For the first time ever the hardware security engineer Tony Chen talked about Xbox One security at the Platform Security Summit 2019.
Who is this guy? Have a look at his CV:
https://www.microsoft.com/en-us/research/people/tonychen/
I have been a founding member of the Xbox Live team since 2000. Between 2000 through 2010, I have worked as developer, development lead, development manager, and architect for Xbox Live. Between 2011 through 2013, I was the development lead responsible for Xbox One security that worked with the hardware team and AMD to successfully launch the Xbox One console in 2013 which has not been hacked for piracy or cheating for over 5 years.
This is the presentation of his talk on the homepage of the summit
https://www.platformsecuritysummit.com/#chen
Both the Xbox One and the PS4 have now been on the market for close to 6 years, without hackers being able to crack the system to enable piracy or cheating.
Clearly mr Chen is not well informed about PS4 :-)
This is the first time in history that game consoles have lasted this long without being cracked to enable piracy.
Many game consoles were never hacked thru their commercial lifespan (or for most of it, think about PSVITA) but none of them was very successful
Anyway from an engineering point of view this is a great achievement.
In this talk, we will discuss how we achieved this for the Xbox One. [...] This includes details about the custom SoC we built with AMD and how we addressed the fact that all data read from flash, the hard drive, and even DRAM cannot be trusted.
You can watch the entire talk here. The last segment, with Q&A is very interesting...
The slides surfaced on discord so, in a nutshell, those were the topics:
- they care about piracy and online cheating (not homebrew, apparently, this makes sense since they give DEVmode)
- security by obscurity (if you do not know how it works you cannot hack it)
- from an hardware point of view, the platform is uber-secure: hardware attack, glitch, bus sniffing, jtag, they know their stuff
- they know you will try to attack "any exposed pin on the motherboard"...
- ...and also non exposed pins (kamikaze attack, with some images taken from Xecuter forums...)
- nothing is trustable, ODD, HDD, NAND, DRAM, Southbridge; only the CPU die (28nm, not easy to mod)
- everything is encrypted, only the CPU die can see plaintext
- multiple layer of software security, signature required for every executable memory page
- between ERA (gameOS), SRA (systemOS) and the security processor there are other two layers: the hostOS (HW access) and Hypervisor (the bad guy)
- "Critical component (bootrom, hypervisor) as simple as possibile" to check for bugs and mistakes
- Lots of "penetration testing, threat modeling"
To summarize: they learned from past mistakes done on the original Xbox (for sure they have read very well this: 17 Mistakes Microsoft Made in the Xbox Security System https://events.ccc.de/congress/2005/fahrplan/attachments/591-paper_xbox.pdf) and from what was working on Xbox 360 (apart from the glitch hack the 360 was never compromised).
The only unrecoverable attack would be finding a bug in the bootrom (it is located inside the CPU die with the security processor). Everything else can be patched assuming an attacker can go thru the multiple layer of security.
Last edited by contezero,