(malware,WTF) How to fit three bugs in 512 bytes of security code

The Hidden Boot Code of the Xbox - Xbox-Linux

Naturally, only Microsoft can do something like this -- no one else can quite match the monumental scale of these guys. Here're samples from the article if you dont have time to read the original.

This is how thorough these guys are:

The roll over of the instruction pointer from FFFF_FFFF to 0000_0000 is supposed to generate an exception. [...] But in reality, no exception is generated. [...] Apparently the i386 CPU family throws no exception in this case, Microsoft's engineers only assumed it or misread the documentation and never tested it.


512 bytes is a very small amount of code (it fits on a single sheet of paper!), compared to the megabytes of code contained in software like Windows, Internet Explorer or Internet Information Server. Three bugs within these 512 bytes compromised the security completely - a bunch of hackers found them within days after first looking at the code. Why hasn't Microsoft Corp. been able to do the same? Why?

And finally, to add insult to injury...

There are two more approaches for attacks that we do not want to disclose yet, as Microsoft may still offer updated Xboxes in the future.


No comments: