An MIT graduate student takes tools left over from his just-completed Ph.D thesis on symmetric multiprocessing (SMP) systems and applies them in breaking the vaunted security of Microsoft's Xbox with some brilliant detective work and a couple of hundred dollars' worth of electronic parts. His efforts, which began just days after Xbox went on sale, can potentially open the Xbox platform to other operating systems and for support of nonstandard peripherals.

Here's the scoop: Microsoft's XBox includes built-in booby traps intended to prevent software not authorized by the manufacturer from running on the machine. These provisions have frustrated hackers who wish to run alternative operating systems--such as NetBSD or Linux--on Microsoft's heavily discounted hardware. They are also used to implement DRM (digital rights management, AKA copy protection) and to provide each XBox with a unique, trackable serial number.

Microsoft's bag of tricks includes RC-4 encryption, non-working decoy code in the system's Flash ROM, and a "secret boot block" hidden within one of the system's application-specific integrated circuits (ASICs). But none of these measures deterred the indefatigable Andrew "bunnie" Huang, who built hardware to intercept communications between the device's northbridge and southbridge chips, exposing Microsoft's decryption key and the contents of the boot code as it traveled between two two chips on the XBox motherboard.

In a detailed paper describing his research, Huang notes that any such scheme--including those used to encrypt DVDs and other media--is ultimately vulnerable to reverse engineering. "If you ship secrets in your hardware," says Huang, "it is a good assumption that the users will eventually--and perhaps quickly--know your secrets."

Huang documented his progress on his Web site, as evidenced by a voicemail left by a Microsoft official, asking that Huang remove an image of the Xbox Flash memory from his site. Fearing that Microsoft might attempt to suppress his academic paper discussing the weaknesses in the Xbox's security, Huang sought advice from the Electronic Freedom Foundation (EFF). Huang discusses the legalities of reverse engineering on the site. Microsoft has not, so far, attempted to persuade him to take down his Web page and paper, which are available at the links below.

FOR FURTHER READING Bunnie's adventures hacking the Xbox Keeping Secrets in Hardware: the Microsoft Xbox Case study

Note: For the most up-to-date Security information, subscribe to our Security Update Newsletter (delivered twice monthly).

Copyright © 2002 Ziff Davis Media Inc. All Rights Reserved. Originally appearing in ExtremeTech.