http://bunniefoo.com/nostarch/HackingTheXbox_Free.pdf I came across a book that was just recently released. I found it extremely interesting and I am sure all of you will to.
??? Recently? That book was written, years, and years ago. Unless you meant the complete book is released for free?
I was about to say what HEX1GON said. I got this book for Christmas years ago, possibly when I was still in High School. Probably should reread it as my knowledge of engineering is only exponentially better since it was published.
This book is really informative. Unfortunately, it is so well documented that no recent secured platforms will ever integrate "only" these security measures. It's cool to read how Bunny actually managed to build a Logic Analyzer to sniff the Hyper Transport Bus. For anyone looking to push their knowledge of electronics engineering, this is a really good document!
Wait, what is your point? M$ tried with their budget to get protection. also prefenting a DC scene. Anyway, I think they learned allot, even without bunnies docs. In my recent studies ive found so much more information about reverseengineering that no console or device is save, its more about time, money and knowlege. Even the new Xbox and ps4 will be hacked someday, or there will be a hole in the system. its alsways posible to get in, or at least learn more about the system. Awesome I have a digital copy for free now, got it also years ago for my birthday. Please check his blog, he is doing realy intresting stuff now.
I picked up a physical copy of this book many many years ago when I was too young to understand a good amount that was in it. I was like 12 or 13, and found it off in a corner squeezed between two books in the depths of barns and noble. I've re-read it at least three times since then, and it's a fantastic book if you're into general reversing with an interest in computer security. While the security concepts are obviously much more intense in modern hardware, this is one of the very few books that walks you through the very technical side of cracking a real world locked down consumer piece of hardware wide open. It's one of the best stepping stones you can bounce off if you would like to feel your way into breaking into real world security work. I still have my copy sitting here in my desk among some of my other security books, I'd definitely suggest anyone with security interest giving it a read through if you've got the technical side to stomach it. -Doom
In security softwares you either make it impossible (or so you think) to crack a system or it's worthless. If you know a way to bypass the same security system you're implementing, chances are that there will be someone else who will figure it out. M$ did put all their eggs in one basket by adding security features that ultimately was resumed to crypto signature checks on executables and sensible files. Once you tell your system not to check the signatures of these files, your entire lockdown is just bypassed. And that's what happened with the first hacked bios. The very essence of it was simply to ignore any mismatch in signature check and load the file anyway. I agree that the way to get there and simply put in this hack seems like a tedious road. It seemed a good compromise back then as there was no conceivable way for M$ that a hacker, in his basement, could sniff the hyper-transport bus. The whole strategy of M$ was that it would be impossible for an underground punk to get the raw data exchanged on the main bus. They knew that the data would travel on visible traces on the mainboard, instead of having it all or partially concealed straight in the CPU (like the 360). They knew that if a person could get this data it would only be a matter of time before everyone starts placing the pieces in order. What they didn't count on was that a huge community would emerge and start peeking around. Some attracted by the power of the machine, others because it was really close to the hardware of a PC or others simply because they are anarchists/M$ haters. A few mistakes were made that really helped the hack, like running the whole thing in kernel mode, and choosing a generic x86 platform. Everything is so well documented on how the logic behind intel CPU operates that it made R&D really less of a guessing game. That's one of the reason why there are LPC modchips now. It's a common and well documented interface used in normal PCs.
