Login | Signup

Game Buzz 9: Among Thieves - Hardware, Hacking and Histrionics

Matt Gardner
Features, Firmware 3.21, Game Buzz, Geohot, Hacking, PS3

Game Buzz 9: Among Thieves - Hardware, Hacking and Histrionics Game Buzz is a weekly opinion column designed to take an irreverent look at one of the biggest news stories to break in the past week. Every Friday we’ll be bringing you another slice of reaction to topical gaming news, and inviting you to agree, disagree, shout assent, vent rage, scream and complain to you heart’s delight. This week, we take a look at Sony's recent firmware update, the controversial removal of the 'OtherOS' option and ask whether or not we should really care.

Several people I know thought it was an early April Fools joke - an update that removes features rather than adding them - but no, Sony has decided to crack down hard on people look to exploit cracks in its system. Although no-one from the big bad corporation has actually released a statement to the effect (all Sony said was that the update was due to 'security concerns'), or even acknowledged the young prodigy's existence, I would assume that this crackdown is due in no small part to George Hotz's (Geohot) successful attempt to finally hack the PS3 and gain access to the console's hypervisor, giving him read/write access over the system memory and enabling full access to the meaty processing power that lies beneath the shiny obsidian plastic casing of the PS3. He completed his breakthrough in January at which point, considering that it had taken 3 years, 2 months and 11 days for someone to work out a way of hacking the console, a fair few media hubs began taking note.

Understandably, perhaps, considering that Geohot admitted that his hack could be exploited for piratical - no not the Johnny Depp/Geoffrey Rush kind - purposes, Sony were rather less than amused. Back in February a new patent from a Sony employee came to light that looked like  Geohot countermeasure:

"A method, system, and computer-usable medium are disclosed for controlling unauthorized access to encrypted application program code. Predetermined program code is encrypted with a first key. The hash value of an application verification certificate associated with a second key is calculated by performing a one-way hash function. Binding operations are then performed with the first key and the calculated hash value to generate a third key, which is a binding key. The binding key is encrypted with a fourth key to generate an encrypted binding key, which is then embedded in the application. The application is digitally signed with a fifth key to generate an encrypted and signed program code image. To decrypt the encrypted program code, the application verification key certificate is verified and in turn is used to verify the authenticity of the encrypted and signed program code image. The encrypted binding key is then decrypted with a sixth key to extract the binding key. The hash value of the application verification certificate associated with the second key is then calculated and used with the extracted binding key to extract the first key. The extracted first key is then used to decrypt the encrypted application code." Read the full patent here.

[via HaxNetwork]

Game Buzz 9: Among Thieves - Hardware, Hacking and Histrionics

The infamous Geohot

Needless to say, it didn't really work.

Far better, therefore it would seem, to cut off one's nose to spite one's face, or throw the baby out with the bath water, or burn down the house when the...you get the idea. Sony have pulled the plug on OtherOS with a firmware update, clamping down on abusers and ruining the party for legitimate Linux users because of 'security concerns'. Displaying a masterclass of pitfall circumvention, Sony naturally made the firmware update optional, but put some rather nasty little caveats for unco-operative users:

"Consumers and organizations that currently use the “Other OS” feature can choose not to upgrade their PS3 systems, although the following features will no longer be available:

  • Ability to sign in to PlayStation Network and use network features that require signing in to PlayStation Network, such as online features of PS3 games and chat
  • Playback of PS3 software titles or Blu-ray Disc videos that require PS3 system software version 3.21 or later
  • Playback of copyright-protected videos that are stored on a media server (when DTCP-IP is enabled under Settings)
  • Use of new features and improvements that are available on PS3 system software 3.21 or later

For those PS3 users who are currently using the “Other OS” feature but choose to install the system software update, to avoid data loss they first need to back-up any data stored within the hard drive partition used by the “Other OS,” as they will not be able to access that data following the update."

So no games, movies or PSN for you and if you have been using OtherOS, legally or not, you'll have to grab yourself an external hard-drive to back up all your stuff just in case. The modding community have, as one could have anticipated, turned round with tongue lashings of fire and brimstone, and not just for Sony. Geohot himself has come under serious fire too.

Game Buzz 9: Among Thieves - Hardware, Hacking and Histrionics

Well of course HE'S happy!

Of course, if you're a PS3 Slim owner, or a Microsoft/Nintendo subscriber, then all of this will mean bugger all to you and have less visible impact on your gaming existence than a gnat's fart would have on a brick wall...hopefully.

You see I, along with the vast majority of gamers everywhere, probably couldn't care less about the details of this situation. Accuse GeoHot and co. of what you will, but console piracy requires far too much effort and complex understanding for my liking. But the point isn't really one of security measures or clamping down on pirates, the big bugbear is this: Sony have effectively downgraded the original PS3 models everywhere. Whereas the Slim was presented to a public with prior knowledge of the new gimmicks and absent features, therefore knowing what they could expect, the draconian policy implemented with this firmware release verges upon violating EU sales directives, such as this little consumer rights directive:

EU Directive 1999/44/EC:

The goods must

  • comply with the description given by the seller and posses the same qualities and characteristics as other similar goods
  • be fit for the purpose which the consumer requires them and which was made known to the seller at the time of purchase.

From yesterday, both of those points could potentially be debated in a courtroom.

Game Buzz 9: Among Thieves - Hardware, Hacking and Histrionics

Remember this...?

This is not the first time that Sony have skipped around the Digital Millennium Copyright Act like rabid maypole dancers, a quick look back to 2001 and you might remember Sony trying to close down a website that helped Aibo (remember Sony's robot dogs?) owners teach their mechanical pets new tricks. Essentially a site chock-full of user-generated software and tips and tricks, Sony took a dim view of this and moved to close them down. "On the surface, Sony appears to be using portions of the DMCA in an attempt to keep people from putting the company's product to new and interesting uses," said Cindy Cohn, legal director of the Electronic Frontier Foundation, a civil rights group, at the time. "This is exactly the sort of thing we've been concerned about." Sony failed on that occasion.

Hotz has been lambasted in some quarters for his part in this, but it's not really his fault. True, he possesses a rather lamentably loud voice for a hacker, but Sony's kneejerk reaction will seriously piss off the PS3 homebrew crowd and with good reason. As nofi mentioned over at TheSixthAxis, we've seen many individuals and groups try and tap into the PS3's power:

I work for an information security company and we have two units PURELY bought to run brute force password attacks for the penetration testing team. We have all seen the pictures of the military installations running dozens of networked PS3s, all running custom Linux distributions for the purpose of harnessing the Cell’s number crunching power. These were bought for the OtherOS feature ALONE. Of course they are not online and will not be updated but it shows that this is not some useless tacked on feature that no-one cares about.

I have no desire to play pirated games or even homebrew on my PS3 and I absolutely do not condone unauthorised hacking. I simply want to be able to continue to enjoy ALL the features which made up the product on which I spent £450 of my hard earned cash. This is not simply the point of view of an OtherOS user but of an electronics consumer in general.

Game Buzz 9: Among Thieves - Hardware, Hacking and Histrionics

[email protected] in action

I remember when my housemate first bought his PS3 and proudly showed it to me sitting idly, part of a global supercomputer network that was hunting for a cure for Parkinson's thanks to Stanford's [email protected] project that harnessed idle PS3 processing power thanks to IBM's Cell Project. In releasing this firmware - and it will be a part of all subsequent FW releases so don't think you can just skip to 3.22, OtherOS is dead as a dodo for now - Sony have hamstrung themselves and set a dangerous precedent in the process. I for one hope that negative updates are fought vehemently. This is a bad thing that Sony has done, and it is a wholly lazy option, opting to upset a minority sub-culture because it is the quickest and cheapest thing to do.

Geohot has already posted a response urging those interested in preserving OtherOS not to update, pledging to find a way to customise the firmware:

"I never intended to touch CFW, but if that's how you want to play...

Two things, some people seem to think CFW will enable some sort of piracy. It won't. It'll just be a custom version of 3.21 that doesn't lose OtherOS support. Hacking isn't about getting what you didn't pay for, it's about making sure you do get what you did."

Sony have poked a small group of incredibly intelligent bears with this firmware update. Sure, it won't affect the majority of us, but those who do take umbrage with this punitive response from the PS3's progenitors aren't going to take it lying down, and the chances are they've got the know-how to do something about it.

Add a comment2 comments
Christopher  Apr. 2, 2010 at 22:48

3 things.

1. I read this title "Buzz 9: Among Thieves" and though, geez, that's a whole new direction from Junior Jungle Party and Sports Quiz :oD

2. "a new patent from a Sony employee " Best. Patent. Ever. "Encrypt A with B with C with D with E etc etc etc with Z, hook this under here, spin it round here, go back to the beginning, and eventually you're so lost you'll never decript the damn thing" :)

3. It's been said by others before but...

Linux was only installed as another security feature - to stop the much more educated and resourceful linux hackers of the world (the educated Bunnie Huang MIT student Xbox hacker types with custom hardware manufacturing labs available to them) from bothering. The d-i-y at home with a bit of wire, masking tape and a small obergine type were never gonna get it figured out quickly.

And now they have (all respects to GeoHot, but I'm sure someone at MIT would have done it years ago). And so the extra support hastle and expense that was Linux as a security feature is null and void, so why bother with it at all? Goodbye linux, your job is done (3 years, wasn't so bad).

Except, they remove it, and in come the MIT lads to force open the small crack GeoHot created. All going to plan so far, then :)


If you have any interest in console security, watch it *all*. Or just the linked time for PS3 relevance.

Gunn  Apr. 3, 2010 at 11:27

I've decided not to update and have been using the proxy server bypass to play online and use the Store, I might end up having to update at some point but I want to keep my Linux dist for now.
@Christopher, you might be right about point 3, so perhaps CFW will be out this year.

Email Address:

You don't need an account to comment. Just enter your email address. We'll keep it private.