Behind the Xbox Boot Code 52
NiteStar writes "The Xbox-Linux team has up a new article about The Hidden Boot Code of the Xbox. The Xbox console contains a 'chain of trust' to allow only legit Microsoft signed code to run on the Xbox. The hidden 'MCP' boot ROM (just 512bytes) is the link between hardware and software in this chain of trust." From the wiki article: "The Xbox, having an external (reprogrammable) 1 MB Flash ROM chip (models since 2003 have only 256 KB), would normally start running code there as well, since this megabyte is also mapped into the uppermost area of the address space. But this would make it too easy for someone who wants to either replace the ROM image with a self-written one or patch it to break the chain of trust ("modchips"). The ROM image could be fully accessed, it would be easy to reverse-engineer the code; encryption and obfuscation would only slow down the hacking process a bit."
Excellent read... (Score:1, Insightful)
Re:remember slashdot, that site that got taken dow (Score:4, Insightful)
The GACs (Greedy-Ass Cu..s) are making legitimite technology harder to develop, deploy and use; write a program that can easily share files and someone will load his entire CD collection into it for all to download... then the GACs will come along and take you to court for "developing software with the specific intent to violate copyright" or somesuch.
The world is in a sad state of affairs when it comes to matters like this. The (in the US and all countries that entered into free trade agreements with it) DMCA makes it illegal to circumvent any form of encryption, copy protection, etc.
Slashdot linking to an article that clearly describes the flaws in a copy protection implementation and how to get around it is becoming shaky ground. Gone are the days of free information... the GACs that run the world are making sure of that.
Be afraid, be very afraid.
A guess (Score:5, Insightful)
In Microsoft's case, their 512 bytes are incredibly high-profile. And based on the extensive nature of the hacks, they had to find a couple of VERY experienced security people to inspect their code, and who they trusted 100% to not disclose inside information. My bet is they didn't choose the right people to inspect their code, and after the inspection, any other employees who showed an interest in making sure the code was secure were treated more with suspicion than anything.
Re:A guess (Score:1)
FTFA: After they had learnt their lesson, they designed a pretty good system with the second version of the MCPX - but the implementation still contained at least three security holes
so, my bet is they just aren't clever enough.
Re:A guess (Score:5, Insightful)
The first shuttle accident was caused by... institutional problems. The engineering issues had already been discovered and discussed, but there were institutional issues that prevented the engineering discoveries to be fully investigated.
The second shuttle accident was caused by... institutional problems again. Again, the engineering issues had already been discovered and explored as much as the engineers could. Certainly NASA tried to fix their issues the first time, but apparently institutional issues aren't as easy to fix as engineering problems are.
My bet is that there WERE at least 4 people at Microsoft who were clever enough, they just weren't involved in the code inspections. Even if those four people knew that it was absolutely critical that they be involved in the inspections, they were specifically not permitted to look at the code, because four other people had already inspected the code, and involving more people (especially people who are "eager" to "help") would simply increase the chance of internal leaks. And that's not an engineering problem.
(on a personal note, at the company I work at, there have been several cases of problems being solved that have well-known solutions, but management puts inexperienced people in charge of the project, and then surround them with many more inexperienced people, ensuring that they never come in contact with someone who can steer them in the right direction. If management doesn't have a process in place to put people with the right knowledge on the problems that really require their expertise (even in an advisory role), then the organization isn't going to perform as well as it otherwise could. (this relates more to the XBox problem... the Shuttle problem is obviously more complex))
OT: Shuttle Failures (Score:5, Informative)
If you haven't read Feynman before, you'll probably like him. Funny guy, pretty damn smart, and managed with luck, brains, skill and stubbornness to get in the middle of some of the biggest science in the last century.
Re:OT: Shuttle Failures (Score:1)
As long as you aren't spamming, and I'm interested enough in the book to click the link, why the HELL shouldn't you get a kickback if I purchase the book?
It doesn't make the book any more expensive for me, and it gives less money to the MAN, so go for it! kthxbye
Re:OT: Shuttle Failures (Score:2)
I see your point, and yet, I still don't like referral links or the related Slashdot/Roland debacle.
Why? Because it makes me question the intentions of the poster. And that makes me question the integrity of his statements. Is he truly being informative--or just trying to make a book description fit the topic at hand (even if only remotely related) in order to make some money?
I take advertising with a grain of salt. Having watched more than a few infomercials in my lifetime, I've come to regard the
Re:OT: Shuttle Failures (Score:1)
Re:A guess (Score:5, Interesting)
Me: "The software that validates that units are configured correctly is 8000 lines of unauditable if statements. There is no definition of the policy it implements. This madness is going to cause an accident. We must rewrite the software and have lots of very boring meetings."
Management: "Hmmm...interesting...continue patching the software as issues come up."
Legal Department, "We're being sued because a configuration error ruined a batch of very expensive chemicals."
Me: "We must rewrite the software."
Legal: "We must rewrite the software."
Management: "hmm...interesting...continue patching the software as issues come up."
Re:A guess (Score:1, Funny)
Re:A guess (Score:3, Funny)
Monkelectric from monkelectric.com: Don't worry, I posted anonymously.
Management: We trust you to write software?
Legal Department: AIIIIIIEEEEEE!
Management: AIIIIIEEEEEE!
Monkelectric from monkelectric.com:
Re:A guess (Score:5, Funny)
Re:A guess (Score:2)
Be sure to RTFA...... (Score:3, Insightful)
Re:Be sure to RTFA...... (Score:2)
Re:Be sure to RTFA...... (Score:3, Funny)
-long, confused pause-
Jefe: Yes, El Guapo. You have a plethora.
El Guapo: Jefe, what is a plethora?
Jefe: Why El Guapo?
El Guapo: Well, I would just like to know if you know what a plethora is because you believe I have a plethora
Jefe: Sorry El Guapo, I, Jefe, do not have your superior intellect or education. Could it be you are angry about something and are looking to take it out on me?
El Guapo: Like what Jefe?
Jefe: Maybe it's because you are turning 4
They had some (Score:2)
Re:They had some (Score:4, Funny)
Andrew "Bunnie" Huang, specifically.
Re:They had some (Score:1)
Re:They had some (Score:1)
Summary (Score:5, Informative)
Nice attempt at a TCPA-like architecture, though. And cheers to the xbox-linux guys for their amazing achievements and enlightening write-up.
Re:Summary (Score:1)
Even worse:
How they did it.. (Score:2, Funny)
Testing PC overflow (Score:1)
Execution just happily continues at 0000_0000 - in RAM! Apparently the i386 CPU family throws no exception in this case, Microsoft's engineers only assumed it or misread the documentation and never tested it.
The article says that they assumed or misread the documentation . This is so easy to test I find it hard to believe they wouldn't knew about this. I think they knew it and just accepted it. Too bad the article doesn't mention what code there is at address 0000, if there's an halt or illegal inst
Re:Testing PC overflow (Score:1)
A history (Score:2, Insightful)
But, the whole point of the article is to prove that you can never lock anything completely down, from cd's to xboxen--they
Re:A history (Score:2)
How well does this represent our culture of openness? Is this consistent with how we want others to disclose security flaws? Obviously the authors have pegged themselves here as not pro-freedom, but simply anti-Microsoft.
The text is well-written, but the tone of it all is: "Haha, see how much more clever we ar
Re:A history (Score:1)
I'd say that the XBox is by design anti-freedom. The "security flaws" as you put it are for a security system put in place so that the owner cannot do with their property what they wish. An analogy would be like not pointing out to a dictatorship the various ways their fortress is flawed,
Re:This is bad news... (Score:3, Insightful)
having control over your hardware is not a crime and not immoral in any way. but the future is going to be a real nightmare. education is the answer... tell everyone you know about the evils of TCPA/DRM/Insidiuous Computing/region codes/etc and all the other bullshit that they've been foisting on us.
education is the answer!
Re:This is bad news... (Score:2, Interesting)
Re:This is bad news... (Score:1, Funny)
You need to mod your Xbox to get an edge just to lose fairly? Jeez, you REALLY suck at Halo.
Did I miss that part? (Score:1)
Re:Did I miss that part? (Score:1)
I dont care about people modding Xbox, just the cheates on live who will use this information to ruin a game I enjoy playing. It happened to AA early in its career, a game I enjoyed playing, and, after the cheating became widespread, I hated. Hope that clears things up.
Re:Did I miss that part? (Score:2)
Also... (Score:1)
Re: (Score:1)