I kind of want to start the show with you just talking about how the original Xbox got hacked. BUNNIE: Mm-hm. Sure. This is bunnie, or at least bunnie is his hacker handle. Back in 2003 he published a book called Hacking the Xbox just after graduating from MIT.
Yeah, I was in MIT as a grad student at the time.
Oh, and just as a random fact here, the term ‘hacker’ actually emerged from the MIT Tech Model Railroad Club in the 1960s and that ethos sort of paved the way for the hacker culture today. They were hacking model railroad sets to make them do things they weren’t intended to do, and bunnie fit right in with this hacker culture at MIT. BUNNIE: Basically, every toy, every game console I had gotten since childhood, I had always taken apart. If I got tired of playing the game,
I would just change the resources in the game and get the highest score or whatever it is. It was more fun to sort of hack the games than it was to play the game itself, is the bottom line. Around this time, the original Xbox came out. Bunnie got ahold of one and found it had high-end computing parts in it. BUNNIE: When I took it apart, it was very clearly a PC to me on the inside. Being able to run my own code on it, put Linux on it, to make
the game do what I want to do, right, was just a natural impulse to me. If you paid whatever, $300 it was at the time for this thing, that’s not a small amount of money particularly to a student, and then you’re told that you can’t use it for what you want to use it for. Like, what if I’m done playing games? I need a computer to write my paper. This is ridiculous. That’s the feeling
that ran through my blood at the time. JACK: That’s the goal. Bunnie owned an Xbox which had all these parts that a computer would have, and he wanted to use it like a PC.
It was basically a high-end PC. It should be able to run my word processing software, or I should be able to just tell it to boot to a shell or something like that so I can do what I want with it. It seemed like a reasonable prospect to me.
He tried to put his own software on it but there was a problem. It wouldn’t run.
The firmware image needed to be signed, encrypted to a key, and the key was not known, obviously, to the people who didn’t have it. I couldn’t put my own code in there unless I had that key. JACK: Challenge accepted. Forget about playing the games on the Xbox; the game now was to find this key and somehow make it so he can run his own software. BUNNIE: Right. A bunch of people were searching
for it at the time. I figured they would just crack it open but they all pointed down to this, what was a hidden key that’s read from a location inside of memory that would be mapped out after you booted. The processor would wake up in the morning, it would go to a secret location, get its keys, and then it would brick over the door, turn it into a regular wall so you couldn’t find it again. Once you’re in the outside space, none of the other exploits could figure out what
that key was. It was obviously hidden somewhere in the hardware, this extra-architectural feature of the Xbox. Since I was a hardware guy doing research on hardware at the time, this played into my alley so I started poking around. JACK: [MUSIC] After a lot of research, bunnie had an educated guess that this key probably travels over a specific wire, or bus. He tried to figure out a way to sniff the data that was going over that bus.
Simply put, I built a little circuit board that could capture the data going across that bus and log it to another piece of hardware that we could use for later analysis. Then essentially, as we boot the device, we could watch that secret ROM going to the CPU and then observe the key embedded inside that secret ROM. JACK: This worked. He captured the data which looked kind of like it could be a key. He tried using the key in different ways to test some code,
but it wasn’t working. But then he used the key with a certain offset and shazam, the whole thing started being decrypted. BUNNIE: I had to pinch myself. I couldn’t believe it. Then I was like, this can’t be. This had to be a mistake in the code. It couldn’t be right. Then I just double-checked and double-checked. I was like holy cow, this is it. This is the key. I couldn’t believe it. I think it was like four a.m. and my girlfriend was asleep already so I
wasn’t going to bother her, but I was jumping out of my skin. I couldn’t scream and shout so I sent a note into the IRC form that was on at the time, and other people validated it that it was correct. Then the next day, I saw my PHD advisor and told him about it, and that’s when he informed me about the DMCA and all the consequences that could have happened as a result of this. I was like oh my God, I didn’t even realize this was a thing. How [00:05:00] could this even possibly be illegal for
me trying to run my own code on my own box? JACK: The DMCA, or Digital Millennium Copyright Act, specifically says it’s illegal to disseminate technology in order to circumvent copyright protections. But the excitement of cracking a key on the Xbox was thrilling. Bunnie kept tinkering with it and eventually got the Xbox to run Linux, which was a victory in this little game he set out to play. But now there was this looming issue that this whole
thing might be illegal. Bunnie, being a good MIT student, wanted to do the right thing. We want to do the whole responsible disclosure thing, like tell Microsoft about the problem, figure out the right way to present the research, that sort of stuff. For several months it went back and forth with lawyers and whatnot to try to figure out what was the right way to disclose the research without doing it irresponsibly. JACK: Bunnie and Microsoft came to an
agreement. Microsoft said you can publish your report, but… Basically, just don’t share the key. You can tell how you did it and what the research was and all the methods, but just don’t print the exact key. That’s reasonable, right?
Bunnie started writing about how to reverse engineer the Xbox but he had to make a choice on where to stop with all this hacking. BUNNIE: I kind of wanted to avoid anything that could be perceived as unlawful, particularly because I wanted to go public with it and I wanted to share the results of the work. You can’t really play it both ways; either you go white hat or you go black hat, right? I just solidly decided I was going to go white hat on this one.
One thing led to another and bunnie ended up writing an entire book on how to hack the Xbox and reverse-engineer it. He ended up actually self-publishing the book and sold it through his own website. Guess what? It became fairly popular.
Drive up to the post office with this – I had this old Maxima sedan filled floor-to-ceiling with books and envelopes. They’re like oh, it’s that guy again, that weirdo with the car full of books. They’d bring out a big whatever the rolling cartons are, and I would just dump it all in there. JACK: This book inspired many hackers to learn how to do this and to take this so much further. I think the problem that every technologist faces that every technology
is potentially dual-use. This happened with the atomic bomb. Some people thought they could create an energy source for humanity and other people saw a weapon. I think there is a responsibility the technologists to consider potential ethical ramifications of what they do, but it’s also not the place of the technologists to deprive all of humanity because they solely judged that the technology may be used one way or the other.
It’s just something you have to be aware of in a disclosure and how you educate people how to use it. We then say oh, man, shouldn’t touch fire because fire can lead to burns. It also leads to cooking and heating and staying alive. The question does keep me up a lot at night, but at the end of the day, some people are gonna do what they want to do, right? Who am I to say what’s right or wrong? Over time, sometimes things will evolve in a direction you can’t control,
but I think to each their own at that point in time. There’s only so much you can do to control destiny. JACK (INTRO): [INTRO MUSIC] These are true stories from the dark side of the internet. I’m Jack Rhysider. This is Darknet Diaries. SKITZO: Okay, I guess the best thing to start is basically from the beginning.
Wait, wait, wait, before we get started, what should we call you?
[00:10:00] Skitzo’s fine. JACK: Okay. Skitzo it is. [MUSIC] Skitzo was a member of the Xbox hacking crew called Team Avalaunch. It was big in 2009. Oh, and I should give a warning somewhere at the beginning here; this episode and the next episode, they’re explicit in nature. There are a lot of cuss words in these two, and the second one gets dark. We’re gonna talk about drugs and depression then, but if you can make it through that, holy cow are you
in for an amazing story. It’s so amazing, I can hardly believe any of this, except I do believe it because I spent months fact-checking this as much as possible. But it’s still unbelievable. Jeez, Team Avalaunch is a collective group of hackers and hardware enthusiasts, let’s put it that way. The main focus there was Xbox. There were some members that ventured into different areas. You had individuals like Lantus that was really,
really great with the emulation side of things. People like Redline, who could do wonders with networking, and then you had some greed and you had some people that took up space for God knows what. JACK: The original Xbox that came out was amazing. The graphics were stunning, the games were great. Halo was my favorite, of course. The AI of the enemies in that game was just unlike anything I’ve ever seen before.
It was amazing. But after the Xbox was out for a while and that initial sheen sort of wore off, some people didn’t like the dashboard that came with it. The Xbox dashboard is the menu within the Xbox and it lets you pick the games you want to play, log into Xbox Live, look at your settings, that kind of stuff. The stock dashboard just wasn’t enough for this group of hackers, so they got together to try to make a better dashboard. They wrote the software themselves
and then got the Xbox to play it. This wasn’t easy to do, to hack the Xbox into playing your own homemade software, but eventually they got it. The dashboard that Team Avalaunch made was pretty popular among the people who liked modding their Xbox. Another thing this group tried to do is play other games on the Xbox like Nintendo games and PlayStation games. You know what? They were doing it. They were hacking the Xbox to play all kinds of games the Xbox was
not supposed to play. But really, if we take out our moral compass here, changing the dashboard and running emulators on your Xbox might be just entering the yellow area of hacking. Yeah, it’s against the terms of service and might be illegal, but it’s not really that big of a deal for someone like Microsoft to crack down on, investigate, or hire some lawyers to go after you. It was, you know, you want to do this with your Xbox, you’re gonna do this
with your Xbox. But it was never a malicious attack on anything. It was a hobby.
Team Avalaunch tinkered and toyed with getting the Xbox to do all kinds of things. When the Xbox 360 came out in 2005, they were all over that, too.
That’s more or less where I come in. During that time of the OG Xbox scene, I was more into the Sony and Dreamcast scene. It wasn’t only until the 360 scene; that’s where I came in with Team Avalaunch. JACK: The Xbox 360 architecture was more secure than the original Xbox. Remember how bunnie was able to sniff that key off of one of the busses on the Xbox? Well, the 360 made it so the key never left the chip that it was on, making it impossible
to do what bunnie did. All new methods for getting custom software to run on the Xbox had to be done. Team Avalaunch figured this out and built a custom dashboard for the 360. A few things were released publically for other people to also do, but a lot of hacking was just kept secret within the group and wasn’t publically shared. SKITZO: I mean, obviously we ruffled feathers but
we weren’t there to play pirated games. I mean, obviously ultimately when the majority of people that will do this want to do that, I was more than happy playing CPS3 games and Super Nintendo games, and XBMC on my OG Xbox than I was more concerned about playing a pirated game.
You kinda get the feel of what Team Avalaunch is up to, right? They’re figuring out how to mod the Xbox, take it apart, make it do things it’s not supposed to do. One of the members of Team Avalaunch was named Rowdy Van Cleave. He was thirty-eight years old, living in California.
Howdy got… JACK: Hold on. I call him Rowdy. You call him Howdy. SKITZO: I call him Howdy.
Okay, but he goes by both? SKITZO: He goes by both. Howdy was at the right place at the right time. [MUSIC] Howdy had a friend who had access to a recycling facility. JACK: This is an electronics recycling facility. Computers often contain a lot of toxic components and need to be disposed of properly. Rowdy heard there were Xbox DVD drives for sale at this facility, cheap. He went down there [00:15:00] to take a look. While he was down there, he found a couple of Xbox 360 motherboards,
but these looked different than what Rowdy knew an Xbox 360 motherboard looked like. He took a few of these motherboards home and popped one into his Xbox 360 and booted it up. The words that Rowdy said next were ‘holy shit, this is a freaking dev motherboard.’ The Xbox 360 dev motherboards were used by programmers themselves to make video games for the Xbox. You could only get one after Microsoft vigorously screened you to be a legitimate developer. It
enabled a lot more features on the Xbox and gave them extra access to do things. Under no circumstance did Microsoft ever want these in the hands of consumers, much less Xbox hackers. They called these ‘dev kits’ and they looked, acted, and worked just like a regular Xbox 360, but with a ton more features. Rowdy knew this and to him, this was a jackpot of a find. He went back to the facility to look for more and couldn’t believe what he saw.
There were thousands and thousands and thousands of kits. Here, I’ll put it to you in this way; I had a kit that was covered in mud. That’s how the kit went to this facility. It was covered in mud. I called it the Joe Dirt Kit. I never cleaned it ‘cause I found it hilarious. I was like, what the hell did Microsoft do to these kits for it to be covered in mud?
You can imagine a fairly popular and long-running Xbox hacking group stumbling upon a find like this. It’s like finding actual treasure. Rowdy was finding complete Xboxes there, too. SKITZO: These are complete kits set to be destroyed. JACK: Do you have any idea where these were coming from? SKITZO: Microsoft. I want to say probably
100% of these kits were meant to die. JACK: When he says ‘meant to die’ he means recycled, destroyed, discontinued, because maybe Microsoft didn’t have a need for these anymore, or these were returned ones, or defective or something, but Microsoft just didn’t need them anymore and wanted them gone. [MUSIC] Rowdy grabbed all that he could and started passing them out to everyone in Team Avalaunch.
People didn’t take just one; you took one just to take apart, and then you grabbed another to try modding it, and then you grabbed another to see what it was capable of on Xbox Live and stuff. There were so many kits going around that it was so easy to get multiples of them. It sort of became a business for Rowdy. Not that he really wanted to get rich off it, but he wanted to put the kits in the hands of Xbox hackers that he knew and trusted.
During that time, I got introduced into it. Like hey, why don’t you have a quick peek at what’s going on here? JACK: Now Skitzo is stoked on getting his hands on one of these. The Xbox 360 dev kit is exactly the same as a regular Xbox, just with all kinds of developer options enabled. One of the most amazing things about owning a dev kit was the ability to access PartnerNet. SKITZO: Basically, it’s the developer
version of Xbox Live. All kits had a, air quotes, ‘credit card’ so you could make any profile and just jump on PartnerNet and you could, if need be, purchase Xbox Live points at that time. But 90% of the time, developers who put their games up for testers to get ahold of it, or to demo, and you download it. It acted exactly as retail Xbox Live did at that time.
Through PartnerNet, you could potentially see and play unreleased games or unreleased patches, or unreleased add-ons for games, or unreleased maps. It was amazing for this hacker crew to all have the first peek at all this stuff. It was like the wild west for them. While playing games on it was fun and lasted a while, the hot new game was now to hack the dev kits and to see what you could get them to do. SKITZO: The goal was basically hey,
how can we run code on this and what can we do to it? That was the ultimate goal; can we get an emulator running on it? Can we get MAME on this thing? Can we get anything to XBMC, things of that nature? What’s the architect behind it? What are the limits? The network presence that Microsoft took at this time was far more advanced than what the original Xbox had, with respect to connecting on Xbox Live and things like that.
How was hard drive structure and the encryption? How did Hyper-V work? It was that Pandora’s box of like – to your point, how excited were you, it wasn’t necessarily exciting getting the system but getting under the hood that made it fun. JACK: This was very exciting times for Skitzo, Rowdy, and everyone on Team Avalaunch. They knew that this was something the public was never [00:20:00] meant to see and here they were, a whole team of people, hacking away at it.
The public should never have this. It’s the gateway into all the millions of millions of dollars and manpower that you spent on securing your system. Why don’t you tape your house key to your front door when you get home? You’re pulling the curtain behind the console, right? With the right tools you can get into the console. You can see how things load. You can do timed attacks on it. You can do a number of different things to the console, have an easier time doing
it than retail that’s locked up. JACK: Around this time, Halo 3 was about to be released and those who pre-ordered it got access to the beta version a few months before the release. With these DEV kits, Skitzo and the team could play the public beta version of Halo 3. Nothing really special here, but the beta only lasted a short while, just to test it, and then the game was not playable for a few months until the official
release. But Team Avalaunch, using their dev kits, figured out a way to keep playing Halo 3 long after the public beta was closed. SKITZO: [MUSIC] We were able to run that on PartnerNet and we were on the server that Bungee had set up and we would play. Bungee was trying to take the server down, and Bungee had a custom welcome screen for us
because we kept a dev kit running called Halo 3 Dummy. Halo 3 Dummy kept that server alive so we could get in and play while after the air quotes, ‘beta time’ expired on Partners.
They did so much more with these dev kits, grabbing stuff from Xbox Live and moving it to dev so that they could play it as developers. Like, you could enable things like double experience points or load up special loot. It’s like you could be a GM in many games, and they played a lot of beta games and unreleased stuff. It was great times.
[XBOX SOUNDS] It was amazing, astonishing, to look back at all this stuff. JACK: [HALO MUSIC] Rowdy kept getting more kits to send to people, and mostly these kits would only be put in the hands of people in Team Avalaunch. He wanted to keep this secret and underground. But for a while it was very close-knit. It was a family. We were a family and I know that term is used a lot but all good things must come to an end.
We had greed that started happening with the one guy who kept getting the kits and was always just for us, just for us, and next thing you know, shit’s starting to flood the market and every jackass out there with five hundred bucks is getting a fucked-up kit. The kits are getting into the hands of people that shouldn’t have had it, and you had garbage cans of human beings getting closer to the scene. Then you had the new bloods that came in and it was just, fuck it. Just go.
Let’s talk about these new bloods. First, let’s meet Dylan. Hello, can you hear me?
Yeah, can you hear me? JACK: Yeah, I hear you. Perfect. JACK: This is Dylan, right? Yeah, Dylan. JACK: Dylan was young. In 2010, Dylan was only 14 years old. This is kind of what he meant by new bloods, right? These are young kids just getting in the Xbox hacker scene. Because Skitzo and Rowdy were much older and had been in the scene for many years at this point, they were like veterans. But now young kids like Dylan are showing up, and back
then, Dylan’s hacker name was Dae, D-A-E. SKITZO: Dae came around and he really didn’t give a fuck. He truly did not care. JACK: Okay, Dylan, what is one of your first hacks? DYLAN: I got suspended twice during high school for actually getting into computer networks I probably shouldn’t have gotten into.
Whoa. DYLAN: I think it was the thrill of knowing what’s behind doors that kind of got me into it. JACK: Look at this recipe; a young kid, doesn’t care much about the rules, loves video games and the Xbox, loves hacking, and is hungry to learn more and do something crazy. Combine that with a high level of curiosity, and someone who has always ‘on’ energy, you get Dylan. DYLAN: I think back then it was just not knowing
what you can and can’t do. Just not being told this is wrong doesn’t necessarily go past a teenager’s mind, [00:25:00] so I think I just liked the thrill of it. It was kind of like a rush, it was like an adrenaline rush every time I got into something, and seeing things that I shouldn’t have seen. That’s kind of what makes you want to do it even more.
Dylan was so fascinated with Xboxes, he wanted to learn how to hack it. Yeah, he starts joining Xbox hacker forums and hanging out in the chat rooms, and getting to know who’s who in the scene. There’s another person who showed up in the Xbox hacking scene around this time, too. Is Diane all set up? We ready to go? DIANE: I just hit record.
Yeah, she just hit record so we’re good to go.
Let’s start out with you telling us your name. What is your name?
My name is Sanad Nesheiwat. For some reason on my birth certificate, the doctor’s messed up and put my middle name and first name together. That’s why it says Sanadodeh Nesheiwat. But it’s just Sanad. JACK: Sanad grew up playing console games, and loving them. SANAD: Yeah, I was definitely a hardcore gamer. I had Dreamcast, PlayStations. I’ve been gaming since I was about eight years old. I didn’t really get into that whole hacking thing up until the Dreamcast came out. That’s when I
really started getting into things. JACK: Sanad is a hardware guy. Well, I mean, I like taking things apart, figuring out what they do, and trying to modify them in ways that will benefit me. JACK: When he was younger, he had a soldering iron, oscilloscope, lots of chips, electronic parts everywhere. At one point, I asked him a question about electronics and jeez, he just went off the rail, crazy deep on me. Listen to this. SANAD: What a BGA station does, is it has
heat plates and it shoots up hot air from the bottom and hot air from the top. It allows you to take the chip off and clean out the solder and put brand-new solder balls on it.
Okay, okay. You get it, right? Sanad is passionate about electronics. He’s a hardcore gamer and he loves breaking things just to open them up and see what’s inside, and how they work. He loves Dreamcast and Xboxes, and these kind of things. Sanad was deep in the console hacking scene. At one point, he and a friend created a launcher that would run pirated software on the Xbox. But his friends started telling him about the Xbox dev kits that were going around
in the scene at the time. His friends said… SANAD: Hey, you guys can totally use dev kits to make your launcher a lot smoother, and you can debug it in real-time, and so on and so forth. I was like alright, so we put together a PayPal donation account and a bunch of people donated so I was actually able to get everybody on the team a dev kit through
Rowdy. That’s when I first got one. JACK: There was something absolutely magical about being a console hacker in 2010 and getting an Xbox dev kit in the mail. This was something you weren’t supposed to have; this was forbidden. Here Sanad is, opening it up, eager to plug it in and play it, like it’s a doorway to a magic kingdom. Oh, what fun he could potentially have with this. SANAD: My first dev kit, I actually bricked
within two hours. But luckily, I had made a flash dump of it before even messing with it and I was actually able to revive it. JACK: Once he got it up and working again, it was amazing. SANAD: Going on PartnerNet was phenomenal. Imagine going on Xbox Live but everything that you download is betas and it’s all free.