DRM 0 - Hackers... Lost count really.
Some people have so much fun cracking DRM it'll never be effective.
Hackers reckon they have come up with a way to circumvent the security of Xbox 360 gaming consoles via an attack that allows them to inject unsigned code into the heart of the system. The so-called Reset Glitch Hack, developed by hackers GliGli and Tyros, creates a means to load code into a console's CPU. This makes it more …
The thing with any encryption is that is has an expected life. People don't design encryption to be primarily uncrackable, they design it to be practically uncrackable for a reasoned lifespan. I wonder how early (or late) this compares to the 360's security.
It's a bit like the developer's dilemma, you can either: Design a perfect system and never release, because you never finish developing it or, design a pretty good system, not perfect and not with all the desired functionality, but release it and sell it, so you can have funding for the next better version.
On a hardware level, CPUs reset all the time - more so in more complex systems. When a CPU comes back from reset, it asks if the data it left behind was good; if so, it continues on like nothing happened. That's what's being triggered in this case. The CPU executes the following code:
But the hackers reset the CPU and quickly change the program after it's been checked, but before it's been used - thus the clock slowdown, to give them enough time, and let them hit a very specific timing. Since the program they modify is the checksum program, they can do whatever they want at that point.
This has almost nothing to do with computer science, and everything to do with electrical engineering... there isn't any code involved, just wires and custom circuits. Fun stuff :-)
Also, as a note - it's not that this only works on one-out-of-four machines, but that of the machines that it works on, you have to try an average of four times to get it to work.
If someone has physical access to a device, you can be as clever as you like, all you are doing is delaying the inevitable, in the same way that if you expect people to be able to play a BluRay, then you should expect that they can rip it as well.
Provide a way for people to use their hardware/media as they see fit, rather than as you do, and you won't be constantly fighting your consumers.
HANA is the name of the chip on the xbox pcb. I2C is 2 wire serial communication standard, which is what they've used to talk to the HANA chip. (note, the h-online article calls it "12C". El reg doesn't point out this [sic]) The divider registers are used to define how often the clock cycles, so by changing the values in these registers, they've changed the clock speed of anything that uses the clock generated by the HANA chip.
The article is rather sketchy on the details of how this let them execute code. Looks like some kind of errata in the chip perhaps - they tell the chip to reset at an inconvenient time, and it doesn't reset. It does however throw an interrupt that prevents a successful memory compare function, which means something that was supposed to return "Crap no this isn't the right checksum" returns "nah, s'fine".
I can see console/games developers look to something like OnLive as a method to try and protect revenue streams in the future.
Simplify development with 1 system, piracy limited due to streaming nature of the product and potential to improve revenue generation without the outlay of creating discs etc.
I gave it a test run from the UK a while back. On a reasonably fast cable connection, I found games were almost playable despite the servers being an ocean away. I'm looking forward to trying it when they set up the service on the same land mass. Picture quality's pretty good (never felt short-changed by 720p on consoles) and ISPs will have to adapt or die over the long-term because services like iPlayer, 4oD, LoveFilm and now OnLive aren't going away.
Anyway, as you were, XBox 360 hack, you say?
If piracy were really the huge revenue sink that they make it out to be the developers would have all abandoned the PC gaming market years ago. Or, alternatively, they could build another cartridge based system. That'd be much more difficult to pirate (provided it was a proprietary connector and not just an oddly shaped USB port or something) and with today's memory technology could be just as good as any optical solution currently available.
the carefully timed reset may be that some internals on the chip receive and interpret the reset signal and take action on it, but others just interpret the signal as a brief transient, and carry on their merry way?
maybe a bit like switching an electrical device on/off too quickly usually doesn't reset the device properly. I know this isn't the power rails cycling briefly, but could help in explaining what is happening.
I don't think MS brick consoles, but they do ban their HW IDs from XBox Live if you are found to be running any modded firmwares. I would think that if this is detectable (maybe if you run a normal XBox 360 title while modded?) then you can expect a ban to follow as usual.
You'd still have your functional 360, but no access to Live. Not a problem for lots of people, but I wouldn't want to risk it.
"Microsoft may have its work cut out in blocking the hack because a simple software update would not be enough to block the exploit, according to the hackers."
They wouldn't bother trying to block in current revisions of xbox... they'd just stick something into an update to detect it had been done at some point, log the xbox and profile id, then ban both the xbox and your live profile. Forces you to buy a new xbox if you want to play online, plus pay for another gold membership... at some point they'll rev the hardware and block the hack.. its probably more cost effective.
Getting the console, no problem. Trying to track down that ancient game from your childhood that you absolutely loved? That's hard sometimes. Storing your 50 cartridges? That's not hard, it's just a pain in the ass. With ROMs you can pretty easily collect all your favorites and then some, as well as mods that are sometimes worth it (there are a few absolutely hilarious mods of the original Super Mario Brothers). Plus, if you so desire, you can have thousands of them and they won't take up any more space in your house.
My emulation station (a PC built into the case of a dead NES) sits next to my SNES. I love both of them, but I have to admit that the emulation station gets more use just for the simple fact that ROMs are easier to deal with than cartridges.
Trial and error; a lot of chips will behave funny if you turn on and off the reset line mid clock, and if they time that reset to coincide with the checksum check, they can make the chip behave in funny ways. Vary the period of the reset and try it on the different clocks until it passes the check. There was probably a lot of refining to get it down to 1 in 4 times.
I really can't see any point in investing so much time and energy into 'protecting' devices from jail breaking, because, the reality is, only a *tiny* fraction of consumers will bother to jailbreak a device.
Why not leave the devices open (but obviously secure!) to encourage home brew mods?
Heck, hold competitions for modders and embrace the hacks they create, in a kinda open source ethic?
Perhaps, however, as much as some people *love* to tinker with devices and jailbreak them, the engineers and programmers behind the devices derive as much pleasure in protecting them - same type of person?
Who knows, it just all seems like a waste of resource to me - if someone wants to boot a different OS on an Xbox, just let them do it - they bought the damn hardware, they should be able to do what the hell they want with it!
This is why I love Android phones and projects like MythTV - it gives me the power to use devices the way I want to, instead of being dictated to.
Biting the hand that feeds IT © 1998–2019