17 mistakes Microsoft made in the XBox security system

Sometimes, I don’t even know why I read these things. First, the XBox is kinda old news to most folks. Second, I don’t know many people in real life who care about security. Third, this write-up of XBox security system problems is old anyway (late 2005). But some how, I still find and read these kinds of articles, almost always finding them fascinating, even when I don’t understand what the heck is being said (far too often for my tastes). And if you are like me, you’ll want to at least peek at it, and see how much you understand about security system design and testing.

Motivation for the Security System

The Xbox being a PC, it should be trivial to install Linux on it in order to have a cheap and, for that time, powerful PC. Even today, a small and silent 733 MHz PC with TV connectivity for 149 USD/EUR is still attractive. But this is not the only thing Microsoft wanted to prevent. There are three uses that should not have been possible:

  • Linux: The hardware is subsidized and money is gained with the games, therefore people should not be able to buy an Xbox without the intent to buy any games. Microsoft apparently feels that allowing the Xbox to be used as a (Linux) computer would be too expensive for them.
  • Homebrew/Unlicensed: Microsoft wants the software monopoly on the Xbox platform. Nobody should be able to publish unlicensed software, because Microsoft wants to gain money with the games to amortize the hardware losses, and because they do not want anyone to release non-Internet Explorer browsers and non-Windows Media Player multimedia software.
  • Copies: Obviously it is important to Microsoft that it is not possible to run copied games on the Xbox.

Microsoft decided to design a single security system that was supposed to make Linux, homebrew/unlicensed software and copies impossible. The idea to accomplish this was by simply locking out all software that is either not on the intended (original) medium or not by Microsoft.

On the one hand, this idea makes the security system easier and there are less possible points off attack. But on the other hand, 3 times more attackers have a single security system to hack: Although Open Source and Linux people, homebrew developers, game companies as well as crackers have little common interests, they could unite in this case and jointly hack the Xbox security system.

Then falls all the gory details of how the XBox boot system works, what security systems were put in place to protect the boot, how the systems *could* fail, how work-arounds were found to take advantage of those failures, and so on.  It’s a great bit insight into how hardware hacking can be done, but it’s also fairly technical at times.

[tags]XBox, Security, Microsoft[/tags]

Today in history – July 7th

Here’s a smattering of information about memorable events which have occurred in years past on this day.

  • A retrial verdict acquits Joan of Arc of heresy 25 years after her death (1456). — Sure, it’s a bit late, but I’ll bet her family was happy to know that she shouldn’t really have been executed…
  • United States begins first military draft; exemptions cost $100 (1863) — Hey, now there’s a good idea.  Sure, having money being the reason you get out of the draft has always been the case – but in this instance, it’s more clearly understandable how someone skipped facing the draft without the need for the cowardly run to another country.
  • In Memphis, Tennessee, WHBQ becomes the first radio station to air an Elvis Presley record. (1954) — If that’s not history, I don’t know what is.  And being that I live in Memphis now, I figure I need to point out the accomplishments of this fine city (aside from the political scandals which seem to keep the FBI coming here a lot recently, that is).
  • Some cowardly maggots blew up bombs on three trains and a bus in London, killing 52 innocent people.

[tags]Today in history[/tags]