|
Back to the news-page
Xbox 360 DVD Firmware Hack Update: Interview with Robinsod
>> The guys at xlife.nl did an interview with TheSpecialist back sunday (translated by us to english here), now xboxic.com posted a new interview with Robinsod, one of other hackers that worked on the modified DVD firmware on XBH.
Here's an excerpt:
[QUOTE]
* Xboxic: Using the current hack the system cannot detect the modification, because the firmware can lie about its authenticity because of the cracked challenge/response protocol. Is it still possible for the system to softflash the drive should it want to? And if so, isn't the hack completely useless should Microsoft decide to simply reflash the drive's firmware every reboot, or every week, or every dashboard update?
* Robinsod: Well there are several parts to the answer. This is a consumer device and really you dont want to have a reflash fail and brick the device. I don't know if the Toshiba-Samsung drive has a fall back position to recover from a bad flash, the Hitachi-LG has a ‘recovery' mode if the main application is corrupted, restoring an empty firmware with only softflashing capabilities. If this feature, or something like it, does not exist then I doubt Microsoft would want to risk it, all those angry customers coming in with bricked 360's. The drive could be softflashed from the kernel, but the firmware controls the process, so it could just say that the flash succeeded any time even though it didn't do anything.
* Xboxic: Is your analysis of the used challenge/response protocols complete or does it just cover a subset of possible challenges? Would Microsoft be able to detect the hack if they send out a dashboard update sending different challenges to trigger erroneous behaviour from the firmware?
* Robinsod: Yes, I believe there's a reponse modifier but I haven't seen it used yet. Sure, then the game becomes how accurate an emulation can the hacker create? It becomes a game of cat and mouse.... The challenges themselves are actually on the game disc: the kernel reads an encrypted table from the disk, decrypts it and issues the challenges contained in it. Malformed challenges from the console could trigger correct responses from the hack and be detected, but we could probably reuse the existing code to factor this into the equations.
* Xboxic: Is there going to be an Xbox 360 revision soon containing a signed firmware in the drive? Ofcourse with the public key embedded in the DVD's ROM to avoid any future tinkering with the firmware?
* Robinsod: No idea, but unless the flash is inaccessable or properly encrypted any signature can be spoofed. I suppose if there was a bootloader in ROM that was packaged with the drives micro, that could check the flash's signature. The problem then is it pushes up costs, the drive uses standard components which don't have security features.
* Xboxic: $5 extra cost per drive to avoid 500k Linux boxes sold at $125 loss seems an easy equation.
* Robinsod: Then perhaps its a good thing the hack came so early and the cost of custom LSI can be spread over a larger number of consoles, and before too many ‘pirate capable' systems were sold.
* Xboxic: In a forumpost TheSpecialist literally said "I doubt you'll see some kind of OTHER hack soon, that lets you boot unsigned code for example. MS did a very good job on the 360 itself this time." Does this mean you guys don't see homebrew or other unsigned code being run anywhere soon, like within the current console's lifecycle?
* Robinsod: Hmmm, well given the complexity of the software (and MS's reputation for secure software) it seems unlikely that there's no way in. The problem is finding it... Another motivation for this hack is to see if there is any possibility of an attack via unsigned modified files (no idea if there are any or if it is - thats the next area of research). But again, any successful attack opens the door to piracy. If MS would sell me a home developers XDK that allows me the opportunity to write code for what is a fantastic piece of kit then I would have no reason or excuse for doing this.
[/QUOTE]
Read the whole interview on xboxic.com.
Discuss this news item on our forums: forums.xbox-scene.com
Back to the news-page
| |
|
|
|
|
|
XboxMediaCenter at
|
