Forgot your password?
typodupeerror
XBox (Games) Security

Microsoft Aims for Hack-Proof 360 134

Posted by Zonk
from the no-such-thing dept.
jondaw writes "The BBC is reporting that "Microsoft plans to make its next generation games console, the Xbox 360, as difficult as possible to hack...There are going to be levels of security in this box that the hacker community has never seen before...I'm sure sooner or later someone will work out how to circumvent security. But the way we have done the design doesn't mean that it will work on somebody else's machine.""
This discussion has been archived. No new comments can be posted.

Microsoft Aims for Hack-Proof 360

Comments Filter:
  • by Wayne247 (183933) <slashdot@laurent.ca> on Friday September 09, 2005 @12:29PM (#13519672) Homepage
    Is simply equal to the amount of work hackers will have to do to get around it.

    Claiming something hackproof is like saying a doorlock is tamper-proof. It *can* be opened, it's just how much work are you prepared to do that justifies doing it.
    • by Red Flayer (890720) on Friday September 09, 2005 @12:44PM (#13519808) Journal
      Not claimed to be hackproof in TFA: "'I'm sure sooner or later someone will work out how to circumvent security. But the way we have done the design doesn't mean that it will work on somebody else's machine'[said Chris Satchell]"

      So, they say that a hack may work on one machine, but not another? Article implies that this additional security is added through hardware design. What are they doing, putting a combination lock on the circuitry?

      No matter what the new security is, I'm sure it'll me that much more rewarding for the person who first publishes the workaround.

      MS has to be careful that the console isn't too easily modifiable, or else they'll get slapped with a lawsuit for enabling people to pirate copyrighted works...
      • Most likly a crypto / unique identifier chip. One chip that has the purpose of allowing games to be played and providing indentification to games that this is an unmodded box. You might be able to unlock the system, but you will be limited to running linux or something hand made to run on this unlocked system.
    • by Anonymous Coward on Friday September 09, 2005 @12:48PM (#13519854)
      A lawyer friend once told me that the working definition of "waterproof" was not that something was impervious to water, but that when something was damaged by water the manufacturer was obliged to replace it.

      Maybe what Microsoft is saying is that when your Xbox 360 becomes a DDOSing zombie, they will replace it for free*.

      *postage paid by end user. Please include a stamped, self-addressed return box. 350 dollar processing fee required. Void in New York, California, and anywhere else those linux loving hippies live.
      • *postage paid by end user. Please include a stamped, self-addressed return box. 350 dollar processing fee required. Void in New York, California, and anywhere else those linux loving hippies live.
        Lame. I thought that Microsost would have a more potent disclaimer [attrition.org]...
      • A lawyer friend once told me that the working definition of "waterproof" was not that something was impervious to water, but that when something was damaged by water the manufacturer was obliged to replace it.

        As compared to "bulletproof" where when you die from a bullet penetrating it the manufacturer is obliged to resurrect or reincarnate you at their choice(*).

        (*) Some states or other jurisdictions do not allow the substitution of reincarnation for resurrection, so the above vendor option of substitution
    • Lets put it this way... Open Invitation for Trouble.
    • They said hack-proof? TFA:
      Mr Satchell admitted no system was fool-proof and that, with enough time and dedication, the security on the Xbox 360 would be broken.

      "There're some really bright people in the world with some really expensive hardware," he said.

      "I'm sure sooner or later someone will work out how to circumvent security. But the way we have done the design doesn't mean that it will work on somebody else's machine."
    • I have to agree with another reply that this is simply an open invitation taunting every hacker to crack the 360 ASAP. Besides, there's going to be a problem, as with all hackery, that Microsoft, however large their development team is, has to design something that can withstand the combined efforts of at least an entire country of would-be 360 hackers.

      The numbers don't look too good for Microsoft on this one.
    • "Is simply equal to the amount of work hackers will have to do to get around it."

      Uh, no. It's trivial to set up a decent hash. It can days, if not years, to break it.
  • by TracerRX (775473) on Friday September 09, 2005 @12:30PM (#13519688)
    The only secure computer is one that is turned off, locked in a safe and buried 20 feet down in a secret location, and I'm not completely confident of that either. -- Bruce Schneier
  • by Pig Hogger (10379) <pig.hogger@NoSpAM.gmail.com> on Friday September 09, 2005 @12:32PM (#13519697) Journal
    This must be the computerish equivalent of the "Kick-Me" tee-shirt...
  • ... Scientists (still) looking for cheap room-temperature fusion. Film at 11.
  • by oman_ (147713) on Friday September 09, 2005 @12:36PM (#13519726) Homepage
    Just keep on hyping up your new security up until launch. Thay way you look like even bigger 4$$holes when it all comes crashing down.

  • To test this... (Score:2, Interesting)

    by voxel (70407)
    They should (if not already) create a new team, called the XBox Crackers Team. They can use a saltine logo for thier t-shirts.

    The saltine group will then comprise of a group of 5 bright individuals, who will be awarded as a whole $200,000 or $40,000 each if they can come up with a hack that would or could end up with a cheap mod-chip solution that could be mass-produced.

    They of course have a pre-set deadline, say between now and the actual launch.

  • Misleading (Score:2, Insightful)

    by Anonymous Coward
    They aren't trying to make it "Hack Proof" just difficult to hack. That headline will have worthless forum threads going for days...
  • Why? (Score:4, Interesting)

    by marcus (1916) on Friday September 09, 2005 @12:41PM (#13519771) Journal
    I am sure that there are others like me, the only reason I bought an Xbox was because it *was* hackable!

    I use it in a 'hacked state' far more often than 'straight'.

    • Re:Why? (Score:3, Interesting)

      by nb caffeine (448698)
      seconded. XBMC runs more often than games do on my xbox. I know they are including xbmc-like functionality in the 360, but that doesn't do me a bit of good, with my media files stored on a debian based server. Though, its not like my xbox is going to stop working the instant the 360 hits the street. I'll be fine till xbmc360 comes out :)
    • Because like any console, they don't make money of the console sales, they make money on the game sales of which they get a slice. If one can mod their XBox, like you have, and it is no longer a closed system, then they have no lever to force you to buy new content that they profit from. That blows a giant hole in their business plan. The honestly couldn't care less if you EVER use it, they just want you to keep buying new games for it.
      • Re:Why? (Score:2, Insightful)

        by marcus (1916)
        That might have been a good reason for the Xbox to be made hack proof, but not the 360. Unless I have mis-remembered something, M$ has opted out of the take-a-loss on the console for market share and volume in order to re-coup on game sales business plan. They intend to profit, or at least take no loss, on the console sales. Thus the appreciably higher prices and different levels of factory installed features.

        The same hackability is still an attractive feature. Having one GP box that can play DVDs, surf IMD
        • No, they don't sell it for a huge loss, but they're still sold for a marginal loss that is recouped on game sales. Even if they sold it AT cost, that's still zero profit, which amounts to a loss when you add incustomer service and warranty repairs. No business sells products at zero cost with no chance of making a profit. The fact remains that the profit is in the after-market, post purchase of the initial unit. They have zero incentive to let you just buy a unit and do anything you like with it, and plenty
      • Because like any console, they don't make money of the console sales, they make money on the game sales of which they get a slice. If one can mod their XBox, like you have, and it is no longer a closed system, then they have no lever to force you to buy new content that they profit from.
        Hey! no one have been twisting their arm to adopt such a hare-brained business scheme...
        • Yes they have, all the PC gamers with their imaginary "prick-waving" (quotes to avoid "imaginary prick" comments) contests. Console manufacturers (don't know if it started with Sony) realized that they could afford to take a hit on intital unit sales and recover that through software sales in order to make their hardware compare more favorably to current PC setups. The strategy just stuck (Nintendo's a notable exception, I believe).
          • Yes they have, all the PC gamers with their imaginary "prick...

            Imaginary prick? Everybody knows girls don't play PC games.

    • I am sure that there are others like me, the only reason I bought an Xbox was because it *was* hackable!

      I use it in a 'hacked state' far more often than 'straight'.


      ...Because they are OBVIOUSLY marketing this thing to you.
      • ...Because they are OBVIOUSLY marketing this thing to you.

        Maybe they are. Maybe they think that all these people who spend so much time and energy trying to hack the hardware will go buy an XBox360 for the sheer challenge of it (and probably buy enough games to make it worth it to MS).

        Then again, the moon could be a giant Russian Teacake.....
  • by lysander (31017) on Friday September 09, 2005 @12:42PM (#13519785)
    Article: Microsoft plans to make its next generation games console, the Xbox 360, as difficult as possible to hack
    Headline: Microsoft Aims for Hack-Proof 360

    I would like to think that slashdot would be a place where people (e.g. editors) would know the difference between these two statements.

  • by LePrince (604021) on Friday September 09, 2005 @12:45PM (#13519822)
    "If something was done by a man, another man can undo it". Still holds true, IMHO.
  • One of the things the Xbox had going for it was that it was easy to mod...

    If this does have an effect on sales, it can be looked at in a few ways.

    1 - It will result in less sales of hardware. Bad becuase the user base will be less, so less software will be sold.
    2 - Modders probably won't buy software anyway... they'll buy the hardware, then pirate games and use the hardware to suit their own needs... And since Microsoft will most likely be losing money for every console sold, they won't make ANY money off
    • IIRC, the only way anybody hacked the GC was through the network port and a copy of Phantasy Star Online...I believe the server was sending actual code to execute, not just data, and a bit of intercepting allowed for some memory mangling that allowed for custom stuff, but the only custom stuff I've heard about was Linux, and it had to be loaded via the network port as well. I don't believe there's a custom disc out there at all.
    • I believe the GC was eventually hacked, but since it used media that wasn't widespread and easily available, modding didn't run rampant for the system.

      It's so incredibly easy to add a switch to the Gamecube to allow it to play games from other regions that there was no good reason to make a Gamecube mod-chip.

      If hardware manufactures didn't use their copy protection hardware to grant them far more rights than copyright law allows, far fewer people would feel the need to modify their hardware. You want to pre
      • It's so incredibly easy to add a switch to the Gamecube to allow it to play games from other regions that there was no good reason to make a Gamecube mod-chip.

        Well, I think we're probably talking about different things... you're talking about playing imports, which, like you said, was easily done for the GC. But I'm sure the majority of people using mod chips are doing so so they can download and burn games... which never really happened for GC like it did with other systems.

        • But I'm sure the majority of people using mod chips are doing so so they can download and burn games...

          I'm not convinced of this. There are very few people out there who seriously persue video game piracy on consoles. From what I've seen most people try it out for the geek factor and then don't do much with it. Similarly, you don't really need to mod your Xbox to play pirated games on it. The mod chip was more for using the box as a media center, or other unusual hacks. Everybody I know with a modded PS2 us
    • afaik, the Xbox 360 and PS3 will cost more to manufacture than the sale price... this meaning each Xbox 360 sale is more of an "investment" by microsoft, hoping that the average customer will over the life of the 360 buy enough games to make up for the difference. so each of those 360 sales that would be made by hackers, that have no intention of buying games, would actually be costing MS money... so it makes sense that they wouldnt want these people buying their system.
      • Well, that's not exactly a flaw in my logic... that was my #2 point.

        2 - Modders probably won't buy software anyway... they'll buy the hardware, then pirate games and use the hardware to suit their own needs... And since Microsoft will most likely be losing money for every console sold, they won't make ANY money off of these users.

        Embedded in this was the fact that they lose money on the hardware, but make money on the software.

  • by steveo777 (183629) on Friday September 09, 2005 @12:45PM (#13519826) Homepage Journal
    The first, most obvious measure is price. If people can't afford one, they certainly can't hack one.

    The kernel software will, of course, be protected with poor coding that is nigh impossible to navigate.

    The box will be made out of the rare metal Adamantium infused with trace particles of kryptonite. Virtully unbreakable, and protected against any Kryptonian hackers.

    But the most important security measure of all: Microsoft plans on installing at least half a dozen starving, crazed weasels that will attack anyone who succeeds in opening their boxes.

    • But the most important security measure of all: Microsoft plans on installing at least half a dozen starving, crazed weasels that will attack anyone who succeeds in opening their boxes.
      American Society for the Prevention of Cruelty to Lawyers on line#3 and Weasel Anti-Defamation League on line #2.
    • Microsoft plans on installing at least half a dozen starving, crazed weasels that will attack anyone who succeeds in opening their boxes.

      Ah, Weird Al Rights Management. However, I think only 360s shipped to Albuquerque will have this "feature".

      If I do manage to hack the 360, will I be stuck in a closet with Vanna White, night after night after night after night?
  • by EnglishTim (9662) on Friday September 09, 2005 @12:45PM (#13519827)
    There seems to be this attitude that a crack will inevitably come out fairly quickly.

    I don't think that's the case.

    I think many slashdotters are overly confident just because the original Xbox got hacked and we've manage to hack CSS, but you've got to remember a couple of things: Firstly, the original Xbox was the first hardware of that type that Microsoft had created. They put in some protection but it wasn't good enough. I'm sure they have learnt from their mistakes and it will be considerably more difficult to crack this time around. Secondly, with CSS it took quite a long time to get a crack and that was due (IIRC) to a CSS licensor screwing up and leaving the key unprotected in the firmware.

    Now, it's possible that Microsoft have screwed up again, but it's by no means a sure thing.
    • I've always thought that the only sure about MS was that they always screw up.
    • You make a decent point.

      It wasn't as tempting a target for hackers I guess, but Atari put some checksum encryption in the Atari 7800 that, in effect, stymied 3rd party/homebrew cart makers for YEARS. I think they finally got a handle on it, but still. Smart people are making the security, and while they have tremendous obstacles, they might not always bat .000 like people assume.

      A more recent example...all those people who like homebrews so they have to be petrified of getting their PSP updated to > 1.5
    • It's not just overconfidence, it's basic information theory. All the components for cracking the XBox are present in the XBox itself.

      CSS was broken very quickly by extracting a valid key from a player. Note that this is not a "cheat" - this is a fundamental hole in this sort of DRM. The key is and must be present to play the DVD, and with the key present it can be extracted.

      However, DeCSS does not rely on extracting a key - it's an algorithmic attack on CSS itself.

      • True, but its development was made very much easier by the knowledge of the valid key. The Xbox was also cracked by sidestepping the protection method instead of directly breaking it- a flaw was found in the code that implemented the checksum.

        And besides, even if a method is found for compromising the 360, if it's sufficiently more difficult to perform than modding a current-generation console (i.e. if you can't just drop a modchip in the box or take it to the corner electronics store and pay $50 labor)
      • DeCSS does not rely on extracting a key - it's an algorithmic attack on CSS itself.

        Actually, to be precise, DeCSS is just a reverse-engineered implementation of the decryption algorithm, and must be provided with the correct key. libdvdcss, the open source library widely used to decrypt DVDs, includes not only another (improved) implementation of the decryption algorithm, but also an algorithm that performs a very efficient ciphertext-only attack on a CSS-encrypted DVD title.

        DVDJon's original DVD work

    • To my knowledge every major console ever released has been cracked. What makes this one so different?
    • Extremely good point. Remember the write up on the XBOX 1 hack posted here a few weeks ago? It seemed to me hacking it to run homemade code was not trivial at all, and the over all impression I got was that Microsoft was fairly close to 'unhackable' with their chain of trust.

      I'm actually very surprised to read that they acknowledge months before the system is even launched that it will probably be hacked. The bit about 'what hacks one system may not hack another' is especially thought provoking.
      • the over all impression I got was that Microsoft was fairly close to 'unhackable' with their chain of trust.

        True. If Microsoft hadn't released the v1.0 security system bunnie hacked we probably wouldn't have been able to hack v1.1 since we used a lot of knowledge gained from 1.0 in doing so. One of those things was used to get hold of the code for the hash algorithm. Without that we wouldn't have known it was TEA and thus flawed for hashing.

        The Gamecube was only hacked since tmbinc found an extreme implemen
        • Well, theoretically true, the door to the safe are locked, you can't forge the key and the only key is in manager's pocket.
          You still don't count that the manager can be pickpocketed. Someone hacks into MS network, steals the original key used to sign original games, and all you have to do to run your own app is to sign it with the key you've downloaded from the net. There's no way they could allow for new games to show up and work on the console without having some way to sign them - and if you can lay you
        • "their" hardware is sitting in the customer's living room. after having purchased the device in question from a store.

          i wonder how they define the word "commerce".

          and since it's not a rental or lease but an outright purchase... they don't have any legal legs to stand on. i mean the kind of legality we had before D.C. became lobbyistville.

          find another way to prevent copyright infringement of games. if you deny customers their hardware, then infact the manufacturers are the thieves, in the real sense of the w
    • I used to think everything was crackable. And, to a certain extent, I still believe that, though I realize now that not everything will be hacked.

      DirecTV had their orginal F cards hacked, then their H cards, then their HU cards. And that's as far as it went. The new P4 and P5 cards are still encrypted and secure. In my mind, it shouldn't be all that hard to intercept calls through the box and figure out how to write to the card -- but then again, more talented hackers than me have tried and failed, so

      • it requires more sophisticated hardware analysis tools and perhaps revised algorithmic attack vectors.

        clearly, they've changed the way it works enough that previous avenues for revealing the mechanism will not work.

        try something totally new.

        DRM is the most flawed cryptology around for the simple reason that it must be viewable by all people who purchase it. and because of that, it must be on the hardware and software in possession of the customer.

        hardware is a lot tougher to crack than software simply becau
  • Remember the Oracle 9i "Unbreakable" campaign?

    A few months after Oracle 9i was released the hacker community has a dozen or so exploits.
  • Microsoft is going to make a hack proof product, I totally believe that. Now if you'll excuse me, I'm going to go pick up my new Hummer. The salesman told me they get 40 miles to the gallon now.
  • "I'm sure sooner or later someone will work out how to circumvent security. But the way we have done the design doesn't mean that it will work on somebody else's machine."

    Doesn't this suggest that the hardware in the systems won't be universal? Isn't it completely mental to have the internal guts of the console differ from unit to unit? Am I misreading this quote?
    • I suspect that it means they will use a locally generated private key to protect vulnerable information. Each box would have a unique key, so cracking one wouldn't compromise them all.
      • But if that were true a hacker would just have to bypass the key mechanism. Thus a bypass would allow all XBox 360 to be compromise. I suspect the PR guy was just blowing wind, misspoke, or just doesn't understand the security measures.
    • Not necessarily. Run the motherboard project through autorouter 10 times, changing "forbidden" zones each time, so you have 10 XBoxes that are just the same machine in 10 different layouts, making it impossible to use a single, unique modchip (it just won't fit everywhere), making them need to include 10 different modding manuals instead of one, and finally instead of buying 1-2 XBoxes to develop the hack, they would have to buy about 50 (so they get at least one of each kind...), $14.000 instead of $299...
  • by truthsearch (249536) on Friday September 09, 2005 @12:59PM (#13519979) Homepage Journal
    Yeah, cause hacking never resulted in the creation of any large software companies... Microsoft thinks there's no way to profit from hobbyists. How was it their company got started again?
  • by vertinox (846076) on Friday September 09, 2005 @01:14PM (#13520143)
    "Microsoft plans to make its next generation games console, the Xbox 360, as difficult as possible to hack..."

    In a basement in the Midwest...

    Hacker1: According to the diagram we are supposed pull the firing pin without shifting it's center of gavity or otherwise the mercury will hit the electrodes on the C4.
    Hacker2: Ok. *click* *beep* *beep* *beep* Oh crap! You didn't say anything about a presure plate.
    Hacker1: Quick. Cut the wire to the right of the power supply.
    Hacker2: Ok. Oh double crap!
    Hacker1: What?
    Hacker2: There are two wires!
    Hacker1: Well just cut one for christ sakes!
    Hacker2: Here goes nothing! *clips* *beeping stops* *phew*
    Hacker1: Finally... No we put the rom chip here... *xbox starts spewing green smoke*
    Hacker2: Oh fark! *coughs* It the posion gas!
    Hacker1: *coughs* Does this mean we *coughs* voided the warranty?
  • Remember all the buisnesses that were buying Xboxes and turning them into linux servers/clusters back when the first box was hacked? That was money MS wouldn't have gotton otherwise. And people who put linux on servers are likely to keep using linux. So then its really only a matter of who will provide the hardware. So why doesn't microsoft want a piece of the pie?
    • As the above reply stated, Xboxes cost more to manufacture and distribute (I'm assuming that's factored into the "sold at a loss" claim) than they're sold for. So every Xbox bought up by "all the buisnesses that were buying Xboxes and turning them into linux servers/clusters back when the first box was hacked" had to be replaced on the shelves by another Xbox that cost more than MS made from it,

      Why on earth doesn't Microsoft want a "piece of the pie"?
  • by Taulin (569009)
    Since Live is a way for them to determine if the box is hacked, and you can't play hacked games on Live, they should just go ahead and make Live free. It is so cheap already, it would definatly increase sales if people could play on the internet out of the box. They could then save money on R&D for researching hack-proofs that as everyone know will get crached anyways.
  • by advocate_one (662832) on Friday September 09, 2005 @02:10PM (#13520662)
    they can't guarantee the 512 byte bootloader will be free of bugs... so they're hoping and praying that the super duper hardware is so obfuscated with a seriously weird state machine that no-one... even them, can figure how on earth it ever works...
  • by Ruis (21357) on Friday September 09, 2005 @02:30PM (#13520882)
    My boss learned a long time ago that the fastest way to get a hacker to do something is to tell them that it can't be done.
  • If a few dedicated people are able to hack/mod their new XBox 360s, I seriously doubt microsoft will be bothered. The question is, Will any monkey with a soldering iron be able to mod their new console and run homebrew software and pirated games? Having just finished my first xbox mod, I have to say it was staggeringly easy: Solder these pins and these wires here, here, and here. Replace hard drive. Done. I would not have attempted it if it had meant, say, soldering a dozen or so additional wires, desolderi
  • If Microsoft had half a brain between all of their marketing droids, they would make it easy to do stuff to/on the X-thing round circle. They should be selling development tools to anyone with $99.

    Would beat the living jeepers out of the competition in this market.

    MBA mental maroon idjits.

  • ... frankly my dear, i don't give a damn. I'll by the PS3 and the games i want to play. As i have done with the PS2 and the PS.
    • hehe

      it always makes me laugh to see fanatic adolescent males say things like that.

      the cell was engineered from the ground up for DRM and Insidious Computing.

      in fact, it might be that the xbox360 is far easier to hack than the ps3.

      in either case, both are DRMed up the wazoo.

      and don't forget nintendo. they've been DRMing one way or another since the original nes.

  • I am looking forward to this so much! I'm sure the price of games will only be $20-30 since piracy has been blamed in the past for high game prices.

    Since it's hackerproof, I'm sure they can put their money where their mouth is.

Are we running light with overbyte?

Working...