Print

[Xbox-Scene]

Devil 360: Xbox 360 Security Info-- Posted by XanTium on April 20 23:43 EST
Here's some news we received from the Devil360 Team, who announced last week that they will release a new product for the Xbox 360 on 06/06/2006:

(*) Xbox:
* The previous version of M$ console has been hacked by Andrew Huang also known as Bunnie from M.I.T. (more details here[pdf])
* This guy is very well known for his book "Hacking the Xbox". (more details here)
* What was the real security of the Xbox? Check this article[xbox-linux.org]

(*) Xbox 360:
* At http://en.wikipedia.org/wiki/Xbox_360 you will find a good definition of the new Xbox 360 features.

* What about the security of this M$ product?

-M$ worked on it a little bit at least.
According to findarticles.com, Chipworks is an internationally recognized technical services company that analyzes the circuitry and physical composition of semiconductors devices and electronic systems for a wide range of applications in intellectual property licensing, patenting and competitive study. Chipworks has successfully helped leading-edge semiconductor and electronics organizations achieve their goals by supporting research and development efforts in strategic product development and patent portfolio management. At the end of 2005, Chipworks analyzed the main chip of the 360 console and created a commercial report (see here).

-Bunnie also wrote a document which content is speculative and subject to change (see here[pdf]). This document deals with the Xbox 360 security scheme.
He made some assumptions about the scheme:
>be resistant against "hack once run everywhere" attacks (means invalidate mod chips using crypto and a specific perso for each console)
>be weak against one-time "hero hacks" (means avoid bunnie's or MIT hackers articles)
>use custom features in the processor or chipset cores (use microelectronic and electronic hardware to defeat software script kiddies)
A long time ago we bought several Xbox 360 and started to investigate their security scheme. Eventually a lot of bunnie's assumptions were brilliant. Well done!

-Playing pirated games or hacking the Xbox 360 security core?
Recently (mid march 2006) a hacker called "The specialist" published one weakness and a lot of people are now working on hacking the DVD firmware.
Using a fast FPGA card, it is possible to insert a parser/driver between the motherboard and the optical reader... we let the reader conclude by himself (sed -e 's/DVDFAKE/DVDXBOX/g Input > Output ;-)). What about the SATA HD?... wait and see. Maybe another time when few things would have been detailed.
Anyway what is your aim ?
If you wish to run Linux on your 360 then you have a problem, and this problem is very interesting. (see free60.org)

-According to M$ "The core security system has not been broken" (see here).
True the security core is intact. And not broken yet. Is it breakable? Maybe...

-Did M$ build the security architecture alone?
No, M$ received some help from Infineon (TPM) (see here).
Remark: If you can provide us some TMP chips, we could be friends. We have some but maybe few things evolved.

-M$ did not make some mistakes as the previous time with the first Xbox.
>The motherboard is reduced and a lot of wires are PCB protected. Then it is not so easy to spy wires and to apply a man in the middle attack.
>The firmware of each console can be reprogrammed by M$ using Xbox LIVE. This operation can be executed without the acceptation of the user. The idea is to release a new secure patch (a little bit like Zindows update) using the network.
>What about collecting the route, IP address, crypto keys and some more information from the console at this time?
It is not a nightmare!! They do it.

(IMG:http://pictures.xbox-scene.com/xbox360/devil360/Hacked_Hynix_without_LAnalyzer_CS_and_WE_ok_xs_s300.jpg)
Figure: The Hynix (T) memory containing the encrypted boot code.

We first de-capped Xbox 360 components as Chipworks did and we analyzed the console (Some chips have nine levels of metal).
Now we can confirm a lot of bunnie's assumptions and sometimes even worse.

What could happen if M$ would have made a hardware mistake?
We will communicate about this in the next 360 hours.
The next communication will include pictures of the de-capped chips and then some explanations about the console and a little bit more.
In the future we will only communicate with people who subscribed an email address. [note x-s: it'll be posted here on the x-scene news too ofcuz]

Devil 360

Official Site: http://www.devil360.com

[Ben999_]

Looking forward to what lies ahead  

[cliffy88]

Has anyone subscribe to the page?

[sew3521]

this could prove to be awesome

[Lamer123]

I dont get it ?  

[nwo504]

time will tell

[BigRed2k]

looking very forward to what devil360 has to say within the next 15 days =)

[JustinT9669]

QUOTE(Lamer123 @ Apr 20 2006, 09:29 PM)

I dont get it ?  

me 2  

[sgr215]

Anyone else find the name of the above picture a little intriguing? (Hacked_Hynix_without_LAnalyzer_CS_and_WE_ok_xs.jpg) Perhaps i'm just looking into it way to far though. Anyhow can't wait to see what comes of this.

[Specter]

mmmmm.....interesting. I hope it's what I think  

[Lamer123]

Ok after a couple re-reads I think I understand .

They are claiming that they They have found two different potential security exploits .

1. that they can write unsighned data to the xbox dash data on the 128 on board nand , by using a local area network .

2. and they have found a security hole in the boot loader chip .


Please correct me if  i am wrong , seriously . I want to know what this is all about .

[nwo504]

Hacked_Hynix_without_LAnalyzer_CS_and_WE_ok_xs

6-6-6

[dinzy]

If they honestly decapped the chips and were able to etch away layer after layer then I think we can assume they have some idea as to what they are doing.  Awesome news

[Rustmonkey]

QUOTE(Ben999_ @ Apr 20 2006, 10:03 PM)

Looking forward to what lies ahead  

what "lies" ahead... hehe... we'll see what lies or truths they have... I susbscribed to the form, so if I get an email from them sometime, I'll let you guys know what it says

[Arch0n]

QUOTE(Lamer123 @ Apr 21 2006, 06:03 AM)

Ok after a couple re-reads I think I understand .

They are claiming that they They have found two different potential security exploits .

1. that they can write unsighned data to the xbox dash data on the 128 on board nand , by using a local area network .

2. and they have found a security hole in the boot loader chip .
Please correct me if  i am wrong , seriously . I want to know what this is all about .

I'm not sure about what you've posted. The take home message I get is from this section:

QUOTE

Using a fast FPGA card, it is possible to insert a parser/driver between the motherboard and the optical reader... we let the reader conclude by himself (sed -e 's/DVDFAKE/DVDXBOX/g Input > Output ;-)). What about the SATA HD?... wait and see. Maybe another time when few things would have been detailed.

is that using a Field Programmable Gate Array on a PCB (card) they will feed the correct info to the xbox regardless of what the DVD firmware is doing.

So, rather than flashing your DVD's fimware in order to produce expected values to authenticate a disk, this chip will be programmed to do that. Sounds like a "modchip" version of the firmware hack. Probably would contain a table in flash that could be altered to keep up with any changes. Also the ability is there to support all drives as yo udon't care what particular firmware a device has, long as you can recognise and rewrite the  signals to what is expected.

The whole sed reference is for rewriting the data on the fly I am guessing, and is what makes me think the above