Menu
▾
▴
[Xbox-linux-hacking] .xbe signing process
|
From: mike_cj <mi...@te...> - 2003-04-25 17:17:49
|
I'm a software developer that's interested in this whole "project B" things as a challenge, and also as I'd like to be able to develop my own software for my X-Box (i.e. I'd like to be able to run stuff I'd developed using OpenXDK or something similar) without mod'ing my 'box. I think I may have some ideas about how to create a .xbe that the Xbox kernel will be fooled into loading, but I don't know enough about the Xbox kernel's verification/signing process yet to know if my ideas are stupid or not :-). As I hinted above, I'm fairly unkeen on mod'ing my XBox, but really all I need is a few more details to expand on the excellent "XBox Security Concept" doc' by Franz Lehner. I think I've got a good grasp on the most of it, but I could really use a little clarificaton of more details as to what is meant by the following - "When the Xbox loads an XBE file, it first checks whether the header is "valid". This is done by comparing the calculated SHA-1 hash against the decrypted RSA signature. The RSA signature is "padded" in the format 01FFFFFFFFFFFFFF.......FF00 (HASH 20bytes)" 1. I assume the SHA1 hash referred to is calculated on the whole xbe header, including the RSA Signature, TLS and library version structures etc. ? 2. The "decrypted RSA signature" - is this the 256 bytes from the Image header modified by the public key (i.e use the public key to "encrypt it"), or is the hash value calculated from the header padded to 256 bytes (as described), encrypted using the public key, and then compared to the 256 bytes in the image header ? I guess my question could be answered by 'is the 256 byte RSA signature therefore "cipher text" ?' or 'when you say "decrypt Signature" don't you mean "encrypt signature" ?' as the RSA algorithm decrypts with the private key, which isn't on the XBox anywhere (as I understand it). As it stands, I struggle to see how, even with the private key, the RSA signature can be created at all, as the value of the signature seems to depend on the SHA1 hash on data which includes it's own value, creating the proverbial chicken and egg scenario - as it is described anyway (i.e it seems to suggest you need the hash to calculate the signature, but you can't calculate the hash until you have the signature). If I had some way of reading a signed .xbe on my PC, I could probably answer these questions myself through experimentation, but, as I am very reluctant to open the case on my XBox, I don't have any way of examining any such files in a binary manner (i.e other than by playing them on my XBox :-) ) Is there any known (legal) source of .xbe's distributed on media other than the proprietry DVD format ? Is there any way to read XBox media on a PC ? cheers, mj. ---------------- Powered by telstra.com |
