Group cracking Xbox 'for the public good'

The Neo Project, which is attempting to break the Xbox's main security code, says its activities are important for protecting security and privacy on the Internet

The Neo Project, which is using distributed computing to crack the main security code in Microsoft's Xbox games console, says it is confident its activities will stand up under legal scrutiny because they could have research and social benefits.

The group launched, and then quickly dropped its Xbox cracking plan recently, when it began attracting wide public interest. "With the recent media frenzy we stopped the project to research the legal aspect before proceeding any further," project founder Mike Curry explained on the group's Web site. "It seemed OK until we started receiving 75,000 unique hits per day."

The Neo Project is a group of computing enthusiasts devoted to cracking security challenges using distributed computing techniques, in which heavy-duty computing tasks are divided among a number of PCs. The group's initial software release focused on a $10,000, or about £6,400, challenge from computer security firm RSA Security to crack a 576-bit encryption code.

A subsequent software release was aimed at cracking the 2,048-bit encryption code used by the Xbox. A cracked encryption code could allow hackers to run homemade Linux software on an unmodified Xbox, satisfying a $100,000 hacking challenge funded by Michael Robertson, chief executive of Linux software company Lindows.

The project decided to go ahead with the Xbox crack because it felt the project's aims were compatible with the Digital Millennium Copyright Act (DMCA). The controversial law makes it illegal to break through copyright protections, but makes exceptions for legitimate research. The group is arguing that it is protected by sections of the law that allow for research in encryption, compatibility and privacy.

Since The Neo Project is facilitating a version of Linux that could run on an unmodified Xbox, the project feels it is protected under the exception for reverse-engineering for compatibility purposes. But the project also says that cracking the Xbox's 2,048-bit encryption key has implications for the encryption used on the Internet.

"Even email is secured with 2,048-bit keys. Your bank may rely on this encryption to protect your money. Networks may rely on this level of encryption to prevent access to public utilities and telecommunications," said Curry in a message to users on the project's Web site on Monday. "Factoring of the Xbox key has research and social implications well beyond interest in the game console."

The project also feels it is covered under a DMCA provision allowing a crack if personal information is at stake. Because some researchers have suggested that the Xbox stores its serial number in a way that could be leaked over the Internet -- via Microsoft's Xbox Live service -- Curry argued that decryption and examination of the Xbox's workings would "aid in alleviating these privacy concerns."

The project is working on a new version of its software that will be compatible with Linux, Mac OS, Windows and Solaris, and will be able to run on an Xbox running Linux. Currently about 25,000 computers have signed on, according to Curry.

CNET News.com's David Becker contributed to this report.


For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Security News Section.

Let the editors know what you think in the Mailroom.