A computer science graduate student claims to have cracked the security system in Microsoft Corp.'s Xbox game console, potentially allowing users to run software of their choice on the device.
Using a custom circuit board, made in spare time in a three week period for a total cost of about US$50, Massachusetts Institute of Technology (MIT) student Andrew Huang was able to tap traffic between Xbox components and uncover the keys that unlock the device's protection, he wrote in a research paper published on his MIT Web site last week. http://web.mit.edu/bunnie/www/proj/anatak/AIM-2002-008.pdfThe Xbox's decryption algorithm and security key are housed securely in a chip inside the Xbox, but can be intercepted using "simple custom hardware" because they are sent to the Xbox's processor over a set of unsecured high speed connections, or buses, according to Huang's paper.
The security in the Xbox is used to authenticate the system's boot sequence and the software that it runs. With the keys in hand, a technically advanced user could create his own boot image and run other software on the Xbox. Connectors originally installed for fault checking during manufacturing can be used to reprogram the Xbox motherboard, according to Huang in his paper.
One contributor to a long discussion on the Xbox crack on the Slashdot.org news Web site wrote he would like to be able to load the Linux operating system and a media player for the DivX media format onto the Xbox.
That might not be possible for a while though. Huang sees the uncovering of the keys as a first step. "It is now possible to investigate the kernel and bootloader in more detail," he wrote in his paper.
Huang won't publish the keys as they are Microsoft's intellectual property, he wrote last weekend in an online forum dedicated to Xbox hacking. Huang, in another posting to the same forum under his nickname "bunnie," also states that he did the work on the Xbox in February, but that it "took about three months to get it positioned and cleared with both MIT and Microsoft."
Nobody at Microsoft was available for comment.