Topic: Sha-1 Broken!? (Read 393 times)

Midri · « **on:** February 16, 2005, 12:19:00 AM »

http://it.slashdot.o...tid=172&tid=218

Isent the header signature signed with an SHA-1 hash?
(I always forget the'se things...)

Lamer123 · « **Reply #1 on:** February 16, 2005, 12:48:00 AM »

Dude I can't wait do you know what this would open up ?
1. The obvious make back ups of your games to run on an unmodded xbox
2. Burn linux builds with a softmod installer (all legal ) and have a bootable linux install or live cd
3. Burn Multigame DVD's running any current dashboard that could include full games or a collection of emulators ( do you know how many roms you can fit on a DVD! )
4. And finally , watch MS crap their pants as all their security features go out the window
I hope all this pans out , this would be way bigger than anything the scene has ever seen . and they have a little something about this on Xbox Linux

QUOTE

1.2. SHA1 hash

The second way would be to take an already signed XBE and modify it. Because the signature itself only signs the header, it would be possible to modify the sections in the XBE. For this task we could modify anything except the header itself. So the sections need to have the same size and the sameSHA1 hash as before.

To reach this goal there are these two possibilities:

(a) Create a section that does all we want it to do and search a fitting signed XBE. Then we copy our section to a section in the XBE, where our section should be smaller than the XBE's original section. After that we would have to padd the section till its original size, so that the sha1 hash gets the same as before.

(

Find an attack against sha1. There have been attacks against md5 that did the following: You have a message A with a hash md5(A). The attack produced a new message B with md5(

=md5(A). Perhaps there is a easy way to modify single bytes so you get the same sha1 hash.

Remember, America's National Security Agency (NSA) designed the SHA1 algorithm. Do you really think that it doesn't have any exploitable loopholes?

Have: sha1 function (provided by Franz Lehner, see CVS: cromwell/sha1.c)

Need: a section that does what we want

Need: a attack against SHA1

Need: (Distibuted) Brute Force programm to pad section till the hash matches

Posibility:

If we have the section and the program, we would need people sharing there CPU load.

Read all of it HERE
Props to the coders that are working on this all of us who can't do anything are cheering you on .

shakaru · « **Reply #2 on:** February 16, 2005, 01:10:00 AM »

I cant belive that it happened. Its not confirmed yet, but if its true, I still dont think we will be making signed xbe's for a while.

cmiz · « **Reply #3 on:** February 16, 2005, 01:18:00 AM »

yeah...it would be quite a hassle having to sign every single XBE you wanted to use....and would an unhacked xbox be able to play burned games? i don't think so as they're burned and not pressed....but whatever.

pennywisdom · « **Reply #4 on:** February 16, 2005, 01:54:00 AM »

QUOTE(cmiz @ Feb 16 2005, 02:17 AM)

yeah...it would be quite a hassle having to sign every single XBE you wanted to use....and would an unhacked xbox be able to play burned games? i don't think so as they're burned and not pressed....but whatever.

you wouldnt have to sign every xbe. just sign a bios loader and name it xboxdash.xbe and youre set. no more font exploits needed.

Lamer123 · « **Reply #5 on:** February 16, 2005, 02:09:00 AM »

QUOTE

you wouldnt have to sign every xbe. just sign a bios loader and name it xboxdash.xbe and youre set. no more font exploits needed.

Good call man that would be sick . But if an exploit loaded would it leave any traces on the hard drive like a softmod does ? Or would it just automatically boot the game and have no record of the illeagal bios being used ? Mainly trying to understand if you could use a back up on live . Also how would the data structure look on the disc ? Wouldn't you assign the code to default.xbe what is booted off of a disk ? Also another little tidbit I read was

QUOTE

even if someone engineered it so that a brute force attack on an xbox loader was attemped, even with 4000 computers runnin at 3ghz.. it would take atleast a year if not more to find the correct hash

So maybe I got just a little too excited . That would be pimp though .

Keo-Keo · « **Reply #6 on:** February 16, 2005, 02:44:00 AM »

wow amazing.. (couldn't just come out when xbox2 comes out!!) Ugh.. We gave them a head start!!

triggernum5 · « **Reply #7 on:** February 16, 2005, 07:22:00 AM »

SHA-0 was hacked quite a while ago, and its still invincible enough to use against the likes of us..

BluhDeBluh · « **Reply #8 on:** February 16, 2005, 08:23:00 AM »

I thought the header was signed with a variation of SHA-2.

Either way, this isn't much help. Read the comments - this means that the change of collision has been reduced mathematically significantly but it's still not realistic for people to crack any SHA-1 key - you're talking 20,000 years of processing power.

shakaru · « **Reply #9 on:** February 16, 2005, 09:31:00 AM »

actually. Its not about cracking the key at all. What was discovered was that a password was cracked. Passwords are the ones that take 4000 years on one pc to crack because you have no info about what you are trying to crack. Basically the cracking is taking on sha-1 sig and randomly trying diffrent sha-1 sigs to see if they are the same value. Imagine phones without area codes, you run out of options and need to repeat. The thing about the sha-1 on the password, is that we have the key already. So we have half of the puzzle solved.
The idea of cracking a bios loader only is what all this is about because the team from chinia cracked the sum in under 28 days.
Now that we know that we need to make sig for just one program, and we can get around 300+ people working on it, it could be compleated in 90 days.

triggernum5 · « **Reply #10 on:** February 16, 2005, 09:42:00 AM »

Actually, what this is about is an algorythm that increases the probability of finding a collision.. The concept of collision hunting is nothing new.. Using the phone number analogy this is like saying "I want to find somebody in New York, so I'm not going to bother trying numbers in LA.." thus drastically improving the probability.. One in 2^69 IIRC, I can almost count that high:).. 1 2 3 4 6 (damn let me start over).. 1 2 3 4 6.. Argh whatever..

cmiz · « **Reply #11 on:** February 16, 2005, 10:52:00 AM »

i think a lot of people are seeing MS's private key as the holy grail...but if you stop and actually think, it really wouldn't do much at all, would it? i mean, don't get me wrong, i think that what these guys are doing is really cool and could certainly yield benefits to the scene....i just think that softmods have come so far as is that the ability to synthesize MS's key wouldn't really give us a huge advantage.

"you could use backup games in unmodded xboxes"

umm....what? this has to do with faking a signature on an xbe. when backing up a game, we are not changing the XBE's in the game and therefore the MS key which they are signed with is still intact. this is actually a disc protection issue. you'd need to PRESS the discs for them to work in unmodded xboxes, and unless you happen to have a spare disc press laying around in your basement, you better start saving up! (supposedly dual layer discs can be burned to mimic pressed discs? but i haven't heard a whole lot about that...)

"you could sign a bios loader"

doesn't that kinda nullify the entire point of being able to mimic MS's key? i mean, i can run a bios loader pretty easily with UXE. then i run nkpatcher 10 with a retail virtual C drive. the only real advantage you'd get from directly signing a bios loader is that you could retain the retail fonts in the fonts folder while cold booting. but since the xboxdash file is still changed, it wouldn't be any safer going on live in that state than coldbooting with UXE. the whole point of having the private key is that you can run homebrew software on a retail kernel. (at least in my opinion).

personally, i think that loading a new bios (or patching the retail one) is a lot easier than signing all of your XBE's with the MS key. also with the retail bios, you couldn't load games from your HD (media checks) or run backup games (still no boot sector on burned DVD's). having the private key could potentially make advantages on the softmod-with-live scene....but i don't use live and therefore...don't really care that much.

again, just my opinion, so go ahead and give us yours....

triggernum5 · « **Reply #12 on:** February 16, 2005, 11:01:00 AM »

Actually, you would not need to press anything.. Modded boxes can play backups, and it would be possible to resign games to run off of any cd/dvd media.. As for signing a bios loader, you could sign it to boot off any cd/dvd then burn it on a cdr, pop it into a brand new fresh out of the box xbox and boot it as if there was a chip inside.. Problem is, this attack has nothing to do with getting the private key.. Its about collisions, (finding another file that a signature applies to..)..

cmiz · « **Reply #13 on:** February 16, 2005, 11:11:00 AM »

really? i was under the impression that XBE's only loaded off of the second layer of the DVD. i could be wrong though, i'm certainly not the most knowledgeable person.

i realize it's about collisions, but isn't the whole point of it to find an xbe which you can slip your own XBE into which would (in theory) be a way of synthesizing a key? it's sort of a roundabout way of signing your own XBE's with the MS key, correct?

This post has been edited by cmiz: Feb 16 2005, 07:12 PM

Gamester17 · « **Reply #14 on:** February 16, 2005, 11:05:00 AM »

QUOTE(BluhDeBluh @ Feb 16 2005, 02:22 PM)

I thought the header was signed with a variation of SHA-2

and I thought it was SHA1 and HMAC_SHA1 ?, more info on xbox-linux.org
...it is interesting anyway and I for one will be following this discussion

PS! Public key (inside the Xbox kernel), in decimal (link) must be cracked?

Author Topic: Sha-1 Broken!? (Read 393 times)