"I was thinking more in the lines of attacking the  
encrypted stream from either Xbox live or one of the game titles in  
hope of intercepting the stream to inject own code."

Interesting thought! But as I understand the architecture and security you
have the following:

1.) The security is embedded into the CPU.
2.) The boot code is embedded into the CPU.
3.) Upon Power-On the CPU verifies boot code against security and
vice-versa.
4.) After system is booted the boot code reads any inserted disks and
verifies they are legit.
5.) After boot code verifies media the game/program/etc. on disk has DIRECT
HARDWARE ACCESS.

There is a very minimal set of instructions in the CPU. The software on the
disk has to be intelligent enough to control the hardware.

Wait a minute! It may just be possible to install Linux after all. If you
could trick the Boot Code into seeing a Linux Boot Disk as legitimate.
You could then install Linux to the sata hard drive and boot it from the DVD
Linux Boot Disk.


-----Original Message-----
From: Patrick Hanevold [mailto:[EMAIL PROTECTED] 
Sent: Monday, December 05, 2005 9:35 AM
To: Richard Colbert Jr
Cc: free60-devel@lists.sourceforge.net
Subject: Re: [Free60-Devel] cryptography


Yes that is true. I was thinking more in the lines of attacking the  
encrypted stream from either xbox live or one of the game titles in  
hope of intercepting the stream to inject own code. And from the  
DVD's and xbox live, which in turn probably is still encrypted when  
stored on the disc, so that leaves us with encrypted streams from DVD  
and HD.

One way to get in touch with the CPU could be to manipulate memory  
while running like the old cartridges used to do. This requires some  
magic skills though, but again thats what all the options seems to be  
so far. Intercepting the actual memory controller would be quite  
interesting.

Regards,
Patrick

On Dec 5, 2005, at 3:27 PM, Richard Colbert Jr wrote:

> Just one problem with that logic Patrick. The encryption (and key) are
> stored inside the CPU as is the boot rom. Therefore, nothing is ever
> streamed into the cpu. Only the decrypted stuff is streamed out.
>
> However, you can use a Boot Rom update disk (which you can download  
> from
> Microsoft) to update the boot room. It might be possible to infect the
> encrypted boot room disk in order to replace the boot rom with a  
> version of
> embedded linux. However, even if you manage to do this, the system  
> still
> wont work because of several other security measures built into the
> processor.
>
> As I see it right now, the best bet to crack the 360 is to either  
> develop a
> mod chip that snaps over the processor and disables the encryption  
> (highly
> unlikely to be this easy) or replace the triple core power pc  
> processor with
> a dual core ppc processor (Also Apple now has Quad cores but doubt  
> they will
> work on the motherboard in the 360). You would have to replace the  
> processor
> with a 3.2Ghz Dual core though, otherwise it would fry the system  
> because
> the memory runs at 3.2Ghz.
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Patrick
> Hanevold
> Sent: Monday, December 05, 2005 7:56 AM
> To: free60-devel@lists.sourceforge.net
> Subject: [Free60-Devel] cryptography
>
>
> Hello there,
>
> I have the competence to work on breaking the xb360 security system,
> but I am just lurking on this list and haven't really considdering
> puting my own effort into understanding and cracking the box. I have
> a question though to the wise fellows in possession of the mighty  
> force.
>
> I have just quessed my way to how things are tied together here, but
> as I understand, all code is read encrpyted and decrypted totally
> withing the CPU with the actual decryption algorithms and keys within
> the memory of the CPU itself. Please correct me if Im wrong, Id guess
> others would like to have some insight aswell if someone knows for
> sure. Anyways, the encrypted data is obviously streamed trough the
> CPU and leaves the CPU decrypted at the same ratio as it enters.
> Both of these streams can be intercepted and analyzed. From my own
> experience with cryptography I know its a bitch to decipher modern
> crypthograpy systems, obviously. However, having both the encrypted
> and the decrypted data helps a lot. Could someone with more
> experience on the specifics please share some thought on this. What
> efforts would be needed if realistically possible at all to find the
> keys having both sets of data.
>
> Regards,
> Patrick
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through  
> log files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD  
> SPLUNK!
> http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
> _______________________________________________
> free60-devel mailing list
> free60-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/free60-devel
>
>
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through  
> log files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD  
> SPLUNK!
> http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
> _______________________________________________
> free60-devel mailing list
> free60-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/free60-devel






-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
free60-devel mailing list
free60-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/free60-devel

Reply via email to