Hacking the Xbox
Hacking the Xbox
Hacking the Xbox
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
116<br />
<strong>Hacking</strong> <strong>the</strong> <strong>Xbox</strong>: An Introduction to Reverse Engineering<br />
word on who can or cannot run programs on <strong>the</strong> console, and hackers<br />
cannot modify games to insert viruses, Trojan horses, or back doors.<br />
Saved games are also sealed using encryption, and as a result, it is<br />
nominally impossible to hack a game and cheat by patching <strong>the</strong> executable<br />
or by jacking up your character stats.<br />
Clearly, a pivotal issue in hacking <strong>the</strong> <strong>Xbox</strong> console is <strong>the</strong>ir implementation<br />
of <strong>the</strong> digital signature system. The <strong>Xbox</strong> uses a SHA-1 hash with 2048-bit<br />
RSA keys, making <strong>the</strong> chance of a successful brute force attack very, very slim.<br />
Of course, <strong>the</strong> probability is zero if you never try, but <strong>the</strong> odds are stacked<br />
against you (see <strong>the</strong> sidebar “Very Difficult Problems”). You’ll have better<br />
luck trying to win <strong>the</strong> lottery. This is by no mistake; <strong>the</strong> discovery of <strong>the</strong><br />
private key would make game copying trivial and developers would not have<br />
to pay royalties to Microsoft (legally, <strong>the</strong>y may be obligated but <strong>the</strong>re is no<br />
technical reason preventing <strong>the</strong>m). Given that this key is probably worth a<br />
few billion dollars to Microsoft, it is quite likely that no single human<br />
knows <strong>the</strong> full key, as rubber-hose (beatings) and green-paper (bribery)<br />
cryptanalysis techniques tend to be quite effective on humans. (Do not<br />
discount real “brute force” as a possibility if you are trying to protect an<br />
extremely valuable secret!) Products such as BBN’s SignAssure certificate<br />
authority management system ensure <strong>the</strong> physical security of high-value<br />
keys and implement secret-sharing schemes that require multiple trusted<br />
users to activate <strong>the</strong> machine.<br />
As mentioned previously, <strong>the</strong>re are a few known viable attacks against RSA,<br />
but not all of <strong>the</strong>m apply in <strong>the</strong> <strong>Xbox</strong> scenario, as <strong>the</strong>y rely on groups of<br />
users or require chosen-ciphertext. In addition, <strong>the</strong> list of weaknesses is<br />
widely known and most implementations of digital signatures implement<br />
<strong>the</strong> proper countermeasures to protect against such attacks.<br />
The Rest of <strong>the</strong> Picture<br />
An effective security system needs good key management, strong<br />
protocols, and in <strong>the</strong> case of <strong>the</strong> <strong>Xbox</strong>, physical security in addition to<br />
strong ciphers and hashes.<br />
Key management is perhaps one of <strong>the</strong> most difficult system implementation<br />
tasks that face any security architect. Ultimately, <strong>the</strong> decryption keys need<br />
to go into <strong>the</strong> hands of a user. The user interface must be designed so<br />
that <strong>the</strong> average user with minimum training does not accidentally leak<br />
key information. As ciphers become stronger, <strong>the</strong> easiest path of attack is<br />
increasingly through <strong>the</strong> user. Eavesdropping through surveillance videos,<br />
social engineering, or even analyzing <strong>the</strong> pattern of sounds made by <strong>the</strong><br />
keyboard as a password is typed will probably yield more information per<br />
unit effort about a passphrase than cryptanalysis. Public key cryptography<br />
partially helps solve <strong>the</strong> problem of key distribution, but public key<br />
fingerprints should be compared in person to rule out <strong>the</strong> possibility of<br />
man-in-<strong>the</strong>-middle attacks. Public key cryptography also does not<br />
prevent someone with physical access to <strong>the</strong> client machine from eavesdropping<br />
on <strong>the</strong> decrypted output.