Meanwhile, I’ve finished reading Andrew “Bunnie” Huang’s Hacking the Xbox – An Introduction to Reverse Engineering. It’s a great book (apart from some formal deficiencies due to lacking publisher support) and I can highly recommend it to anybody who’s interested in any of the fields such as reverse engineering, hardware hacking, HW-/IT-security, video game consoles (particularly the Xbox), US laws and others.
Some points what this book is all about (in my very personal view as someone who read it):
* It’s about reverse engineering. It’s about HW-security and security in general. It’s about HW-hacking in the age of the DMCA. It’s about your rights to explore and excel and how to keep doing it despite of/in accordance with DMCA. It’s about having fun with challenges. It’s about online hacker communities and their backgrounds.
* It’s about (US) laws and ethics.
* It’s about economics of video game consoles.
* It’s about HW-hacking basics. It rather covers practice than theory.
* It’s not a step-by-step guide about hacking a Xbox as this would not match with current (unfortunate) american laws (DMCA).
* Important note: The entire book is legal according to US laws
My take: Unsurprisingly, I didn’t read this book for hacking a Xbox. I don’t even have a video game console as I’m not an avid “gamer” (I prefer having a nice joystick instead of a rather limited game pad and I prefer using a PC as I’m more into simulations than typical game console games -> well yeah, I know the Xbox is a PC in fact). Needless to say I don’t intend to buy one in the future, not even for running Linux on it. IMHO, hacking a Xbox mere for getting a cheap LinuXbox is not that attractive anymore (nowadays, you can probably get better HW for the price of a Xbox.. even saving you the efforts and expenses to hack the Xbox). However, it might still be attractive if you see it as fun or an educational challenge (although with today’s alternate-rom-chips and with the know-how provided by the Xbox hacker pioneers, it’s probably not that much of a challenge anymore). I’ve solely read the book to get a first-hand insight into the general topic of HW-hacking with the goal to learn judge the security-concepts of current security architectures such as TCPA, Palladium/NGSCB etc. And that’s exactly what I recommend this book for in the first place. Of course you can’t expect to be a security expert or a HW-hacking guru just after reading a book. In fact, you’re far away from it. But you get an idea of how much it takes to get there (i.e. to an equal level with Bunnie & Co.) and you get an idea of how difficult (probably impossible) designing secure hardware is. You also learn about the general problems and disadvantages of HW-based security approaches and how to do it better.
Unfortunately, many people don’t seem to understand the main aspect of the book. For example I suggested the local library to buy some exemplars, as I consider it to be a very valuable (a “must-read”) book for any CS/IT/EE student. Their answer: “We don’t cover books about game consoles”. Poor judgement (though not atypical). As a consequence, students who are interested in reading this book will need to purchase it (Domestic: See the Orell-Füssli shop at the Bahnhofstrasse in Zurich or books.ch; Intl.: See the web sites of NoStarchPress, Amazon etc.). I recommend to do so however. It’s definitely worth it as it will broaden your horizon in a new way.