BBC News has an article (http://news.bbc.co.uk/2/hi/technology/4218670.stm) where they interviewed Chris Satchell from the Xbox Advanced Technology Group. Apparently Microsoft is taking modding seriously this generation.
"One of the reasons we went with custom hardware design for all our silicon is that it allows us to build security at the silicon level," he told the BBC News website.
"There are going to be levels of security in this box that the hacker community has never seen before."
It sounds to me more like a challenge to all the modders out there.

BBC News has an article (http://news.bbc.co.uk/2/hi/technology/4218670.stm) where they interviewed Chris Satchell from the Xbox Advanced Technology Group. Apparently Microsoft is taking modding seriously this generation.

It sounds to me more like a challenge to all the modders out there.

I don't think he "issued a challenge," especially since they already admitted defeat in the same article. But Mr Satchell admitted no system was fool-proof and that, with enough time and dedication, the security on the Xbox 360 would be broken.

"There're some really bright people in the world with some really expensive hardware," he said.

I certainly think that MS will do whatever is in their power to stop the modders (the main one being to fill the thing with so many features that people won't want to mod them), but someone, somewhere, likely within a few weeks of the system's wide release, will hack it, mod it, and sell a chip so I can too. All I can say is that XBMC is hands-down one of the most useful things I have ever used, and I can't wait to see what the community creates for the new 360. I imagine I will have to own two 360's, just like I had two Xboxes this gen. One for XB Live and whatnot and another for modded goodness.

Xbxo Media Center was pretty much the only reason I was interested in modding my Xbox. I never got around to it though, because I don't have the time or money (especially with the 360 around the corner). What I can't figure out though is with the Xbox 360, it pretty much has the XBMC. You can stream audio, video, and pictures from your pc to your 360, so what good will modding do now, except for pretty led lights and pirating games?

I don't think he "issued a challenge," especially since they already admitted defeat in the same article.
True, it's going to get modded eventually, probably soon after the release.

Modding isn't the easiest thing to do for the common person though, as far as I've seen anyways.
But the way we have done the design doesn't mean that it [the mod] will work on somebody else's machine.
So what happens when it's even harder for the common consumer to mod their xbox. Will this decrease the number of people who mod? :confused:

You can stream audio, video, and pictures from your pc to your 360, so what good will modding do now, except for pretty led lights and pirating games?

As long as you only want to stream WMV that is.... I for one will mod my 360 as soon as they release XBMC for it. =)

The X360 streams video,music and pictures to the TV so people will only mod for pirated games now.

Everything can be cracked given time. I reckon MS has really made it a real ball ache though :D

wait a sec the xbox 360 will have an hd. Well some will. all one has to do to make it play other formats is upload the codexs for those formats. I'm not see that being a big problem. Ms will most likely have build some sort of function in just for that reason. so they can update the xbox360 OS.

"There are going to be levels of security in this box that the hacker community has never seen before."

Princess Leia: "The more you tighten your grip, Tarkin, the more star systems will slip through your fingers..."

wait a sec the xbox 360 will have an hd. Well some will. all one has to do to make it play other formats is upload the codexs for those formats. I'm not see that being a big problem. Ms will most likely have build some sort of function in just for that reason. so they can update the xbox360 OS.

I hope you're right. And that would be another way for MS to support the HD, I suppose. But MS might decide to be dicks about it. It is, after all, THEIR HD. I wouldn't be surprised if it came pre-loaded with a few instrucition sets, telling the 360 what it should and should not allow to go on. MS obviously wants to push the Windows video format. Why should they help out guys like XVid when they don't have to?

Because of the security issues raised I hardly think you will be able to upload anything, least of all codecs to the xbox Mrbunchypants. At least that is my guess...

And why would they promote other formats than their own? Also they will hardly pay money to Apple etc for quicktime support and other closed formats.

didnt it take a while for the original xbox to get hacked? i remember reading in the newspaper that a guy from MIT hacked it for a project or something, but it seemed like just short of a year from the console being released..

Microsoft will be promoting interoperability between Vista and X360, meaning that you might be able to easily convert and transfer some media formats over to the box (Where they'll likely end up as .wmv and .wma or some other crap).

Princess Leia: "The more you tighten your grip, Tarkin, the more star systems will slip through your fingers..."

Oh geez.

"So here's how it is, Mr. Gates: if you don't let people pirate games easily, they won't play them at all! So... you... still won't really be getting any money either way."

didnt it take a while for the original xbox to get hacked? i remember reading in the newspaper that a guy from MIT hacked it for a project or something, but it seemed like just short of a year from the console being released..
Huang, a graduate student at MIT, broke the first Xbox's security using a custom designed differential signal analyzer using a FGPA and very careful design (the FPGAs back then weren't quite fast enough for the job). He basically sniffed the Hypertransport bus looking for the 128 bit RC4 key required to decrypt and verify the external boot ROM. The entire process took around a month from initial conception to successful attack.

The whole problem with the Xbox's security was that once you broke security once on a single unit, security was compromised on all units even with their newer schemes after the initial breach.

I would imagine the new Xbox 360 will employ individually signed boot ROMs, guarded pointers, and a variety of other soft protection schemes. It probably will have a few simple physical security measures too (i.e. coating the PCB to make it difficult to expose the leads without damaging the board, etc). Once you have to attack each system individually with moderate to expensive hardware versus just one for the whole, they've effectively solved the issue.

Oh geez.

"So here's how it is, Mr. Gates: if you don't let people pirate games easily, they won't play them at all! So... you... still won't really be getting any money either way."Someone has trouble with Comprehension...

No system has ever been or ever will be hack-proof. All MS is doing is buying time... and they know it. Hell, they admitted it. It really makes me wonder why they spend any money trying.

No system has ever been or ever will be hack-proof. All MS is doing is buying time... and they know it. Hell, they admitted it. It really makes me wonder why they spend any money trying.
If it costs more than $500 per a unit to defeat security, then they've accomplished their goal.

If it costs more than $500 per a unit to defeat security, then they've accomplished their goal.
Exactly. There's a reason you don't see many (if any) modded Gamecubes out there.

What one is forgetting is that they are promoting connectivity (sp?) to your computer. as we all know about hacking on computers. so lets say you take the OS off the xbox decompile it and then make a ver. that cna run on your comp. all of a sudden you can connect to live. and that opens awhole new door for hacking. Maybe the hacker will make there own live like some did with battlenet.
All i'm saying is that the momment you hook up anything to a computer thing can be hacked/modded.

As for updates i think you will see it. maybe not for playing vids but for drivers for the system itself.

Someone has trouble with Comprehension...

Someone else has trouble with capitalization. :)

Anyways, I think 'hack-proof' was quite a big exagerration, as has been pointed out. Obviously there's no way it'll stay hack-proof for long even if it's tough at first.

What one is forgetting is that they are promoting connectivity (sp?) to your computer. as we all know about hacking on computers. so lets say you take the OS off the xbox decompile it and then make a ver. that cna run on your comp. all of a sudden you can connect to live. and that opens awhole new door for hacking.That made no sense at all.

Someone else has trouble with capitalization. :)

Anyways, I think 'hack-proof' was quite a big exagerration, as has been pointed out. Obviously there's no way it'll stay hack-proof for long even if it's tough at first.Basically my point was that making some crazy level of security that costs millions of dollars to develop is a waste. MS saying that "it's something hackers have never seen before" is just going to encourage more people to try to hack it faster.

They should just put some low level cheap security on there because the real hackers will ALWAYS have modded devices, and the Joe Sixpacks will be kept in line with basic security, yet still be happy with the basic un-modded devices...

Basically my point was that making some crazy level of security that costs millions of dollars to develop is a waste. MS saying that "it's something hackers have never seen before" is just going to encourage more people to try to hack it faster.

They should just put some low level cheap security on there because the real hackers will ALWAYS have modded devices, and the Joe Sixpacks will be kept in line with basic security, yet still be happy with the basic un-modded devices...
First, this isn't crazy security that costs millions of dollars to develop... this does not even incorporate FIPS 140-2 Level 1 devices. The more expensive option they could have persued would have been completely proprietary media which would cost more than just single digit millions. Second, the cost of piracy and modding units sold at a loss easily out weight a couple million dollars. Third, strong security does not require obscurity. Fourth, the assumption that it is impossible to build a device, with security strong enough that all those interested would not be capable of defeating it, is false. Take a look at FIPS 140-2 Level 3 devices... or even FIPS 140-2 Level 2 devices.

Just because some engineer stuck a differential signal analyzer on Hypertransport and grabbed a plaintext insecure key off of Xbox doesn't mean that all hardware security is weak or that there must exist a cost effective avenue of attack. Heck, someone with access to a high speed analyzer could have done the same thing Huang did in less than 24 hours from conception to successful attack instead of 4 weeks, but it would have cost 3 orders of magnitude more to do it. Apparently no one with access to such hardware was even remotely interested in breaking Xbox security (high speed analyzers are fairly common at ASIC companies and can be found at various educational institutes).

All Microsoft needs is to raise the cost of breaking security to a level where it is either infeasible or simply of no interest. Microsoft doesn't even need to raise the bar very high... if they just design the security in such a fashion that breaking the security of one device does not compromise that of another, and that process requires a moderately priced analyzer (i.e. a couple thousand dollars), then they've basically solved the problem they set out to address.

Kentor knows what’s up. I don’t expect the 360 to be hacked for a long time, if ever. If it is hacked it’ll probably be through a security hole some developer left in their game.

Better to have security to prevent (or at least delay) hacking, than nothing at all. Trying to produce the X360 with no security whatsoever is suicide.

I'm actually anticipating the release of the 360 so that the price of the original xbox goes way down and I can buy one or 2 on the cheap and mod them.

Crap. Does this mean that this friend of mine that I know has to start buying games?! He'll be sad when I tell him!

As I said on Joystiq:
If it doesn't use Trusted Computing hardware/software, I'll eat my hat. It could well be that MS are using hackers' arrogance against them, testing the waters with the 360 before they start rolling out Vista and TC proper.

Pfft, right when that thing is released there will be mods all over the place.

Eh...

Take this however you like, but I know for a fact that quite a few well known 'groups' have been reverse engineering the development kits for months. Modding the console is not going to be difficult.

If the following picture I've provided is against EvilAvatar's TOS, just remove it.

Mod Inside (http://img359.imageshack.us/my.php?image=smartxxxbx3606bi.jpg)

...um yeah, cause you really think MS is going to have their rights management in place on the devkits?

I have no doubt there will be cracks, hacks, and modchips galore, but I don't expect them to show up on day one. :-)

I think the cost of modding an individual unit is what's important, as long as this is high enough then people will have less incentive to mod. With even more games live-enabled this will reduce incentive.

The ps2 has already come some way along on this, it's always been far more expensive to get mods done for ps2s than xboxes round here. This has been to the point where I just outlayed for a pstwo import unit rather than stuffing around with mods.

As long as you only want to stream WMV that is.... I for one will mod my 360 as soon as they release XBMC for it. =)

/me throws his hat in with this group... =)

trying to stop modders on anything just seems to be an excersize in staving off the inevitable. which is fair enough, and i totally see why they need to do it. but anyone who claims anything to be 'unhackable' even half-seriously is naive in the extreme.

/me throws his hat in with this group... =)

trying to stop modders on anything just seems to be an excersize in staving off the inevitable. which is fair enough, and i totally see why they need to do it. but anyone who claims anything to be 'unhackable' even half-seriously is naive in the extreme.Depends on what you mean by unhackable. Trying to defeat a properly implemented AES-256 cypher enroute is an exercise in futility. Whether the system is just as impervious as a whole is an entirely different matter though. The entire point of security is to raise the cost an attack to such a point where it would be infeasible in either resources or time, or of such cost that an attack would be of no interest. If such criteria is met, the system is unbreakable for all intents and purposes.

With the example of symmetric key cryptography, the entire point is of using the cypher is to delay compromising information until the worth of that information is essentially null. In most cases, a cypher that cannot be broken via brute force attacks for a couple hundred years, based upon projections of available computational power, is more than sufficient. This principal extends to physical security as well.

A FIPS 140-2 Level 4 certification is the highest government certification level for cryptographic devices by NIST conducted by independent labs and typically reviewed by the NSA. Devices in this catagory have verified implementations, provides tamper evidence when any CSP is accessed, active erasure of all CSP upon breach, physically hardened enclosures, and a complete environmental envelope where any intrusion results in erasure of CSP data.

For almost all uses, a FIPS 140-2 Level 4 device is more than sufficient. These are not PCs. They are typically custom embedded platforms impervious to software attacks, with verified cryptographic implementations, and hardened against environmental attacks (i.e. attempting to discern information via EM emisions, breaching the enclosure in anyway in any environment, etc).

Sure, they're not perfect, but I have never even heard of such a device being compromised. Most US government certified communication or storage devices (i.e. those used by US DoD, CIA, NSA, etc) are typically FIPS 140-2 Level 1 or 2.

Here's what Kentor is saying in plain english:

If a jewelry store has a million dollars of diamonds and it only takes a thousand dollars worth of robbery equipment to break in and steal, then the diamonds will be stolen.

However, if another jewelry store has a powerful enough security system with laser sensors and four inch steel doors and stuff, and it costs over a million dollars to break in, then the million dollars worth of diamonds would not be stolen because they would not be worth stealing.

The first jewelry store is the original xbox, the second store is (presumably) the 360.