A group of hackers has designed a stunning attack to run arbitrary code on Xbox. XBox uses a hypervisor (or boot loader) that checks that the software that is running is properly signed (or does not have the wrong hash). They use fault injection techniques, here glitching. The aim of the attack is to make the processor derail after a serious glitch when applied at the precise moment. This technique was initially designed to attack smart cards or secure processors (For instance, see chapter 9 of Markantonakis and K. Mayes, Smart Cards, Tokens, Security and Applications, Springer-Verlag New York, 2008)
In the case of Xbox, the attackers had to produce a 100 nS glitch on the chip reset when it compares the calculated hash with the stored values. If well designed, the glitch should make the memcmp positively fail and thus should allow to run arbitrary code. They had to succeed two challenges:
- Find the precise moment for the glitch to occur, and find the right shape for this pulse
- Find a method to slow down the processor; with a slower processor, the accuracy of the glitch can be reduced.
They succeeded! It is interesting to note that they had to design two solutions: one for the fat Xbox, and one for the slim one. They have different PCBs. For the fot box, they found a pin to slow down the CPU, whereas for the slim one, they attacked PLL by over writing parameters in an I2C memory (this old serial bus is not protected).
It is a nice piece of reverse engineering. This is not a consumer-grade hack. It is extremely complex. I believe that here, the motivations are purely to succeed a technical challenge (real Hackers).
- As always, Law 1 is true. Attackers will always find a way.
- Attackers may use top-notch techniques.