Talk:17 Mistakes Microsoft Made in the Xbox Security System
From Xbox-Linux
Add your comment here, append your signature to the end of your comment (2 dashes and 4 tildas), as seen if you move your mouse of the signature button on the top. --Michael Steil 06:03, 15 Dec 2005 (PST)
| Table of contents |
Question
You write:
We found no bug in the RSA implementation. It is taken straight out of Windows 2000 and looks pretty good.
but you neglect to mention that RSA is not itself a signature algorithm: you do NOT need to break RSA or factor keys to accomplish a goal of creating a "signed" executable that will pass the XBOX signature algorithm. Signatures always rely upon some kind of code hash or checksum first, and some way of manipulating this into a signature using the assymetric (RSA) algorithm... thus there are 2 weaknesses:
1. Since you generally want to run your own code, you have complete control over what you want to have "signed". There's hundreds of XBOX games in existence, all are already signed, so you already have hundreds of example "hash" codes with valid signatures you can use. Finding SHA-1 collisions takes 2^69 operations (worst case), and we're not looking for just one, but any of the 200+ we already have (actually, 400+ - there's at least 2 signatures in every game, upto hundreds depending on how many game "Sections" there are). If a distributed "loop" is constructed, we only need to "guess" around 2^61 codes (random bytes to change our "hash") until you get a hash that matches a known one with an existing signature, and you're done.
In other words: assuming you've got 100,000 PCs to dedicate to the task (how many people use XBMC?); you can create your own bootable signed XBOX DVD after about 355 days of searching (worst case scenario). Assuming your DVD is a specially designed "bootstrap" starter, you only need to do this once, then everyone can use this to boot up whatever they want later, without needing to mod anything.
Alternatively...
2. A pretty well known RSA weakness is that it should never be used on anything besides "random" data, such as a padded hash. Mistake #18 Microsoft seem to have made is that they padded the hash with non-random data, so instead of having a nasty 2048-bits of randomness in our key, Microsoft kindly padded 1880 of these bits with "1", and the last 8 with 0
It is not very hard to create a new private key which has the same public key as the xbox, and since we know that the exponentiation function will be using a very small number (and hence is likley to never "wrap" in the modulus), we can realtively easily create a new RSA key that can sign XBOX code, and that will correctly pass the public key decryption/signature check, without us actually needing the real private key :-) ... for anyone skeptical about this bit - see this RSA PGP key (http://pgpkeys.mit.edu:11371/pks/lookup?op=get&search=0xC0DED00D) (ID "C0DED00D") - notice how you can 'read' english words and sentences inside the base-64-encoded public key? This is an example of someone who modified their RSA key generation (prime selection) code to engineer a public key of their choosing.
3. Another alternative... get a legitimate XBOX game company and convince them to brute-force a SHA-1 key so it yeailds 0xFFFFFF...FF ... then when MS signs this key, they in effect give us their private key directly :-) ... that's the other rule of RSA - you should never let anyone have control over what you actually "sign" with it - because (for example) -1 to the power of anything, modulus anything, always gives 1 :-)
See Padding schemes (http://en.wikipedia.org/wiki/RSA) for further explanation of RSA implimentation weaknesses.
See XBE Security (http://www.xbox-linux.org/wiki/XBE_Security) for how the XBOX hash is used.
Collaborative editing
I really like the paper, thanks for putting it up on the wiki. Why don't you unprotect the page and allow people to copyedit it to improve the grammar and add facts? --wikipedia:user:unforgettableid 00:18, 9 Mar 2006 (PST)
GeForce 3 MX'
Calling it a 'GeForce 3 MX' is a bit debatable, given MX has been used to denote inferior products whereas the XBox NV2A chipset is pretty much between the GeForce3 and GeForce4, so clearly not an inferior-to-GeForce3 product. Otherwise, a fascinating read. - Fuzzie 09:48, 16 Dec 2005 (PST)
- In a way, I agree. It is superior to the GeForce3, but it is also a stripped down version, because it uses shared memory. nVidia calls these shared memory versions "MX", like the GeForce 2 MB in the nForce chipset. Perhaps GeForce 3.5 MX would have been better? --Michael Steil 13:28, 17 Dec 2005 (PST)
In fact, Xbox Hardware Overview on this very wiki argues that the CPU isn't a Celeron, too. - Fuzzie 09:55, 16 Dec 2005 (PST)
- I don't know who wrote that there. I always had the impression it was a stock Celeron. Clarification would be needed. --Michael Steil 13:28, 17 Dec 2005 (PST)
- This anandtech article (http://www.anandtech.com/systems/showdoc.aspx?i=1561&p=2) suggests that the CPU is closer to a Pentium III with 128KB L2 cache than a Celeron, backing up what was said in the Xbox Hardware Overview. - Friedgold 14:37, 17 Dec 2005 (PST)
- Hmmm... Can we compare CPUIDs or /proc/cpuinfo? I'd like to have independent confirmation. --Michael Steil 03:14, 18 Dec 2005 (PST)
Conclusion
'The security system of the Xbox has been a complete failure.'
On the whole, that describes every product ever released by Microsoft - right up to and including Windows XP Pro. Part of the problem is the "corporate culture" at Microsoft, which says "don't ever discuss product flaws with outsiders." Since outsiders inevitably will find every security flaw before Microsoft does, the result is exactly what you would expect - the "bad guys" usually exploit the flaws long before the "good guys" are able to convince Microsoft the products are broken.
Mind you, that doesn't keep me from enjoyign my Xbox - enough so that I have two now, for playing on Xbox Live, and I am bidding on anotehr one on eBay for conversion to a Linux-based NAS device. Or possibly a family room media center computer; I haven't made up my mind yet. --(unsigned comment)
I think the conclusion should be longer. Maybe you could also talk about what the implications of the hacking community is for hardware manufacturers or some other philosophical topic, just like in bunnie's book.
--wikipedia:user:unforgettableid 00:18, 9 Mar 2006 (PST)
Typo reloaded
It's "pad policy", indeed. Other typos I've seen (marked by "__<typo>__"):
- "nVidia sold a slightly modified Southbridge and a Northbridge with __a__ another graphics core"
- "Oh, and there is another vulnerability, an__d__ integer vulnerability in the audio player code."
- "computers aren't slower or faster by some percentage - but __but__ factors!"
- "run homebrew software like media players and emulators, and run copies__.__ Although there were"
But from the technical point of view, it sounded very clear to me - and made me shake my head more than once. ;-)
Mystwalker 17:36, 16 Dec 2005 (PST)
- fixed, thanks --Michael Steil 13:28, 17 Dec 2005 (PST)
"and ebx, 0FFFFFFFh ; clear upper 4 bits" -- Is this a typo? (should be 0000FFFFh) ?--Daniel Hooper 09:34, 22 Dec 2005 (PST)
- No, 0000FFFFh would be the upper 16 bits. Each hex character is 4 bits. --James Ravn 14:28, 23 Dec 2005 (PST)
- "trough" should be "through", and "tought" should be "thought" (each occurs only once) --NotSoAnon 16:44, 27 Dec 2005 (PST)
- "this means you have to read at l__e__ast Schneier's "Applied Cryptography"" --Kolb 21:25, 28 Jun 2006 (EDT)
1) Great article! Thanks.
2) About the Xbox.
In my oppinion Microsoft's mistake was in the very beginning. Why subsidize the hardware? If you cannot build it for the price you want to sell it minus your margin then don't build it. Or else sell it for cost+ and nobody will want to hack it. If I buy a piece of hardware, it's mine. I do with it whatever I wish. I dismantle it and use the parts to cook a goulash, I rebuild it as a house robot or I use it to run on it my favorite operating systmem. And the manufacturer has no right to say a word, it's not his business he got his money and should shut up. But there is no limit to Microsoft's insolence.
2) About copying electronic media.
The solution is very simple reduce the price until even the poorest will be ashamed to copy it. The huge costs involved, come from the huge salaries paid to those who produce these works. And I can't stop asking myself how many $ milions does one need to feel happy.
--Adyfischer 04:25, 1 Mar 2007 (PST)adyfischer
#16: Many People
Looks like a grammar mistake:
"Keeping your source code safe means having engineers you can trust, and not letting none of your engineers see the source code."
--ttyR2
- Errr, suggestion? --Michael Steil 03:14, 18 Dec 2005 (PST)
- How about "Keeping your source code safe means having engineers you can trust, not preventing your engineers from seeing the source code." --Friedgold 09:53, 18 Dec 2005 (PST)
Note about "the excellent resources of the MIT hardware lab"
It seems that though Bunnie had access to the MIT hardware lab he didn't need it for tapping HyperTransport (aka LDT) bus. As explained in details in his memohe (ftp://publications.ai.mit.edu/ai-publications/2002/AIM-2002-008.pdf) used inexpensive Xilinx FPGA and TI's LVDS-to-TTL converter. The task was somewhat simplified by the fact that Xbox's HT runs at 200Mhz DDR (not at 400Mhz DDR as Bunnie supposed at first).
And thanks for your excellent article, it's really gripping and sounds pretty clear even to a non-professional non-native speaker. --Paul Fertser 11:44, 18 Dec 2005 (PST)
'Security' implemented by the PIC chip
First of all - excellent article.
I didn't see any mention of the PIC chip's role in the startup process. If you remember, the PIC chip asserts/releases the CPU's RESET line at power-on/reset. It then goes into a 'challenge/response' mode, requiring the x86 code to read a couple of 'random' values from the PIC chip, do some calculation on them, and return the result back to the PIC. If the result isn't correct (or if the x86 code doesn't initiate the challenge/response sequence within a certain small time period), the PIC chip will force a CPU RESET.
Because of the PIC chip hinderance, we (Xbox-Linux) had to find the RC4 key ourselves (as Bunnie never published it), and decrypt the 2bl in order to reverse-engineer the challenge/response functionality. This was only a minor slowdown, but was more involved/complicated than simply implementing the 'Visor trick' to gain control of the CPU.
It's possible that this PIC chip challenge/response logic was intended to act as some sort of a 'watchdog'. But, the sequence was only required once after RESET - so it's not like a typical watchdog which will monitor the CPU's activity/reset the CPU if there is a crash. Because of this, I believe that the PIC chip logic was added as a hinderance to getting 'non-Microsoft' code from running on the Xbox. As with the rest of the Xbox 'security', it was a failure. --Ozpaulb 08:06, 19 Dec 2005 (PST)
"obvoius" is a typo. My spellchecker says it should say "obvious". --wikipedia:user:unforgettableid 00:18, 9 Mar 2006 (PST)
Good work.
Thanks to the xbox-linux project in general for making the effort to seek Microsoft's alliance to avoid the illegal coping of games. All to often the general public assumes that being a hacker is equal to being an outlaw.
This is a great article that presents the security vulnerabilities and the reasons they were overlooked.
--Robacarp 10:07, 22 Jun 2006 (PDT)
Xbox Source Code Leak
Proof? Citation?
Why has this not been widely heard of previously?
