Topic: How Good Is 360 Security? (Read 699 times)

lordvader129 · « **Reply #15 on:** December 03, 2005, 12:39:00 AM »

QUOTE(TheSpecialist @ Dec 3 2005, 12:30 AM)

What kind of checks are you exactly referring to ? I mean, if the mediatype is set to 'non secure medium' and the files are signed with the correct key, they'll boot on any 360, independant of kernel version.

the media checks used on xbox and 360 are inside the xexs (xbes) the executables look to the media type and if they dont match they dont launch, these are the ones that can be patched and easily re-signed (if we had the key)

the 360 features an updatable kernel, MS could very easily put a media check into the kernel (more like the media cehcks in a ps2 than an xbox), to check the media type for all xexs, an dont load them from recordable discs, this check could easily function regardless of what the media type declared in the xex itself is

MS would no longer be able distribute the emulator updates in a burnable format, but given the hypothetical that the private key has been cracked, thats a very small price to pay for re-securing the 360

lordvader129 · « **Reply #16 on:** December 03, 2005, 09:06:00 AM »

QUOTE

that means that this kernel code remains in a writable place of the XBOX, which means that we could easily patch it

this assumes that along with the private key youve also cracked Live security (to send the kernel update) and whatever flash codes they use to initialize the flash, it also assumes the kernel is signed with the same key and checksums so youd be able to put the new kernel past the hypervisor, or it assumes you have a way to initiate a flash locally (from an xex) which also would be infinitely more difficult because the xex could not be run from any burned media

lordvader129 · « **Reply #17 on:** December 03, 2005, 09:30:00 AM »

QUOTE(TheSpecialist @ Dec 3 2005, 10:15 AM)

Just load it from HD, no problem

how would you get it there? hopefully an FTP server is developed BEFORE the update would be distributed

also hope MS doesnt run checks on xexs loaded from the HD too (since theoretically only the dashbaord and emulator need to be run from the HD)

and as i said last time that assumes its even POSSIBLE to initate a flash locally

all this hypothetical talk is pointless though, i highly doubt we'll ever crack the private key in the first place....just noticed you said the same thing a few posts ago, lol

JoHnnyTK36 · « **Reply #18 on:** December 03, 2005, 10:45:00 AM »

QUOTE(TheSpecialist @ Dec 2 2005, 04:07 PM)

The key can't be 'hacked' by some kind of reverse engineering, only thing you can do is brute force it. Good luck with that

I'll buy you a beer if you find it before 2010

And why try to crack the key from the original xbox ? I'd rather have the one from the xbox 360

"Very good possibility" ? If we have the private key from the 360, then we can run ANY code on the xbox 360, from any medium ! Nobody would need to hack his/her xbox anymore, you could just dl the iso from internet and play it on your 'unhacked' xbox, what more could you possibly wish for ?

But really, forget about hacking the private key, it's just not feasible ...

It might not be feasible but we better get somebody started on it. If a year goes by and we still haven't hacked the xbox in anyway, we will be a year ahead on cracking the private key. It is always good to have a backup plan.

lordvader129 · « **Reply #19 on:** December 03, 2005, 11:43:00 AM »

QUOTE(JoHnnyTK36 @ Dec 3 2005, 11:52 AM)

If a year goes by and we still haven't hacked the xbox in anyway, we will be a year ahead on cracking the private key

great, then it wil lonly be 99,999 years to go after that

but in order to get started on cracking the private key we need the public key, which i believe would have to be ripped from the kernel, which we dont have either

huhn · « **Reply #20 on:** December 04, 2005, 03:33:00 AM »

wouldn't it be an idea to try to crack the private key parallel to tranditional cracking attempts. So if one fails we have an backup plan? I see that this could be difficult but wouldn't be a project like the seti@home with a lot of distributed computing perfect for this? If we only go some thousand computers to share the work load it could be done in a year or so. No security is perfect, also not the Private Key Security if there is enought processing power to crack it.

Don't get me wrong, I don't have an XBOX360 and don't even plan to buy it but I'm verry interrested in helping you crack this box, just the trick MS

Think about it... What calculations are needed to do such cracking? Who has a sever in the carribean where we could host the distribution coordination? I think if someone showed me how to crack such a key (even with lots of processing power) then I might be able to write a distributed computing system to crack it.

TheSpecialist · « **Reply #21 on:** December 04, 2005, 10:37:00 AM »

QUOTE(huhn @ Dec 4 2005, 11:40 AM)

wouldn't it be an idea to try to crack the private key parallel to tranditional cracking attempts. So if one fails we have an backup plan? I see that this could be difficult but wouldn't be a project like the seti@home with a lot of distributed computing perfect for this? If we only go some thousand computers to share the work load it could be done in a year or so. No security is perfect, also not the Private Key Security if there is enought processing power to crack it.

Don't get me wrong, I don't have an XBOX360 and don't even plan to buy it but I'm verry interrested in helping you crack this box, just the trick MS

Think about it... What calculations are needed to do such cracking? Who has a sever in the carribean where we could host the distribution coordination? I think if someone showed me how to crack such a key (even with lots of processing power) then I might be able to write a distributed computing system to crack it.

Even if you'd link up ALL the PC's in the world, you wouldn't find it before you die

Well, of course it depends on the development of computer power, but based on current hardware, you won't find it in 100 years. So let's just say that its 99,99% sure that you won't find it before the next generation XBOXes are introduced

So, like I said before, it's just not feasible.

azninvasion · « **Reply #22 on:** December 05, 2005, 07:51:00 PM »

found an article that describes a new method of finding primes.

might be an interesting read for some of you math majors. maybe you could improve the algorith so we can crack taht private key

http://www.ams.org/n...a-bornemann.pdf

if you have firefox, use bugmenot to get in.

VoiceOfReason · « **Reply #23 on:** December 05, 2005, 09:01:00 PM »

QUOTE(azninvasion @ Dec 5 2005, 06:58 PM)

found an article that describes a new method of finding primes.

might be an interesting read for some of you math majors. maybe you could improve the algorith so we can crack taht private key

Uh, no.

Finding primes has never been the problem. It's very easy to find a prime. It was unknown until recently whether proving primality is in P, the set of all problems which can be solved in polynomial time. But that didn't really matter... proof of primality wasn't a problem. The general algorithm for finding a large prime is this: pick a large random number. Run a primality test that will certainly succeed if the number is prime, but may either fail or succeed if the number is composite. If the test fails, throw out the number and start over. If the test succeeds, run another primality test. Keep running primality tests... if the number passes several hundred of them, the odds of it being composite are negligible and the number can be safely assumed prime.

This algorithm is not in P, because it would theoretically take an infinite amount of time to prove primality using it... but again, for cryptographic purposes, 99.999999999999999999% certainty is plenty good enough. Agrawal, Kayal, and Saxena, on the other hand, found an algorithm for testing primality that is in P. It's a tremendous breakthrough, of which they should be very proud. But from a practical standpoint it matters little, and it doesn't make it even a tiny bit easier to factor large composite numbers, which is what would be involved in breaking RSA.

And as I said in a different post, if and when somebody finally does solve the problem of factoring large composite numbers, we'll wish they hadn't. Hooray, you can play with your $400 computer, yippee! Also, Internet security will go bye-bye, secret military communications will be open to our enemies, digital signatures will be trivially forged, and an awful lot of things we take for granted will be no more. Worth the tradeoff?

Zanzang · « **Reply #24 on:** December 06, 2005, 12:25:00 AM »

QUOTE(VoiceOfReason @ Dec 5 2005, 10:08 PM)

Worth the tradeoff?

Hmm...

The fate of the free world...
Or browsing the web on my 360...

Tough choice.

I guess the world will just have to hang in there as best as it can.

azninvasion · « **Reply #25 on:** December 06, 2005, 12:59:00 PM »

Tossing out an idea and you can throw it in the garbage bin if its already been tried.

Say you are given a multiple of two prime numbers of the same binary length. And you use the binary multiple, and you add some numbers to it to where it is no longer a multiple of those two binary numbers. Now get me wrong, if you find multiples of two numbers that are of the same binary length that form to make this new number you have created. Can't you use that as an estimate to find two binary prime numbers in the vicinity of these two new numbers you have and eliminate a lot of work?

lordvader129 · « **Reply #26 on:** December 06, 2005, 01:07:00 PM »

QUOTE(azninvasion @ Dec 6 2005, 02:06 PM)

Tossing out an idea and you can throw it in the garbage bin if its already been tried.

Say you are given a multiple of two prime numbers of the same binary length. And you use the binary multiple, and you add some numbers to it to where it is no longer a multiple of those two binary numbers. Now get me wrong, if you find multiples of two numbers that are of the same binary length that form to make this new number you have created. Can't you use that as an estimate to find two binary prime numbers in the vicinity of these two new numbers you have and eliminate a lot of work?

that assumes the 2 numbers multiplied to make the public key are of similar length, which they almost certainly arent, due to it being a logical starting point for cracking the key

C o s m o · « **Reply #27 on:** December 06, 2005, 01:17:00 PM »

lordvader129 · « **Reply #28 on:** December 06, 2005, 03:23:00 PM »

QUOTE(VoiceOfReason @ Dec 6 2005, 03:41 PM)

For crying out loud. People still don't get the size of the numbers we're talking about here.

Okay, fine, you've done some magic and come up with an estimate for one of the factors. Let's say it's a really good estimate... it's within 0.000000001% of the actual factor! You've still got to deal with about 10^295 potential factors, and even if every single person on the planet was doing nothing but trying them out, and even if each person was capable of trying out a googol (that's a 1 with 100 zeroes after it) factors per nanosecond, it would still take much, much, much longer than the entire age of the universe to find the factor.

Give it up on trying to factor the key. Better men than you have tried.

hey i understand the size, lol, i even posted the public key in another thread, lol, its on the order of 10^600 (2*10^616 to be exact)

im just trying to explain in a way he woul dunderstand why it wont work

azninvasion · « **Reply #29 on:** December 06, 2005, 10:03:00 PM »

never say never i will never give up! to the grave!! sure its a big number, but nothing is ever tooo big.. i mean it won't be the end of the world if rsa keys are factored in a novice way. we'll just have q-bits to secure everything then.

Author Topic: How Good Is 360 Security? (Read 699 times)