J
joshandrok
Enthusiast
I have been seeing alot of talk about altering mp.ff files in MW2. And then I see people say "I have it decrypted" and such. But apparently some people don't understand what an RSA Signature is. This text will be long, but it's a good read(hopefully), and maybe all you future modders can understand just how this RSA thing works. So lets get started. . .
So lets look at the chances of one single person ever figuring out the full key.
"Clearly, a pivotal issue in hacking the Xbox console is their implementaion of the digital signature system.
The Xbox uses a SHA-1 hash with 2048-bit RSA keys, making the chance of a successful brute force attack very, very slim.
Of course, the probablility is zero if you never try, but the odds are stacked against you.
You'll have better luck trying to win the lottery.
This is by no mistake; the discovery of the private key would make game copying trivial and developers would not have to pay royalties to Microsoft.
Given that this key is probably worth a few billion dollars to Microsoft, it is quite likely that no single human knows the full key, as rubber hose, and green-paper cryptanalysis techniques tend to be quite effective on humans."
So now lets look at the algorithm behind an RSA signature.
"1. Find two large(thousands of bits long) prime numbers. "P" and "Q".
2. Choose "E" such that E>1,E<PQ and E is relatively prime to (P-1)(Q-1).
E does not have to be prime, bit it must add. The pair of E and PQ are the public key.
3. Compute "D" suck that (DE - 1) is evenly divislbe by (P-1)(Q-1).
This can be accomplished by finding an integer. D is the private key.
4. Plaintext "T" is encrypted using the function C=(T) mod PQ
5. Ciphertext "C" is decrypted using the function T=(C) mod PQ
Note that T<PQ messages larger than PQ must be broken down into a sequence of smaller messages,
and very shot messages must be padded with carefully selected values to foil dictionary attacks among other things. "
So what does this mean for modders
"In the Xbox, digital signatures are used to control the
distribution and sale of programs for the console.
Microsoft is effectively in control of both the sender
and the reciever of messages.
The receivers- Xbox console - are programmed to only run programs
that are digital signed by Microsoft. In an Ideal world, this
guarantees that Microsoft has the final word
on who or who cannot run programs on the console, and hackers cannot
modify games to insert viruses, Trojan horses, or back doors.
Saved games are also sealed using encryptions, and as a result,
it is nominally impossible to hack a game and cheat by patching
the executable or by jacking up your character stats."
This is basically saying that we are not getting into anything that is signed with RSA.
Now I am by no means a hardcore 1337 haxzorz. In fact I have hardly even begun to understand the whole RSA thing. I just know that if it is signed with it, then you might as well give up. I just posted this because I'm tired of seeing all these threads about modding the mp.ff files to play online mods for MW2. It's just simply not logical to waste time on it. But whatever, To each his own. If you still feel that you should go about modding online MW2 via the ISO, then go for it, but I doubt you get anywhere seeing as how people have been working on Microsoft's RSA key for years. I hope this shed some light on RSA signatures for some of you. It definitely helped me. . .
This all was taken from the book "Hacking the Xbox: An Introduction to Reverse Engineering.
Sorry Unknown v2, I didn't see your thread. I was typing this one while you were posting yours lol. .
So lets look at the chances of one single person ever figuring out the full key.
"Clearly, a pivotal issue in hacking the Xbox console is their implementaion of the digital signature system.
The Xbox uses a SHA-1 hash with 2048-bit RSA keys, making the chance of a successful brute force attack very, very slim.
Of course, the probablility is zero if you never try, but the odds are stacked against you.
You'll have better luck trying to win the lottery.
This is by no mistake; the discovery of the private key would make game copying trivial and developers would not have to pay royalties to Microsoft.
Given that this key is probably worth a few billion dollars to Microsoft, it is quite likely that no single human knows the full key, as rubber hose, and green-paper cryptanalysis techniques tend to be quite effective on humans."
So now lets look at the algorithm behind an RSA signature.
"1. Find two large(thousands of bits long) prime numbers. "P" and "Q".
2. Choose "E" such that E>1,E<PQ and E is relatively prime to (P-1)(Q-1).
E does not have to be prime, bit it must add. The pair of E and PQ are the public key.
3. Compute "D" suck that (DE - 1) is evenly divislbe by (P-1)(Q-1).
This can be accomplished by finding an integer. D is the private key.
4. Plaintext "T" is encrypted using the function C=(T) mod PQ
5. Ciphertext "C" is decrypted using the function T=(C) mod PQ
Note that T<PQ messages larger than PQ must be broken down into a sequence of smaller messages,
and very shot messages must be padded with carefully selected values to foil dictionary attacks among other things. "
So what does this mean for modders
"In the Xbox, digital signatures are used to control the
distribution and sale of programs for the console.
Microsoft is effectively in control of both the sender
and the reciever of messages.
The receivers- Xbox console - are programmed to only run programs
that are digital signed by Microsoft. In an Ideal world, this
guarantees that Microsoft has the final word
on who or who cannot run programs on the console, and hackers cannot
modify games to insert viruses, Trojan horses, or back doors.
Saved games are also sealed using encryptions, and as a result,
it is nominally impossible to hack a game and cheat by patching
the executable or by jacking up your character stats."
This is basically saying that we are not getting into anything that is signed with RSA.
Now I am by no means a hardcore 1337 haxzorz. In fact I have hardly even begun to understand the whole RSA thing. I just know that if it is signed with it, then you might as well give up. I just posted this because I'm tired of seeing all these threads about modding the mp.ff files to play online mods for MW2. It's just simply not logical to waste time on it. But whatever, To each his own. If you still feel that you should go about modding online MW2 via the ISO, then go for it, but I doubt you get anywhere seeing as how people have been working on Microsoft's RSA key for years. I hope this shed some light on RSA signatures for some of you. It definitely helped me. . .
This all was taken from the book "Hacking the Xbox: An Introduction to Reverse Engineering.
Sorry Unknown v2, I didn't see your thread. I was typing this one while you were posting yours lol. .