Post by: psycoguy1080 on December 30, 2003, 11:27:00 AM
Post by: d0wnlab on December 30, 2003, 02:04:00 PM
BenJeremy: I'm pretty sure your wrong about the DVD's public key being on the DVD. They're all signed with the same key, and that key is on the xbox. Otherwise a publisher could sign with their own private key and then put their public key on the DVD and the algorithm would succeed. In reality this can't happen because ALL xbe's must be signed with the MS key (.. unless you've softmodded or something along that line to change your public key...) Don't say that "the format of the DVDs is a MS special system and that's their protection" because that would in reality be very weak compared to the system they are using, which is the public key encryption. It only works if the signed DVD is independent of the key that checks it. However there is in the XBE header a media check flag, which is why without a modchip/resigning the game you can't run a game from the hard drive or a burnt copy or anything like that.
now, in the same light.. when you copy an xbox dash from one xbox to another, what error message do you get? Is it error 21? If not, then it's some other error: not a key issue. My main point being, the public key IS the same to all the xboxes. There are other unique identifiers to each xbox (MAC, HD key) and maybe these are being used in each dash copy, but it's not the public key. The public key is the same for all xboxes. Otherwise you couldn't all play games.
Post by: BenJeremy on December 30, 2003, 02:13:00 PM
| QUOTE (d0wnlab @ Dec 30 2003, 06:04 PM) |
| the algorithm for how the signing process has already been figured out.. that is why xbedump can re-sign xbe's with patched keys (so if you softmod your xbox and mod your key you can sign xbe's with the new key and they will match up). BenJeremy: I'm pretty sure your wrong about the DVD's public key being on the DVD. They're all signed with the same key, and that key is on the xbox. Otherwise a publisher could sign with their own private key and then put their public key on the DVD and the algorithm would succeed. In reality this can't happen because ALL xbe's must be signed with the MS key (.. unless you've softmodded or something along that line to change your public key...) Don't say that "the format of the DVDs is a MS special system and that's their protection" because that would in reality be very weak compared to the system they are using, which is the public key encryption. It only works if the signed DVD is independent of the key that checks it. However there is in the XBE header a media check flag, which is why without a modchip/resigning the game you can't run a game from the hard drive or a burnt copy or anything like that. now, in the same light.. when you copy an xbox dash from one xbox to another, what error message do you get? Is it error 21? If not, then it's some other error: not a key issue. My main point being, the public key IS the same to all the xboxes. There are other unique identifiers to each xbox (MAC, HD key) and maybe these are being used in each dash copy, but it's not the public key. The public key is the same for all xboxes. Otherwise you couldn't all play games. |
Well, you dug up a thread that's a year and half old.
I understand the process quite well now.
The public key is indeed in the BIOS, the signature is on the XBE. The Private key is held in some very secure location, with only one or a small handful of trusted M$ employees having access to sign the XBEs for production.
Post by: heinrich on December 30, 2003, 05:48:00 PM
| QUOTE (d0wnlab @ Dec 30 2003, 07:04 PM) |
| now, in the same light.. when you copy an xbox dash from one xbox to another, what error message do you get? Is it error 21? |
You can copy the dash from one xbox to another, like BJ said, this is a year old thread, a lot has been learned since then
Post by: d0wnlab on December 30, 2003, 10:08:00 PM
terribly sorry for my post in that case, although im sure if anyone was in the dark they've now seen the light from the last year's work
for the record, I didn't notice the age of the posts until after I posted.. (you'll notice it was not I who dug it up but someone else), and was actually coming on the board to add this disclaimer to the previous post.
just one question though, while on this topic. in order for the signing to make sense, the actual data being encrypted with the private key (MS or hacked/otherwise) has to uniquely identify the xbe. Otherwise you could just steal a genuine MS header and throw it on your public code and it'd be fine. i'm just curious, is it the equivalent of an md5 hash? Just thinking along the lines of exactly how that data is being created, and if one could make a modded xbe *look* like a genuine xbe then you wouldn't have to resign it and just use that xbe's legit header.
edit: and I.. just noticed you're a moderator. well, I'm an idiot. heh. Very sorry..
Post by: BenJeremy on December 31, 2003, 07:02:00 AM
Read up on it. The link to the Xbox-Linux pages from the main X-S home page have a lot of background info on this.
Post by: Skitals on August 16, 2002, 09:12:00 PM
But really, it doesnt work like that. The code signing thing is all completely encrypted with "military grade encryption"... if we had all the seti@home users running an app to crack the encryption... we might have it in like 5 years! (maybe an exageration, but you get the point)
Post by: dkoikadabra on August 16, 2002, 11:03:00 PM
Now that I'm thinking, would it be possible to 'rip' the sign out of a legit XBox binary and throw it into a homebrew one? Probably not, but I'd like to know the official word on it.
Post by: Skitals on August 17, 2002, 07:33:00 AM
Project B: Run unsigned code on an Xbox without any hardware modification
Development of a CD-ROM (image) that makes an unmodified Xbox run any unsigned code from the CD, and can make the Xbox start bootloader code as described in Task 4 (with the Xbox kernel intact) or as in Task 1 (with the Xbox kernel not being used any more).
Award for the whole task: US$ 100,000
If it was that easy you would be $100,000 richer now. It doesnt work like that!
Post by: cyrusuncc on August 20, 2002, 10:23:00 AM
Post by: cyrusuncc on August 20, 2002, 10:30:00 AM
A digital signature is bascially an ecrypted copy of the original .xbe. MS encrypts the .xbe using their own secret key and algorithm.
When it needs to be verified, the xbox uses the public key to decrypt the signature. If the decrypted signature and the original .xbe match exactly, then the program is valid. Otherwise it has been modified. Read more about digital signatures and public key encryption (like RSA) online.
I am not entirely sure why when we make a copy, the signature is not copied with it...... but this is now digital signatures work.
Post by: BenJeremy on August 20, 2002, 10:44:00 AM
| QUOTE (cyrusuncc @ Aug 20 2002, 12:30 PM) |
| and for the "ripping" of a signature. A digital signature is bascially an ecrypted copy of the original .xbe. MS encrypts the .xbe using their own secret key and algorithm. When it needs to be verified, the xbox uses the public key to decrypt the signature. If the decrypted signature and the original .xbe match exactly, then the program is valid. Otherwise it has been modified. Read more about digital signatures and public key encryption (like RSA) online. I am not entirely sure why when we make a copy, the signature is not copied with it...... but this is now digital signatures work. |
Actually, the xbe is not encrypted in any way.
The "signing process" generates a signature, which must check correctly against a public key (retrieved from the Xbox's EEPROM for HD apps, or from some location on the DVD for DVD based apps).
M$ holds the private key used to create the signature.
To crack the signature, you'd have to take an application (preferably a small one) and attempt to "sign it" with keys until one matched the check against the public key. Esssentially, it would be a brute force method.
This key is either 128 bits or 1024 bits... I forget, as there are many layers of signing and encryption that go into various parts of the Xbox system (for example, the BIOS is actually encrypted, with a special boot block embedded in the chipset to decrypt it), either way, it's a daunting task to find such a key.
The other problem is that once you discover the keys, what then? You still have to put the key on the DVD in the same fashion as M$ does it.... and that area isn't available to burn on a DVD-R. The key would have to be stamped on the disc in some fashion.
Post by: cyrusuncc on August 20, 2002, 11:32:00 AM
As far as the algorithm goes for "signing" (i.e. encrypting) the .xbe... who knows.. and even if we did, its useless without the secret key
Post by: BenJeremy on August 20, 2002, 12:35:00 PM
This implies that the apps on the hard drive have keys UNIQUE for each Xbox.
This might give us a clue, particularly for a small app that might be "bustable" with brute force.
I imagine that M$' manufacturing process includes a step to insall applications on every Xbox with the unique key. It might be as simple as somebody inserting a special disc in the Xbox to format and partition the hard drive and sign & install the apps based on a key. Better still, the ethernet port probably comes into play by downloading the serial number to the Xbox to put in the EEPROM as well (probably what the HD "signing key" and the ATA password are generated from).
Just a few thoughts on the matter.