Category Archives: XBox360

[PS3] GeoHot Opens All HV’s SPUs / XorLoser Preps Manual

Obviously notorious George Hotz has managed to get all 7 SPUs of the Playstation 3’s CPU under his control. This means although he cannot access the CPU’s root key, he now can decrypt everything that’s going thru these SPUs like datastreams of (encrypted) commercial games.

The PPU is higher on the control chain then the SPUs. Even if checks were to be added to, for example, verify the hypervisor before decrypting the kernel, with clever memory mappings you can hide your modified hypervisor.

In the meantime another hacker going under the nick XorLoser has released a more detailed manual of how to use GeoHot’s exploitation files and how to do the glitching.

Besides that XorLoser maintains a plugin for reverser’s beloved Interactive Disassembler (IDA) that contains special PPC instructions for Xbox360 and PS3.

Congratulations to GeoHot. Kudos fly out to XorLoser.

Links

» GeoHot: On Isolated SPUs
» XorLoser: PS3 Exploit – Software
» XorLoser: PS3 Exploit – Hardware
» XorLoser: PS3 and Xbox360 IDA PlugIn
» Hex-Rays.com: IDA Pro

[Security] Tarnovsky Explains Infineon TPM Hack

On the Black Hat 2010 conference in Crystal City notorious smart card hacker Christopher Tarnovsky explained how he managed to hack current Trusted Platform Modules by Infineon.

This time Tarnovsky managed to read secured data from TPM chips like RSA and DES crypto keys. His approach took six months and a lab consisting of devices for about US$ 200,000. After having found out the exacty way to compromise Infineon’s chips it took only six hours to compromise an XBox 360’s TPM chip.

On the Black Hat 2008 in Amsterdam Tarnovsky said he was offered US$ 100,000 to crack the Xbox 360’s TPM:

A Microsoft engineer is wondering: “Did you take an interest in the processor of our Xbox360 game console?” – “I was offered 100’000 dollars to break it”, says Tarnovsky. “But I replied that that wasn’t enough.”

For people generally interested in approaching smart card security check this article with a video Wired.com featuring Tarnovsky in his security lab.