If you don't want to update your xbox via XBOX LIVE you can go to
XBOX Update
and download a file that you burn to a CD-R it automaticaly runs and updates your 360. I asume it copies the emulator to the HD. But it obviously gets past security. Why not decript and uncompile. The file is just a default.xex the new default.xbe. After the update it installes the emulator. It is differnt from when it is updated from XBOX LIVE. It has an all new loading screen when you play an original xbox game. Also on some games the only way out is to eject the game. The XBOX button on the controller dosen't let you get to the dashboard. Thier is already is xbox 360 game iso extraction tool why not make a program that fits on to a CD-R that looks like a legit XBOX-360 game. Install own programs, or whole operating systems that support multipal processors of couse. I was at Wal-Mart on day when the XBOX tech was thier. The xbox 360 was causing problems with thier handheld scanners because of the wireless capabilities. I stood around and watched what she did. She incerted a normal CD-R labeled 360 update and the date it was made. She incerted the disc, It automatical ran, she then rebooted the xbox because it didn't reboot by itself, "asuming it was supposed to because she waited like 3 minutes befor doing so." She then incerted another CD-R some sort of test disc. She just put it in then went to play game. Some sort of menu screen came up then she eject the disc and told the Wal-Mart manager that it was fixed.

Think outside the XBOX !!!

Well this has been talked about in other forums. The update file is signed by MS. Any modification to it and the signiture is broken. The CD's that the retailers have are something of interest though but then again, if we dump the contents of those CDs and modify it, we break the signiture and can't load it into an unmodded 360.

UPDATES’
°! ¼MEDIA’,QñN$
€à ¨e–.CLw•;`£ŒÝ”rXé \Device\CdRom0\default.xex'‚Cv‰åinstallupdate.exe”XRTLLIB3@XAPILIB3@LIBCMT3@XBOXKRNL3@D3D93@XUIRUN3@
XUIRNDR3@XAUD3@XGRAPHC3@@


xam.xexxboxkrnl.exeÍÍÍXÎ*

So far this is all I could get out of the default.xex. As far as the signature why can't we recreate the signature. I am sure someone can get ahold of a program that is "like" the original xdk acourding to the xbox developer site some compainies are useing the same xdk that was for the old xbox for the 360.
Shows some of the things that the default.xex dose.

Also I was reading that if you format an external usb HD with FAT32 and make sure it is small enough you can get an xbox 360 to acesses data off of it. http://llamma.com/xbox360/mods/USB%20Hard%20Drive%20Mod.htm

I asume you also could get the xbox to get information to run from something such as a PDA and a secure digital card.

that has nothign to do with signing, MS does all the singing themselves, its never left to 3rd parties

look for the other threadont eh digital signature in 360 hacking general, that will have info on it

First you just need MS's secure private key. It cannot be extracted from the development kits, or from an X-Box 360 game disk. When you apply a public/private keypair encrytion routine to a disk, the private key cannot be recovered from the disk without millions of years of brute-force decryption. The fastest computers that exist are still at LEAST a million times too slow to crack the MS private key. The public key can be obtained, but that is no good at all without its counterpart.

You cannot recreate the signature. Nor can anyone else, other than MS.

i agree with your argument of course, however i don't agree on the bold claim of computers not being able to crack this code without millions of years. first of all, thats what clusters of computers can be used for, lets not talk in terms of a computer. plus also, when anybody makes such a claim, they seem to forget to take into account that computers do get faster, and there are more of them year upon year. of course, if anybody happens to have a cluster of supercomputers at their mercy, feel free to share.....

i'd also like to add that, if you have thought of some simple way to exploit some kind of loophole in order to run unsigned code, then MS have probably already thought of it, they did spend 2 years on the security for this machine.

thank you, at least i know theres some people in the forum with some common sense

the way i look at it, if you can think of a way to mod 360 in 3 weeks, and i can think of a way it wont work in 3 seconds, then MS thought of both of them long before we did

Oh for crying out loud.

Read my posts in this thread; I don't feel like typing it up again. In a nutshell: if you multiplied the number of computers on the planet by a trillion, and made them all a trillion times faster, and networked every single one of them together and used the resultant cluster to try to brute-force RSA... it wouldn't take millions of years. It wouldn't take billions of years, it wouldn't take trillions of years. It would take unimaginably more than a googol googol years. Even if every single subatomic particle in the universe were in actuality a computer a trillion times faster than today's computers, and even if all of them were networked into one gigantic cluster, it would still take many many times longer than the total age of the universe to complete.

I mean, c'mon. Seriously. RSA is used by banks to protect customer data, it's used by the United States government to secure top-secret information. You don't think that one of them might've at one time thought, "Hey, you know, computers do get faster... perhaps we should pick a key length sufficient to withstand a brute force attack far into the imaginable future?"

My brain just exploded.

People need to do some research on cryptography before they start flapping their gums.

Then look up why people are afraid of quantum computing.

The sheer amount of data involved means that irrespective of the requisite amount of processing time, all the computers currently extant, including obsolete machines, and those not in use, would not have enough storage between them all to handle it effectively. You are speaking of hunting through countiless giant prime numbers. Please read VoiceofReason's other post that he linked to. The sheer genius of RSA-2048 encryption is that it is a googolplex times easier to easier to create a keypair than it is to crack the resultant signature. The numbers are so big that it would probably take the lifetime of the universe to find them. Unless you start from the position of knowing what the two factors are, you'll never live to see the encrytion broken, no matter how much you apply Moore's Law. It didn't happen on the X-Box 1, and it probably won't happen on the X-Box 360.


The most intelligent comment I have seen in this group of sub-forums.

I want to do research. Can I get a link?

http://www.qubit.org/ Click on the tutorials link.

The signature key of the RSA is embedded on each of the media[corrent me if I am wrong] on each individual disc and is 256 bit characters wide. Meaning, on todays 64 bit processors, we would need to string and compare each individual sector with a 4 string 64 bit string each time for each instruction with algorithms requiring runtime of O(n^2). Now, although runtime does not mean crap in terms of modern day computing for just regular appliactions, doing bruteforce check for passwords on simple zip files with only 5 characters takes a good hour on a small zip file. Now applying the same logic for an 8 gig disc with 256 bit character wide key[not even knowing if it is spread across several different sectors], that would take many many years straight with no breaks in between. Just my 2 cents [if anyone can correct me, thats cool]. It would not take many trillions of years, but I would say using the bruteforce method, it would take more years than the consoles life time to crack the RSA key implemented for the 360.

You're wrong, in too many particulars to list. I'm not gonna corrent you because I'm sick of correnting people who didn't bother to read the goddamn thread. Read my postings in this thread and General Technical and you'll understand how wrong you are.

Why don't we just create a program to brute force the RSA encryption on the xbox 360, and have it run on our currently idle, or soon to be idle, xboxs?

That would put them to good use, heck maybe even run some wierd DX calls and have the GPU help the CPU out with calculations.

Because if all the Xboxes that were ever made got together and had baby Xboxes, a thousand Xboxes each, and every single one of those Xboxes got to work brute forcing RSA, the sun would expand to a red giant and collapse, all the stars would grow dim, and the universe would fade to a featureless void before they were a minuscule fraction of a minuscule fraction of a minuscule fraction complete.

It was a joke!

Designated by the

Anyway I originally had a disclaimer in small text in there, but the forums suddenly read the -7 size text as a gigantic font size, kinda the opposite of what I wanted.

yeah, one thing though. didn't Xbox-Linux make a supercomputer out of some Xboxes? Well as far as my knowledge goes, the xbox cpu is 128 bit processor, link some of these babies up and you got yourself something that might be able to decrypt the code *cough* in a couple of years *cough**cough*.

I concur, the more you read about the 2048 bit key, the more you will understand that you have more chance of your XBOX 360 sprouting wings and flying south for the winter.



CPU: OK, 10^307 keys to go, jeez I been working on this for a million years already, GPU, can you give me a hand here?

GPU: Sure!!! What do you want me to paint?

CPU: Ahem, paint??? Get your f***ing calculator out mate!

GPU: Calu-what? I have all these pipelines, I suppose if you give me some matrices I can transform them into some amazing polygons for you? Textured, bump mapped and everything?

CPU: No, I need you to help me with this b***ard of a sum, it's doing my head in!!!

GPU: What about some specularity light maps, I can produce some amazingly authentic HDR-L effects? Maybe I can shed some light on the problem?

CPU: Never mind, I got more problems here now, I think part of my ALU just melted... I just ran a thread that contained a posting from XBOX Scene forums, I happened to spot a string as it passed by, it read 'Why can't we brute force hack the XBOX 720s 8192 bit RSA key?'. I think I am going to have a break down!! Mediiiiiic!!

EDIT: PS - Yes, you can use GPU to do some calculations, but it's still not going to make sod all difference.

128bit?? It's a Pentium III 750! 32bit...

This time, I caught the sarcasm

Sounds like the only way we will ever be able to make something and burn it on a disk to run in a default xbox360 would be to get ahold of the program at MS that signs these things.

sorry guys... it's been thought of... we tried to crack the first key to no avail... there was one project started... but I never heard of any success... and it would take an enormous amount of time to crack the key... so for now let's not even try and approach this method

It would be easier to hack MS

It would be easier to go to the Xbox team at night and take a look in there....



You see, there is NO possibility of hacking Xbox 360 with Brute Force

totaly not xbox or xbox360 related.

but how did they do it in fact for the the dreamcast?

I have tried the selfboots but now, i ask my how did they do it.

can someone explain me how?
they boot directly from your dreamcast. did they find the key, i know they used a little sound track as raw file.
at the first track of the dics. but how did they find it? maybe i gone look i to it but it later but it's easyer to ask it here.

previous year i have seen the xbox-linux tool for the rsa key.
however did't know how it worked untill you guys explanatied it to me.

thx for the good info.

Greetz dcnigma

btw the dc stands for Dreamcast previous nick nigma at dcemulation know for the dc tonic cover at boob.co.uk shameless self promotion.

you know what those hacker guys should do ?
Make a distributed calculation program, to brute force crack the private key of MS.

They should make something like that SETI@Home program. If like 10,000 people downloaded it, it would be cracked fairly quickly wouldnt it ?

NO.
This is the size of the number that must be factored. It is not feasible to do this in an acceptable amount of time even with all the computers on earth right now.

the key was designed with distrubuted computing, clustering, and supercomputers in mind, advancements in computer technology were also factored in

we will NEVER crack the private key this way

If I see another post from someone suggesting that a brute force attack on MS's private signing key is possible I am going to actually vomit. VoiceOfReason has explained in exhaustive detail the mathematical realities of attempting to do so.

It. Wont. Happen.

If you look at the DRM hacks that have occurred in the recent past (XBOX, Apple FairPlay, CSS, etc) you will notice that NONE of them have attacked the crypto algorithm's themselves -- they simply find weaknesses in the design of the hardware, software, implementation of an algorithm etc and work AROUND it.

As it has been stated a BILLION times in this and every other xbox-related forum todate, no one is going to bust the key. Someone will eventually find a way to control the flow of instruction execution, and then the scene will begin to receive its much sought after mechanism to play unsigned code.

As equally repeatedly stated, there is alot of cash at stake here, and money is the father of xbox chip invention. Certainly the usual suspects are hard at work decapsulating chips, investigating the hardware and software in mind-bogglingly complex detail and someone will get the job done. Or continue to investigate yourself -- just don't even mention anything that sounds like "hacking/breaking/brute forcing/creating" a signing key.

Stop the insanity.

Until then, pop $60 for a game or go rent one and sit tight. It's coming.

-wP!

The Dreamcast's BIOS is set up to boot from correctly formatted CD-Rs, and there's no signing of code at all, you just have to have a legitimate 1ST_BOOT.bin. It was eventually fixed, but the console was dead by then.

On the Xbox and 360, all code has to be signed with MS' key, and be run from preset types of media only (Xbox DVD for games, but some applications such as the dash can run from HDD etc). As you can see, there's a world of difference.

I would if i could but the 360 isnt out in australia yet so get me one to keep me occupied and thinking of crap lol

Great explanation, let's hope this gets the n00b questions away..

It is possible to download games and demos through xboxlive and play them. Would it be possible to fool your xbox that it is connected to xbox live, dowload a pirated version of a game to its hd and the use a legitimate game dvd to as a "first boot bin” to play it.
Maybe you can try as an experiment what will happen if you extracted an original game, copied it to the hard drive. Tried to play the game from the hard drive with the original disk inserted.

It is my impression that the game demos that are downloaded via Live is signed with the ms key, but has no media check.
I could imagine that if someone somehow could create their own Live service and fool the x360 to download a pirated game one would run into trouble with the media check. If one could edit the executable file to avoid the media check the edited file would not be signed with the ms key and the x360 would just stop executing the file on that check.

even if we could spoof Live (which we cant) copying a game to the HD and actually playin git off the HD are 2 very different things, the media check would fail on the game you try to load from the HD, using a retail disc to load it wont work either, since the media checks are in the xex, when you load the game off the HD the checks in that xex will fail and it wont run

it seems that since my prior incarnation on XS (prior to modding the first xbox) that the technical areas of the forums are no longer to be considered technical areas.

Do the mods no longer check to see if topics have any sense?

If you are just asking questions about stuff; that is obviously not very tech etc. put it in the newbie area or something; you will get the same thread without cluttering these ones.

I appreciate not everyone has technical knowledge, but still would like to add their thought; well thats exactly what the non-tech side of the forum is for. If you want to contribute, but have no idea about a subject; then do a little research first; but chances are someone with technical know-how has already thought of it.

I cannot believe that so many people would make the same comments about the same things and still not learn... do your homework before saying 'lets get 10 pcs linked to get the key' or 'lets put an X3 in the 360'

Maybe there could be a compulsory topic to read and answer questions on before members are given access to technical discussion so it keeps them on track, and we can retain members who actually make progress for development.

Rant Rant Rant (<- My post)

Ok... finally a question I know something about. Sega used a very weak but effective copy protection on their system. I myself loved and miss my Dreamcast. The protection came as of 2 parts for the most part, and they are rather clever for the time.

First... Sega had custom GD-Roms which were almost twice the size of a CD-Rom, with a possible size of about 1 GB of data. No "standard" cd-rom can read them to this day, no matter what anyone claims. Part of the reason for that is the tracks are way closer together than a standard cdr, which would give problems with the laser not being able to stay on track. The other part is the genius part... the put a nice thick unreadable ring as a stop barrier for computer lasers to stop at... the data before those tracks is in standard format that a pc could easily read. Once the computer's laser gets to that ring though, your drive kicks the laser back thinking it reached the end of the disc. Since the Dreamcast has a custom drive in it, it is able to go beyond that ring, and it knows it is there, because that ring is on the same place on EVERY Dreamcast disc.

Second... the Boot.bin or 1stboot.bin files (cant remember...been too long) had to be scrambled to self boot, so they were encrypted a little. The only problem was that it was very weak, and easy to figure out compared to what the Xbox 360 uses. With those files, you have to tell the dreamcast EXACTLY where to start on the disc for reading actual data, by using an LBA value equivalent to the start of your actual data. I dont know why they did this... but if you create a disc by yourself that YOU ripped, with either a Coder's Cable or if you are lucky enough to have the Broadband adapter, you will have to make that change if I recall correctly... I only successfully backed up Soul Calibur from my original to see how it worked

Now that I think of it, the reason the lba was needed was that you created a first session with something of a audio track... but the ip.bin and 1stboot.bin needed to know where the second session started. I would guess that this would be to get past the ring on the discs, or to show where audio stopped and data began...You can find all this information at the "usual" Dreamcast places...lol

As for the 360... I wish people would stop speculating on the next to impossible. RSA Keys are a waste of time and effort since it would take longer than you live to even get somewhere at all with decryption... Just keep to the ways that have some sort of reality of actually working Hardware hacks are the best way, but you have to figure out how ALL of the software and security works before that can happen Give it time, and keep putting in your ideas that make somewhat sense... so we all can work together

RSA will easily be cracked within the next fifty years. A quantum computer could factor a number on the order of 10^200 in seconds. However this point is mute because the advent of quantum computing will become a reality long after the 360 and by then a more complex key will be created to adjust to this leap in computing. I am not saying that cracking the private key is an option for hacking the box, just wanted to emphasize that it will not take trillions of years to crack this key. As of today, with current technology YES, but look at the technological progress made in the last 50 years and rest assured that RSA will become obsolete soon. Just my 2 cents.

50 bajillion cell processors anyone?

Not going to work...first 50 bajillion isnt a number, cell processors arent out yet, and when they come out they wont be in computers for a few years they will be in a ps3 which will need to get hacked before we can use them

You are not going to crack MS RSA key by bruteforce attacking
You are not going to get the program with the key because no such program exists

Fuck it just break in to M$ headquarters and steal the damn thing if you want it so bad lol

That would be the ONLY way of breaking the encryption, period. This thread really should be closed, its not going anywhere.

seconded ive read through it all and it is slowly turning into a noob attack like most posts do now

[size=1][size=1][size=1][size=1]Dust off the old quantum physics book and chew on this. I AM NOT SAYING THAT BREAKING RSA IS FEASIBLE BY TODAYS STANDARDS. IT WILL NOT HAPPEN. However if (for some strange reason) you want to hang on to your 360 for your children's grandchildren, you will not need any form of modchip because you will be able to apply your own private key directly to your backup. The future generation of console at that time will have an RSA key MUCH longer though, because it will have to stay a step ahead of technology.


"Integer factorization is believed to be computationally infeasible with an ordinary computer for large numbers that are the product of two prime numbers of roughly equal size (eg. products of two 300-digit primes). By comparison, a quantum computer could solve this problem much more quickly..."

"...This ability would allow a quantum computer to "break" many of the cryptographic systems in use today, in the sense that there would be a relatively fast (polynomial time in n) algorithm for solving the problem. In particular, most of the popular public key ciphers could be much more quickly broken, including forms of RSA, ElGamal and Diffie-Hellman."

http://en.wikipedia.org/wiki/Quantum_computer

"...Hence with one fell swoop, one tick of the computer clock, a quantum operation could compute not just on one machine state, as serial computers do, but on 2^500 machine states at once! ...The reason this is an exciting result is because this answer, derived from the massive quantum parallelism achieved through superposition, is the equivalent of performing the same operation on a classical super computer with ~10^150 separate processors (which is of course impossible)!!

"...The premier application of a quantum computer capable of implementing this algorithm lies in the field of encryption, where one common (and best) encryption code, known as RSA, relies heavily on the difficulty of factoring very large composite numbers into their primes. A computer which can do this easily is naturally of great interest to numerous government agencies that use RSA -- previously considered to be "uncrackable" -- and anyone interested in electronic and financial privacy."

http://www.cs.caltech.edu/~westside/quantum-intro.html

"...Recently, an algorithm was developed for factoring numbers on a quantum computer which runs in O((Log N)^2+e) steps where e is small. This is roughly quadratic in the input size, so factoring a 1000 digit number with such an algorithm would require only a few million steps. The implication is that public key cryptosystems based on factoring may be breakable."

http://www-users.cs.york.ac.uk/~schmuel/comp/comp.html

So the reasoning of your post is we might eventually get private key when it's obsolete? I'm sure not even Bill cares for that never mind the rest of us.

Besides, (RSA or whatever the future algorithm will be) encryption is and will always be few steps ahead of ANY possible calculating capacity existing at any time. 1000 digit calculations MIGHT only need few million steps currently but secure encryption is considered (currently) to be 2048 bit+, if you can realise the difference in calculating between 1024 and 2048 you will understand it's not feasible.

Anyway, this has gone way ot and pointless to discuss in THIS forum.

My point is we will see the current RSA broken in our lifetime and it is not impossible. However yes it is indeed pointless because as you said alou, everything using this encryption today will be obsolete. Done and done.

I didnt see a link for quantum computing. Here's an understandable one if anyone cares.

http://www.cs.caltech.edu/~westside/quantum-intro.html

Hi all,

I am sorry i am new in that "hacking" thing.

I haven't update my 360 yet because I wanted to keep the security holes in case there are.

the following points are facts :

- executable are signed
- there is a media flag

I assume there is not one file in that update but several.

if the update executable is signed, it is likely that firmwares files are not signed.

I may be wrong so please correct me.

Therefore, if there are any firmwares in that update it could be possible to replace these files with homebrew files, those files not being executables and therefore not signed.

It is rare that executables do contains configuration parameteres. They often come in separate files.

therefore, we could hack the security system with homebrew configuration or firmwares files.

Do you think is it realistic ?

Thanks