#22 RSA implimentation oversight

[Anonymous]

XBOX games are all signed by a 2048 bit RSA key, using SHA-1, padded out with 1880 "1" bits and 8 0's before signing.

Given that we know the public key, and something with "all ones" at the start is conceptually similar to negative "all zeros", would this not make it computationally feasible to generate a new signing key that will "pass" all XBOX signature checks ? (eg: choose p and q such that they yield the same public key as the XBOX, since we know that the decrypted hash will either never go through the "modulus" stage, or will always do so in a predictably useful way?)

If so - you can ship Linux on a DVD that will boot in any Xbox, no modding needed.

My buest guess as to 'why' microsoft made such an odd choice of padd (nonrandom) is to comply with strong-cryptography export rules?

[Nobody/Anonymous]

Logged In: NO

P.S. This is supposedly the XBOX public modulus:-

A44B1BBD7EDA72C7143CD5C2D4BA880C7681832D5198F75FCAB1618598E2B3E4
8D9A47B0BFF6BC967CAE88F198266E535A6CB41B470C0A38A19D8F57CB11F568
DB52CF69E49F604EEA52F4EB9D37E80C60BD70A5CF5A67EC05AA6B3E8C80C116
819A14892BFA7603BECE39F09C42724EE9F371C473AAA09FEDA34F9EA1019827
BD07CA52A80013BE9471E46FCF1CA4D915FB9DF95E9344330B6AAE0B90526AD1
BE475D10797526075C9206FF758A3EB3BAF7C0A22E51645BB9F13FE129A22F2E
1BEDDA95D68AFC6D46585B01FBB5737273C6AEE399148C5B8E77B479DE8B05BD
EEC27FEFFF7B349C64F51002D2F6522ED43617F2A1A3D4C2E6D73D66E54ED7D3

Can someone tell me the public exponent, and I'll have a go at
generating a working private key for signing.

If anyone has some example signatures for testing, that would
also help.