22C3 - 2.2

22nd Chaos Communication Congress
Private Investigations

Speakers
Felix Domke
Michael Steil
Schedule
Day 3
Room Saal 1
Start time 18:00
Duration 02:00
Info
ID 559
Event type Lecture
Track Hacking
Language English
Feedback

"Xbox" and "Xbox 360" Hacking

17 Mistakes Microsoft Made in the Xbox Security System & Xbox 360 Hacking

A lot about Xbox hacking has been published earlier. This talk summarizes all this, explains some very cool new hacks and analyzes the 15 mistakes Microsoft made in the Xbox security system. It also gives an introduction on the Xbox 360.

We have made talks on the Xbox security on 19C3 and 20C3. One might think that there is nothing new about Xbox hacking, and in a way that is true - there is few really new information, but a lot of information that the Xbox Linux Project has never published earlier: For example, it has never been revealed how easily the "Xbox V1.1" has been hacked - so that Microsoft would be unable to fix it, and we could use this method for future Xboxes. (The specific flaw of the x86 architecture that is responsible for this can possibly be used to circumvent any Trusted Computing BIOS!)

The talk also summarizes all hacks that have been done and all flaws that have been found in the Xbox security system. It analyzes how Microsoft designed the security system and explains the 15 mistakes they made. Fifteen mistakes... in a video game console security system... 7 mistakes in the design, 6 mistakes in the implementation and 2 mistakes in their policies. And these are *types* of mistakes - they made several mistakes more than once, in different fields. In the remaining time, we will talk about the Xbox 360 security system. The release date of the Xbox is late November, just one month before the 22C3, but we are certain that we will still be able to present a lot of interesting information about the Xbox 360 security system as well as approaches to hacking it.