Topic: Update Xbox 360 With Burned Cd-r (Read 610 times)

InterestedHacker · « **Reply #15 on:** December 14, 2005, 02:37:00 AM »

QUOTE(VoiceOfReason @ Dec 14 2005, 01:32 AM)

You're wrong, in too many particulars to list. I'm not gonna corrent you because I'm sick of correnting people who didn't bother to read the goddamn thread. Read my postings in this thread and General Technical and you'll understand how wrong you are.

I concur, the more you read about the 2048 bit key, the more you will understand that you have more chance of your XBOX 360 sprouting wings and flying south for the winter.

QUOTE(Jason9875 @ Dec 14 2005, 01:50 AM)

Why don't we just create a program to brute force the RSA encryption on the xbox 360, and have it run on our currently idle, or soon to be idle, xboxs?

That would put them to good use, heck maybe even run some wierd DX calls and have the GPU help the CPU out with calculations.

CPU: OK, 10^307 keys to go, jeez I been working on this for a million years already, GPU, can you give me a hand here?

GPU: Sure!!! What do you want me to paint?

CPU: Ahem, paint??? Get your f***ing calculator out mate!

GPU: Calu-what? I have all these pipelines, I suppose if you give me some matrices I can transform them into some amazing polygons for you? Textured, bump mapped and everything?

CPU: No, I need you to help me with this b***ard of a sum, it's doing my head in!!!

GPU: What about some specularity light maps, I can produce some amazingly authentic HDR-L effects? Maybe I can shed some light on the problem?

CPU: Never mind, I got more problems here now, I think part of my ALU just melted... I just ran a thread that contained a posting from XBOX Scene forums, I happened to spot a string as it passed by, it read 'Why can't we brute force hack the XBOX 720s 8192 bit RSA key?'. I think I am going to have a break down!! Mediiiiiic!!

EDIT: PS - Yes, you can use GPU to do some calculations, but it's still not going to make sod all difference.

InterestedHacker · « **Reply #16 on:** December 14, 2005, 02:56:00 AM »

QUOTE(modthebox.tk @ Dec 14 2005, 05:07 AM)

yeah, one thing though. didn't Xbox-Linux make a supercomputer out of some Xboxes? Well as far as my knowledge goes, the xbox cpu is 128 bit processor, link some of these babies up and you got yourself something that might be able to decrypt the code *cough* in a couple of years *cough**cough*.

128bit?? It's a Pentium III 750! 32bit...

BlindMaphisto · « **Reply #17 on:** December 14, 2005, 12:22:00 PM »

Sounds like the only way we will ever be able to make something and burn it on a disk to run in a default xbox360 would be to get ahold of the program at MS that signs these things.

The_Truth · « **Reply #18 on:** December 14, 2005, 02:43:00 PM »

sorry guys... it's been thought of... we tried to crack the first key to no avail... there was one project started... but I never heard of any success... and it would take an enormous amount of time to crack the key... so for now let's not even try and approach this method

SkateorDie · « **Reply #19 on:** December 14, 2005, 03:33:00 PM »

It would be easier to hack MS

mksoftware · « **Reply #20 on:** December 20, 2005, 09:08:00 AM »

QUOTE(SkateorDie @ Dec 14 2005, 11:40 PM)

It would be easier to hack MS

It would be easier to go to the Xbox team at night and take a look in there....

You see, there is NO possibility of hacking Xbox 360 with Brute Force

dcnigma · « **Reply #21 on:** December 20, 2005, 05:19:00 PM »

totaly not xbox or xbox360 related.

but how did they do it in fact for the the dreamcast?

I have tried the selfboots but now, i ask my how did they do it.

can someone explain me how?
they boot directly from your dreamcast. did they find the key, i know they used a little sound track as raw file.
at the first track of the dics. but how did they find it? maybe i gone look i to it but it later but it's easyer to ask it here.

previous year i have seen the xbox-linux tool for the rsa key.
however did't know how it worked untill you guys explanatied it to me.

thx for the good info.

Greetz dcnigma

btw the dc stands for Dreamcast previous nick nigma at dcemulation know for the dc tonic cover at boob.co.uk

shameless self promotion.

bkc82 · « **Reply #22 on:** December 23, 2005, 01:47:00 AM »

QUOTE(jhonnypolak @ Dec 23 2005, 09:19 AM)

you know what those hacker guys should do ?
Make a distributed calculation program, to brute force crack the private key of MS.

They should make something like that SETI@Home program. If like 10,000 people downloaded it, it would be cracked fairly quickly wouldnt it ?

NO.
This is the size of the number that must be factored. It is not feasible to do this in an acceptable amount of time even with all the computers on earth right now.

lordvader129 · « **Reply #23 on:** December 23, 2005, 08:09:00 AM »

QUOTE(jhonnypolak @ Dec 23 2005, 02:19 AM)

you know what those hacker guys should do ?
Make a distributed calculation program, to brute force crack the private key of MS.

They should make something like that SETI@Home program. If like 10,000 people downloaded it, it would be cracked fairly quickly wouldnt it ?

the key was designed with distrubuted computing, clustering, and supercomputers in mind, advancements in computer technology were also factored in

we will NEVER crack the private key this way

pez2k · « **Reply #24 on:** December 23, 2005, 05:43:00 PM »

QUOTE(dcnigma @ Dec 21 2005, 12:26 AM)

can someone explain me how?
they boot directly from your dreamcast. did they find the key, i know they used a little sound track as raw file.
at the first track of the dics. but how did they find it? maybe i gone look i to it but it later but it's easyer to ask it here.

The Dreamcast's BIOS is set up to boot from correctly formatted CD-Rs, and there's no signing of code at all, you just have to have a legitimate 1ST_BOOT.bin. It was eventually fixed, but the console was dead by then.

On the Xbox and 360, all code has to be signed with MS' key, and be run from preset types of media only (Xbox DVD for games, but some applications such as the dash can run from HDD etc). As you can see, there's a world of difference.

mksoftware · « **Reply #25 on:** December 28, 2005, 05:42:00 AM »

QUOTE(warp1g @ Dec 24 2005, 01:33 AM)

If I see another post from someone suggesting that a brute force attack on MS's private signing key is possible I am going to actually vomit. VoiceOfReason has explained in exhaustive detail the mathematical realities of attempting to do so.

It. Wont. Happen.

If you look at the DRM hacks that have occurred in the recent past (XBOX, Apple FairPlay, CSS, etc) you will notice that NONE of them have attacked the crypto algorithm's themselves -- they simply find weaknesses in the design of the hardware, software, implementation of an algorithm etc and work AROUND it.

As it has been stated a BILLION times in this and every other xbox-related forum todate, no one is going to bust the key. Someone will eventually find a way to control the flow of instruction execution, and then the scene will begin to receive its much sought after mechanism to play unsigned code.

As equally repeatedly stated, there is alot of cash at stake here, and money is the father of xbox chip invention. Certainly the usual suspects are hard at work decapsulating chips, investigating the hardware and software in mind-bogglingly complex detail and someone will get the job done. Or continue to investigate yourself -- just don't even mention anything that sounds like "hacking/breaking/brute forcing/creating" a signing key.

Stop the insanity.

Until then, pop $60 for a game or go rent one and sit tight. It's coming.

-wP!

Great explanation, let's hope this gets the n00b questions away..

b-fix · « **Reply #26 on:** December 30, 2005, 08:22:00 AM »

QUOTE(mackmighty @ Dec 30 2005, 11:38 AM)

It is possible to download games and demos through xboxlive and play them. Would it be possible to fool your xbox that it is connected to xbox live, dowload a pirated version of a game to its hd and the use a legitimate game dvd to as a "first boot bin” to play it.
Maybe you can try as an experiment what will happen if you extracted an original game, copied it to the hard drive. Tried to play the game from the hard drive with the original disk inserted.

It is my impression that the game demos that are downloaded via Live is signed with the ms key, but has no media check.
I could imagine that if someone somehow could create their own Live service and fool the x360 to download a pirated game one would run into trouble with the media check. If one could edit the executable file to avoid the media check the edited file would not be signed with the ms key and the x360 would just stop executing the file on that check.

lordvader129 · « **Reply #27 on:** December 30, 2005, 09:14:00 AM »

QUOTE

It is possible to download games and demos through xboxlive and play them. Would it be possible to fool your xbox that it is connected to xbox live, dowload a pirated version of a game to its hd and the use a legitimate game dvd to as a "first boot bin to play it.
Maybe you can try as an experiment what will happen if you extracted an original game, copied it to the hard drive. Tried to play the game from the hard drive with the original disk inserted.

even if we could spoof Live (which we cant) copying a game to the HD and actually playin git off the HD are 2 very different things, the media check would fail on the game you try to load from the HD, using a retail disc to load it wont work either, since the media checks are in the xex, when you load the game off the HD the checks in that xex will fail and it wont run

iamarockgod · « **Reply #28 on:** December 30, 2005, 01:24:00 PM »

QUOTE(dcnigma @ Dec 20 2005, 06:26 PM)

but how did they do it in fact for the the dreamcast?

I have tried the selfboots but now, i ask my how did they do it.

can someone explain me how?
they boot directly from your dreamcast. did they find the key, i know they used a little sound track as raw file.
at the first track of the dics. but how did they find it? maybe i gone look i to it but it later but it's easyer to ask it here.

btw the dc stands for Dreamcast previous nick nigma at dcemulation know for the dc tonic cover at boob.co.uk

shameless self promotion.

Ok... finally a question I know something about. Sega used a very weak but effective copy protection on their system. I myself loved and miss my Dreamcast. The protection came as of 2 parts for the most part, and they are rather clever for the time.

First... Sega had custom GD-Roms which were almost twice the size of a CD-Rom, with a possible size of about 1 GB of data. No "standard" cd-rom can read them to this day, no matter what anyone claims. Part of the reason for that is the tracks are way closer together than a standard cdr, which would give problems with the laser not being able to stay on track. The other part is the genius part... the put a nice thick unreadable ring as a stop barrier for computer lasers to stop at... the data before those tracks is in standard format that a pc could easily read. Once the computer's laser gets to that ring though, your drive kicks the laser back thinking it reached the end of the disc. Since the Dreamcast has a custom drive in it, it is able to go beyond that ring, and it knows it is there, because that ring is on the same place on EVERY Dreamcast disc.

Second... the Boot.bin or 1stboot.bin files (cant remember...been too long) had to be scrambled to self boot, so they were encrypted a little. The only problem was that it was very weak, and easy to figure out compared to what the Xbox 360 uses. With those files, you have to tell the dreamcast EXACTLY where to start on the disc for reading actual data, by using an LBA value equivalent to the start of your actual data. I dont know why they did this... but if you create a disc by yourself that YOU ripped, with either a Coder's Cable or if you are lucky enough to have the Broadband adapter, you will have to make that change if I recall correctly... I only successfully backed up Soul Calibur from my original to see how it worked

Now that I think of it, the reason the lba was needed was that you created a first session with something of a audio track... but the ip.bin and 1stboot.bin needed to know where the second session started. I would guess that this would be to get past the ring on the discs, or to show where audio stopped and data began...You can find all this information at the "usual" Dreamcast places...lol

As for the 360... I wish people would stop speculating on the next to impossible. RSA Keys are a waste of time and effort since it would take longer than you live to even get somewhere at all with decryption... Just keep to the ways that have some sort of reality of actually working

Hardware hacks are the best way, but you have to figure out how ALL of the software and security works before that can happen

Give it time, and keep putting in your ideas that make somewhat sense... so we all can work together

phatman · « **Reply #29 on:** January 20, 2006, 11:46:00 AM »

RSA will easily be cracked within the next fifty years. A quantum computer could factor a number on the order of 10^200 in seconds. However this point is mute because the advent of quantum computing will become a reality long after the 360 and by then a more complex key will be created to adjust to this leap in computing. I am not saying that cracking the private key is an option for hacking the box, just wanted to emphasize that it will not take trillions of years to crack this key. As of today, with current technology YES, but look at the technological progress made in the last 50 years and rest assured that RSA will become obsolete soon. Just my 2 cents.

Author Topic: Update Xbox 360 With Burned Cd-r (Read 610 times)