Re: [Full-Disclosure] FW: FEEDBACK: Testing Microsoft and the DMCA

From: Hotmail (
Date: 04/19/03

  • Next message: yossarian: "Re: [Full-Disclosure] RE: [ISN] DARPA pulls OpenBSD funding"
    From: "Hotmail" <>
    To: <>, <>
    Date: Fri, 18 Apr 2003 21:32:33 -0700

    so i understand this...

    belive I can do whatever it is I choose to do with a product that I
    purchase. Next it will be illegal to throw away your xbox because someone
    might get it out of the rubbish and use it.. or heaven forbid.. LOOK INSIDE.


    ----- Original Message -----
    From: "Jason Coombs" <>
    To: <>
    Sent: Friday, April 18, 2003 8:01 PM
    Subject: [Full-Disclosure] FW: FEEDBACK: Testing Microsoft and the DMCA

    > -----Original Message-----
    > From: Jason Coombs []
    > Sent: Friday, April 18, 2003 4:58 PM
    > To:
    > Subject: FEEDBACK: Testing Microsoft and the DMCA
    > I'm an author and computer forensics/infosec expert who recently authored
    > book about information security and Microsoft Internet Information
    > (IIS) that Microsoft Press was planning to publish... They opted not to
    > publish my book after they got a chance to read it; perhaps fearing that
    > acknowledging flaws and pointing out weaknesses in their own products
    > undermine their position with respect to prosecuting DMCA violators.
    > After reading your article concerning "Hacking the XBox" I thought you
    > be interested in my story as well. My literary agent pitched my book to
    > and it was rejected rather abruptly and with no discussion (odd,
    > that I've been published by both Wiley and Hungry Minds/IDG Books in the
    > past).
    > My plan, if I can't find a publisher willing to take the 'risk' of
    > details of vulnerabilities in IIS, is to give away my book as an open
    > manuscript/electronic book in order to educate people who use Windows
    > operating systems and IIS on critical security countermeasures. There's no
    > reason for Microsoft customers to be kept in the dark about necessary
    > precautions simply because publishing the forensic details threatens to
    > in prosecution of those responsible, or in the case of Microsoft Press,
    > threatens to take Microsoft's DMCA teeth out of their big fat head.
    > Sincerely,
    > Jason Coombs
    > --
    > Testing Microsoft and the DMCA
    > By David Becker
    > Staff Writer, CNET
    > April 15, 2003, 4:00 AM PT
    > newsmakers Taking a break from working on his doctoral thesis,
    > Institute of Technology (MIT) graduate student Andrew "Bunnie" Huang
    > that it might be fun to poke around the security systems protecting
    > Microsoft's Xbox game console.
    > With a little creative tinkering and a measure of precision soldering,
    > quickly isolated the main public security keys. Although legally prevented
    > from sharing the keys with the world, he described his methods in detail
    in a
    > widely distributed research paper, helping spur a wave of Xbox-hacking
    > has led to the development of Xbox versions of Linux and other homemade
    > software.
    > After graduating from MIT last year, Huang set up his own consulting
    > specializing in reverse engineering. But he still has some more Xbox
    > that he'd like to share with the world--that is, if only he can find a
    > Click Here.
    > Huang's recently completed book, "Hacking the Xbox" was recently dropped
    > Wiley subsidiary Hungry Minds, citing possible legal issues under the
    > controversial Digital Millennium Copyright Act (DMCA). The Department of
    > Justice recently used the DMCA to shut down, a Web site partly
    > used to distribute Xbox-hacking tools, and to imprison the site's owner.
    > Plans to self-publish the book hit another snag a couple of weeks ago when
    > Americart, a provider of online shopping cart services, declined to sell
    > book because it feared getting sued. But Huang remains determined to press
    > this project through to completion.
    > "The thing I have to emphasize is that the book itself is not criminal,"
    > said. "It'd be like saying that breaking and entering is illegal, so you
    > write a book on how locks work."
    > Huang spoke with CNET about the book, the importance of hardware
    > hacking and his willingness to serve as a DMCA guinea pig, if necessary.
    > Q: What have you learned to do with the Xbox since your research paper was
    > published?
    > A: I did a lot of work but if I talked about it I'd get in a lot of
    trouble. I
    > did some work with a few people who were trying to figure out alternate
    > methods to get to the Xbox hardware without necessarily involving the
    > copyrighted code Microsoft has--basically finding backdoors in the
    > initialization and boot sequence.
    > I helped out one guy in particular who was critical in figuring out the
    > that's used by everyone today. It is basically a flaw in the system
    > initializer that lets you put code anywhere in the system that you want
    > From there, I backed off and got kind of quiet. Things were starting to
    > up, and a lot of people were starting to move into piracy and other very
    > controversial issues. I sort of became a fly on the wall and gave people
    > advice in some key areas.
    > And then Wiley approached you about writing a book?
    > Yeah--Wiley has the "Dummies" series, and wanted to create a similar line
    > introductory hacking guides: hacking TiVo, hacking the Xbox, hacking your
    > player. The book overall is an education book. I try to teach people as
    > as possible how to do hacks on their own and try to avoid as much as
    > the really cookie-cutter, boring stuff.
    > So it's not just, "Here's how you install this mod chip?"
    > There are a few pictures of mod chips installed...but it's more like
    > how a mod chip works, and here's how people used reverse engineering to
    > out how Xbox security works. It's trying to give a novice hacker or
    > who has very little experience the confidence he or she needs to open up
    > box and start playing around with the stuff on the inside. And there's
    sort of
    > a running dialogue about the experiences that I had getting into the Xbox,
    > including the legal issues.
    > It ends with a brief section on where things are today. That's where I
    > mod chips. But the book is really encouraging people to learn their own
    > Was there much discussion of legal concerns with the publisher?
    > When I first started working with them, they realized that it was a touchy
    > subject. They had me develop an outline, and when I went over it with
    > lawyers, they said, "Yeah, this should be OK."
    > Then I got a call (a few months later) during which they basically said
    > had some turnover in the legal department and weren't feeling so good
    > the book now. I don't know if this had anything to do with it, but right
    > around the time that they gave me they call, the Department of Justice
    > down and they were sort of beating on the doors of a lot of
    > chip guys.
    > Has the case had a chilling effect beyond your work?
    > I think that it's had a major chilling effect. Maybe the reason that
    > started (backing out of such publishing deals) this is that the DMCA has
    > become such a hot topic. A lot of companies aren't willing to really push
    > their content directly through a public trial. The whole idea of taking a
    > person and making an example of him seems to have backfired. They tried
    > with a few guys and it didn't work.
    > I think a lot of companies are starting to take more indirect attacks. To
    > a really bad analogy, instead of going for the mafia boss, you take out
    > guys in the street, the little mod chip vendors.
    > I want to put a stake in the ground and say, "Hey, I strongly believe what
    > doing is legal.
    > They're trying other techniques within the word of the law to put a damper
    > this activity without getting bad press.
    > If they were to go ahead and take any Xbox-Linux guys and crucify them for
    > running Linux on the Xbox, they'd have the whole open-source crowd really
    > in arms. There'd be a really big negative mark on the Xbox.
    > So even though Microsoft has said, "You guys can't run Linux on the Xbox,"
    > they're not going to really do anything about it in the short term. It's
    > hurting their revenue enough to have them fight a battle on principle.
    > Are you afraid personally of the possible consequences of publishing the
    > Oh yeah. Lately it's been really day-to-day. I get a lot of e-mail from a
    > of people, and sometimes you see the subject line and freeze for a moment,
    > thinking, "This is it, they're coming to get me." And then it just turns
    > to be an innocent question. But the fact that Americart felt it had to
    > my book shows how jittery people are.
    > So how are you going to sell the book now?
    > There's always PayPal, I guess...Although someone pointed out to me that
    > PayPal has an explicit clause that says you can't use the service to sell
    > chips. Even though this isn't a mod chip per se, it might be construed as
    > technology or a tool under the wording of the DMCA.
    > The big question that I had when I published my paper at MIT was whether
    > would be considered a copyright circumvention tool under the DMCA. I think
    > it's wildly unrealistic to think that a court would agree with such an
    > expansive interpretation of a tool. But to a limited degree, they might go
    > along with it.
    > Beyond the question of what's a tool, there are still a lot of questions
    > whether mod chips are copyright circumvention devices at all, since they
    > other, legitimate things. Would it be useful to have a court opinion on
    > It would be. I think that part of the reason I decided to go ahead with
    > book is that I'm really tired of hearing, "Well, there's three cases that
    > never went to court, but here's the direction in which they kind of
    > There's no real stakes in the ground about this.
    > There's a lot of fear, uncertainty and doubt. And the longer the people
    > want to enforce these laws can cast the shadow of fear without ever having
    > bring something to court, the more effective they are. This type of
    > is kept underground and under control.
    > I want to put a stake in the ground and say, "Hey, I strongly believe what
    > doing is legal and it's beneficial for people to know about this stuff."
    If we
    > don't know about it, then the bad guys are going to figure it out and
    > going to take our lunch. Maybe I'm being a fool by saying this, but if
    > wants to challenge me on this, I think it's something we need to talk
    about in
    > a court of law. I don't know where I'd find the resources to defend
    myself. If
    > I am taken to court, then I'll figure it out.
    > The big game companies seem to paint all hacking as enabling software
    > What's your rationale for why it's useful to hack the hardware?
    > There's this thing called fair use that pretty much had been protected
    > the DMCA came out. It says that if I take my hard-earned money and buy a
    > of hardware--whether it's a hammer or a razor or a computer--I can take it
    > home and do what I want.
    > The real critical issue is if it turns out that Microsoft can put a ban on
    > people running their own code on a piece of hardware.
    > I don't have to just use a hammer to pound nails. Same goes for a computer
    > a video game machine.
    > The real critical issue is if it turns out that Microsoft can put a ban on
    > people running their own code on a piece of hardware. That'd enable people
    > develop monopolies over hardware by simply securing the hardware to
    > cryptographic in the software base. Microsoft could start offering
    > to hardware makers to install a Palladium chip that only runs Windows on
    > and people who remove it are guilty under the law. Eventually, you just
    > up the whole world.
    > That's the whole crux. We're going to investigate this hardware and run
    > on it and push things a little. We need to figure out really soon what
    this is
    > going to do to the industry and whether this is something of which we need
    > be afraid.
    > Right after I did the paper, I worked with a guy to find the avenues to
    > completely bypass the Xbox security systems. And what we ended up with was
    > amazing. It was a concatenation of four bugs from various vendors that
    > it to happen.
    > It's a real-life example of why I think Palladium isn't going to
    > vendor is going to have some small bug that individually doesn't mean
    > but when you stack 'em together, it becomes a big security hole. And once
    > commit it to silicon, it becomes a billion-dollar bug.
    > So it sounds like a big part of your motivation is educational?
    > Oh yeah, a very large part of it is educational. When I first started
    > this, I asked my professor if he thought there was academic merit to it.
    > was really positive. The security community has been debating for a long
    > about how we secure chip buses--do we just make it really fast and take it
    > of the realm of hackability? This sets a data point for what it takes to
    > extract data out of a high-speed bus. It's a real meat-and-potatoes
    example of
    > security--what can go wrong and what can be done about it.
    > Do you expect your work to be reflected in the design of Xbox 2?
    > I think it will be. Nvidia had to scrap a bunch of chips because Microsoft
    > rotated the (security) code, and I think that was at least, in part,
    > specifically because of what I'd done.
    > With the Xbox 2, there's a couple of different directions they could take.
    > They could say, "Fair use is fair use. Go ahead and run Linux on it, but
    if I
    > catch you copying games, I'm going to nail you good." Or they'll try to
    tie it
    > down even more cryptographically.
    > There are things that they can try. But there's a dozen attacks that I've
    > in my back pocket and that other hackers have kept in their back pockets
    > nobody's even talked about. Those will come out if Microsoft tries to
    > the hardware again.
    > What do you think of the James Bond hack for running unsigned software on
    > Xbox?
    > That looks really promising for freeing Linux to the mainstream. It either
    > spells the beginning for a new age in Xbox hacking, or it's the demise.
    > it's such a potent weapon against the Xbox that Microsoft will have no
    > but to start enforcing stronger policies on hacking, or they may have to
    > change the hardware. Or they could decide to back off and let Linux
    > But I think it's going to tip the scale somehow.
    > And this is just one exploit. There are probably a lot of others. The
    > that I'm looking for a is network attack, where you just plug it into the
    > network, run a script on the PC and send a specially formed packet to the
    > Xbox, and voila, you've got your code in the Xbox. That's the kind of
    > I'd look out for being an incredibly huge problem for Microsoft.
    > Has the rationale for running Linux on an Xbox been diluted, now that you
    > buy a $200 Linux PC from Wal-Mart?
    > People talk and joke about that a lot. But there are a couple of things to
    > realize. One is that those $200 PCs don't have anything close to the
    > power that the Xbox has. And most of the Linux applications for the Xbox
    > not been geared toward turning it into a Web server or a word processor.
    > want to turn it into a media center and have the box under their stereo
    > that stores videos, digital audio and other stuff. The Xbox is really
    > handy for that. And they use Linux because it has all these great tools
    > working with media.
    > What the appeal for you to doing reverse engineering work?
    > I think it's an important area and it's fun. I really like security more
    > anything else, so I've been working on TEMPEST-style surveillance
    > looking for security holes that should be fairly obvious, trying to raise
    > awareness for the public that information isn't as safe as it is thought
    > be.
    > Something like a public service job?
    > I guess you could say it's public service. What it boils down to is either
    > someone's going to write a paper and say there's this vulnerability, or
    > going to find out the hard way. One of my goals as I do this exploration,
    > for my own fun than anything else, is to be able to say it was this easy
    > this hard to break your hardware, and here's what you can do to remedy it.
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter:
    Full-Disclosure - We believe in it.

  • Next message: yossarian: "Re: [Full-Disclosure] RE: [ISN] DARPA pulls OpenBSD funding"

    Relevant Pages

    • [Full-Disclosure] FW: FEEDBACK: Testing Microsoft and the DMCA
      ... Subject: FEEDBACK: Testing Microsoft and the DMCA ... book about information security and Microsoft Internet Information Services ... Microsoft's Xbox game console. ...
    • Re: learning asm.
      ... I'm not in any way talking about compromising security ... whatsoever...I would insist that the joke Microsoft call "security" is ... order to get the required speed on the lesser hardware of the time... ... "portable" is specifically crafted for the target architecture so ...
    • Re: freebsd on xbox ?
      ... > I'm a huge FBSD fan, and i think the xbox would be an awesome server. ... The main reason for not having a FreeBSD distro for X-box is that the hardware by design is 0wn3d. ... While I appreciate every xbox that is sold Microsoft makes a loss on, ... Microsoft occasionally revises the firmware to stop non authorised mods from working. ...
    • Re: Xbox Ultimate?
      ... "This PS3-killer will benefit from almost three years of Xbox ... cooler 65nm hardware architecture and a near-silent fan." ... Video Game Evolution. ... whereas Nintendo and Microsoft are actually profiting on hardware at ...
    • Re: Xbox Vs. iTV - Microsoft drops a bombshell
      ... that Microsoft are in part giving away the XBox. ... Ok you are correct in stating that Microsoft is selling the Xbox 360 at ... Unlike the mp3 market, game consules tend to use the same, or very ... It is very possible that at some point in this hardware ...