
Guarding Against Physical Attacks: The Xbox One Story [video] - transpute
https://www.platformsecuritysummit.com/2019/speaker/chen/
======
terramex
> _This is the first time in history that game consoles have lasted this long
> without being cracked to enable piracy._

> _In this talk, we will discuss how we achieved this for the Xbox One._

While Xbox' technical security measures are very interesting, I dare to say
that most effective measure was allowing to install homebrew apps by end
users[0]. The only use for cracking Xbox One would be to enable piracy and
exploit creators are almost universally against that.

Also, PS4 has been jailbroken up to firmware 5.07 (patched in March 2018), and
it is known that exploits for newer firmwares exist but are not (yet?)
publicly available.

    
    
      [0] https://github.com/wiired24/ProjectPegasus/blob/master/binaries/Installing APPX Packages.pdf

~~~
naner
_The only use for cracking Xbox One would be to enable piracy_

That's not strictly true, cracking could also allow alternative os loading.

~~~
qplex
As far as I know the Xbox One needs to dial home before you're allowed to run
a game.

So when the DRM servers are shut down, these devices will become just useless
paperweights (if nobody manages to crack them).

~~~
terramex
Xbox One connects to MS server only once, on initial setup and then it can run
disc games offline. Not sure about digital downloads.

~~~
rkangel
In the video he talks specifically about the following use case:

"User goes to Walmart, buys console and game. Drives to cabin with no
internet. Sets up console and plays game".

Clearly the original design goal didn't require an initial phone home. That
may have changed.

------
transpute
First time this material was published outside of Microsoft.

Some points from the talk:

    
    
      - custom 28nm AMD CPU
      - off-die devices distrusted
      - encrypted memory
      - physical threat model: 10-game budget
      - pre-PSP "Secure Processor" 
      - custom SP firmware by MS
      - minimal hypervisor 
      - subset of Windows
      - secure boot & remote attestation
      - Azure Sphere Pluton = Xbox derivative

------
MonadIsPronad
I can't help but feel this is a little "Boring Dystopia": he's demonstrating
"Hey, here's how we keep people fiddling with the thing that they own, because
it's bad for business".

Decidedly unsettling.

~~~
me_me_me
I side on this issue with MS.

He even brings this up in the talk, mentioning Dreamcast.

How it died early on, because of piracy - developers didn't want to produce
games for dreamcast - so no one bought console because no one made games for
it.

Its a vicious cycle that cannot be stopped otherwise.

~~~
toast0
The Dreamcast did have a short life, and was subject to simple piracy.
However, there may not be a causal relationship there.

Sega had a tricky financial situation and consumer trust issues because of
their last 1.5 platforms (Saturn and 32X). EA did not support the platform
because Sega wouldn't give them an exclusive license for sports games. The
Playstation 2 had an unbelievably huge hype train before release. The cord for
the controller came out of the wrong side. The economy was getting weird.

If piracy was a big issue, I think Sega would have sold more hardware, and the
software sales would have been low, but Wikipedia says the hardware sales were
low, and the software sold 8-1 with consoles.

~~~
Grazester
Everything you said here is correct.

Sega with the previous generation consoles burn consumer and developers alike.
People were reluctant to buy the Dreamcast, PS2 hyper machine was also making
exaggerated claims about the PS2 when magazines interviewed random people at
EB Games and baggage the all said the would wait for the PS2.

Someone did an in depth analysis of the Dreamcast sales as related to piracy.
If piracy was such an issue then sales of the console itself should have
increased because people were buying the console and not game but this was not
the case. Console sales never increased.

People who claim the Dreamcast die due to piracy simply do not know SEGA's
history

------
edm0nd
If you're interested in this type of stuff, I recommend reading
[https://www.wired.com/story/xbox-underground-videogame-
hacke...](https://www.wired.com/story/xbox-underground-videogame-hackers/)

------
Simon_says
How can I watch the video?

~~~
anonymfus

        youtube-dl -f bestvideo[ext=mp4]+bestaudio[ext=m4a] -o "XBox One Story by Tony Chen.mp4" https://www.youtube.com/watch?v=U7VwtOrwceo
        start "" "XBox One Story by Tony Chen.mp4"

~~~
RandomBacon
Just a friendly reminder to everyone, don't copy and paste commands into the
terminal. There could be invisible characters that can execute unwanted
operations.

Explanation/example: [https://thejh.net/misc/website-terminal-copy-
paste](https://thejh.net/misc/website-terminal-copy-paste)

Previous HN discussions:
[https://news.ycombinator.com/item?id=10554679](https://news.ycombinator.com/item?id=10554679)
and
[https://news.ycombinator.com/item?id=5508225](https://news.ycombinator.com/item?id=5508225)

~~~
morsch
FWIW, that relies on hiding input via CSS, which -- outside of a separate
exploit of HN's comment sanitiser -- is not an option in a HN comment.

------
baybal2
I call all those posh sounding "platform security" types being much like
"antivirus" makers, trying to sell a non-solution for a problem to technical
illiterates.

What they claim sounds impressive to CEOs and such, but everybody in the
industry knows that anybody with straight hands can probe a chip, and somebody
with ion beam equipment can do pretty much anything he wants with it.

For example, chips from credit cards, said to be "physically impossible" to
tamper with, are known to be copied by somebody in Eastern Europe.

If somebody becomes a victim of credit card cloning, proving the bank that it
was not you who withdrew money on other side of the globe becomes nearly
impossible without going to a court.

~~~
rkangel
In the real world, security is not an absolute. Nothing is perfectly secure.
What is important is the resources required to break the security - what that
bar needs to be depends on your product and your business goals.

In the video he specifically talks about an economic threshold - it must cost
more than 10 games ($600) to mod a console. Above that price it's not worth
it, so direct chip beam attacks aren't relevant to their threat model. That is
the direct 'resource requirement' as a result of their business goal - prevent
piracy.

~~~
zxcmx
I agree with your general point but computers are weird.

Attacks and exploits can have scaling properties much like other software.

We can do something expensive (say $200k attack cost) to break the platform
and sell 10k $100 mod chips.

The defender's threat model can't discount expensive attacks; the constraint
is that an expensive one-off attack must not enable a cheap bypass. This is
hard!

