Hacking the Xbox

Recommendations

Info

202 Hacking the Xbox: An Introduction to Reverse Engineering user processes, even in the presence of bugs and memory leaks (including scenarios where kernel memory is deallocated and reassigned to a user process without a memory clearing step). This scheme can also be used to establish security audit trails which are useful for helping programmers to trace the root cause of a security breach, and as damage control measures in case of a security breach. To be fair, one advantage of the cryptographic approach to trusted computing is that if a rogue does get hold of data through some hardwares means — by eavesdropping on the hardware or stealing a hard drive — the data cannot be deciphered. However, users can elect to use cryptography for data protection in any computer implementation, including those using hardware capabilities and tagged memory. The problem of secure key management is still a difficult problem, but perhaps it can be solved in part by integrating cryptographic smart card readers into PCs. There is no essential reason why a trusted PC implementation must use the cryptographic techniques proposed in Palladium and TCPA. The techniques reviewed in this section, namely capabilities and tagged memory, can be used to implement a secure, trustable PC in a manner that does not involve the risk of users losing the ability to set their own access policies. Users would be in full control of their machine and their secrets at all times. Palladium Versus TCPA There is much confusion these days about the current trusted PC proposals, namely Microsoft’s Palladium and the Trusted Computing Platform Alliance (TCPA). There are enough similarities between the two proposals that many people think they are one and the same, but the goals of each initiative are different. The TCPA is a multi-corporation alliance to create computers with some nominal amount of trust. Significantly, much of its specifications can also be applied to non-PC platforms. In TCPA the trust is planted in a secure hardware module called the TPM (Trusted Platform Module). The TPM contains features to ensure that the secrets contained within the module are never leaked through software attacks. It also contains features, such as secured system “measurements,” that attempt to transfer the trust contained within the TPM to the host machine. Palladium, on the other hand, is a whole-system PC-centric security concept created by Microsoft alone. One of its components is a TPMlike security module, but Palladium also calls for sweeping changes to the hardware chipset and the way I/O ports are implemented. The chipset is required to enforce memory security policies from all potential DMA sources, such as the graphics card. Palladium also calls for encryption of the I/O to the keyboard and video subsystems.
Chapter 13 - Onward! 203 Palladium’s requirement for cooperation between chipset vendors, OEMs and Microsoft is a potentially large flaw. There isn’t enough margin in the commodity PC hardware industry today to support the overhead of an extensive cryptographic security overhaul. Too, many chipset vendors do not have any experience with implementing secure systems. On top of the language barrier faced by many overseas chipset vendors, chipsets are usually developed on a short fuse and with a keen eye on the pocketbook. Can chipsets developed under these conditions be expected to protect sensitive secrets? The Xbox is an example of what can go wrong when security policies are defined by one body and implemented by another very different organization. Microsoft wrote a specification for a trustable piece of hardware, namely, the Xbox. Strong cryptographic algorithms are used liberally in the Xbox, and the master key for the system is locked deep inside a complex piece of silicon. However, experience has demonstrated that the Xbox’s security system can be bypassed using a combination of an unsecured debug port, a flaw in the hardware initialization scheme, and a bug in the handling of a boundary case of the instruction pointer in the CPU. These three minor oversights, committed by three independent parties (the assembly contractor, the Xbox firmware designer, and Intel), conspire to provide a convenient method for defeating Xbox security. Each of these oversights on their own does not represent a significant security problem. This leads to the disconcerting question of how many security breaches in a particular Palladium implementation will be caused by the stacking of multiple benign flaws. Every complex consumer electronics system has minor bugs or design oversights, especially when systems are composed of components built by multiple independent entities whose primary interest is in turning a profit. In the consumer electronics industry, one can either ship a perfect product, or one can make money. Products that don’t make money are quickly cancelled. Thus, it is very rare to find a consumer product that is technically perfect in all respects. As a result, the only practical way to guarantee the security of consumer electronics system as complex as Palladium is to throw it into the wild, and let the hackers have their way with it for many years until all of the big security holes have been discovered and plugged. On the other hand, the TCPA’s TPM is a device created to solve a certain set of problems that is smaller in scope than Palladium’s. Thus, the TPM is not as exciting from a market perspective, but it may be more practical and serviceable for its intended purpose. Both the TPM and Palladium are weak to hardware attacks, but the TPM doesn’t attempt to extend security requirements as far into third-party system design territory. The TPM is primarily a secured key management module that can detect most modifications and intrusions to the host system. The software layers built on top of this substrate do the rest of the heavy lifting, caveat emptor.
Page 1:
Hacking the Xbox An Introduction to
Page 4 and 5:
The US government is far and away t
Page 7 and 8:
Hacking the Xbox An Introduction to
Page 9:
In memory of Aaron Swartz
Page 12 and 13:
x Hacking the Xbox: An Introduction
Page 14 and 15:
xii Hacking the Xbox: An Introducti
Page 17:
Acknowledgments I would like to tha
Page 20 and 21:
2 Hacking the Xbox: An Introduction
Page 22 and 23:
Page 24 and 25:
Page 26 and 27:
Page 28 and 29:
10 Hacking the Xbox: An Introductio
Page 30 and 31:
Page 32 and 33:
Page 34 and 35:
Page 36 and 37:
Page 38 and 39:
Page 40 and 41:
Page 42 and 43:
Page 44 and 45:
Page 46 and 47:
Page 48 and 49:
Page 50 and 51:
Page 52 and 53:
Page 54 and 55:
Page 56 and 57:
Page 58 and 59:
Page 60 and 61:
Page 62 and 63:
Page 64 and 65:
Page 66 and 67:
Page 68 and 69:
Page 70 and 71:
Page 72 and 73:
Page 74 and 75:
Page 76 and 77:
Page 78 and 79:
Page 80 and 81:
Page 82 and 83:
Page 85 and 86:
CHAPTER 4 Building a USB Adapter Ca
Page 87 and 88:
Strategy Chapter 4 - Building a USB
Page 89 and 90:
Chapter 4 - Building a USB Adapter
Page 91 and 92:
CHAPTER 5 Replacing a Broken Power
Page 93 and 94:
Chapter 5 - Replacing a Broken Powe
Page 95 and 96:
Strategy Chapter 5 - Replacing a Br
Page 97 and 98:
Page 99 and 100:
Page 101 and 102:
Figure 5-6: The final cable assembl
Page 103 and 104:
Page 105:
Page 108 and 109:
Page 110 and 111:
Page 112 and 113:
Page 114 and 115:
Page 116 and 117:
Page 118 and 119:
100 Hacking the Xbox: An Introducti
Page 120 and 121:
Page 122 and 123:
Page 124 and 125:
Page 126 and 127:
Page 128 and 129:
Page 130 and 131:
Page 132 and 133:
Page 134 and 135:
Page 137 and 138:
CHAPTER 8 Reverse Engineering Xbox
Page 139 and 140:
Chapter 8 - Reverse Engineering Xbo
Page 141 and 142:
Page 143 and 144:
Page 145 and 146:
clearance for motherboard component
Page 147 and 148:
Page 149 and 150:
Page 151 and 152:
Page 153 and 154:
Page 155 and 156:
CHAPTER 9 Sneaking in the Back Door
Page 157 and 158:
Chapter 9 - Sneaking in the Back Do
Page 159 and 160:
Page 161 and 162:
Page 163 and 164:
Page 165 and 166:
Page 167:
Note Chapter 9 - Sneaking in the Ba
Page 170 and 171: 152 Hacking the Xbox: An Introducti
Page 179 and 180: CHAPTER 11 Developing Software for
Page 181 and 182: Chapter 11 - Developing Software fo
Page 191 and 192: CHAPTER 12 Caveat Hacker Reverse en
Page 193 and 194: Chapter 12 - Caveat Hacker 175 tech
Page 195 and 196: Chapter 12 - Caveat Hacker 177 type
Page 197 and 198: Chapter 12 - Caveat Hacker 179 art
Page 199 and 200: Chapter 12 - Caveat Hacker 181 tres
Page 201 and 202: Chapter 12 - Caveat Hacker 183 Also
Page 203 and 204: Chapter 12 - Caveat Hacker 185 oppo
Page 205 and 206: Chapter 12 - Caveat Hacker 187 inte
Page 207 and 208: Chapter 12 - Caveat Hacker 189 Such
Page 209: Chapter 12 - Caveat Hacker 191 his
Page 255 and 256: APPENDIX D Getting Started with FPG
Page 257 and 258: Appendix D - Getting Started with F
Page 263: Appendix D - Getting Started with F
Page 270 and 271:
Page 272 and 273:
Page 275 and 276:
APPENDIX F Xbox Hardware Reference
Page 277 and 278:
Appendix F - Xbox Hardware Referenc
Page 279 and 280:
Appendix F - Xbox Hardware Referenc
Page 281 and 282:
DVD-ROM Power Connector Appendix F
Page 283:
Fan Connector Appendix F - Xbox Har
Page 286 and 287:
268 continuity mode, in DMMs 19 Cop
Page 288 and 289:
270 Molex 76 Moore’s Law 5 Mosis
Page 290 and 291:
272 Virtex-II FPGA 123 Visor 139, 1
show all

Hacking the Xbox

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?