Print

[mksoftware]

It's quite simple, unsigned code can be written by anyone who wants to. Signed code is code signed by MS (so they accepted it). The Xbox only accepts code that is signed by MS corporation, to prevent hackers to crack their system. Unsigned cannot be runned on a unmodified system, so if you created a program for the xbox 360 you simply cannot run it.

[deadparrot]

It is a "flag" at the beginning of an executable file which tells the system which media types it is allowed to run on.  Retail games will only have XBOXDVD as the type, so they can't be run from anything else.  Changing these flags is simple enough, but it invalidates the signature, therefore preventing it from booting.

[Bender.]

QUOTE(mksoftware @ Dec 28 2005, 02:04 PM)

It's quite simple, unsigned code can be written by anyone who wants to. Signed code is code signed by MS (so they accepted it). The Xbox only accepts code that is signed by MS corporation, to prevent hackers to crack their system. Unsigned cannot be runned on a unmodified system, so if you created a program for the xbox 360 you simply cannot run it.

But why cant we find out how MS signs the code and just do that?

[VoiceOfReason]

QUOTE(Bender. @ Dec 28 2005, 11:36 AM)

But why cant we find out how MS signs the code and just do that?

For the same reason that finding out that somebody gets through a secured door by inserting and turning a key doesn't help you get through that same door yourself. You need the key.

[jameswalter]

QUOTE(VoiceOfReason @ Dec 28 2005, 11:50 AM)

For the same reason that finding out that somebody gets through a secured door by inserting and turning a key doesn't help you get through that same door yourself. You need the key.

Right...think of a key with 2048 parts that could in 2 positions, up or down.  Now try to imagine how long it would take to try all the possible combinations.

[MaTiAz]

QUOTE(thegameq @ Dec 28 2005, 06:26 PM)

1. So the media flag is just one part of the overall signature, which is encrypted and can only be decrypted with MS's private key?

2. Thus the signature would be comprised of various security checks MS has in place on the 360?

3. When all the checks are "true" the signature is valid and the game runs?

If this is true I can see why some people are predicting it will take a while to hack the 360. Getting pass the security checks so as to not invalidate the signature, I'm guessing would be very time consuming. Factor in MS's XL updates...oy vey.

If the above is true would the security process on the 360 look like this?

DVD w/media flag=>DVDROM (firmware checks media flag)=>then another set of checkpoints which make up the signature must be passed before the hypervisor gives the OK to the 360s hardware.

Actually, the media flags are one part of the code which gets signed. Signing the whole executable would be kinda hard, as you can't sign the signature itself WITH the signature itself while it's signed? Or can you?

[jameswalter]

QUOTE(MaTiAz @ Dec 28 2005, 12:39 PM)

Actually, the media flags are one part of the code which gets signed. Signing the whole executable would be kinda hard, as you can't sign the signature itself WITH the signature itself while it's signed? Or can you?

The whole exceutable file (source code) is signed....the signature is just added to the end and has no impact on how the executable file runs (other than the security check).

[slumberpod77]

i love it when people who don't know anything about cryptography try to have a conversation about it.
let me try and break it down for you:

one of the basic problems which was dealt with many years ago in computers is this:
how do i know that a file has been successfully copied or moved from point A to point B without getting messed up in some way? the answer is math.

all computer files are "digital", meaning they are a string of binary values. these values are stored in various ways (positive or negative magnetic polarization, on/off states, reflective/non surface of optical media, etc), but these all are interpreted by the computer as 1's and 0's. there are higher structures that are imposed to make the data useable, so like a txt file will be a set of hex values each presenting a given character, plus possibly a header containing additional information about the file, but each hex value is really just a string of 1's and 0's when you get down to the lowest level.
don't get too bogged down on this point aside from understanding that all "digital" files can be interpreted many different ways, one of those ways being a really long ass number.

some smart math people figured out an algorithm that you can apply to files to get a smaller number which is relatively unique, and which will end up being totally different if even one of the bits is flipped (the smallest difference possible between two files). this is the concept of a checksum, MD5, etc, and is used for many things. think of it as a fingerprint for any file. two even SLIGHTLY different files will have totally different fingerprints. there's many ways of generating these fingerprints, and for things like MS's digital signatures a big number is used as a key in generating each file's fingerprint. as a result, your or i cannot make the same fingerprint unless we have access to that big number. this "fingerprint" number is called the digital signature and it's stuck onto the end of the Xbox executables. the system verifies that an executable is what it's supposed to be by looking at this "signature" number and the file it's stuck to and seeing if they match. if they do, it should mean that the file was properly signed by the people at MS.

this is actually a seperate issue from the "media flags", which are much easier to understand:

each piece of optical media you can stick in your computer has a low level flag on it which the computer uses to recognize what kind it is (like DVD-ROM, CD-ROM, CD-R, CD-RW, etc). this is sometimes called the "book type". you may think "a blank DVD or CD is blank, so why can't i burn it with the flag set to CD-ROM or whatever?" this is actually possible, but requires a better than normal burner (i.e. one capable of bitsetting). this is not something any normal person needs to do, so it takes some digging to find one and you will have to pay extra for it.

anyways, the executable files in both the 360 and original Xbox have a set of "flags", which are basically like on/off switches that tell the system what media that executable is supposed to be run from. this is why games on the Xbox must be patched so that the executables say "yes, i can run on a harddisk".

as noted above, changing these flags in a game's executable file would change the file, and thus invalidate the signature attached to it, requiring the executable to be re-signed.

[thegameq]

QUOTE(slumberpod77 @ Dec 29 2005, 12:31 AM)

i love it when people who don't know anything about cryptography try to have a conversation about it.
let me try and break it down for you:

one of the basic problems which was dealt with many years ago in computers is this:
how do i know that a file has been successfully copied or moved from point A to point B without getting messed up in some way? the answer is math.

all computer files are "digital", meaning they are a string of binary values. these values are stored in various ways (positive or negative magnetic polarization, on/off states, reflective/non surface of optical media, etc), but these all are interpreted by the computer as 1's and 0's. there are higher structures that are imposed to make the data useable, so like a txt file will be a set of hex values each presenting a given character, plus possibly a header containing additional information about the file, but each hex value is really just a string of 1's and 0's when you get down to the lowest level.
don't get too bogged down on this point aside from understanding that all "digital" files can be interpreted many different ways, one of those ways being a really long ass number.

some smart math people figured out an algorithm that you can apply to files to get a smaller number which is relatively unique, and which will end up being totally different if even one of the bits is flipped (the smallest difference possible between two files). this is the concept of a checksum, MD5, etc, and is used for many things. think of it as a fingerprint for any file. two even SLIGHTLY different files will have totally different fingerprints. there's many ways of generating these fingerprints, and for things like MS's digital signatures a big number is used as a key in generating each file's fingerprint. as a result, your or i cannot make the same fingerprint unless we have access to that big number. this "fingerprint" number is called the digital signature and it's stuck onto the end of the Xbox executables. the system verifies that an executable is what it's supposed to be by looking at this "signature" number and the file it's stuck to and seeing if they match. if they do, it should mean that the file was properly signed by the people at MS.

this is actually a seperate issue from the "media flags", which are much easier to understand:

each piece of optical media you can stick in your computer has a low level flag on it which the computer uses to recognize what kind it is (like DVD-ROM, CD-ROM, CD-R, CD-RW, etc). this is sometimes called the "book type". you may think "a blank DVD or CD is blank, so why can't i burn it with the flag set to CD-ROM or whatever?" this is actually possible, but requires a better than normal burner (i.e. one capable of bitsetting). this is not something any normal person needs to do, so it takes some digging to find one and you will have to pay extra for it.

anyways, the executable files in both the 360 and original Xbox have a set of "flags", which are basically like on/off switches that tell the system what media that executable is supposed to be run from. this is why games on the Xbox must be patched so that the executables say "yes, i can run on a harddisk".

as noted above, changing these flags in a game's executable file would change the file, and thus invalidate the signature attached to it, requiring the executable to be re-signed.

Now I get it. Thanks for the down to earth explanation and your patience. Big up to you for breaking it down.

[lordvader129]

QUOTE

each piece of optical media you can stick in your computer has a low level flag on it which the computer uses to recognize what kind it is (like DVD-ROM, CD-ROM, CD-R, CD-RW, etc). this is sometimes called the "book type". you may think "a blank DVD or CD is blank, so why can't i burn it with the flag set to CD-ROM or whatever?" this is actually possible, but requires a better than normal burner (i.e. one capable of bitsetting). this is not something any normal person needs to do, so it takes some digging to find one and you will have to pay extra for it.

one minor correction here, booktype and media type are not the same thing, there is no burner than can alter media type, that is set on recordable media when it is manufactured

there are lots of burners that allow you change bitsetting, and most dont even cost that much

[alexmspqr]

QUOTE(lordvader129 @ Dec 29 2005, 07:31 PM)

that is set on recordable media when it is manufactured

Surprising there is no dodgy company out there producing recordable media set to a non recordable media type.

[twistedsymphony]

QUOTE(alexmspqr @ Dec 30 2005, 05:10 PM)

Surprising there is no dodgy company out there producing recordable media set to a non recordable media type.

Yeah but how would you burn it... you're burner wouldn't know it's a writable disc