Can you tell us a little bit about yourself?
My general history is fairly simple. I was born in 1976 in Czecho-slovakia. My parents (my mother is a teacher, my father is a civil engineer) escaped during the Cold War to western Germany because of repressions by the communist regime.
I was about three years old when we arrived in Germany. In German kindergarten I immediately learned the German language. From this point it was really simple — being ten years old, I got my first computer after some months of whin-ing. Things started to roll.
After school leaving exams and a weird intermezzo at Ger-man Federal Armed Forces Military Duty, i started studying cybernetics and computer science, but i decided after three years to quit university and to concentrate as a long-term objective on my own company. During my studies i established some valuable business connections, so it was easy to work as a freelancer for various companies in Ger-many. I did some reverse engineering projects, developed realtime embedded linux systems with small footprint, did some lowlevel programming like realtime extensions for Win-dows systems, and developed a software based harddisk safeguard for a famous German company. I now live with my girlfriend in Berlin and we are having a great time there.
(continued)
Why do you hack?
After getting more experienced in programming I started to discover that the beautiful and bright entity of the com-puter world is in fact a fragile patchwork.
In the beginning hacking was like a game for me. You could walk around inside your computer system discovering worlds of new code and possibilities every single day. Occasion-ally one could challenge the application authors to a duel by trying to analyze and circumvent their copy protec-tions. Sometimes it was like playing chess; other times it was like a deathmatch.
On one hand I was excited to see my knowledge growing and on the other hand it was naturally a great ego boost for a 14 year old child to circumvent security systems of overpaid godlike hardcore programmers. During my time as a senior high school, I revised this view — while program-ming tools and applications for some local companies dur-ing school vacations I met some genuine programmers — and was disappointed: they were neither gods, nor god-like.
After some time i realized that writing a cool demo, hacking application X, or finding a nifty hack for Y doesn’t change the world more than a sack of rice toppling down some-where in China. So I started choosing my realms more wisely
— technologies of everyday life like telephones, computers,
out the Project B Prize Rules web page at http://xbox-linux.sourceforge.net/
articles.php?aid=20030023081956.)
Recently, a buffer overrun exploit was discovered in the way saved games are handled by Electronic Arts’ “007: Agent Under Fire” game. The exploit was first divulged by a hacker known simply as “habibi_xbox” on March 29, 2003 through a posting on the XboxHacker.net BBS. Signifi-cantly, the exploit was identified in an undisclosed number of games, but
“007: Agent Under Fire” was the only game explicitly named in the posting. The exploit leverages an unchecked string to run a short segment (a few hundred bytes) of code that inserts a series of kernel patches.
Various measures were included in the design of the hack to make it very difficult to modify the hack to do anything other than run the intended Xbox-Linux target. For example, the hack patches the original Xbox RSA public key, used for verifying digital signatures, with a new public key, while leaving the digital signature check algorithm unpatched. Only the Xbox-Linux bootloader, provided as part of the hack, is appropri-ately signed with the corresponding new private key. Other hackers would have to factor the new public key in order to use this hack to run other executables. Also, the “007: Agent Under Fire” game itself performs an independent digital signature check on all saved games, so modifying the exploit code in the hacked savegame file is not trivial. The inclusion of such security measures in the hack is a laudable decision on
(continued)
networks and satellites. I found out that one has the power to change things by explaining technology to average users or by helping companies to secure their products.
Today I am aware of my power as whitehat hacker. Every person in today’s life is affected by information technologies:
surveillance techniques, data mining, information warfare, Digi-tal Milllenium Copyright Act, TCPA, digiDigi-tal rights management, new interpretations of copyright and patent law are growing like mushrooms after monsoon rain. Like in my past I ache to peek behind these beautiful and bright entities, and hopefully find the bugs and traps before they find us.
Can you tell us about your experience with the Xbox-Linux project?
I joined the Xbox Linux project and helped to get the kernel running, which was tricky because the Xbox architecture has some traps and differences compared to a personal com-puter. I created the early Linux distributions for Microsoft’s Xbox.
This was important because we had only 1 MB flash available to store the complete distribution and the kernel, and the hard disk wasn’t unlocked yet. I also provided a console driver for Andy Green’s filtror device, so we were able to see the kernel boot messages and get a linux console by using his device as some sort of remote interface. This distribution already included network drivers, soundcard drivers, mp3 support, a telnet server, webserver, NFS support, and a broad range of standard linux tools. This enabled us to get rid of our custom-made hard-ware and allowed hundreds of people to join the project, either as code contributors or as test persons. We had no screen output yet, so I added a framebuffer interface to the Xbox Linux kernel and made many other contributions.
The number of contributing developers started to grow enor-mously. We get awesome help from all over the world to make Xbox Linux possible. Some stay hidden because they are afraid of legal uncertainties like the DMCA in United States, while others can contribute freely.
Do you have any other comments you would like to share?
Some people may ask why full-grown people like me fiddle about with this Xbox toy. Every person certainly has his own reasons; my reason is to improve my skills and to learn more about recent technologies. The Microsoft Xbox for instance is the predecessor of a TCPA/Palladium protected computer, with all the technical and social implications. It’s a fine play-ground for my research on more secure computer systems with-out pressing users.
One of the main reasons is our community. It’s really fun and a great pleasure to work together with these bright geeks — online and especially offline in a pub with pints of fine beer. I am amazed every day by the growing strength of our com-munity. Thanks to all for making this possible!
(Profile: Milosch Meriac, continued)
the part of the hack’s implementer, as it helps ensure that the hack is not directly useful for applications such as piracy. Implementing security measures that protect Microsoft’s interests may help save the Xbox-Linux project from the wrath of Microsoft and the U.S. Department of Justice.
Looking forward, the success of Project B could spell either a new age for Xbox hacking, or the demise of Xbox hacking. Even though Project B hackers have demonstrated social conscience and good will by trying to protect Microsoft’s interests, it is impossible to prevent less scrupulous hackers from reverse engineering the hack and eventually figuring out how to reproduce the technique in some less Microsoft-friendly form. The end result could either be a harsh crackdown by Microsoft upon all hacking activity, or Microsoft exiting the video game business altogether since their revenue stream would be cut off like Sega’s in the Dreamcast piracy debacle.
Or, Microsoft could just elect to plow more money into the business and release a redesigned console that incorporates patches and countermeasures for known security holes. The outcome will depend heavily upon how events unfold in the next few months. However, with deep price cuts on the horizon for the Xbox and rumors of a thoroughly redesigned “shrink”
version of the console floating around, it seems that Microsoft’s near-term strategy is to focus its energies on storming the market instead of stemming fair-use or piracy. After all, every Playstation2 or Gamecube sold probably has a worse effect on Microsoft’s business than every Xbox converted to run GNU/Linux, or even an Xbox converted to run pirated games.
OpenXDK
Many interesting and useful projects for the Xbox, such as the
XboxMediaPlayer and MAME-X (Multiple Arcade Machine Emulator for the Xbox), have been developed for the native Xbox gaming platform.
Unfortunately, these programs were developed using unauthorized versions of the Microsoft Xbox SDK (Software Development Kit). Microsoft’s Xbox SDK is supposed to be available only to approved, licensed develop-ers. However, the SDK was leaked even before the console was launched, and since then many have used the leaked Xbox SDK for creating their own Xbox programs. While the proprietary Xbox SDK is convenient and easy to use, it is also technically illegal to use. The lack of a legal SDK for the native Xbox platform makes it difficult to attract a large base of open-source developers.
The OpenXDK project was created to address the need for a legal alternative to the Xbox SDK. OpenXDK’s stated goal is to create a legal development kit for creating Xbox Executables (XBEs). OpenXDK will allow users to create native XBE files that, when signed with the appropriate digital signature, could run on a vanilla Xbox. Since this appropriate digital signature is as of yet unknown, this work is done in anticipation of a legal technology that enables interoperability with programs developed using the OpenXDK.
Despite its utility, the OpenXDK project is still in its nascence and is looking for developers. More about the OpenXDK project can be found at http://openxdk.sourceforge.net. OpenXDK’s project managers are Dan Johnson (also known as SiliconIce, the creator of the
XboxHacker BBS) and Aaron Robinson (also known as caustik; caustik is also leading the CXBX executable relinker and the CXBE Xbox emula-tor projects).