Feeds

MIT grad student shows how to read Xbox security key

He did it legally too, apparently. Isn't that clever?

  • alert
  • submit to reddit

An MIT graduate student has successfully dismantled Xbox's security system and published (after what appears to have been some discussion with Microsoft and EFF lawyers) the results. Bottom line - Xbox security relies on a "chain of trust" built on a "seed of trust" key that is included in a physically secure, secret boot block and which is identical in all shipped hardware.

So if you've got one, you've got them all and Andrew "bunnie" Huang's paper explains how he was able to get them. You can get full details of what he did here, in the academic version submitted to MIT, and bunnie also publishes an entertaining and knockabout history of his Xbox activities here. The Register is particularly taken with his happy announcement "hey! I'm finally done with my PhD thesis on supercomputer architecture...I can finally spend some more time playing with the Xbox" before he gets down to tearing it apart. Most definitely, a crazy guy.

Where Microsoft goes wrong in the Xbox security system is that although it camouflages the existence of the secret boot block via a not secret boot block, and makes it very difficult and expensive to access the secret block (it's hard coded into the southbridge system ASIC, which is built in 0.13 micron), the block itself is sent in clear over the HyperTransport northbridge-southbridge bus. Thus, by monitoring and analysing this traffic (bunnie tells how, it involves a belt sander, don't ask) you get the key.

It doesn't take expensive hardware to do so, matter of fact it can be done with the kind of hardware an MIT grad student has lying around after doing his PhD thesis on supercomputer architecture. Once you've done so you then have the ability to investigate the bootloader and kernel further, as bunnie says he's doing, and opening out the Xbox for standard peripherals and other operating systems. As he says, "if you ship your secrets in your hardware, it is a good assumption that the users will eventually - and perhaps quickly - know your secrets."

On an individual console basis his work suggests that it will be simple enough to be able to run what you want on Xbox hardware as currently constructed, and there are obvious implications for Microsoft as it begins to turn Xbox into a connected device. Xbox machines each have a unique ID, you could no doubt get access to these if you circumvented the security, so there is both a privacy issue and a threat to Microsoft's revenues from online services.

The paper offers Microsoft some suggestions as to alternative and more viable security approaches, and no doubt The Beast is working on updates even as you read. As for you conspiracy theorists about to mail us suggesting it's all a plot to get you to buy Xboxes before they put on a better padlock - just don't, OK? ®

Less academic Xbox hacks:
enigmah.com
Messiah

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.