The state of the art in Xbox hacking is constantly advancing. Thousands of hackers are constantly researching, innovating, discovering, and sharing new methods and techniques for making the Xbox a more useful and valuable piece of hardware to its end users. Keeping abreast of the latest developments in hacking can be overwhelming. Hopefully, reading this book has given you the faculties to understand the latest posts and news on various websites and web fora dedicated to Xbox hacking. This chapter discusses where you can go to find out more about the latest hacks, where to ask for help, and how you can contribute your unique abilities and perspective to the community. This chapter also discusses some of the larger challenges that will face hackers in the future, namely the trusted PC initiatives.
Xbox hackers are an anarchistic community that works mostly underground, keeping in touch and sharing information through various Internet “fora” (fora is the plural of forum, as data is the plural of datum). Most of the Xbox hacking community keeps a low profile, and hackers often use pseudonyms to protect their identities. The reasons for using pseudonyms varies, but in general anonymity carries the benefit of greater operating freedom. Hackers are more inclined to share their results and findings if they know they can back away unscathed in case things get ugly. The use of pseudonyms also levels the playing field. Hackers judge each other primarily on the basis of the quality and frequency of their contributions, and little else. The fact that you may be young does not detract from your first impression or street credibility, as it might in other situations. Likewise, many hackers have no qualms about being blunt when you’ve made an error, and they have even less patience for stupidity presented as erudition or rude assertions. On the other hand, many hackers are more than happy to extend a hand to those who have made an honest effort to read the FAQs, search the web and general y try their best to check and make sure that the question hasn’t already been answered.
The Xbox hacking community has many civic fora for sharing their results and airing their concerns. The most popular fora are web-based BBSes such as www.XboxHacker.net and www.xbox-scene.com, and IRC channels such as #xboxhacker. Web-based BBSes typically feature news logs, FAQs, and useful links to information. More importantly, BBSes include fora where people can share information and post questions. Through these fora, you can tap the collective knowledge of all the hackers that frequent these BBSes. The logged history of these fora also contains a wealth of Xbox hacking information (and misinformation). I encourage readers who have unanswered questions from this book to check out these fora for answers.
One of the first Xbox hacking fora to be created was the XboxHacker BBS (www.xboxhacker.net). Many of the best and brightest Xbox hackers have contributed to its fora. For example, one of the forum threads documents, in real-time, the adventures of Andy Green (known as numbnut on the XboxHacker BBS) as he hacked the version 1.1 security scheme of the Xbox. I have learned much from reading the forum postings of the XboxHacker BBS. I have also met some of the most interesting people through the BBS fora. The founder of the XboxHacker BBS, Dan Johnson (also known as SiliconIce) tells his story in the sidebar “Profile: Dan Johnson.”
Another resource for finding more information about the Xbox in general is the web search engine Google (www.google.com). As more hackers become involved with the Xbox, Google is becoming an increasingly important tool for casting a wide net and discovering the latest tools and techniques. For example, at the time of writing Google started indexing a number of resources for replacement Xbox components. This can be useful for those who do not want to go through the trouble of adapting an ATX power supply to work with the Xbox.
Try to use keywords that are as specific as possible when searching with Google. For example, typing Xbox hacking into Google will return a large number of links related to the general topic of Xbox hacking, but few specifics. For example, today’s top hit on Google for “Xbox hacking” is a LWN.net article titled “LWN: Lindows CEO funds Xbox hacking contest (News.com).” This seems fairly removed from information about how to install a new hard drive or the details about the Xbox security system. When narrowing down your search, try to figure out what the de facto jargon and spelling is for your concept. Suppose you are looking for information on the new Xbox security system. If you search on new Xbox, you hardly get any technical information. However, if you search on xbox v1.1 the search returns many more useful technical results. One of the best ways to harvest the current jargon and acronyms is by browsing the hacking BBSes.
If you are looking for a way to contribute to the Xbox hacking community, keep in mind that most hackers have a unique skill or strength that typically corresponds to his or her area of greatest interest, and that most hackers hack for fun. For example, I really enjoy hardware, especially when it requires building something. Also, while I can write code, I don’t particularly enjoy it. Thus, my contribution to the hacking community is primarily through hardware projects. Likewise, I have a hard time motivating myself to engage in software projects. So, most of the time I just sit back and enjoy watching what other people are doing on the Xbox. It is both educational and entertaining.
When trying to think about what you can do for the Xbox hacking community, don’t worry yourself about trying to jump in quickly and rush into a project that you aren’t in love with, or that you aren’t comfortable executing. You will know when your time has arrived: the project will just shout your name, and you will naturally be compelled to hack.
Can you tell us a little bit about yourself, and how you got into hacking?
For some time, I had been interested in electronics hacking, though for the most part my interest had been limited to merely reading about such feats. Hacked devices such as Sega’s Dreamcast and the Netpliance I-Opener had caught my attention from time to time. However, my first real experience with electronics hacking came with the “ePods,” a discontinued internet appliance/web-tablet device. I read about these interesting devices online and found my way to Ken Segler’s I-Appliance BBS (http://www.linux-hacker.net), home of the famous I-Opener hacks. After reading about the neat things people were doing with these tablets, I was intrigued and spent a good deal of my saved up money at the time ($200) on one of the units. After receiving my new toy, I spent a lot of time performing many of the documented hacks, mostly software based. This was to be my first glimpse into the world of electronics hacking. After the ePods, I moved on to another internet appliance, the Gateway Connected Touchpad. A slick-looking 10" touchscreen with a 400MHz Crusoe and 96MB RAM housed behind it; it looked like a great deal and perfect for a fun project. The device ran a custom build of Linux for AOL off of a 32MB CompactFlash card. I swapped this out with a Microdrive and after much swapping of this disk between laptops and USB readers and the Gateway, the device booted a pared down version of Windows using “98Lite.” The device seemed perfect for use as a finger-operated, network-attached mp3 jukebox (among other things) so I began working on a custom player that would allow easy operation via the touchpad. The whole Gateway experience made for a neat summer project between my Junior and Senior years of high school.
How did the XboxHacker BBS come about?
It was during this time period that I got the idea for XboxHacker.Net. To me, the Xbox seemed to have the potential to be the ideal computing device for under the TV . . . as soon as it could be programmed. The hardware was most impressive for the time, and more than adequate for what I hoped would be accomplished on the device. Unlike other consoles, the Xbox also was to have a hard drive and ethernet port built in. Once hacked, the Xbox could be used to emulate old consoles such as NES, SNES, N64, and even PSX, to conveniently play back any type of media file, such as mp3s or DivXs, on your home entertainment system, to play streamed media from a home network, or even to double as a basic PC. Some argued that the cost of the device at $299 made it out of range to bother hacking, as a PC with similar specs could be constructed without the need for hacking for not much more in cost. However, the Xbox had the advantage that it could also play Xbox games and was already designed to sit with your TV. The hacks would just be added value. After my short foray into the world of electronics hacking, I thought that hacking the Xbox could be an interesting project to help organize as I was intrigued by the possibility of having a convenient box for my TV to perform the tasks mentioned above. It was not until many months later that I would actually acquire the XboxHacker.Net domains.
How was your experience growing and running the XboxHacker BBS?
From the beginning, XboxHacker.Net focused on a few primary goals: providing and spreading technical information about the Xbox, and providing a place for fellow hackers to discuss technical information related to hacking the Xbox. Though due to my limited technical knowledge and experience I could do little in the way of actual hacking to contribute to the effort, I knew plenty enough to help facilitate the effort by collecting and distributing relevant information and moderating a discussion board.
Not long after the site launched, we were fortunate enough to receive some links from such high-profile websites as Mike Magee’s The Inquirer and Van Smith’s Van’s Hardware. The XboxHacker.Net BBS quickly became one of the primary places on the Internet to discuss any material related to hacking the Xbox and the XboxHacker.Net news page had the most upto-date news on the status of the Xbox. A few weeks after the site came online, it received mention in an article on CNET, and from then on the activity level steadily increased. It wasn’t long before XboxHacker.Net had outgrown the small shared server we were on, so the site moved to a much larger account which was also outgrown in a matter of weeks. Traffic to the forums continued to increase rapidly, so I made the decision to move the site to its own dedicated server where we could have room to grow and not worry about every few MBs of bandwidth usage or how many concurrent forum users were online.
It didn’t take long before the activities of XboxHacker.Net captured the attention of Microsoft. Early in the site’s history, I was contacted a couple of times with requests to remove materials. The first instance was of a screenshot of a developer tool I had received without much explanation that showed “security sectors” on the disks. The second instance was a request to remove a link someone had posted in the forums to a BIOS image of the Xbox. Aside from these few minor incidents, contact between Microsoft and XboxHacker.Net was virtually non-existent. It was made a policy early on to steer clear of issues of questionable legality such as discussion about the backing up of games, linking to copyrighted materials, or posting Microsoft code from the BIOS.
In the beginning, though interest was high, progress seemed to be relatively slow . . . there was not a lot that could be done with the Xbox before the security was broken. There were many individuals who contributed notably early on. Some of the earliest contributors to the XboxHacking world were Andy and Luke, whose Web-pages contained a plethora of information on file formats and other valuable tidbits of Xbox information. Steve “SurferDude” Gehlbach contributed to the design of a VGA converter circuit for the Xbox and Ken Gasper improved on this to create a true VGA adapter for the Xbox. Bunnie’s early analysis and hardware info page generated interest in XboxHacking as well after its appearance on Slashdot. Indeed, there are numerous others who made their mark as well. Privileged to count such skilled hackers among the contributing members on the boards, XboxHacker.Net grew into a hub for technical Xbox information, discussion, and news.
The crown jewel of XboxHacker.Net has no doubt always been the XboxHacker BBS. The site was centered around the forums and activities of our members. Often, the latest XboxHacking news would simply be links to forum topics and clips from posts made by our members. The purpose of the forums was to enable the diverse, multi-national group of people interested in hacking the Xbox to work together towards this common goal. The forums provided a great place to share information and discuss ideas with fellow hackers and also served to bring together many talented hackers who may otherwise have had no means of collaborating. It was a great feeling to watch the progress that the forums enabled. One particular discussion that comes to mind took place over the course of several days. A number of members were discussing the new security system in the second generation Xbox, looking for flaws and ways around it. It was exciting to watch the events unfold as hackers got closer to the solution and eventually broke the security on the revised Xbox. Our hundreds of contributing forum members were in large part responsible for the success of XboxHacker.Net and the progress of the XboxHacking world in general.
Besides the activity on the XboxHacker.Net BBS, there were no doubt many other groups working to hack the Xbox in secret. One such group I knew of on IRC contained contributing forum members as well as others from the electronics hacking underground. Names here will go unmentioned. Many bits of information from independent groups or individuals were relayed to me for reporting over time. However, despite the growing interest in XboxHacking and the number of people involved in the effort, it would be some time before any major breakthroughs became public knowledge.
The XboxHacking scene picked up pace fairly rapidly after the public availability of modchips near summer 2002. By this time, the Xbox security system had been cracked by multiple groups and it was only a matter of time before modchips were readily available to the public. At this point, the work shifted away from hardware hacking for the most part and more towards software development. A sister site to XboxHacker.Net, XboxDeveloper (http://www.xboxdeveloper.net) was started to help catalog the software that became available for the Xbox, though it never took off to the level that XboxHacker.Net did. Using leaked copies of the Microsoft Xbox SDK, programmers began writing and porting various applications for the Xbox, including media players and emulators such as MAME. The Xbox-Linux project (http://xbox-linux.sourceforge.net/) under the leadership of Michael Steil, successfully allowed the Linux operating system to run on the Xbox. I pushed to start the OpenXDK project (http://sourceforge.net/projects/openxdk/), an open source developer kit that would allow development of software for the Xbox unhindered by legal issues, though that project has met with only mixed success. It is now under the leadership of “Caustik” (Aaron Robinson), a CS student at Case Western University. Due to the more accessible nature of software development compared with hardware hacking, the number of contributing members to the general XboxHacking effort increased rapidly. The amount of “homebrew” software available for the Xbox today is amazing and includes everything from media players, console emulators, and utilities to originally written games.
Trust is the cornerstone of security, and in order to have faith in your security system, you need to have faith in the hardware and software you are running. The trusted computer is a machine that has been architected to be resistant to attacks that could compromise the trustability of the machine. There are many approaches to building a trustable computer, from the Automated Teller Machine model of physical security and tamper-resistance, to less hardware intensive solutions such as those used in the Xbox. The Xbox fits into the broader picture of trusted computing since it is one of the first high-profile, widely-deployed trusted PC implementations. In a way, the Xbox gives us a hint of what we might expect down the road for trusted computing,
Trusted computing is a potentially disruptive emerging technology. The rise of trusted clients in an ad-hoc network like the Internet harbors the promise of enabling safe and private on-line financial transactions, of reducing or eliminating the occurrence of computer viruses, and of reducing or eliminating spam email. Trusted PCs can also be used to securely store sensitive data, such as your medical and financial records and your naughty or embarrassing secrets. Another application of trusted PCs is to reliably enforce digital content access rights and management policies upon users. The digital rights management (DRM) aspect of trusted computing could fundamentally change the way we use computers today; many of us enjoy the benefits of pseudo-free content and flexible copyright implementations. The fundamental problem is not the existence of content management policies — indeed, content management policy can be beneficial for consumers. The real problem is when the policies which govern your rights can be set unilateral y by content providers. In the current trusted PC proposals, the user is not trusted to have control over certain key secrets inside their machines. Instead, the attestation information (information required to establish trustability) of a user’s machine is partial y maintained by a third party. Can we rely on a non-elected, unregulated third party with business interests to determine who can do business, send email, and otherwise be recognized as a trustable entity?
Trusted computing is like a gun. It’s great to have one as long as you’re the one controlling the trigger. Unfortunately, many trusted PC opponents fear that in practice, systems will be deployed with preset rights, policies and third-party trust affirmation resources pointed in the wrong direction for consumers. A company, during good times, may set the privacy and security policy in favor of users to attract a larger customer base, but once Chapter 11 comes knocking, or the company is sold or otherwise changes hands, these policies can and will shift. What is to prevent businessmen from promoting trusted computing initially with user-friendly policies, and then suddenly shifting into a wallet-squeezing DRM mode? Ethics?
There is a problem with the phrase “trusted computing”: it has become synonymous with cryptographically secured trusted computers. Let’s take a step back and just talk about alternative approaches to building trusted computers.
Trustability has always been important in computers. However, back in the early days of computing, machines were so expensive that the hardware necessary to enforce strong trust policies was not within the reach of consumers. For example, many early machines shipped with a socket for a hardware Memory Management Unit (MMU) chip. The MMU was one of the first steps toward trustable hardware memory models; part of an MMU’s job is to enforce page-level memory access protections. MMUs were sold as an option because they were quite pricey at the time. Unfortunately, the move toward trustable hardware stopped at the MMU, partially because computer networks didn’t exist in any major form until relatively recently. In a non-networked world, data needed to be protected only from programmer errors and from access by a few select users with physical access to the machine. Today, computers need something stronger than just an MMU, something that can provide trust in the face of viruses and remote attackers attempting to exploit subtle software weaknesses to run malicious code.
The natural extension to the MMU’s hardware-enforced paged virtual memory model might be address capabilities with a tagged memory model. A memory tag is a set of bits that record the type of data or code stored in a memory location. In a tagged memory model, every memory location has a set of tag bits, kind of like how every memory location in a conventional error-correcting memory implementation is associated with some ECC bits. Tag bits help the hardware enforce data type management policies; for example, a memory location tagged as piece of data can never be accidentally or intentionally executed as code. A capability is a pointer granted by a trusted kernel that cannot be forged. The unforgeability property is preferably enforced by hardware through tag bits. Many architectures also include the ability to enforce access boundaries as part of a hardware capability.1 Capabilities and memory tags are not new ideas; in 1961, the Burroughs B5000 used capabilities (then called descriptors) and tagged memory to guard, in hardware, against buffer overflow attacks, and to isolate code from data.2 The MIT PDP-1, Intel i432, IBM System/38, and the Mach and Amoeba operating systems also implemented capabilities in some form, and this is by no means a complete list of systems that have used capabilities or tagged memory. The security properties of capabilities have also been demonstrated in many academic studies, such as the EROS (Extremely Reliable Operating System).3 Unfortunately, capabilities and tagged memory never made their way into the heart of mainstream PC architecture. Security and reliability has always taken a back seat to cost, backward-compatibility, and performance.
This brief history lesson demonstrates that trusted computing does not require the cryptographic approach that is being proposed today by Palladium and the Trusted Computing Platform Alliance (TCPA). In fact, cryptography on its own does not provide any security. Secure key management is really what provides all the security in Palladium/TCPA. Cryptographic algorithms simply transfer the security of the key into the user’s domain.
This being said, one can draw an analogy between a capability and a cryptographic key. Both require a trusted OS to manage their creation, dissemination and destruction. Both are equally weak if the system cannot protect against forged keys or capabilities. The big difference is that if a secret key leaks, all security is lost, eternally. On the other hand, capabilities are created and destroyed dynamically, so the leakage of a capability might lead to a security breach, but the scope and duration of the breach is limited. To this extent, capabilities provide a more robust solution for computer security.
Note that relying solely on cryptographic techniques for hardware security still leaves machines open to classic buffer-overrun style attacks and security holes due to programming errors. “Measurements” of the software’s state help mitigate this weakness by detecting code alterations before executing security-critical operations, but measurements are not a perfect solution. On the other hand, buffer-overrun attacks are impossible in systems using hardware enforced capabilities with bounds checking.
Memory tags can also be used to implement security features that are not feasible using a purely cryptographic approach to trusted computing. One example is the trustable concurrent processing of compartmentalized secrets.4 In this example, multiple threads with varying levels of security clearance are operating on a single processor. The hardware enforces a policy where all threads impress their security level upon the data that they access. In other words, every computation simultaneously operates in two domains: the conventional arithmetic domain, and the security domain.
Suppose an unclassified thread adds two unclassified numbers and creates a piece of data named foo. foo’s security tag is also computed in parallel with the add arithmetic operation. In this case, the security tag’s result is “unclassified.” Now, suppose a top-secret thread touches foo: foo’s security tag now changes to “top secret.” Unclassified threads can no longer read foo, even if the unclassified thread has a valid pointer to foo; foomust be explicitly reclassified before it can be read again by unclassified threads.
Such a strictly compartmentalized security system can be used, for example, to ensure that no internal kernel structures are ever accessible to user processes, even in the presence of bugs and memory leaks (including scenarios where kernel memory is deallocated and reassigned to a user process without a memory clearing step). This scheme can also be used to establish security audit trails which are useful for helping programmers to trace the root cause of a security breach, and as damage control measures in case of a security breach.
To be fair, one advantage of the cryptographic approach to trusted computing is that if a rogue does get hold of data through some hardwares means — by eavesdropping on the hardware or stealing a hard drive — the data cannot be deciphered. However, users can elect to use cryptography for data protection in any computer implementation, including those using hardware capabilities and tagged memory. The problem of secure key management is still a difficult problem, but perhaps it can be solved in part by integrating cryptographic smart card readers into PCs.
There is no essential reason why a trusted PC implementation must use the cryptographic techniques proposed in Palladium and TCPA. The techniques reviewed in this section, namely capabilities and tagged memory, can be used to implement a secure, trustable PC in a manner that does not involve the risk of users losing the ability to set their own access policies. Users would be in full control of their machine and their secrets at all times.
There is much confusion these days about the current trusted PC proposals, namely Microsoft’s Pal adium and the Trusted Computing Platform Alliance (TCPA). There are enough similarities between the two proposals that many people think they are one and the same, but the goals of each initiative are different.
The TCPA is a multi-corporation alliance to create computers with some nominal amount of trust. Significantly, much of its specifications can also be applied to non-PC platforms. In TCPA the trust is planted in a secure hardware module called the TPM (Trusted Platform Module). The TPM contains features to ensure that the secrets contained within the module are never leaked through software attacks. It also contains features, such as secured system “measurements,” that attempt to transfer the trust contained within the TPM to the host machine.
Palladium, on the other hand, is a whole-system PC-centric security concept created by Microsoft alone. One of its components is a TPM-like security module, but Palladium also calls for sweeping changes to the hardware chipset and the way I/O ports are implemented. The chipset is required to enforce memory security policies from all potential DMA sources, such as the graphics card. Palladium also calls for encryption of the I/O to the keyboard and video subsystems.
Palladium’s requirement for cooperation between chipset vendors, OEMs and Microsoft is a potentially large flaw. There isn’t enough margin in the commodity PC hardware industry today to support the overhead of an extensive cryptographic security overhaul. Too, many chipset vendors do not have any experience with implementing secure systems. On top of the language barrier faced by many overseas chipset vendors, chipsets are usually developed on a short fuse and with a keen eye on the pocketbook. Can chipsets developed under these conditions be expected to protect sensitive secrets?
The Xbox is an example of what can go wrong when security policies are defined by one body and implemented by another very different organization. Microsoft wrote a specification for a trustable piece of hardware, namely, the Xbox. Strong cryptographic algorithms are used liberally in the Xbox, and the master key for the system is locked deep inside a complex piece of silicon. However, experience has demonstrated that the Xbox’s security system can be bypassed using a combination of an unsecured debug port, a flaw in the hardware initialization scheme, and a bug in the handling of a boundary case of the instruction pointer in the CPU. These three minor oversights, committed by three independent parties (the assembly contractor, the Xbox firmware designer, and Intel), conspire to provide a convenient method for defeating Xbox security.
Each of these oversights on their own does not represent a significant security problem. This leads to the disconcerting question of how many security breaches in a particular Palladium implementation will be caused by the stacking of multiple benign flaws. Every complex consumer electronics system has minor bugs or design oversights, especially when systems are composed of components built by multiple independent entities whose primary interest is in turning a profit.
In the consumer electronics industry, one can either ship a perfect product, or one can make money. Products that don’t make money are quickly cancelled. Thus, it is very rare to find a consumer product that is technically perfect in all respects. As a result, the only practical way to guarantee the security of consumer electronics system as complex as Palladium is to throw it into the wild, and let the hackers have their way with it for many years until all of the big security holes have been discovered and plugged.
On the other hand, the TCPA’s TPM is a device created to solve a certain set of problems that is smaller in scope than Palladium’s. Thus, the TPM is not as exciting from a market perspective, but it may be more practical and serviceable for its intended purpose. Both the TPM and Palladium are weak to hardware attacks, but the TPM doesn’t attempt to extend security requirements as far into third-party system design territory. The TPM is primarily a secured key management module that can detect most modifications and intrusions to the host system. The software layers built on top of this substrate do the rest of the heavy lifting, caveat emptor.
The current proposals for the trusted PC are weak against some fairly simple hardware attacks, even in the absence of any integration oversight or bug-related back doors.
The first attack is one that I call the “Surreptitious BIOS, ” or SPIOS (pronounced “Spy OS”) attack. SPIOS can be used to defeat DRM policies that rely on the cryptographically sealed storage feature of the trusted PC to prevent unauthorized user access to data. The basic idea is to boot the PC with an unmodified BIOS into trusted mode and extract all the desired data into system RAM, then to perform a warm reset of the system while swapping the BIOS image.
The modified BIOS image can be used to read out the desired data from system RAM. The desired data may be a session key stored in memory, or the actual decrypted data itself, depending upon how the program structures and caches its data in memory. Since the current trusted PC specifications call for an LPC bus based BIOS, inexpensive alternate firmware devices (similar to those used on the Xbox) can be used to execute this attack. There are techniques that application programmers can use to complicate this attack, such as only decrypting a single block of data each time into system memory, but many of these techniques severely degrade system performance. The degradation of system performance may be especially pronounced if file caching and prefetching is disabled.
Another attack is one that I cal the “Surreptitious RAM,” or SPAM attack. The goal of this attack is to spoof the trusted routines responsible for measuring the fitness of the system state. A device, such as an FPGA or ASIC, is installed on the plug-in memory cards in between the DRAM chips and the memory connector. This device monitors the pattern of addresses going by, or it may have an extra connector that sniffs the state of the wires connected to the I/O pins of the cryptomodule responsible for authenticating the system.
Either way, when a system measurement is in progress, the SPAM device presents a memory image that is consistent with an unmodified, trusted system state. However, during all other operating modes, the SPAM device presents a memory image that is modified to do whatever the user pleases. This modification can be very subtle: Just a couple of bits flipped at the right locations is all it takes to modify key branch instructions in the security kernel.
This device is more powerful than the SPIOS since it works on a system that is powered-up and supposedly trustworthy. It can be applied to effectively defeat a wider range of DRM schemes as well as some authenticated transactions between the local machine and the server. SPAM alone cannot be used, however, to falsely identify a system as another registered, trusted system, since SPAM lacks the secret shared between the tamper-resistant secure cryptomodule in the local machine and the authentication server. False system identification would require either extracting the key from a tamper-resistant secure cryptomodule (possible, but not trivial and most likely destructive to the module), or somehow tricking a secure cryptomodule from another registered, trusted machine into providing the falsified identity.
The SPAM device can be manufactured for relatively little (high performance FPGAs can cost as little as $50 today in single quantities), and can be very easy to install. The SPAM can be either integrated directly into a memory module (in which case it functions as both a trust violation device and as a memory expansion device), or it can be provided as a device that is installed in a stacked configuration in between the motherboard’s memory slot and the existing memory device. In some memory card configurations, particularly ones that employ heat shields, it may be possible to hide the SPAM device and pass the module off as a regular memory expansion device. While elaborate, this may be a worthwhile attack against a large corporation or bank that stores high-value secrets on a trusted PC-based server.
When considering the prospect of trusted computing, we need to first consider whether the currently proposed schemes will offer all the benefits that they promise, and then weigh those against the potential harm to consumers’ rights and the potential benefits to criminals (enhanced privacy can be used for both good and ill). If trusted computing could provide perfect security for online businesses, then that might be worth the potential risks. However, the scenarios outlined in this chapter indicate that the trusted PC’s security may be less than perfect.
Consider the Xbox. The Xbox is a trusted PC implementation that can be hacked with just a $50 solderless module. This places a fairly strong bound on the value of secrets that can be trusted to an Xbox. Hardware modchips are so inexpensive that they pay for themselves with the cost of a copied game title, or two games if you elect to pay someone to install the chip for you.
Of course, there are always the moral and social implications of stealing content too, as well as new legislation, such as the DMCA, which aims in part to make such acts a crime. Unfortunately, the current trusted PC proposals on the table are also weak in the face of similarly inexpensive hardware attacks. Thus, it is unlikely that they will provide the level of security required for high-value or very embarrassing secrets.
The fact of the matter is that hacking technology will be developed whether or not it is illegal, and whether or not the intention is good or evil. Thus, it is in the best interests of consumers and companies to educate the population about hacking, and for everyone to understand the limitations of their “trusted PC.” The worst-case scenario would be if billions of dollars were invested in trusted computing, only produce a net result of no greater safety or privacy for consumers, while severely curtailing consumers’ rights with poor content policy implementations.
The good news for trusted PC proponents is that shrinking feature sizes in integrated circuits is driving greater integration throughout the PC. Within a decade, today’s PC will fit on a single piece of silicon. Once the RAM and the BIOS are fully integrated into a single piece of silicon, hacking a system becomes much more difficult — but not impossible. Focused Ion Beam (FIB) machines, a tool used by chip designers and failure analysis labs, can cut and jumper nano-scale features. Another upside for for trusted machine designers is that public key processors could become so small and cheap to integrate into a chip that individual chips, especially memory chips, could start using strong crypto to authenticate and encrypt their I/O.
Another technology that could aid the implementation of trusted PCs is integrated tamper-resistant or tamper-detecting features. For example, a time-domain reflectometer (TDR) could be built into a chip’s I/O cells. A TDR can detect the presence of an eavesdropper on a wire by recognizing certain changes to the wire’s electrical properties. In addition to the ability to detect eavesdroppers, integrated TDR devices are desirable for high performance I/O since they can be used to calibrate the drive impedance and equalization/pre-emphasis filters required for multi-gigabit speed communications.
This book has taken you through a whistle-stop tour of Xbox hardware hacking, from the basics of soldering and disassembling to the latest projects and techniques. It has also introduced you to the social aspects of Xbox hacking: the people who hack, and the interplay between society, law, and hacking.
While the details of how to install a blue LED in an Xbox may be irrelevant in a few years, the skills you learn executing the installation will last a lifetime. Moreover, the social and legal issues confronting hackers and consumers will extend beyond the Xbox and into every part of our emerging information-centric way of life.
The material in this book is just a starting point; there is a world of hardware out there waiting to be explored. I hope this book has provided the novice readers with a strong starting point for becoming an explorer, fixer, and innovator in a world increasingly filled with, controlled by, and dependent upon electronics.
Happy hacking!
1 An efficient, high performance hardware implementation of precise object boundaries using tagged capabilities can be found in a tech note titled “A capability representation with embedded address and nearly-exact object bounds” by Jeremy Brown, J.P. Grossman, Andrew Huang and Tom Knight. http://www.ai.mit.edu/projects/aries/Documents/Memos/ARIES-05.pdf
2 “The Architecture of the Burroughs B5000 — 20 Years Later and Still Ahead of the Times?” by Alastair J.W. Mayer. http://www.ajwm.net/amayer/papers/B5000.html
3 Originally conceived at the University of Pennsylvania by Jonathan Shapiro (http://www.eros-os.org/)
4 More about security systems like this can be found in a tech note titled “A Minimal Trusted Computing Base for Dynamically Ensuring Secure Information Flow” by Jeremy Brown and Tom Knight. http://www.ai.mit.edu/projects/aries/Documents/Memos/ARIES-15.pdf