Here's some news we received from the Devil360 Team, who announced last week that they will release a new product for the Xbox 360 on 06/06/2006:
* The previous version of M$ console has been hacked by Andrew Huang also known as Bunnie from M.I.T.
* This guy is very well known for his book "Hacking the Xbox".
* What was the real security of the Xbox? Check this article[http://www.xbox-linux.org]
(*) Xbox 360:
* At http://en.wikipedia.org/wiki/Xbox_360 you will find a good definition of the new Xbox 360 features.
* What about the security of this M$ product?
-M$ worked on it a little bit at least.
According to findarticles.com, Chipworks is an internationally recognized technical services company that analyzes the circuitry and physical composition of semiconductors devices and electronic systems for a wide range of applications in intellectual property licensing, patenting and competitive study. Chipworks has successfully helped leading-edge semiconductor and electronics organizations achieve their goals by supporting research and development efforts in strategic product development and patent portfolio management. At the end of 2005, Chipworks analyzed the main chip of the 360 console and created a commercial report.
-Bunnie also wrote a document which content is speculative and subject to change.
This document deals with the Xbox 360 security scheme.
He made some assumptions about the scheme:
>be resistant against "hack once run everywhere" attacks (means invalidate mod chips using crypto and a specific perso for each console)
>be weak against one-time "hero hacks" (means avoid bunnie's or MIT hackers articles)
>use custom features in the processor or chipset cores (use microelectronic and electronic hardware to defeat software script kiddies)
A long time ago we bought several Xbox 360 and started to investigate their security scheme. Eventually a lot of bunnie's assumptions were brilliant. Well done!
-Playing pirated games or hacking the Xbox 360 security core?
Recently (mid march 2006) a hacker called "The specialist" published one weakness and a lot of people are now working on hacking the DVD firmware.
Using a fast FPGA card, it is possible to insert a parser/driver between the motherboard and the optical reader... we let the reader conclude by himself (sed -e 's/DVDFAKE/DVDXBOX/g Input > Output ;-)). What about the SATA HD?... wait and see. Maybe another time when few things would have been detailed.
Anyway what is your aim ?
If you wish to run Linux on your 360 then you have a problem, and this problem is very interesting. (see free60.org)
-According to M$ "The core security system has not been broken" (see here).
True the security core is intact. And not broken yet. Is it breakable? Maybe...
-Did M$ build the security architecture alone?
No, M$ received some help from Infineon (TPM).
Remark: If you can provide us some TMP chips, we could be friends. We have some but maybe few things evolved.
-M$ did not make some mistakes as the previous time with the first Xbox.
>The motherboard is reduced and a lot of wires are PCB protected. Then it is not so easy to spy wires and to apply a man in the middle attack.
>The firmware of each console can be reprogrammed by M$ using Xbox LIVE. This operation can be executed without the acceptation of the user. The idea is to release a new secure patch (a little bit like Zindows update) using the network.
>What about collecting the route, IP address, crypto keys and some more information from the console at this time?
It is not a nightmare!! They do it.
Figure: The Hynix (T) memory containing the encrypted boot code.
We first de-capped Xbox 360 components as Chipworks did and we analyzed the console (Some chips have nine levels of metal).
Now we can confirm a lot of bunnie's assumptions and sometimes even worse.
What could happen if M$ would have made a hardware mistake?
We will communicate about this in the next 360 hours.
The next communication will include pictures of the de-capped chips and then some explanations about the console and a little bit more.
In the future we will only communicate with people who subscribed an email address.