"I was thinking more in the lines of attacking the encrypted stream from either Xbox live or one of the game titles in hope of intercepting the stream to inject own code."
Interesting thought! But as I understand the architecture and security you have the following: 1.) The security is embedded into the CPU. 2.) The boot code is embedded into the CPU. 3.) Upon Power-On the CPU verifies boot code against security and vice-versa. 4.) After system is booted the boot code reads any inserted disks and verifies they are legit. 5.) After boot code verifies media the game/program/etc. on disk has DIRECT HARDWARE ACCESS. There is a very minimal set of instructions in the CPU. The software on the disk has to be intelligent enough to control the hardware. Wait a minute! It may just be possible to install Linux after all. If you could trick the Boot Code into seeing a Linux Boot Disk as legitimate. You could then install Linux to the sata hard drive and boot it from the DVD Linux Boot Disk. -----Original Message----- From: Patrick Hanevold [mailto:[EMAIL PROTECTED] Sent: Monday, December 05, 2005 9:35 AM To: Richard Colbert Jr Cc: free60-devel@lists.sourceforge.net Subject: Re: [Free60-Devel] cryptography Yes that is true. I was thinking more in the lines of attacking the encrypted stream from either xbox live or one of the game titles in hope of intercepting the stream to inject own code. And from the DVD's and xbox live, which in turn probably is still encrypted when stored on the disc, so that leaves us with encrypted streams from DVD and HD. One way to get in touch with the CPU could be to manipulate memory while running like the old cartridges used to do. This requires some magic skills though, but again thats what all the options seems to be so far. Intercepting the actual memory controller would be quite interesting. Regards, Patrick On Dec 5, 2005, at 3:27 PM, Richard Colbert Jr wrote: > Just one problem with that logic Patrick. The encryption (and key) are > stored inside the CPU as is the boot rom. Therefore, nothing is ever > streamed into the cpu. Only the decrypted stuff is streamed out. > > However, you can use a Boot Rom update disk (which you can download > from > Microsoft) to update the boot room. It might be possible to infect the > encrypted boot room disk in order to replace the boot rom with a > version of > embedded linux. However, even if you manage to do this, the system > still > wont work because of several other security measures built into the > processor. > > As I see it right now, the best bet to crack the 360 is to either > develop a > mod chip that snaps over the processor and disables the encryption > (highly > unlikely to be this easy) or replace the triple core power pc > processor with > a dual core ppc processor (Also Apple now has Quad cores but doubt > they will > work on the motherboard in the 360). You would have to replace the > processor > with a 3.2Ghz Dual core though, otherwise it would fry the system > because > the memory runs at 3.2Ghz. > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Patrick > Hanevold > Sent: Monday, December 05, 2005 7:56 AM > To: free60-devel@lists.sourceforge.net > Subject: [Free60-Devel] cryptography > > > Hello there, > > I have the competence to work on breaking the xb360 security system, > but I am just lurking on this list and haven't really considdering > puting my own effort into understanding and cracking the box. I have > a question though to the wise fellows in possession of the mighty > force. > > I have just quessed my way to how things are tied together here, but > as I understand, all code is read encrpyted and decrypted totally > withing the CPU with the actual decryption algorithms and keys within > the memory of the CPU itself. Please correct me if Im wrong, Id guess > others would like to have some insight aswell if someone knows for > sure. Anyways, the encrypted data is obviously streamed trough the > CPU and leaves the CPU decrypted at the same ratio as it enters. > Both of these streams can be intercepted and analyzed. From my own > experience with cryptography I know its a bitch to decipher modern > crypthograpy systems, obviously. However, having both the encrypted > and the decrypted data helps a lot. Could someone with more > experience on the specifics please share some thought on this. What > efforts would be needed if realistically possible at all to find the > keys having both sets of data. > > Regards, > Patrick > > > > ------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. Do you grep through > log files > for problems? Stop! Download the new AJAX search engine that makes > searching your log files as easy as surfing the web. DOWNLOAD > SPLUNK! > http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click > _______________________________________________ > free60-devel mailing list > free60-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/free60-devel > > > > > > ------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. Do you grep through > log files > for problems? Stop! Download the new AJAX search engine that makes > searching your log files as easy as surfing the web. DOWNLOAD > SPLUNK! > http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click > _______________________________________________ > free60-devel mailing list > free60-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/free60-devel ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ free60-devel mailing list free60-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/free60-devel
