In late 2001, Microsoft released the Xbox, their first gaming console, to compete against Sony and Nintendo in the living room. As the real money is made with the games and not the consoles, Microsoft had to make sure (as much as they could) that nobody could play pirated games or use the machine for anything other than games. Although the original security design idea was a good one and has been copied a lot since then, Microsoft’s inexperienced team made a variety of design, implementation, and policy mistakes. This talk first (re)constructs the design of the Xbox security system from Microsoft’s point of view, and then deconstructs it from the hacker’s point of view. As a bonus, the talk will feature some insights in the security system of the Xbox successor, the Xbox 360.
Michael Steil is the founder and maintainer of the Xbox-Linux Project. He oversaw most of the Xbox hacks and also contributed to hacking, reverse engineering and porting Linux on the Xbox.
This is really good. The types of errors or oversights that allowed the hackes to compromise the Secret ROM tend to happen a lot in any complex project, even when the people involved are highly competent and conscientious.
Cliffs Notes version of this video:
Legacy code and hacks for 8080/286 systems posed openings
The southbridge by Intel was where the SecretROM was stored and traffic was able to be sniffed
They made changes from using RC5 to RC4 for encryption, and how they thought RC4 worked didn’t actually work that way.
They switched from AMD to Intel chips at the last minute and Intel chips have that legacy hack that allows code to circle back in RAM (AMD chips don’t allow for this)
Savegames posed a good loophole as that code can’t be hashed or checked, so a buffer overflow was exploited and allowed unsigned code to be run. Microsoft patched this, but hackers then realized that what MS did to fix this exploit actually opened up this loophole wide, as the method used had to do with Xbox Live, (which has to work on every version of Xbox (1.0 through 1.6)) and since every game has to work on every Xbox ever made, they could not patch it.
A video used to be embedded here but the service that it was hosted on has shut down.