Topic: Code Signing! (Read 136 times)

psycoguy1080 · « **on:** December 30, 2003, 11:27:00 AM »

the only way that would be possible (by the time xbox2 comes out) would be for someone to hack into MS's gaming department and get the algorithim that way

d0wnlab · « **Reply #1 on:** December 30, 2003, 02:04:00 PM »

the algorithm for how the signing process has already been figured out.. that is why xbedump can re-sign xbe's with patched keys (so if you softmod your xbox and mod your key you can sign xbe's with the new key and they will match up).

BenJeremy: I'm pretty sure your wrong about the DVD's public key being on the DVD. They're all signed with the same key, and that key is on the xbox. Otherwise a publisher could sign with their own private key and then put their public key on the DVD and the algorithm would succeed. In reality this can't happen because ALL xbe's must be signed with the MS key (.. unless you've softmodded or something along that line to change your public key...) Don't say that "the format of the DVDs is a MS special system and that's their protection" because that would in reality be very weak compared to the system they are using, which is the public key encryption. It only works if the signed DVD is independent of the key that checks it. However there is in the XBE header a media check flag, which is why without a modchip/resigning the game you can't run a game from the hard drive or a burnt copy or anything like that.

now, in the same light.. when you copy an xbox dash from one xbox to another, what error message do you get? Is it error 21? If not, then it's some other error: not a key issue. My main point being, the public key IS the same to all the xboxes. There are other unique identifiers to each xbox (MAC, HD key) and maybe these are being used in each dash copy, but it's not the public key. The public key is the same for all xboxes. Otherwise you couldn't all play games.

BenJeremy · « **Reply #2 on:** December 30, 2003, 02:13:00 PM »

QUOTE (d0wnlab @ Dec 30 2003, 06:04 PM)

the algorithm for how the signing process has already been figured out.. that is why xbedump can re-sign xbe's with patched keys (so if you softmod your xbox and mod your key you can sign xbe's with the new key and they will match up).

BenJeremy: I'm pretty sure your wrong about the DVD's public key being on the DVD. They're all signed with the same key, and that key is on the xbox. Otherwise a publisher could sign with their own private key and then put their public key on the DVD and the algorithm would succeed. In reality this can't happen because ALL xbe's must be signed with the MS key (.. unless you've softmodded or something along that line to change your public key...) Don't say that "the format of the DVDs is a MS special system and that's their protection" because that would in reality be very weak compared to the system they are using, which is the public key encryption. It only works if the signed DVD is independent of the key that checks it. However there is in the XBE header a media check flag, which is why without a modchip/resigning the game you can't run a game from the hard drive or a burnt copy or anything like that.

now, in the same light.. when you copy an xbox dash from one xbox to another, what error message do you get? Is it error 21? If not, then it's some other error: not a key issue. My main point being, the public key IS the same to all the xboxes. There are other unique identifiers to each xbox (MAC, HD key) and maybe these are being used in each dash copy, but it's not the public key. The public key is the same for all xboxes. Otherwise you couldn't all play games.

Well, you dug up a thread that's a year and half old.

I understand the process quite well now.

The public key is indeed in the BIOS, the signature is on the XBE. The Private key is held in some very secure location, with only one or a small handful of trusted M$ employees having access to sign the XBEs for production.

heinrich · « **Reply #3 on:** December 30, 2003, 05:48:00 PM »

QUOTE (d0wnlab @ Dec 30 2003, 07:04 PM)

now, in the same light.. when you copy an xbox dash from one xbox to another, what error message do you get? Is it error 21?

You can copy the dash from one xbox to another, like BJ said, this is a year old thread, a lot has been learned since then

d0wnlab · « **Reply #4 on:** December 30, 2003, 10:08:00 PM »

terribly sorry for my post in that case, although im sure if anyone was in the dark they've now seen the light from the last year's work

for the record, I didn't notice the age of the posts until after I posted.. (you'll notice it was not I who dug it up but someone else), and was actually coming on the board to add this disclaimer to the previous post.

just one question though, while on this topic. in order for the signing to make sense, the actual data being encrypted with the private key (MS or hacked/otherwise) has to uniquely identify the xbe. Otherwise you could just steal a genuine MS header and throw it on your public code and it'd be fine. i'm just curious, is it the equivalent of an md5 hash? Just thinking along the lines of exactly how that data is being created, and if one could make a modded xbe *look* like a genuine xbe then you wouldn't have to resign it and just use that xbe's legit header.

edit: and I.. just noticed you're a moderator. well, I'm an idiot. heh. Very sorry..

BenJeremy · « **Reply #5 on:** December 31, 2003, 07:02:00 AM »

Like Nailed said, the entire file is "signed". The BIOS checks the signature using the file and the public key. If the signature does not match, the BIOS refuses to boot it. That is why we use hacked BIOSes to run backups, which are run from non Secure DVD-ROM media (typically what the Xbox games are stamped on and signed for). The media type is part of the signed material, so if you change the media byte, you change the resulting signature, rendering the file "unexecutable" by a normal, unhacked BIOS.

Read up on it. The link to the Xbox-Linux pages from the main X-S home page have a lot of background info on this.

Skitals · « **Reply #6 on:** August 16, 2002, 09:12:00 PM »

You can have my John Handcock

But really, it doesnt work like that. The code signing thing is all completely encrypted with "military grade encryption"... if we had all the seti@home users running an app to crack the encryption... we might have it in like 5 years! (maybe an exageration, but you get the point)

dkoikadabra · « **Reply #7 on:** August 16, 2002, 11:03:00 PM »

Then how do legit developers get their binaries signed? The company that presses the DVDs have a machine that does it or something?
Now that I'm thinking, would it be possible to 'rip' the sign out of a legit XBox binary and throw it into a homebrew one? Probably not, but I'd like to know the official word on it.

Skitals · « **Reply #8 on:** August 17, 2002, 07:33:00 AM »

From the xbox-linux site:

Project B: Run unsigned code on an Xbox without any hardware modification
Development of a CD-ROM (image) that makes an unmodified Xbox run any unsigned code from the CD, and can make the Xbox start bootloader code as described in Task 4 (with the Xbox kernel intact) or as in Task 1 (with the Xbox kernel not being used any more).

Award for the whole task: US$ 100,000

If it was that easy you would be $100,000 richer now. It doesnt work like that!

cyrusuncc · « **Reply #9 on:** August 20, 2002, 10:23:00 AM »

This isn't "official" from MS, but this is the only way i know for it to work. All final programs must be sent to MS to be "signed" before they are pressed. MS is the only people that have the encryption code/algorithm used to sign the .xbe's. That is why developers have a special xbox that will run their unsigned code.

cyrusuncc · « **Reply #10 on:** August 20, 2002, 10:30:00 AM »

and for the "ripping" of a signature.

A digital signature is bascially an ecrypted copy of the original .xbe. MS encrypts the .xbe using their own secret key and algorithm.
When it needs to be verified, the xbox uses the public key to decrypt the signature. If the decrypted signature and the original .xbe match exactly, then the program is valid. Otherwise it has been modified. Read more about digital signatures and public key encryption (like RSA) online.

I am not entirely sure why when we make a copy, the signature is not copied with it...... but this is now digital signatures work.

BenJeremy · « **Reply #11 on:** August 20, 2002, 10:44:00 AM »

QUOTE (cyrusuncc @ Aug 20 2002, 12:30 PM)

and for the "ripping" of a signature.

A digital signature is bascially an ecrypted copy of the original .xbe. MS encrypts the .xbe using their own secret key and algorithm.
When it needs to be verified, the xbox uses the public key to decrypt the signature. If the decrypted signature and the original .xbe match exactly, then the program is valid. Otherwise it has been modified. Read more about digital signatures and public key encryption (like RSA) online.

I am not entirely sure why when we make a copy, the signature is not copied with it...... but this is now digital signatures work.

Actually, the xbe is not encrypted in any way.

The "signing process" generates a signature, which must check correctly against a public key (retrieved from the Xbox's EEPROM for HD apps, or from some location on the DVD for DVD based apps).

M$ holds the private key used to create the signature.

To crack the signature, you'd have to take an application (preferably a small one) and attempt to "sign it" with keys until one matched the check against the public key. Esssentially, it would be a brute force method.

This key is either 128 bits or 1024 bits... I forget, as there are many layers of signing and encryption that go into various parts of the Xbox system (for example, the BIOS is actually encrypted, with a special boot block embedded in the chipset to decrypt it), either way, it's a daunting task to find such a key.

The other problem is that once you discover the keys, what then? You still have to put the key on the DVD in the same fashion as M$ does it.... and that area isn't available to burn on a DVD-R. The key would have to be stamped on the disc in some fashion.

cyrusuncc · « **Reply #12 on:** August 20, 2002, 11:32:00 AM »

yeah, i wasn't saying the .xbe was encrypted, but the "signature" is an encrypted version of the .xbe

As far as the algorithm goes for "signing" (i.e. encrypting) the .xbe... who knows.. and even if we did, its useless without the secret key

BenJeremy · « **Reply #13 on:** August 20, 2002, 12:35:00 PM »

To that end.... we know that .XBEs on the hard drives cannot be swapped between unmodded xboxes, that is, if you downloaded a copy of M$ dashboard from your PC, upload it to another Xbox then switch off the mod on that Xbox, the copy of M$ dashboard will not run.

This implies that the apps on the hard drive have keys UNIQUE for each Xbox.

This might give us a clue, particularly for a small app that might be "bustable" with brute force.

I imagine that M$' manufacturing process includes a step to insall applications on every Xbox with the unique key. It might be as simple as somebody inserting a special disc in the Xbox to format and partition the hard drive and sign & install the apps based on a key. Better still, the ethernet port probably comes into play by downloading the serial number to the Xbox to put in the EEPROM as well (probably what the HD "signing key" and the ATA password are generated from).

Just a few thoughts on the matter.

Author Topic: Code Signing! (Read 136 times)