Best Security feature on the 360?

[thesonandheir]

What has been the best security feature that MS put into the 360, and why?

eFuses
Internal chip ROM/RAM
Hypervisor
Encrypted memory
Per-box keys
Secure boot/chain of trust
DVD drive security
Proper RSA (sorry Sony!)

Or something else I may have missed.

I think those eFuses are number 1, we could still be tagging newer consoles if they didn't lock down the CB etc.

[inspuration]

Burnable eFuses for sure. Were it not for that, downgrade to vulnerable kernel would be possible.

[Blackaddr]

Proper RSA (sorry Sony!)

The digital signature is the most critical because you can sign your own loaders and bypass any revocation.  You screw that up and...

Nothing Else Matters

[Shaun]

neither - its being dynamic.  being ab;e to combine all of them to bypass or update anything they feel needs.  having overhead to do this - great !

[TheFallen93]

Having all executable code encrypted. If it wasen't for the 1bl key being released, then we still would not be able to decrypt and disassemble a lot of the code on the console.

[thesonandheir]

Having all executable code encrypted. If it wasen't for the 1bl key being released, then we still would not be able to decrypt and disassemble a lot of the code on the console.

Any idea how they got some of the early keys/hypervisor code?

[inspuration]

Having all executable code encrypted. If it wasen't for the 1bl key being released, then we still would not be able to decrypt and disassemble a lot of the code on the console.

Any idea how they got some of the early keys/hypervisor code?

tmbinc was the one who did all the early stuff. There was a thread where someone asked him about it, here's what he said:

Yes, it was a chicken-egg-situation. Yes, we solved that.

Sorry, It's just a little piece of trivia I don't want to share in a public internet forum. Let's just say that we neither had access to some "microsoft insider" information (nor sourcecode), nor have we dumped the 1BL by chip decapping. Both would have been unfair.

It was not really that exciting, either.

[jelle2503]

was the dvd-rom security so poorly made on purpose then? the whole console is locked, when the dvd drives are easily compromised each time? what is up with that

[cory1492]

Best Security feature on the 360? I nominate that little sticker on the front behind the faceplate

and why? It gives them cause to refuse to spend any money on warranty repairs from failed drive mods.

To be honest, I think their best "security feature" was basically keeping things simple to minimize possible holes in the chain of trust during boot and hv processes along with having a way to update that chain and reliably lock out downgrading to compromised versions. So, single best feature: simple code, and coders capable of auditing it for obvious holes.

edit:/ as jelle just mentioned, their worst feature was not fully integrating the dvd drive into the security chain (ie: the drive firmware is not inside the chain of trust), and relying on different manufacturers for basically a PC drive addon to the machine left drive hacking open.

[Shaun]

the drive security was good mind, but (afaik) previously no-one had completely RE a drive on a console for piracy (yes it didnt take much seeing as the guys had been messing with rpc1 firmwares for a while).
However, it took the original hackers a fair amount of time to go thru what was involved and reproduce it correctly (i remember the thread on here )
For the 'next' xbox, not a great deal would have or need to be changed to maintain the current level of security.

[thesonandheir]

the drive security was good mind, but (afaik) previously no-one had completely RE a drive on a console for piracy (yes it didnt take much seeing as the guys had been messing with rpc1 firmwares for a while).
However, it took the original hackers a fair amount of time to go thru what was involved and reproduce it correctly (i remember the thread on here )
For the 'next' xbox, not a great deal would have or need to be changed to maintain the current level of security.

Should they have encrypted the f/w with the consoles CPU key?

Or just had the kernel hash the drive f/w every boot?

[Gazcoigne]

Best Security feature on the 360? I nominate that little sticker on the front behind the faceplate

LMAO that sticker is very easily removed undamaged with hot air and tweezers.

defo not the best system!!

the best thing that ever happened for the 360 security was the king kong hack.

It showed m$ the holes in their security, that was quickly patched, and to this day has never been repeated.

[Tiros]

Or just had the kernel hash the drive f/w every boot?

Thats exactly what the slim does and will likely put an end to all backups on that platform.

fwiw my favorite feature is the hardware memcryption/hashing.
No one else has that.

[Gazcoigne]

Thats exactly what the slim does and will likely put an end to all backups on that platform.

i would love to get you and c4eva together over a coffee to discuss this, as he seems pretty confident that he can beat it.

however i also know and trust your opinion, and can see the point in your argument.

would love to hear the debate, and the techincal reasons why for each case.

offline of course so m$ cant see what is said!!