Embed Size (px)
Citation preview
Table Of Contents
• History• Hardware & Technical specification• Security• Xbox Hardware Cryptosystem overview• Security Issues • Conclusion
Develoment• within Microsoft by a small team that included game developer Seamus
Blackley (an agent with Creative Artists Agency representing video game creators).
• Originally named "DirectX-box
• launch price was pretty high ( Europe 479.99 € in2002; North America 299 $ in 2001; Oceania 699 AU$ in 2002). With a price-dropped PlayStation 2 (more then 100 € or $ cheaper)
• CPU: 32-bit 733 MHz Coppermine-based Mobile Celeron in Micro-PGA2 package. 180 nm process. ( 32 KB L1 cache 128 KB on-die L2 "Advanced Transfer Cache". )
• Shared memory subsystem – 64 MB DDR SDRAM at 200 MHz; 6.4 GB/s
• GPU and system chipset: 233 MHz "NV2A" ASIC. Co-developed by Microsoft and NVIDIA. – Similar to the GeForce 3 and GeForce 4 PC GPUs.
• Storage media – 2x – 5x (2.6 MB/s – 6.6 MB/s) CAV DVD-ROM – 8 or 10 GB, 3.5 in, 5,400 RPM hard disk. Formatted to 8 GB. FATX file system. – Optional 8 MB memory card for saved game file transfer.
• Audio processor: NVIDIA "MCPX" (a.k.a. SoundStorm "NVAPU") – 64 3D sound channels (up to 256 stereo voices) – Monaural, Stereo, Dolby Surround, Dolby Digital Live 5.1, and dts Surround (DVD movies only) audio output options
• Integrated 10/100BASE-TX wired ethernet • DVD movie playback • A/V outputs: composite video, S-Video, component video, SCART, Optical Digital TOSLINK,
and stereo RCA analog audio • Resolutions: 480i, 576i, 480p, 720p and 1080i • Controller ports: 4 proprietary USB ports
Hardware & Technical Specification
Xbox Hardware Cryptosystem Overview
• The Xbox crypto protocol presents a strong defense in the face of unsecured FLASH ROM-based modifications (boots from a 512-byte secret boot block that is hard-coded into the southbridge system ASIC )
• The bootloader is encrypted with RC-4 using a 128-bit key• having an external (reprogrammable) 1 MB Flash ROM chip
(models since 2003 have only 256 KB)• Microsoft stored 512 bytes of code in the Xbox' Southbridge,
the MCPX (Media and Communications Processor for Xbox), which is manufactured by nVidia
Xcode0x02 PEEK ACC := MEM[OP1]
0x03 POKE MEM[OP1] := OP2
0x04 POKEPCI PCICONF[OP1] := OP2
0x05 PEEKPCI ACC := PCICONF[OP1]
0x06 AND/OR ACC := (ACC & OP1) | OP2
0x07 (prefix) execute the instruction code in OP1 with OP1 := OP2, OP2 := ACC
0x08 BNE IF ACC = OP1 THEN PC := PC + OP2
0x09 BRA PC := PC + OP2
0x10 AND/OR ACC2 (unused/defunct) ACC2 := (ACC2 & OP1) | OP2
0x11 OUTB PORT[OP1] := OP2
0x12 INB ACC := PORT(OP1)
0xEE END
struct { char opcode; int op1; int op2;} *p;int acc; p = 0xFFF00080; while(1) { switch(p->opcode) { case 2: acc = *((int*)p->op1); break;
case 3: *((int*)p->op1) = p->op2; break; case 4: outl(p->op1, 0x0CF8); outl(p->op2, 0x0CFC); break; case 5: ... case 0xEE: goto end; } p++;}end:
the interpreter, rewritten in C, looks roughly like this:
POKEPCI
mov eax, 80000880h mov dx, 0CF8h out dx, eax add dl, 4 mov al, 2 out dx, alThis code sets bit #1 in the PCI config space, device
0:1:0, register offset 0x80 (coded in 0x80000880).
POKEPCI cont.cmp ebx, 80000880h ; ISA Bridge, MCPX disable? jnz short not_mcpx_disable ; no and ecx, not 2 ; clear bit 1not_mcpx_disable: mov eax, ebx mov dx, 0CF8h out dx, eax ; PCI configuration address add dl, 4 mov eax, ecx out dx, eax ; PCI configuration data jmp short next_instruction
Halt mov eax, ds:95FE4h cmp eax, 7854794Ah jnz short bad_checkcode mov eax, ds:90000h jmp eax ; jump to decrypted second bootloader in RAM
bad_checkcode: mov eax, 80000880h ; prepare MCPX ROM disable
mov dx, 0CF8h out dx, eax jmp far ptr 8:0FFFFFFFAh ; jump to end of ROM, wraparound[...]
FFFA: ; this is address FFFFFFFA
add dl, 4 mov al, 2 out dx, al; ------ this is address 00000000 ------
VISOR TRICK
POKE 0x00000000, 0x001000B8 ;
store "mov eax, 0xFF001000;
jmp eax"
POKE 0x00000004, 0x90E0FFFF ; at 0x00000000 in memory
END
; now we can place our code at 0x1000 in Flash
Conclusion
• The design of first MCPX was wrong and implementation was catastrophic
• The design of second version was a lot better, but the implementation was not.
• With working hash function and without various security holes, the system would be pretty secure.
