I know the XBox thread was killed recently, but this is good reading. http://slashdot.org/article.pl?sid=02/06/01/1656228&mode=thread&tid=172 http://web.mit.edu/bunnie/www/proj/anatak/AIM-2002-008.pdf June 3, 2002 MIT Grad Student Hacks Into Xbox Security System By REUTERS Filed at 4:40 p.m. ET LOS ANGELES (Reuters) - A graduate student at the Massachusetts Institute of Technology has found a way to circumvent the security system for Microsoft Corp.'s Xbox video game console, opening the way for hackers to use it to run competing software, according to documents released over the weekend. The MIT computer expert, who posted his report on his university Web site, also questioned the security behind Microsoft's soon-to-launch online service, Xbox Live, saying hackers could exploit a flaw in the system to identify individual players from their game machines. Andrew Huang, who recently completed a PhD thesis on supercomputer architecture, wrote a memo May 26 describing his efforts to build hardware that would read the Xbox's internal security system. A link to the 15-page report was posted this weekend at technology news and discussion Web site Slashdot.org (http:/www.slashdot.org). Computer enthusiasts have been excited about the possibility of using the $199 Xbox, which is technologically similar to a PC, as a stand-alone computer running operating systems like Linux. Some see it as the ultimate slight against Microsoft -- using the software giant's own hardware to run software that competes against its Windows operating system. In the memo, Huang said the Xbox's primary security is contained in what he calls a ``secret boot block'' that is encoded into a media processor chip built for the Xbox by Nvidia Corp. Representatives of Microsoft and Nvidia were not immediately available for comment. An MIT spokesman told Reuters the university has not been received any request to take the paper down from its sites. TAPPED SYSTEM HARDWARE Huang said he had extracted the contents of the boot block by tapping the data path that travels between the media chip and the central processor.data path, Huang was able to capture the data transmitted between the two chips and manually process it to uncover the secrets contained in the ``boot block.'' He said it took a total of three weeks to build his custom board for a total cost of around $50. Given the particular encryption algorithm that was used and the decryption key, both of which Huang has identified, ``one can run original code on the Xbox,'' he said, meaning it would be possible to run things like unauthorized games and other operating systems on the console. Huang also said he had discovered a vulnerability in the console's programming, that would allow the boot-up sequence to be interrupted so that any code can be run on the system. In an e-mail to Reuters, Huang said he notified Microsoft in advance he would be publishing the paper, gave them a copy to read, and has been in regular contact with the company. He also said he is not working on any of the attempts to run Linux or other systems on the Xbox. ``I know a lot of people are exploring the possibility now, but I personally am not spearheading any effort toward this end,'' he said. Huang also said in the paper he has discovered keys to the identity of the console owner that may, in theory, be vulnerable through an online connection. Huang said he separately discovered that the console's serial number is stored in its memory, and that the data might be readable by the central operating system. ``What happens to this information when the Xbox is plugged into the Internet?'' he said.
This archive was generated by hypermail 2b30 : Tue Jun 04 2002 - 09:28:09 PDT