Xbox encryption key hackers revive effort

The Neo Project, a group of distributed computing enthusiasts, on Wednesday said on its Web site that it had resumed its attempt to crack an encryption key used to digitally sign software for Microsoft's Xbox video game console.

The group had said on its Web site on Tuesday that for legal reasons it had abandoned its effort to crack the key, just four days after it began.

"We're back and we're back strong," said a message Wednesday on the Neo Project's home page, http://www.theneoproject.com. The message told visitors to stay tuned and that the group would have new client software available to continue what it called the Xbox Challenge.

"With the recent media frenzy we stopped the project to research the legal aspect before preceding (sic) any further," said the statement, which was on the site at 5 p.m. Pacific time Wednesday.

Many hackers are searching for ways to run their own software on the Xbox, but so far they have been thwarted by a security mechanism in the console that only allows applications to run if they are digitally signed with Microsoft's 2048-bit private encryption key, according to one such group, the Xbox Linux Project.

On Jan. 3, The Neo Project posted code on its Web site that would allow supporters to use their PC's idle time to participate in a search for Microsoft's private encryption key using distributed computing techniques. Distributed computing breaks down complex calculations into many simple tasks that can be run in parallel on a network of computers.

The next day, The Neo Project posted a notice on its home page saying that if the Xbox project was found to be illegal, or if the group was approached by Microsoft, "We will be ditching the Xbox project all together as we cannot afford the legal fees," according to an archive copy of the page held in the cache of the search engine Google.

By Jan. 7, The Neo Project's home page had changed to read: "Due to legal reasons, we will no longer be hosting or participating in the Xbox challenge," and the application containing the code to crack the Xbox key was no longer available for download from the site.

The organizers of The Neo Project have not been able to be reached for comment since the initial announcement that they would ditch the project.

Many distributed-computing projects have sprung up to respond to challenges issued by encryption and security system vendors to solve arbitrary cryptographic problems by brute force. Hundreds of thousands of dollars in prize money are available to those who are first to crack the codes. The vendors gain because they are able to demonstrate that it can take months of work by thousands of computers in order to crack a single key.

The Neo Project began life last July as an attempt to crack the US$10,000 RSA-576 Factoring Challenge, sponsored by RSA Security Inc., before turning its attention in January to Microsoft's real-life application of the same algorithm. The Neo Project announced this week that it has found an interesting mathematical property of the RSA-576 number: the squares that (when added together) make it up. It is still searching for the factors that could win it the $10,000 prize.

Project supporters expressed mixed feelings in the group's online discussion forum about the search for the Xbox key. One member, signing their message "Guspaz," said they had joined the project solely to participate in the search for the key. "I'm saddened by the Neo project's lack of resolve. (...)," the member said. "Hopefully someone else will have the balls to put up a DC (distributed computing) network and stick with it."

Another, "Nemaroller," thought it was "a brilliant move to discontinue the project," saying it was nonconstructive and at the expense of a company that was trying to protect the investment of billions of dollars of its stockholders' money.

Join the newsletter!

Error: Please check your email address.

More about GoogleMicrosoftRSA, The Security Division of EMC

Show Comments
[]