17 mistakes Microsoft made in the XBox security system


Sometimes, I don’t even know why I read these things. First, the XBox is kinda old news to most folks. Second, I don’t know many people in real life who care about security. Third, this write-up of XBox security system problems is old anyway (late 2005). But some how, I still find and read these kinds of articles, almost always finding them fascinating, even when I don’t understand what the heck is being said (far too often for my tastes). And if you are like me, you’ll want to at least peek at it, and see how much you understand about security system design and testing.

Motivation for the Security System

The Xbox being a PC, it should be trivial to install Linux on it in order to have a cheap and, for that time, powerful PC. Even today, a small and silent 733 MHz PC with TV connectivity for 149 USD/EUR is still attractive. But this is not the only thing Microsoft wanted to prevent. There are three uses that should not have been possible:

  • Linux: The hardware is subsidized and money is gained with the games, therefore people should not be able to buy an Xbox without the intent to buy any games. Microsoft apparently feels that allowing the Xbox to be used as a (Linux) computer would be too expensive for them.
  • Homebrew/Unlicensed: Microsoft wants the software monopoly on the Xbox platform. Nobody should be able to publish unlicensed software, because Microsoft wants to gain money with the games to amortize the hardware losses, and because they do not want anyone to release non-Internet Explorer browsers and non-Windows Media Player multimedia software.
  • Copies: Obviously it is important to Microsoft that it is not possible to run copied games on the Xbox.

Microsoft decided to design a single security system that was supposed to make Linux, homebrew/unlicensed software and copies impossible. The idea to accomplish this was by simply locking out all software that is either not on the intended (original) medium or not by Microsoft.

On the one hand, this idea makes the security system easier and there are less possible points off attack. But on the other hand, 3 times more attackers have a single security system to hack: Although Open Source and Linux people, homebrew developers, game companies as well as crackers have little common interests, they could unite in this case and jointly hack the Xbox security system.

Then falls all the gory details of how the XBox boot system works, what security systems were put in place to protect the boot, how the systems *could* fail, how work-arounds were found to take advantage of those failures, and so on.  It’s a great bit insight into how hardware hacking can be done, but it’s also fairly technical at times.

[tags]XBox, Security, Microsoft[/tags]