Print

[tnbigdawg]

Well this has been talked about in other forums. The update file is signed by MS. Any modification to it and the signiture is broken. The CD's that the retailers have are something of interest though but then again, if we dump the contents of those CDs and modify it, we break the signiture and can't load it into an unmodded 360.

[Warp17]

UPDATES’
°! ¼MEDIA’,QñN$
€à   ¨e–.CLw•;`£ŒÝ”rXé \Device\CdRom0\default.xex'‚Cv‰åinstallupdate.exe”XRTLLIB3@XAPILIB3@LIBCMT3@XBOXKRNL3@D3D93@XUIRUN3@
XUIRNDR3@XAUD3@XGRAPHC3@@


xam.xexxboxkrnl.exeÍÍÍXÎ*

So far this is all I could get out of the default.xex.  As far as the signature why can't we recreate the signature.  I am sure someone can get ahold of a program that is "like" the original xdk acourding to the xbox developer site some compainies are useing the same xdk that was for the old xbox for the 360.
Shows some of the things that the default.xex dose.

Also I was reading that if you format an external usb HD with FAT32 and make sure it is small enough you can get an xbox 360 to acesses data off of it.    http://llamma.com/xb...d Drive Mod.htm

I asume you also could get the xbox to get information to run from something such as a PDA and a secure digital card.

[lordvader129]

QUOTE

I am sure someone can get ahold of a program that is "like" the original xdk acourding to the xbox developer site some compainies are useing the same xdk that was for the old xbox for the 360.

that has nothign to do with signing, MS does all the singing themselves, its never left to 3rd parties

look for the other threadont eh digital signature in 360 hacking general, that will have info on it

[DaBiscuit]

QUOTE(Warp17 @ Dec 12 2005, 11:53 AM)

  As far as the signature why can't we recreate the signature.

First you just need MS's secure private key. It cannot be extracted from the development kits, or from an X-Box 360 game disk. When you apply a public/private keypair encrytion routine to a disk, the private key cannot be recovered from the disk without millions of years of brute-force decryption. The fastest computers that exist are still at LEAST a million times too slow to crack the MS private key. The public key can be obtained, but that is no good at all without its counterpart.

You cannot recreate the signature. Nor can anyone else, other than MS.

[crustyteacup]

QUOTE(DaBiscuit @ Dec 12 2005, 05:49 PM)

First you just need MS's secure private key. It cannot be extracted from the development kits, or from an X-Box 360 game disk. When you apply a public/private keypair encrytion routine to a disk, the private key cannot be recovered from the disk without millions of years of brute-force decryption. The fastest computers that exist are still at LEAST a million times too slow to crack the MS private key. The public key can be obtained, but that is no good at all without its counterpart.

You cannot recreate the signature. Nor can anyone else, other than MS.

i agree with your argument of course, however i don't agree on the bold claim of computers not being able to crack this code without millions of years. first of all, thats what clusters of computers can be used for, lets not talk in terms of a computer. plus also, when anybody makes such a claim, they seem to forget to take into account that computers do get faster, and there are more of them year upon year. of course, if anybody happens to have a cluster of supercomputers at their mercy, feel free to share.....

i'd also like to add that, if you have thought of some simple way to exploit some kind of loophole in order to run unsigned code, then MS have probably already thought of it, they did spend 2 years on the security for this machine.

[lordvader129]

QUOTE

i'd also like to add that, if you have thought of some simple way to exploit some kind of loophole in order to run unsigned code, then MS have probably already thought of it, they did spend 2 years on the security for this machine.

thank you, at least i know theres some people in the forum with some common sense

the way i look at it, if you can think of a way to mod 360 in 3 weeks, and i can think of a way it wont work in 3 seconds, then MS thought of both of them long before we did

[golightning]

QUOTE(VoiceOfReason @ Dec 12 2005, 10:56 PM)

Oh for crying out loud.

Read my posts in this thread; I don't feel like typing it up again. In a nutshell: if you multiplied the number of computers on the planet by a trillion, and made them all a trillion times faster, and networked every single one of them together and used the resultant cluster to try to brute-force RSA... it wouldn't take millions of years. It wouldn't take billions of years, it wouldn't take trillions of years. It would take unimaginably more than a googol googol years. Even if every single subatomic particle in the universe were in actuality a computer a trillion times faster than today's computers, and even if all of them were networked into one gigantic cluster, it would still take many many times longer than the total age of the universe to complete.

I mean, c'mon. Seriously. RSA is used by banks to protect customer data, it's used by the United States government to secure top-secret information. You don't think that one of them might've at one time thought, "Hey, you know, computers do get faster... perhaps we should pick a key length sufficient to withstand a brute force attack far into the imaginable future?"

My brain just exploded.

[Keshire]

People need to do some research on cryptography before they start flapping their gums.

Then look up why people are afraid of quantum computing.

[DaBiscuit]

QUOTE(crustyteacup @ Dec 13 2005, 02:02 AM)

i agree with your argument of course, however i don't agree on the bold claim of computers not being able to crack this code without millions of years. first of all, thats what clusters of computers can be used for, lets not talk in terms of a computer. plus also, when anybody makes such a claim, they seem to forget to take into account that computers do get faster, and there are more of them year upon year. of course, if anybody happens to have a cluster of supercomputers at their mercy, feel free to share.....

The sheer amount of data involved means that irrespective of the requisite amount of processing time, all the computers currently extant, including obsolete machines, and those not in use, would not have enough storage between them all to handle it effectively. You are speaking of hunting through countiless giant prime numbers. Please read VoiceofReason's other post that he linked to. The sheer genius of RSA-2048 encryption is that it is a googolplex times easier to easier to create a keypair than it is to crack the resultant signature. The numbers are so big that it would probably take the lifetime of the universe to find them. Unless you start from the position of knowing what the two factors are, you'll never live to see the encrytion broken, no matter how much you apply Moore's Law. It didn't happen on the X-Box 1, and it probably won't happen on the X-Box 360.

QUOTE

I'd also like to add that, if you have thought of some simple way to exploit some kind of loophole in order to run unsigned code, then MS have probably already thought of it, they did spend 2 years on the security for this machine.

The most intelligent comment I have seen in this group of sub-forums.

[throwingks]

QUOTE(Keshire @ Dec 12 2005, 11:19 PM)

People need to do some research on cryptography before they start flapping their gums.

Then look up why people are afraid of quantum computing.

I want to do research. Can I get a link?

[pcsxdc]

The signature key of the RSA is embedded on each of the media[corrent me if I am wrong] on each individual disc and is 256 bit characters wide. Meaning, on todays 64 bit processors, we would need to string and compare each individual sector with a 4 string 64 bit string each time for each instruction with algorithms requiring runtime of O(n^2). Now, although runtime does not mean crap in terms of modern day computing for just regular appliactions, doing bruteforce check for passwords on simple zip files with only 5 characters takes a good hour on a small zip file. Now applying the same logic for an 8 gig disc with 256 bit character wide key[not even knowing if it is spread across several different sectors], that would take many many years straight with no breaks in between. Just my 2 cents [if anyone can correct me, thats cool]. It would not take many trillions of years, but I would say using the bruteforce method, it would take more years than the consoles life time to crack the RSA key implemented for the 360.

[VoiceOfReason]

QUOTE(pcsxdc @ Dec 13 2005, 02:34 PM)

[corrent me if I am wrong]

You're wrong, in too many particulars to list. I'm not gonna corrent you because I'm sick of correnting people who didn't bother to read the goddamn thread. Read my postings in this thread and General Technical and you'll understand how wrong you are.

[VoiceOfReason]

QUOTE(Jason9875 @ Dec 13 2005, 03:50 PM)

Why don't we just create a program to brute force the RSA encryption on the xbox 360, and have it run on our currently idle, or soon to be idle, xboxs?

Because if all the Xboxes that were ever made got together and had baby Xboxes, a thousand Xboxes each, and every single one of those Xboxes got to work brute forcing RSA, the sun would expand to a red giant and collapse, all the stars would grow dim, and the universe would fade to a featureless void before they were a minuscule fraction of a minuscule fraction of a minuscule fraction complete.

[Jason9875]

It was a joke!

Designated by the  

Anyway I originally had a disclaimer in small text in there, but the forums suddenly read the -7 size text as a gigantic font size, kinda the opposite of what I wanted.

[modthebox.tk]

QUOTE(crustyteacup @ Dec 13 2005, 04:02 AM)

i agree with your argument of course, however i don't agree on the bold claim of computers not being able to crack this code without millions of years. first of all, thats what clusters of computers can be used for, lets not talk in terms of a computer. plus also, when anybody makes such a claim, they seem to forget to take into account that computers do get faster, and there are more of them year upon year. of course, if anybody happens to have a cluster of supercomputers at their mercy, feel free to share.....

i'd also like to add that, if you have thought of some simple way to exploit some kind of loophole in order to run unsigned code, then MS have probably already thought of it, they did spend 2 years on the security for this machine.

yeah, one thing though. didn't Xbox-Linux make a supercomputer out of some Xboxes? Well as far as my knowledge goes, the xbox cpu is 128 bit processor, link some of these babies up and you got yourself something that might be able to decrypt the code *cough* in a couple of years *cough**cough*.