Schneier on Security

Even if I have read the document before I can’t help shivering at the thought of somebody using a stream cipher and checking the decryption of the last few bytes to make sure the decryption is correct. This is the kind of stuff taught in Cryptography for dummies. And these engineers are building the most commonly used OS in the world.

On the other hand, Microsoft gave us LM hashes, so I guess I shouldn’t expect too much.

Honestly, is this a big deal? MSFT leveraged off the shelf parts into a short term development cycle and bought their way into the console market. It's a win all the way around, really. All they really need to do is make it difficult for the average gamer to hack the thing. If hobbyists hack it, so what? They still buy it and probably have the means to buy more games. It's a small, but vocal, percentage who end up copying game libraries.

It could be argued the Xbox didn't have the kind of security requirements that other systems do.

Hows the Xbox360 going. Is it hacked yet? Oh i thought this article was posted here before? no?

But all in all this is good news for the demise of DRM while MS stays close to the drivers seat.

The XBOX360 has been hacked to allow copied games to play. The way they did it was to develop a custom firmware for the drives. This works by tricking the drive into reporting all discs as genuine MS media. http://www.xbox-scene.com/xbox1data/sep/EEukZpklFAhkcWwSgZ.php

C Gomez: The XBOX is quite trivial for the average gamer to mod now. No additional hardware is required. It'd literally a 5 minute software operation to go from 'regular xbox' to 'xbox that will copy any insertted game directly to the hard drive and play from there' if you have splinter cell and the hacked save game on your memory card.

Unfortunately for Microsoft, the thing that makes the XBOX so easy to mod this easily is the same thing that makes it such a compelling system for modders...the hard drive.

This is simply a symptom of Digital Restrictions Management. Users have to bend over backwards, break warranty, use illicit tools, and modify firmware/hardware simply to assert their fair-use rights and make useful backup copies of the games they have paid for. As the DRM measures go further into the realm of the draconian, more and more legitimate users either turn to piracy to get the same capabilities, or look for alternatives. Look at the success of Arctic Monkeys - this band wouldn't have seen the light of day if it weren't for Apple/Microsoft DRM, Sony rootkits, and RIAA suing its customers.

I'm going to wrote my own;
9 Mistake Honda made in the Civic EX Security System

1. No run flat tires
2. No encrypted key entry
3. No Armor plateing
4. No Rear Gun ports
5. No front Ground to Air Missle Rack
6. No Lasers
7. No Retinal Owner Verification
8. No Turbine Engine that can run on any fuel
9. No GPS uplink with active tactical battlefield software

COME ON the XBox is a game console not a security device...

Why did they bother with security after all, huh? They could make no protection there, and save some money...

From what I've heard, at least with the xbox itself, Microsoft was losing money on each console, intending to make it up on game licenses. This makes the "they already bought the console" argument rather silly from Microsoft's point of view, and of course they will try to secure the console against the use of unlicensed media.

Good quote from the source: "After reading Bruce Schneier's book on crypto, we learned that TEA was a really bad choice as a hash... But why did they make this mistake? Obviously the designers knew nothing about crypto - again! - and just added code without understanding it and without even reading the most basic books on the topic. "

> 9 Mistake Honda made in the Civic EX Security System

OK, I'll bite ;-)
There are three main threats too:
A) loosing the car
B) doing harm to the passengers of the car
C) doing harm to passengers of other cars.

> 1. No run flat tires

Would help in reducing B and C.
Surcharge would probably be negligible if Honda orders hundreds of thousands.

> 2. No encrypted key entry

Would help in reducing A.
Surcharge will be negligible, that are costs of about US$5/car.

> 3. No Armor plateing

Would not help in any A,B, or C. On the contrary: it would make the car much heavier and lengthen the braking distance.

> 4. No Rear Gun ports

Of no use at all (would help if on the front).

> 5. No front Ground to Air Missle Rack

Of no use at all (would help if Ground2Ground).

> 6. No Lasers

Would help in reducing B and C if used in distance and speed measurements.
It is very expensive yet. Some companies start to use distance and speed measurement e.g Mercedes but it is AFAIK not based on lasers.

> 7. No Retinal Owner Verification

Would help in reducing A.
It is also quite expensiv, but sheer quantity might make it affordable for the buyer of a Civic too.

> 8. No Turbine Engine that can run on any fuel

Would help in reducing B and C but it is not worth the cost.

> 9.[a] No GPS uplink [b] with active tactical battlefield software

(parting by me)
9a would help in reducing A, 9b makes no sense to me.

CZ

"security system of the Xbox has been a complete failure"

Ok, from an outsider's view perhaps (e.g. do you actually use the XBOX? I don't but everyone I know who does likes it because it can be easily hacked) it's easy to throw stones.

"Microsoft wanted to prevent the Xbox from being used with copied games, unofficial applications and alternative operating systems"

Context matters and I'm not sure this claim is accurate. Did Microsoft say this? I think it is much less clear how to define success for their security system, such that Microsoft's product managers or even XBOX users would be able to agree on the trade-offs...and then you have to add in the game companies who want to trust the platform.

If it were a venn diagram, you'd have to be sure you weren't criticizing the security for not being in a part of the picture that it was never intended to be.

"Microsoft decided to design a single security system that was supposed to make Linux, homebrew/unlicensed software and copies impossible."

Again from the Wikipedia. Is there any source to confirm that the goal was to make it "impossible"? Something tells me this is a straw-man argument. I would rather see something more realistic like "Microsoft only had three weeks and one part-time contractor to come up with a best-fit solution that would make it non-trivial to install an alternate OS".

I could go on, but I guess my point comes down to this: if you say that their goal was to put the first XBOX on the moon, well they failed at that too. But what were the real decision points and was that really the goal?

Sorry, meant Wiki not Wikipedia...

"with the xbox itself, Microsoft was losing money on each console"

Correct me if I am wrong, but is this not illegal due to "anti-dumping" legislation brought in to protect the US chip makers from the Far East competition?

I suspect that it also breaches various other laws relating to Anti-Competative behaviour that where brought in to stop certain computer manufactures tying up market sectors.

aww come on. MS does not want a single priated game out there. Period. Not one. The fact that in most countries mod chipping is leagal (its not in the US) means thay want it to be imposable to do. The irony is that because its all hardware they control it should almost be posible (asuming effective reverse enignnering tech).

The security of the XBox has failed!

greg.

The article is somewhat interesting, but the focus is a bit off.

1. The XBOX was (and is) hard enough to hack. The economic impact of the hacked XBOX on Microsoft is essentially non-existant.

2. The XBOX is essentially a very cheap PC. Microsoft needed to convince PC manufacturers that the XBOX was not a threat.

For Microsoft's needs, the XBOX "security" only needs to be "good enough" - and is.

Silly question... what is "phantasy?"

Used twice in the article as an adjective describing hackers in a positive light.

Couldn't find it in urbandictionary or the jargon file.

Martin

I believe "phantasy" is things like Santa Claus, the Tooth Fairy, or a Securely Designed Microsoft Product

Hacking the Xbox isn't important because some kid can copy a friends game or run Linux. It's important because some warehouse in China is using a hacked Xbox to dump game images so they can press 100,000 copies and sell them for $5 each.

The fundamental problem seems to be that Microsoft seems unable to do anything that doesn't look like a classic PC architecture and even given a familiar set of hardware they seem incapable of thinking about security.

That's a very interesting article. After thinking about it, I'm starting to wonder if the whole fiasco is because Microsoft is primarily a software company.

If you look at the measures Microsoft put in place, the one thing they all have in common is that they were all fairly ad-hoc. I see no trace of formalism or analysis in anything that was done, just "wouldn't it be cool" attempts by people who weren't familiar with crypto.

To me it all sounds like the measures used to protect software on a typical PC. Software protection is hard, impossible in theory, because you don't control the whole widget. You can't just apply some good crypto and call it a day because your adversary has everything at hand in an environment they control. So the typical tools of software protection are massive obfuscation and myriad dirty tricks.

When you move to hardware you do control the whole widget and the game changes significantly. It seems Microsoft didn't fully realize what this meant for their security measures. Not that I could necessarily do any better, but the article makes me wonder if their poor security architecture is due to playing the same game in a totally different environment for decades beforehand.

> COME ON the XBox is a game console
> not a security device...
>
> Posted by: AG at June 21, 2006 09:37 AM

As always, measure security against the stated goals, not some arbitrary feeling of "safe." You saw the protection, the vendor reaction, and the attackers' reaction. As the author says related to the unhashed font-files, "We won." Sounds like failure to me. :)

@Martin Frankel:

I believe "Fantasy" and "Phantasy" are used in the article as an ungrammatical transliteration of the French "Fantaisie", one meaning of which is "Imagination".

So, for example, "hackers have enough fantasy to find out these combinations" means they have the imagination required, not that they lust after a solution.

My point is that I believe the amount of Xbox owners who have pirated over 50% of their games is an insignificant number. Even modders still buy xbox games.

I didn't happen to mod my Xbox but I followed the exploits of some friends who had loads of fun with it. Then we all played Halo 2 together when they were done.

I don't think the Xbox was a serious attempt at a closed system. I'm not even sure the 360 is. They just don't want the average console to play pirated games, and I think they and Sony succeeded at that (No mention of the PS or PS2 failures to prevent playing of pirated games).

I completely agree about the problems with DRM hurting legitimate consumers, but I don't fault trying to get the games paid for. We can choose not to buy the games if they suck/are too expensive.

And yes, a legal and effective backup means should exist for games/DVDs/CDs. I paid for it, I'm going to play it.

@ James:
My point is that I believe the amount of Xbox owners who have pirated over 50% of their games is an insignificant number. Even modders still buy xbox games.

I didn't happen to mod my Xbox but I followed the exploits of some friends who had loads of fun with it. Then we all played Halo 2 together when they were done.

I don't think the Xbox was a serious attempt at a closed system. I'm not even sure the 360 is. They just don't want the average console to play pirated games, and I think they and Sony succeeded at that (No mention of the PS or PS2 failures to prevent playing of pirated games).

I completely agree about the problems with DRM hurting legitimate consumers, but I don't fault trying to get the games paid for. We can choose not to buy the games if they suck/are too expensive.

And yes, a legal and effective backup means should exist for games/DVDs/CDs. I paid for it, I'm going to play it.

(Apologies for possible double comment)

@ Geoff Lane
"The fundamental problem seems to be that Microsoft seems unable to do anything that doesn't look like a classic PC architecture and even given a familiar set of hardware they seem incapable of thinking about security."

The 360 is not an Intel PC architecture. They actually went and engineered chips with ATI and IBM.

And besides, just because you engineer your own stuff doesn't mean it can't be hacked. The 360 is not foolproof. Neither was the PS2. The PS3 won't be either.

I submit the requirements to secure these systems aren't the same as securing more sensitive systems. They are video game machines.

I've read this article about half a year ago. Basically, it mostly served me to through in the face of some MS lovers, whoever they are...
AFAIK there is no XBox in Israel which hasn't been cracked, for the precise reasons noted by others. Unlike XBox360, the old one has never been sold in Israel by Microsoft, and all products were privately imported, so the warranty beening voided was never an issue.

I dont know a single xbox owner who hasnt had it modded, and I've known many dozens directly. Scuttlebut is that this is indicative of the general behaviour of owners. Many people buy the odd game but there are a significant number whos only original games are the ones that came bundled with the box.

Here in Oz, modders and game pirates openly advertise in newspapers and sell at markets. Grandmothers who pay as little as $200AU for new units for their grandkids to play when they come over for Sunday roast go out to get the things modded. It's legal to mod here in Oz, as it should be anywhere.

Microsofts take on security (such as it is) was an intended 'feature' of the xbox that has been a demonstrable failure since inception. Theres no debate here. I imagine for once that the general population is happy for Microsoft to have applied their lowest-common-denominator approach to security - as game playing nerds care about security in exactly the opposite way to windoze users.

There are some good lessons in this list; whatever you think about the circumstances of M$ and their Xbox strategy and goals.

Some of what was done in the design process could form the basis for training on how not to do things. Many others have made similar mistakes - but this one is well documented.

The thing I find personally irrating here is the acceptance of the principle of "good enough". Whilst theoretically possible, in practice it is a thinly defensible habit of simply doing things badly and excusing it.

We have built an industry rotten to the core in this regard. This is but another example of it.

@AG

Yeah it is a game console, but if you own one and it's being attacked with buffer overflows, or like proms are being overwritten, with automated attacks, you'd be talking otherwise.

But the issue here is: It can be more secure.

@ C Gomez: "I submit the requirements to secure these systems aren't the same as securing more sensitive systems. They are video game machines."

Actually, these are general purpose computers that have some special hardware and firmware optimizations that make them a decent gaming platform. Since they can be interconnected, their security requirements aren't really different than the average desktop or notebook PC.

What is different is who bears the risk. When used as a game console, the users don't really have risk as they are not storing sensitive data. The software providers, i.e. game companies, are the ones with risk as their revenue stream is at stake if too many pirated copies get spread around.

As Bruce likes to tell us, security is a trade-off. The security of the original X-Box is not a failure because it dissuades a significant number of people from going through the hassle of modifying it.

The X-Box is not hackable right outside of the packaging either unless it is a very early model. There are no less than six versions of the original X-box motherboard and all of them have idiosyncracies in their modding process. If you were to purchase an original for modding today, you would have to solder on your new device to mod it. There is no software-only solution for the latest models. This dissuades a lot of people from attempting it. Remember, security is a tradeoff.

@ Jungsonn
Don't you think that is a little reaching? An XBox being attacked?
I have three XBoxes in my house. One mine, my older brother, and my younger brothers.... one of the boxes is "hacked" and runs sega games, XBox Games, Super NE games, NE games, etc.
I cannot imagine ever having a box attacked from the outside. What if it did? We would probably just rebuild it.

> Silly question... what is "phantasy?"

Something called a "false friend". Such glitches are quite common if you are in a hurry and german (you might take a look at my posts here ;-). It's "Phantasie" in german (or "Fantasie" in the New-German-Orthographie(TM)) so it must be "phantasy" in english, mustn't it?
You might already know that the german word for mobile/cell phone is "Handy" ;-)
The correct english translation would be "fantasia".
It derives ethymological from the ancient greek word φαντασία "imagination" (from φαντάζομαι "to become visible, appear, shew oneself"), the object imagined is φάντασμἀ. See e.g. Platon and Aristoteles for the philosophical background.

CZ

@AG

you said: you have 3 xboxes, one is converted to emulate other platform games, and you think it is not plausible that someone wille ever attack or exploit your xbox, if one did you build/buy a new one.

Well, yeah it is happened because an Xbox can connect to the net. Everything connected to the net which has bad security can, and will be exploited or attacked. Hence when automated attacks are being caried out, it can produce damage. Not everyone likes to take his xbox for repair after such thing, so the lack of proper security is in fact a problem, and should be addressed by the maker.

From the article:

"It turned out that the cypher used in the old version of the secret ROM as found in flash memory used the RC5 cypher. In contrast to RC4, RC5 does feed the decrypted stream back into the key stream. So they seem to have replaced RC5 with RC4 without understanding that RC4 cannot be used as a hash. Bunnie's theory why they abandoned RC5 is that RC5 was still a work in progress, and that Microsoft wasn't supposed to have it, so they went for the closest relative - RC4."

Eh? Just, Eh?

Hmm.. this is really old Xbox (not 360) stuff. I was at the presentation at the 22nd CCC last winter. - I am amazed that this is getting coverage now... This is old.

Do you remember the era where everybody 'hacked' their cars? Big engines, different engines, big carburetors, beefed up drive train, lifts, drops?
The auto makers figured out how to make money from that. Did the ones and zeros scramble the manufacturers' brains?