XBox encryption key hackers throw in towel
- — 09 January, 2003 07:39
The Neo Project, a group of distributed computing enthusiasts, has abandoned its attempt to crack an encryption key used to digitally sign software for Microsoft Corp.'s Xbox video game console, after just four days.
Many hackers are searching for ways to run their own software on the Xbox, but so far they have been thwarted by a security mechanism in the console that only allows applications to run if they are digitally signed with Microsoft's 2048-bit private encryption key, according to one such group, the Xbox Linux Project.
On Jan. 3, The Neo Project posted code on its Web site that would allow supporters to use their PC's idle time to participate in a search for Microsoft's private encryption key using distributed computing techniques. Distributed computing breaks down complex calculations into many simple tasks that can be run in parallel on a network of computers.
The next day, The Neo Project posted a notice on its home page saying that if the Xbox project was found to be illegal, or if the group was approached by Microsoft, "We will be ditching the Xbox project all together as we cannot afford the legal fees," according to an archive copy of the page held in the cache of the search engine Google.
By Jan. 7, The Neo Project's home page had changed to read "Due to legal reasons, we will no longer be hosting or participating in the Xbox challenge," and the application containing the code to crack the Xbox key was no longer available for download from the site.
The organizers of The Neo Project could not immediately be reached for comment.
Many distributed-computing projects have sprung up to respond to challenges issued by encryption and security system vendors to solve arbitrary cryptographic problems by brute force. Hundreds of thousands of dollars in prize money are available to those who are first to crack the codes. The vendors gain because they are able to demonstrate that it can take months of work by thousands of computers in order to crack a single key.
The Neo Project began life last July as an attempt to crack the US$10,000 RSA-576 Factoring Challenge, sponsored by RSA Security Inc., before turning its attention in January to Microsoft's real-life application of the same algorithm.
Project supporters expressed mixed feelings in the group's online discussion forum about the search for the Xbox key. One member, signing their message "Guspaz," said they had joined the project solely to participate in the search for the key. "I'm saddened by the Neo project's lack of resolve. (...)," the member said. "Hopefully someone else will have the balls to put up a DC (distributed computing) network and stick with it."
Another, "Nemaroller," thought it was "a brilliant move to discontinue the project," saying it was nonconstructive and at the expense of a company that was trying to protect the investment of billions of dollars of its stockholders' money.