Some Xbox 360 security tidbits

[one]

http://www.xbox-scene.com/xbox1data/sep/EEFpFlZApktdrRCUeP.php

* Yes, MUs [Memory Units] have security. Secure hashing is done automatically on any region mounted with XContentCreate, including memory units.

* Yes, there are additional safeguards in place that will help prevent Xbox 360 from being modified. Stack memory, for instance, is non-executable, which makes buffer overrun issues more difficult to exploit.

* Much effort has gone into Xbox 360 security. However, there is no such thing as a perfectly secure game console, and you should continue to employ secure coding techniques. Don't assume that data coming from the network, from the hard drive or from the MU is safe. It's not. Use the new safe CRT functions (e.g. strcpy_s). Use the /GS compiler flag. Use _SECURE_SCL. The only time you should avoid these types of security features is in the rare inner-loops where the performance impact outweighs the security benefit.

* I'd love to go into detail on all the Xbox 360 security and anti-piracy measures, but there's no need to give crackers a head start. Let's just say that you could write a fascinating book on the technical details at every level from the silicon on up.

* I am not sure how much information we are releasing about the filesystem itself. however, XContent is secure against file tampering, as it uses signed hashes. XContent packages are independent of the filesystem on which they are stored.

It seems it has something like DEP for Athlon64/Sempron. Since those /GS, checked C-style string functions, and checked iterators which exist since VC++ 7 are not mandatory, I doubt its viability against security breach.

 

[assen]

It is highly likely that Microsoft will run a battery of security-related tests as part of the certification process, though.

 

[Draikin]

Anyone know what exactly is the "security chip" made by Infineon ?

 

[scooby_dooby]

There seems to be more to that little memo:

"* Final dvd specs:
Dual-layer, 3.5 GB layer
15 MB/s outer edge, 6 MB/s inner edge
110-115ms average seek, 240ms full stroke, 140ms 1/3rd stroke
75 ms laser refocus for layer change

* As you know, we have begun replacing/refreshing the Xbox 360 Final Dev Kits and Final Test Kits we sent to your studio that had CPUs incorrectly clocked at 2.8 GHz. Until we have additional 3.2 GHz Final Dev and Test Kits, we will be shipping you what we call "Wired Demo Kits".
The functionality of these units is noted below. Ultimately, ALL 2.8 GHz kits will be replaced with Final Dev Kits and Final Test Kits, but until they are available, these demo kits should be used. These kits are to be considered XDKs and are absolutely covered under the XeDK License Agreement. After the launch of Xbox 360, we will be providing you with shipping labels to use to return the Dev and Test kits clocked at 2.8 GHz, as well as the Wired Demo Kits. Note that these kits have a label on the back identifying them as a "Demo Kit". If you would like to add your own label to more clearly identify these kits a such, please feel free to do so.
The 'Wired Demo Kits' specifically, as oposed to the Final HW, do not have the extra sidecar on the side, (which includes the USB PIX debugger connection) so no kernel debugging, no DVD emulation and no USB PIX functionality."

http://www.xbox-scene.com/
LOL, So they did ship out a boatload of 2.8Ghz Devkits. Tsk tsk!

 

[Qroach]

that was old news

 

[scooby_dooby]

It was an unconfirmed rumour I thought.