSD or whatever else you throw on it? Looks like an easy choice to me, but others may disagree.
cheers
Re:past precedent (Score:2)
This is different to Xbox etc. , where some Korean startup can and will offer a version for half the price, with the annoying features (DRM etc.) disabled.
Re:past precedent (Score:2)
And you are also wrong on the other notions, political and legal or quasi legal pressure is being put on modchip makers, "cracking" encrypted software and reverse engineering closed source is still a serious gray area and several suits past and present exist. EULAS on software are a self written get out of jail free card non-warranty on propietary software manufacturers end (I've read those too), and really don't exist outside that industry.
As to car modding, of course I am aware of that as pertains warranties. But no car company puts legal or political or economic pressure on the aftermarket and racing guys for doing their business, on the contrary, they gleefully snag and put to good use any advances they can find. They are more than willing to lend their trademarks and logos to them to slap on their cars at the track. Engineers are employed in the automakers stable, extremly skilled out of the box thinking and HIGH PAID engineers exist in the aftermatket and modification areas. NASCAR and NHRA innovations have added about as much to detroit's bottom line over the years as the sum total of their in house engineers. The price is right for detroit,and they aren't as plain vanilla stupid as the software houses or hollywood. They can and have learned from their mistakes in the past, but those other guys just keep making the same ones over and over again and go running to bigbrodotgov nanny.
A lot of intelligent people in those industries, but a severe lack of common sense sometimes at the upper management levels. Must go with the mindset I guess, don't know why, but there ya go.
You get one reply as an AC from me, so here it is.
Re:For the lay person: (Score:2, Interesting)
But what if you do not own an X-Box? Surely they cannot bind you to their contract if you have nothing to do with them; at least not morally. I'm not entirely sure what the laws state in America.
Re:take a page from 'Secrets and Lies' (Score:3, Interesting)
This may not be possible, since the private key may not reside all in one place.
I used to work at $(MUMBLE_SALT_PILE_MUMBLE) whose (former) business model involved their cryptographically signing disc images for their console system. The disc images were signed in a room with a keypad and handprint scanner at the door. I saw through the door into the room a couple of times; the ceiling was solid, so climbing over the ceiling tiles would not help you.
The private key was not kept in that room, however, but rather was broken up into N fragments and each fragment was distributed among the (roughly 2N) senior executives. A single, complete copy of the private key, therefore, did not exist. When a disc image was to be signed, executives would enter the room one by one and type in their key fragment. Some executives carried identical fragments which bought them a little flexibility. But, even so, if the wrong combination of executives were on vacation, no disc images could be signed that day.
So breaking and entering may avail you of exactly squat.
Schwab