I recently had the chance to interview the famous Xbox hacker from MIT, Andrew Shane Huang (aka "bunnie"). Andrew almost single handedly cracked the Xbox. He was the first one to dump the BIOS image from the Xbox, and continued to perform several other Xbox hacks and modifications. This is his story....
You're a computer guru. You've got a PhD in Computer Science from MIT. What inspired you to go the distance and get the best education possible? Were you tech savvy growing up?
Well, a lot of my choices were influenced by factors outside my control. When I was in high school, I applied one year early for college. Of the schools I applied to, MIT was one of the only ones willing to take me a year early. So, I went there partially because that was my only choice, partially because I really wanted to go there, and partially because I had some outside scholarships. I graduated in five years with a masters of engineering (a pretty standard thing to do these days), and went to work at SGI, thinking I'd never turn back...that was in 1997. I was very excited to work at SGI; their realty engine machines were legendary and it was a dream come true to be able to work with the people behind the product. Unfortunately, SGI subsequently took a big nose-dive, which was pretty disillusioning. Fortunately I had previously applied to the PhD program and deferred my admission to MIT "just in case". Under a year after I started, I left a fairly dark and depressing SGI, gutted of its prestige and employees (who, incidentally, all went to start or work for companies like ATI, 3dfx, and nVidia). I returned to MIT to find myself, and to further develop my skills and do things that I loved, namely, high performance computer architecture research. My PhD years were some of the best years of my life; total freedom to think, explore and build, to share ideas and to hang out with really smart people. Curious about how to build a walking robot? Take a month out and learn about it. Oh, and the guy who pioneered the field works down the hall. It was really cool. I did a lot of growing up during those years as well. Even though I passed up opportunities during the dot-com boom that would have allowed me to retire by now, I think it's all worth it: you can't put a price on personal happiness. Plus, I'm thinking that working in the real world just isn't a good intellectual environment. It's just hard to find the resources and opportunities to really stretch yourself in industry. Shareholders are breathing down your back to make a profit yesterday, not to advance the state of the art...and it's really hard to meet women in the work place. Bars and clubs just don't have the same depth and energy of a university campus. I'm very lucky to have met my girlfriend Nikki while I was at MIT. So...why did I get my PhD? Personal growth, intellectual freedom, and a better dating environment.
As for if I were tech savvy as a kid, I guess you could say I was. I think my tech savvy is more of an old-school savvy, though. Very nuts-and-bolts, solder-and-assembly kind of stuff. I think my curiosity began when I was maybe 10 or so; my dad brought home an Apple II clone from Taiwan that was actually a kit in pieces. It was so cool! The colors, the smells--the shiny chips with the Hitachi "bull-eye" logo were my favorite. They got me a 200-in-1 kit from Radio Shack, and I played with that a lot. By the time I was in junior high, I was capable of wire wrapping add-in cards for my Apple II, cobbled together with parts from Radio Shack and a small order from Jameco. My first real project was a voltmeter that would tell you voltage readings using a voice synthesizer for my Apple II. I used the SPO256 from General Instruments and an ADC0809 from National Semi along with some 8255's (I think) from Intel. It was all downhill from there
What's a typical day for you?
Well, I'm just getting adjusted to the whole working for a company thing. Back when I was a student, I would get up around 1 or 2 PM, open my laptop and check email in bed; think about what would be interesting to do that day, and then get out of bed and do it. Sometimes I'd have a group meeting or have to go into lab for work. Around 4PM or so I'd get my "lunch"...work some more, and then I'll catch my friends coming home from school and socialize a little bit in the evening. I'll get a beer and burger with some buddies around 8 or 9PM, and the real work starts after 10 at night...I'll usually hack until 6 or 7 AM--whenever the sun rises--and hit the sack.
Now that I'm working for a company, life has been a lot more boring and less flexible. The concept of "face time" in companies is a little bit frustrating; it seems that managers just like to be able to *see* you more than they like results from you. It's remarkable, I feel like I have less money and less time now that I'm in the "real world".
What operating system do you use?
I generally use Windows 2000. Windows XP is a crock. I'm getting pretty fed up with Win2k though; it if weren't for the fact that all the good hardware design tools are only available under windows, I'd be a Mac OS X user right now. Mac OS X is like nirvana for me; it combines my favorite OS, NeXTstep, with the best of the vanilla unix world and great hardware. Let me say that again: great hardware. A really elegant, quality machine. And oh--the iPod--it is really compelling. I'm saving up for a dual G4 these days...
What's your favorite computer-related project you have done?
That's a really tough question. I think my favorite project is almost always the one I'm working on today, maybe by definition. Perhaps the most useful project I had ever done was the SH-1 embedded workhorse. It was a 32-bit SH-RISC microcontroller (a Hitachi product) that fit in the footprint of a business card. Its versatile analog and digital I/O features found it a home in everything from lego robots, to an autonomous underwater submarine, to home automation control. I am hoping to someday build a follow-up design that provides 10x the processing power yet fits in about the same footprint, runs RT-linux and has mass storage and wireless communication capabilities. A long-term interest of mine is prosthetic limb development, and this plus a derivative of the SH-1 workhorse would form the processing core of such a project.
How did you get involved with the Xbox?
I've always taken apart video game consoles...in particular, my PhD advisor encouraged his students to learn from the design of game consoles. They represent, in many ways, the pinnacle of high performance, low cost computing. My work on the Xbox is pretty much just routine hacking, but it really got interesting because of the tight security implemented in its design. It's like one of those finger puzzles that you play with for hours--trying to get the ball out of the cage, or what not, except it's trying to get your code to run on the Xbox. I hardly play any games on my video game consoles-- the most challenging and addictive game for me is hacking them. When I do want to play a game, I usually turn on my gamecube or GBA...and sometimes my PC.
What inspired you to hack the Xbox?
I was "inspired" by the challenge it presented in its security system. It was like choosing the red pill and seeing how far down the rabbit hole things went...every time a new part of the Xbox security was mapped out, everyone would look at each other and be like, man, they were really paranoid!
Were you challenged by the Xbox in any way?
Again, see above...the Xbox security was pretty challenging. And the bigger the challenge, the more interesting it is. I haven't really hacked on the gamecube much, or the PS2, because they don't present the same level of challenge or personal satisfaction. Well, the PS2's security has already been cracked, and the gamecube...I think its security is more practical, although less cryptographically sound. The little I know about it indicates that the gamecube uses less crypto and more hardware obscurity to make it more difficult to hack. This is, in my opinion, a superior approach for consoles because the goal is not to create a floating castle with spires and gilded doors, but just a dirt berm high enough to make any illegal operation non-profitable.
What do you think of Microsoft's attempt to modify the Xbox to prevent people like you from cracking it again?
Well, now that their v1.1 security has been cracked by Andy Green & co in under a week, I think Microsoft's attempt was pathetic. First, they cost nVidia untold millions of dollars in scrapped chips, and then they go ahead and implement a hash using an algorithm that is explicitly not suitable for hashes! I'm infuriated because I *know* they know better than to do this. I like nVidia, and I hate seeing a good hardware company being ground into the dirt by careless engineers at Microsoft. If they are going to spin the silicon, do it right. I saw with my own two eyes blank space on the MCPX die that could have been used to grow the boot overlay ROM so that it could accommodate a more complicated hash function. I mean, the new security system from Microsoft doesn't even require the current modchip vendors to change their hardware--just a reflash of the ROM is all that's required. What a waste!
On the flip side, even if Microsoft had done the hash function right, I know Andy Green would still have found a way around it. Him and I did a little chatting and there's a good warchest of holes and exploits in the Xbox that are fairly easy to use. Microsoft won't have solid security until they pot their Xboxes in epoxy, or sell single-chip Xboxes....part of the problem is that the Xbox is so versatile. It could do everything, yet it comes to the user crippled. Users don't like that, so they hack it. The gamecube on the other hand, while just as much a computer as the Xbox, has much less hack appeal because its sole purpose in life is to play games, and even if you wanted to use it as a media player or a Unix box, you really can't--no mass storage, and the removable media format is just totally incompatible with anything else.
How long did it take you to hack the Xbox?
I pulled out the FLASH ROM in early December, and then lost interest...until January, when it became clear that the crypto on the FLASH ROM was going to be a tough cookie to break. I started building the LPC tap board in mid-February, and by early March I had the gateway encryption keys in hand. The paper didn't come out until May because of a whole lot of legal and political reasons.
What are your current plans for modifying the Xbox?
Microsoft has shown remarkably good will toward me and my work so far; they could easily have made my life miserable. As a result, I've decided to not push my luck any further and now I'm officially a spectator. If Microsoft implements a new security scheme that patches all of the exploits and holes that we now know in our war chest, and people are lost, maybe I'd jump in and give it a try (not that I'd necessarily be able to do any better). However, I know that the caliber of people working on the Xbox now--like Andy Green-- is very, very high, and it's unlikely that Microsoft will be able to build a system that is unbreakable by the hacker community that has grown up around the Xbox.
If you could say something to Bill Gates himself, what would it be (I bet he's listening)?
That's another tough question. I have a lot of things I'd say to Bill, I guess. If you believe the historical documentaries such as "Hackers" by Steven Levy, Bill is almost single-handedly responsible for destroying any real innovation in the software world, in a manner very similar to the way Intel destroyed any real innovation in computer architecture. [I had a long flame here to back up that point, but I cut it because I've already written too much...] Well, the good news is that software does eventually "get there". Windows has "gotten there", Office is "there". Guess what? Linux is also getting there, and so is Star Office. They are just getting there a few years late. And when that happens, who is going to pay 4x the cost of their PC hardware for an operating system plus office productivity suite, when they can get similar products for mere pennies? The $199 Microtel PC ships with Lindows because well, a customer who is buying a $199 PC sure can't afford a $100 OS and $500 productivity software.
It also really irks me that Microsoft released such a sub-par piece of hardware for the Xbox. Almost every person I've talked to who does circuit boards or consumer products has agreed that the Xbox is really a steaming pile of dung. They aren't servicing their customers well; they have wrapped a sub-par PC in some industrial-strength marketing and media blitzes, and bribed dozens of software vendors to line up to create titles for the platform. It makes me sad that Microsoft is buying its way into such an important market and lowering the bar like this. Any other company trying to enter the console market would have folded by now under the weight of its inefficient hardware and field failures. Maybe Microsoft will prove me wrong by doing Xbox Live flawlessly and giving Sony a run for its money. I'm not holding my breath, though. Sadly, Microsoft probably never has to really shape up and start delivering quality hardware. Even if MS sold as many units of Xbox as Sony did the Playstation 2, they would have burned off only $10 billion out of their $40 billion war chest. It is almost painful to watch the console market devolve like this. Microsoft is just trying to bleed everyone else out of the market, so they can push whatever they want and set the prices in a competition-free market place.
If you could change something about the Xbox design-wise, what would it be?
I would not use a standard PC architecture, and go for a more integrated, lower-cost design. There is a lot of silicon and power wasted in the current port of a PC to the Xbox. There are probably no embedded processor architectures that burn more power or take more area than an x86. The entire Xbox console is unoptimized for gaming. For example, the Xbox uses an inferior unified memory architecture (UMA) because it's "cheaper" (yet they have the most expensive to manufacture console). They tout its high bandwidth, but they never mention that the latency is 10x worse than the competition, and that the available bandwidth is being split among the processor, video and audio.
In contrast, Sony and Nintendo make money on the hardware because they own their designs, IP, and even fabs! Their consoles are lean, mean, gaming machines. They're tougher to program, but because the hardware never changes for many years, programmers eventually learn how to use them. This just goes to show you what happens when monopolies with lots of cash try to expand--they make shoddy products to penetrate into new markets, and burn the cash to force your competitors out.
I would also not use a hard drive in the Xbox. Reliability is something that I think is important to everyone except for the early adopting, high-rolling consumers. Visions of the family dog dragging an Xbox across the living room floor by the power cord and crashing the hard drive head fill the mind. The old NES and Atari consoles still work like a charm after a decade and a few garage sales. How many hard drives continue to function under heavy use over that period of time? Despite Microsoft's claim that reliability is not an issue, I personally know dozens of unhappy Xbox users who have had to return their units, or have bought "new" units that were actually refurbs. In contrast, I know of not a single Gamecube or Playstation2 owner who has had to return their console.
Has Microsoft ever tried to scare you into bringing information down? And if so, what do you think about this?
Microsoft has been quite cordial about the whole affair, actually. They requested originally for me to remove my ROM image from my website, which I did; they were pretty polite about the request, although it did shake me up a bit. After I cracked the security in the Xbox, they surprised me by being pretty good sports about allowing me to publish my paper. They expressed a preference for me to not publish, of course, but I think in the end they realized that cracking down on research activities in academia would not be regarded favorably by anybody outside the company.
You're the idol of many Icrontic viewers. What do you have to say to all of your adoring fans?
Uhh...hi! I guess I feel a little funny being thought of as an idol; I feel like I'm pretty much your average joe schmoe. I think, however, it is a privilege to be an inspiration; I hope I can be a positive influence on people, and inspire people to follow their dreams and passions. My best advice is to do what you love to do--you have to feel a passion for it--and to have the courage to push yourself into places you've never been before. I have learned the most from risky projects that have failed.
If you could work on a dream project, what would it be?
There are so many interesting things to do. In the short term, I would love to see my PhD thesis work further developed, and if I had real funding, I would find that a lot of fun. In the long term, I think working on a project with a potential to directly help people is of great interest to me. One of my thoughts toward the long term is to build prosthetic limbs for people who are amputees or have degenerative diseases. I've had knee injuries in the past, and I have mild carpal tunnel syndrome...both of which have taught be to really appreciate the ability to move around on my own two feet, and the value of capable hands. If I could build something that could help restore these abilities to people who are without, I think that would be quite satisfying. In addition, I think a project like prosthetic limbs is very interesting because it would require me to learn things about materials, biology, mechanical, and power engineering. Emulating the elegance, endurance and power of the natural form is perhaps one of the ultimate engineering challenges.
Source: Tech-Critic.com
Hybrid Mode
