Print
Discuss
Send to friend
RSS feedsYou might think that when you buy a PC, DVD player or TV that you have the right to do what you like with it. Not so.
In the US, under the notorious Digital Millennium Copyright Act (DMCA), you can land yourself in jail by tampering with anything that might be construed as protecting intellectual property - even if your reasons are legitimate.
In Britain, under pending legislation, it will be illegal only if you are demonstrably trying to do something illegal such as pirating copyright material.
But the issues are so new and complex that UK officials drawing up the legislation admitted last year that even they did not know its full implications.
It should have passed into law last December, implementing a European Directive, but has been delayed for further consideration.
The uncertainty here and in the US is itself having an effect, which is how I came to spend part of a brief holiday last month reading what is in effect a banned book.
Hacking the Xbox, by Andrew 'Bunnie' Huang, was commissioned by US publisher John Wiley, who dropped it for fear that it might fall foul of the DMCA and Microsoft.
Huang, the first person to bypass the security system on Microsoft's Xbox game console, published the book himself.
He is careful to put both sides of the argument, pointing out that pirates forced the demise of Sega's Dreamcast console, and positioning himself as a hacker in the original sense of someone who enjoys tackling difficult technical problems for their own sake.
In fact, he is not a typical hacker even in that sense. Huang worked on the Xbox while a graduate student at the prestigious Massachusetts Institute of Technology (MIT), and his results were published as an official MIT paper. Without the power of MIT behind him he could have been in big trouble.
The Xbox is basically a 733MHz Plll-class PC that has been tightly constrained to run only games created or licensed by Microsoft. It is a loss leader, sold well below cost price - Huang reckons Microsoft has to sell 10 games per box to start making money.
Before the DMCA there would have been nothing to stop you adapting the Xbox to run any PC software, including Linux.
There would be little point, anyway, if your aim were simply to get a cheap PC, because more powerful models are available at much the same price if you factor in the cost and hassle of adaptation.
But the Xbox presents an almost irresistible challenge to hackers.
Cracking the Xbox
Huang's book is part digital electronics DIY manual (including soldering tips), part legal discussion, and part narrative.
There are points at which it could have benefited from some Wiley editing, but his account of how he cracked the Xbox is fascinating and his perseverance is awesome.
At one point he even dunked the Xbox chips into fuming acid in a bid to read the logic from the bare silicon.
It turned out that Microsoft put a dummy initial sequence in the boot Rom and hid the real code in the nVidia-made custom southbridge chip.
Huang built a daughterboard round a Field Programmable Gate Array (an electronically configurable, cheap alternative to a custom-built chip) and glued it to the Xbox board to read the hypertransport bus, which carries decrypted data.
He had to arrange the data so that it made sense, partly by feeding chunks through a disassembler until he got meaningful code.
By comparing this with the encrypted Rom code, he and his online allies decided that a 128-bit cipher called RC4/128 was being used. This meant a key had to be buried in that hypertransport data stream.
Huang then adapted an RC4 decryption program to use successive chunks of the data stream as a trial key. The output of each was analysed on the assumption that a false decrypt would be statistically 'white', with a roughly even distribution of values.
Much to his surprise, he got a positive result almost immediately. Huang now knew enough to get the Xbox Rom to run anything he wanted.
Microsoft redesigned the security system when the news broke (leaving nVidia to pick up the bill for unused version 1.0 chips, according to Huang).
Astonishingly, the new system was cracked within a day by British hacker Andy Green, again with the aid of online allies.
Xbox 'mod' chips are now readily available in some countries, although in May a US man was sentenced to five months, with a $28,000 fine, for selling them.
Micosoft has threatened to withdraw the Xbox from Australia, where courts concluded that the chips could have legitimate uses.
On the security front, the lessons to be learnt are old ones: that a system is only as strong as its weakest link; and that the more complex a system is, the more holes it is likely to have.
Huang argues that the industry needs 'ethical' hackers to discover and report those holes, so systems become more secure with time - just as there are virus writers who explore vulnerabilities to improve defences rather than to attack.
The issues are not restricted to hardware. Given a blanket ban on unauthorised decryption, Microsoft would need only to copy-protect its Word format to prevent PDA vendors offering a rival, file-compatible editor.
It remains to be seen whether the industry will swallow its self-righteousness and recognise where legitimate anti-piracy measures become monopolistic restrictive practices.
And it may take a test case or two to reveal where the British courts will draw that line.
del.icio.us
Digg this
reddit!
