A presentation about XBOX security at last Chaos Computer Camp (CCC) in December 2007 sheds some interesting lights on the hack of game consoles.
During the first five minutes, Michael Steil analyses the latest hacks. According to him, the influence of the Linux community is important. PS3 is still not yet hacked perhaps because it authorized Linux community to play homebrew applications. Thus, the linux hacker community had no incentive to hack. According to his figures, where Linux community was involved, hack occurred faster. I would like to remind that DVD Jon claimed that he wrote DeCSS, the software breaking the protection of DVD, because DVD play back was not available under Linux.
After this introduction, Felix Domke detailed the hack of XBOX360. Some interesting statements, unfortunately true :Sad:
- Hackers own the flash memory, in fact the hacker controls all
- The chain of trust does not work
The analysis of the attacks and countermeasures is impressive. It is also a good introduction to secure coding techniques.
Once more, a perfect illustration of Law 1. A lesson is that game console designers should not assume that their console is trusted. The hackers may control it.
Second lesson: enthusiasm is better incentive for hacking than commercial incentive. This is true for serious hacking: reverse engineering. It is perhaps less true for IT hacking (spam, intrusion, defacing, malware, …)
How long will PS3 resist?
Many thanks to Yves for this link :Happy: