Security Attacks to Run Your Code on the Xbox
written by Michael Steil, 2 May 2002 (Updated 1 July 2002)
The Xbox designers were very careful preventing to run non-licensed and non-game software on the console, since Microsoft sells the machine for less money than the individual components cost and can only make money by selling games. Of course they don't want people to buy Xboxes and run Linux on it. This document points out some possible attacks at Xbox security.
Of course it is not only important to find a security hole - it has to be hard or impossible to fix it, so that hacks will work with future versions of the Xbox, too.
Replace the ROM
The Xbox contains a 1 MB ROM chip, which can be replaced, if you have very good soldering skills. The ROM chip contains four identical copies of the 256 KB software, the startup animation and the Xbox kernel. Apparently the encrypted ROM contents get decrypted by some hardware (although there is some plain-text decryption code in the ROM, which never gets run).
Chances: Replacing the kernel in ROM would make it possible to run anything, for instance by loading some other software from the hard disk, but replacing the chip is a lot of work and the encryption is still a topic to work on.
Possible fixes: Microsoft can change the encryption of the ROM in future versions and integrate ROM into custom chips (as done on GameCube).
Replace the Main Program on Hard Disk
After its initialization, if there is no game in the DVD drive, the kernel loads xboxdash.xbe from hard disk into memory, which starts the audio player, the DVD player or, if there is no disc in the drive, the "Dashboard" main menu.
Chances: Modifying this program could make it possible to run our code, but xboxdash.xbe is signed with a 1024 bit key, so the kernel would need a bug somewhere.
Possible fixes: Microsoft can start shipping new Xboxes with a fixed kernel.
Replace Components of the Main Program on Hard Disk
All x86 code outside xboxdash.xbe is in the file settings_adoc.xip, which is (despite its name) an XBE file, so only a faulty kernel would permit us to modify it. All other files on the hard disk are not signed, but they contain no x86 code.
Chances: If there is a bug in the kernel, both the main program and settings_adoc.xip can be modified, but it would make more sense to modify the main program.
Possible fixes: Fixed kernel.
Data Structures on Hard Disk
Most internet server software volatility is caused by string buffer overflows: The hacker sends an invalid input to a program, which causes the software to overwrite its own code and run the code in the user data.
Chances: We could either modify the FATX file system, so that the kernel crashes, or some data in the *.xtf, *.xip and *.wav files to make xboxdash.xbe crash. Since all software on the Xbox runs in kernel mode (ring 0), this would immediately give us full control on the machine. Disassembly of the kernel and xboxdash.xbe might help a lot.
Possible fixes: Microsoft could fix the kernel or xboxdash.xbe and make it impossible to exchange xboxdash.xbe with the old faulty version by changing the signature the new kernel expects.
Create a Bootable Disk
Another possibility might be to make our code run that we supply via the DVD drive. The kernel can start software on DVDs and CDs (note that the DVD drive laser cannot read most CD-Rs, but CD-RWs are okay).
Chances: Creating a bootable CD might be possible, but again, we would need a signed executable. A faulty CD filesystem structure could make the kernel crash (putting the kernel in an infinite loop with a faulty CD has already been done).
Possible fixes: Fixed kernel and.
Replace Components of a Game
A game could store some executable code in unsigned external files or crash on invalid data.
Chances: Although the copy protection would probably prevent us from running a signed game executable on a different CD, this file could become the key for starting our code, as soon as it is known how to run a game binary on a different CD or on hard disk. Using the game executable as a replacement for xboxdash.xbe is another idea. Perhaps we can change the cached data on hard disk instead of creating a modified CD/DVD.
Possible fixes: It is impossible for Microsoft to change the Xbox software, so that it won't run this game executable any more, because all media with this game would have to be exchanged then. But they could make the loader checksum parts of the DVD of this specific game so that the faulty game can only be executed on the unmodified DVD.
Network
Many games make use of the network connection. Faulty game software might crash on invalid data.
Chances: Just as with data on the hard disk or DVD, invalid data from the network connection might permit us to transmit our code. Bugs found in the Windows 2000 TCP/IP stack might also be in the Xbox software.
Possible fixes: Bugs in the kernel can be fixed, but bugs in software are, as already said, hard to fix.
USB hardware
The infrared receiver of the DVD remote control kit, which gets plugged into one of the USB ports, contains some ROM.
Chances: Modifying the ROM of the infrared receiver might make it possible to execute our code. Building our own (faulty) USB device might crash xboxdash.xbe. Both approaches are complicated and expensive, though.
Possible fixes: Unclear, since it is not known how exactly the ROM works.
LPC Port
It is possible to connect LPC hardware to the 15 LPC pins onm the board. Microsoft's internal version of the Xbox had a Super I/O chip with a serial port connected to it.
Chances: By connecting a device to the LPC port, we might be able to replace the ROM this way, or influence the Xbox kernel in another way (the first (US) kernel version included detection routines for a Super I/O chip at the LPC, and routines to access the serial port, but these are now removed).
Possible fixes: Microsoft might remove the debug pins or disable the corresponding kernel functions (they already have?).
Conclusion
There are many possible attacks. Most of them only work if there are bugs in the system software. Since Microsoft has had severe security problems with its software in the past, there might be a good chance to successfully hack the Xbox.