|
Back to the news-page
Research on 'Timing Attack' to Downgrade Kernel without CPU Key
>> The hackers over at the XBH forum are researching a new way to downgrade the kernel (to a kernel with vulnerable hypervisor) without knowing the unique per-xbox CPU Key. Note that this 'hack' has NOT been confirmed or performed yet, right now it's just an idea/project and they are researching if and how this can work. Also note that if it works, it's no 'Hero attack' (hacked once, working for all 360s) and thus will have to be performed again on each Xbox360 (which might not be a solution for normal end-users if expensive HW is required for the timing ... but they are also looking into possible solutions for this). It's pretty technical, but the introduction is below.
From arnezami on xboxhacker.net:
[QUOTE]
The problem:
We currently do not have a way to downgrade without a cpu key (especialy when fuses are blown). From what I understand there are two main problems:
* The CB is signed/authenticated with the cpu key using an HMAC algo. Unless you have a dump of the CB before upgrading you won't be able to create this "signature" without the cpu key.
* In the decrypted CF there is a "version lockdown counter". This part of the CF is also signed/authenticated by the cpu key. Without it you cannot change the blown fuses counter.
I believe there may be a way to (depending on several conditions) to downgrade without a cpu key. ;)
The idea:
It would be foolish to try to break SHA1-HMAC. However the output of a hash usually has to be checked against something that is stored. Thats usually the point of it. This takes (a tiny bit of) time. The thing is many memcmp functions use a byte-wise compare: "as long as no difference in the current byte is detected go to the next byte, but if this byte is different stop". In other words: it might take (a fraction of a second) longer if the output is similar at the beginning (to the stored value) as opposed to completely different 16-byte values. If it is possible to measure this time difference you could change the first stored byte (up to 256 times) until it takes this fraction longer for the xbox to detect the (16 byte) values are not entirely the same. And you can go on with this until all bytes have been figured out this way.
It this technique would work you could do the following:
* Encrypt and flash the NAND with an exploitable kernel (CB/CD/CF etc) using the 1BL key. The 16 byte auth-values (in both the CB and CF) will of course not be correct.
* Add hardware that can measure time/clocks from a certain point in the boot sequence until a detectable moment after the (failed) verification of the CB auth value.
* Make sure you change the first stored byte of this CB auth value and reboot. Go on until it takes a tiny bit more time for the xbox to detect the CB auth value is incorrect. This means you've found the first byte.
* Go on until all 16 bytes are found.
* After this do essentially the same with the auth-value in the CF (using a different trigger point of course).
* You should now be able to boot into a vurnable kernel and extract your fuses.
The conditions:
Needless to say there are a lot of things have to be just right for this to work at all. Here are the conditions for this to (remotely) possible:
* In both cases (CB auth and CF auth) the value stored has to be directly compared with another value (eg the HMAC output). There should not be some kind of (crypto) operation on these value before comparision.
* The comparison should be byte wise.
* The difference between the amount of the identical starting bytes should be measurable. Possibly using a triggger point from where to count/time it.
Just to be clear: I simply don't know if the conditions can be met. The coding stuff can best be checked by those who have easy access to RE'd code. The (hardware) timing will be much more difficult. So I guess it should first be checked how the checking/comparison algos are implemented before thinking about the possible hardware challenges.
[/QUOTE]
More Details/Tech Discussion: xboxhacker.net (tech replies ONLY please, thx)
Discuss this news item on our forums: forums.xbox-scene.com
Back to the news-page
| |
|
|
|
|
|
XboxMediaCenter at
|
