EEVblog Electronics Community Forum
General => General Technical Chat => Topic started by: TerraHertz on March 13, 2013, 12:37:05 am
-
http://www.bunniestudios.com/blog/?p=3012 (http://www.bunniestudios.com/blog/?p=3012)
http://nostarch.com/xboxfree (http://nostarch.com/xboxfree)
Releasing free PDF of “Hacking the Xbox” in honor of Aaron Swartz
No Starch Press and I have decided to release a free ebook version of Hacking the Xbox in honor of Aaron Swartz. As you read my book, I hope that you’ll be reminded of how important freedom is to the hacking community and that you’ll be inclined to support the causes that Aaron believed in.
It's an excellent book. Both fascinating from the point of view of pure 'reversing' genius, and also for those who understand the political/DRM/closed-box-computing background to the XBox.
Microsoft has been trying for a long time to steer the development path of personal computers towards a 'closed box' architecture, in which the owner of the hardware has no access at all to the fundamental hardware and software layers. Such an architecture is a basic requirement of enforcible DRM controls, since if someone has access to the basic hardware operation they can always find, capture and copy media data streams in unencrypted form, ie break the DRM.
Microsoft's first serious attempt to implement such an architecture in complete form involved a heavily protected initial boot process, thus preventing anyone from booting into a non-DRM supporting OS. But MS was not entirely sure this was strong enough. They wanted a way to test the scheme's strength, by exposing it to widespread public use - and therefore widespread attempts to break the DRM protection.
But they didn't dare try this crap on their main userbase - the PC market. And MS also wanted to break into the gaming console market.
So they brought this DRM-scheme out as a gaming console. Which incidentally, it seems they sold for below manufacturing cost. Some would say that commercial sacrifice was just motivated by their desire to become a leading console manufacturer. Personally I think it was because they wanted to ensure there would be a lot of their 'test the DRM scheme strength' platforms in the wild, in order to give it a fair test. Microsoft thinks there will be vast future profits deriving from a solidly DRM-enforcing architecture. Also, political control, but that's another story.
Anyway, long story short, Bunnie shoved Microsoft's closed boot DRM scheme up their arse. By brilliantly cracking the XBox implementation, thus demonstrating that DRM architecture scheme is rubbish. This is the book about how he did it.
Microsoft then went back to their evil-plotting drawing board. Subsequently they evolved a scheme in which all exposed data channels in the hardware will have to be strongly encrypted. This means all signaling between all ICs. Between the CPU and Northbridge, Northbridge and memory, mass storage, video output, and so on.
So far they haven't managed to find a way to force this insanity on anyone. They've been limited to just making their 'operating system' (Windows) more and more DRM restrictive with each release. Given the way Windows 8 is belly-flopping, hopefully Microsoft won't be in a position to force anything on anyone too much longer.
Ha ha... they shouldn't even call it "Windows" any more, since version 8 doesn't multitask. It should be called "Window".
Look up terms like 'Microsoft white paper' and longhorn.
-
Thanks for this; I wonder what the eventual legal fallout will be.
Also, Windows 8 can multi-task... well dual-task with it's 1/3, 2/3 splitting in Metro ;)
-
So they brought this DRM-scheme out as a gaming console. Which incidentally, it seems they sold for below manufacturing cost. Some would say that commercial sacrifice was just motivated by their desire to become a leading console manufacturer. Personally I think it was because they wanted to ensure there would be a lot of their 'test the DRM scheme strength' platforms in the wild, in order to give it a fair test.
Lay off the crack pipe. It's common for game consoles to be sold at below cost (at least early in their lifespan). Low cost drives sales, and the platform manufacturer gets royalties on every game sold.
-
@TerraHertz The DRM and Crack smoking aside, thanks for posting the link here. I have an old XBox. I might just have to crack it open now and install Linux.
-
This is seriously a good book. I bought a copy back when it first came out. It does a really good job of going through the process of reverse engineering some unknown hardware including the collective hacker community aspect. It has some good details but never gets so technical that you can't follow along. And the best part is that you can pick up an old xbox for like 20 bucks these days and an fpga dev board so you can follow along and recreate the process is you are feeling ambitious. If you did that you would have a serious jump start to understanding and working with existing commercial hardware and learn a lot about data bus technology.
Another cool aspect is it gives an interesting technical overview of the original xbox DRM and how it was implemented. If you find that interesting you should really read about the evolution of console DRM into the next generation xbox and playstation and how hackers went about defeating those as well. It's a technical cat and mouse game that comes down to the developers having a finite amount of time/resources to implement the DRM but the hackers have essentially infinite time/resources collectively to try to defeat it. Each time the hackers defeat some scheme, the designers learn a lesson about where they messed up so each generation gets harder to defeat.
-
Another cool aspect is it gives an interesting technical overview of the original xbox DRM and how it was implemented.
Several good talks about the subject have ben given at the Chaos Communication Congress meetings.
22C3: "Xbox" and "Xbox 360" Hacking (https://www.youtube.com/watch?v=82vf0JQS1Sk#)
Deconstructing Xbox 360 Security [24c3] (https://www.youtube.com/watch?v=pdfWzWR2m0M)
Console Hacking 2010 - PS3 Epic Fail [27C3] (https://www.youtube.com/watch?v=PR9tFXz4Quc)
A common theme behind the security system failures is that even the best design can be defeated by a poor implementation. Eg. on paper the Playstation 3 security system is almost rock-solid but the completely amateurish implementation rendered it totally ineffective once an initial weakness was found.
-
Yup. Those conference videos are great. The ps3 one, I can watch over and over. Can you imagine what happened to that engineer that messed that up...
int RandomNumberGenerator()
{
return 14;
}
Another interesting lesson to be learned from the PS3 is..... Don't piss off the hackers!! As they say, one reason it seemed like it took the hackers so long to crack the PS3 was because at launch the PS3 could run linux out of the box. It wasn't till they took away the linux option that a critical mass of hackers started trying to serious break the security. OOPS!
-
Very good read. Does anyone know of any similar books on the next generation of consoles?
-
int RandomNumberGenerator()
{
return 14;
}
:-DD
-
Here's some history, from back around 2002, 3 ... 5. When MS was talking about how 'Longhorn' (incorporating their Palladium 'trusted computing' architecture) would be the next great thing (after WinXP).
The zip file contains an assortment of media articles on the subject, plus the MS white paper I mentioned.
Did crack even exist back then? It's not something I'd know about. But Microsoft was certainly on something. As opposed to onto something.
One thing to remember - Microsoft doesn't give up. They wanted to do that then, and they still want to. They just learned they'd have to be more subtle about it. Currently they're trying a flanking maneuver, with the UEFI 'secure boot' stuff.
-
Yup. Those conference videos are great. The ps3 one, I can watch over and over. Can you imagine what happened to that engineer that messed that up...
int RandomNumberGenerator()
{
return 14;
}
Another interesting lesson to be learned from the PS3 is..... Don't piss off the hackers!! As they say, one reason it seemed like it took the hackers so long to crack the PS3 was because at launch the PS3 could run linux out of the box. It wasn't till they took away the linux option that a critical mass of hackers started trying to serious break the security. OOPS!
I watch C3 talk videos regularly and this was a really great one. I also rotfl'd really hard. But I suppose that's what you get when you have a manager standing with a whip behind engineerss/developer's back.
-
Thanks for this; I wonder what the eventual legal fallout will be.
Also, Windows 8 can multi-task... well dual-task with it's 1/3, 2/3 splitting in Metro ;)
I don't endorse using Windows in general, but what you're saying is actually wrong. Windows 8 got a desktop mode which makes it work exactly like previous Windows versions. It's a common misconception that you can only use Metro. When I'm using Windows 8, which I'm currently not as Linux is my main OS, it's practically behaving like Windows 7 with a (IMO) nicer Start menu.