XBox Security Key Finder To Publish Hacking BookBy Jenny Zhang
ASSOCIATE NEWS EDITOR
Andrew “bunnie” Huang PhD ’02, has decided to publish his book Hacking the Xbox on his own after publishers would not approve it.
“I felt that I had waited several months, and a way to get it out is to distribute it [myself] and show the world it is safe ... [then] other shy publishers may be interested in talking to me in the future about” publishing it, Huang said.
The book includes information from Huang’s case study written a year ago about breaking into the Xbox security so that it can run unauthorized code.
Huang said that the book is educational, and teaches the reader how to think about and understand computer hardware. It includes lessons in simple hardware projects, basic cryptography, and how to start hacking, he said.
Huang cracked Xbox security
Huang began working on the Xbox, Microsoft’s video game console, soon after it came on the market in November 2001. He began to take it apart in December 2001, and had retrieved the software “key” in late February or early March, Huang said.
“The Xbox is a secure PC, and has a cryptographic mechanism so that you can’t run your own code on it. I reverse engineered it to intercept the security “key” stored in a chip on its way to the processor,” Huang said.
Unlocked, the Xbox can be used for other applications such as running Linux, and hackers can run their own code.
Huang said that the Xbox linux project is separate from his work and that his interest lies in the hardware and reverse engineering the game console.
“I was not involved a whole lot [with the Xbox] after I finished what I was doing. I decided that it was too dangerous, and became a fly on the wall. I just chat now and then with people who have questions,” Huang said.
“It was clever, but not surprising in any way that one can do that. I have incredible technical respect for [Huang],” said Thomas F. Knight Jr. a senior research scientist in the Electrical Engineering and Computer Science department.
“Microsoft knew when they designed the Xbox that someone could do this. I think they were impressed that someone found the [key] so fast,” said Harold Abelson, EECS professor.
Abelson said that it was impossible to make the Xbox secure without sacrificing consumer convenience in operating the machine, and Microsoft had to make the tradeoff.
Huang has also worked with other video game consoles, including the Dreamcast, Gamecube, and PS2. He was surprised that the Xbox got so much attention but suspects it may be because it is connected with Microsoft.
Microsoft trouble seems unlikely
When Huang first made his discovery a year ago, he was careful to make sure Microsoft would not prosecute him for publishing a paper about his findings.
He went to his advisors with his find, and they suggested that he first speak with some lawyers before he made the paper public, said Lee Tien, a senior staff attorney with the Electronic Frontier Foundation, a group focused on protecting digital rights.
“MIT was concerned about its legal liabilities and looked at the situation seriously. The provost’s office and administration were very aware as they should have been,” Knight said.
“Nothing happened, [Huang] published his paper and presented it ... there were no legal repercussions as far as I know,” Knight said. “It was the best we could expect.”
Following that, Huang made attempts with several publishers to get his book published, but they either refused or are still in the process of reviewing the case, he said.
The publishing company Wiley had first agreed to publish his book, but changed its mind at the very last moment.
“Late this February, they called me and said that it was too risky,” Huang said.
He believes that even though Microsoft did not stop him from publishing his paper and “the book is not significantly scarier than the paper,” Wiley may have changed its mind because of a legal turnover of lawyers in the company at the time and change in heart.
“It demonstrates remarkable lack of guts on the part of the publishing industry,” Knight said. “I can speculate that they just didn’t want to take the legal risk or were worried about the political risk,” he said.
Huang has not told Microsoft about his decision to publish the book on his own, but is unconcerned about the risks involved.
“I have studied the [Digital Millenium Copyright Act laws] extensively and kept this in mind as I wrote the book,” he said.
“I don’t think [Microsoft] would litigate, because it approved the paper,” Tien said.
Huang said that he would sell from his Web site, http://hackingthexbox.com, and that he will begin shipping in late May.