Feature: Sony in the Hotz seat

Thursday, 13 January 2011 06:47 GMT By Justin Kranzl

geohot2

When hacker George (Geohot) Hotz was served with a temporary restraining order early in the evening of January 11, he had to have a good idea what was coming. So too must the other defendants on the stark legal papers prepared by Sony Computer Entertainment’s legal team – Hector Cantero, Sven Peter and 100 yet-to-be-named persons. One does not thumb their nose at mega-corporations lightly.

After a torrid fortnight, where PlayStation 3’s system security – namely its ability to determine whether code running is legitimate or not – has been laid bare by hacker group fail0verflow, Sony’s finally made its move.

Here, VG247 presents a report breaking down the the implications of the PS3 hack, what’s come already, what’s happening now, and who the real losers are in this complete fiasco.

How did we get to here?

In a world which recognises the Matrix more than William Gibson, George Hotz is the closest thing the public gets to a cocky version of Neo – a fresh-faced (he’s 21) tech genius who always seems two steps ahead. After achieving cult status by releasing to the public a jailbreak for Apple’s iPhone in 2009, Hotz turned his attention towards another giant in Sony, and its high profile device, the PlayStation 3.

By the end of January 2010 Hotz had released a public exploit for the PS3 with a stated aim of enabling PS2 compatibility and homebrew software. The catch: it relied on using the PS3’s “Install OtherOS” function – which had made access to some – not all – of the system hardware only a Linux kernel away.

Sony countered at the end of March 2010 by releasing Firmware version 3.21, removing the OtherOS function. Users could retain the feature, but if they didn’t install the new upgrade everything from online gaming to new games and Blu-ray releases wouldn’t function. The removal of OtherOS brought “older” PS3s in line with the revamped PS3 Slim, which was released August 2009 – the new SKU didn’t offer the feature at all.

Game, set and match to Sony? Without the ability to address the system hardware, it seemed so. While Hotz initially showed work in progress of a custom Firmware enabling the “OtherOS” function running on Firmware 3.21, he publicly (via Twitter) walked away from the project in July 2010.

By the the end of the year, the issue seemed to have died down. But for parts of the hacking community it was a different matter. Sony – praised earlier for enabling an open platform on their console – had done the annoying -not including the OtherOS function on the highly successful PS3 Slim – followed by the unthinkable – removing it entirely from all PS3 consoles.

Enter fail0verflow

If the past three decades or so has taught us anything, it’s that hackers will rise to the challenge. The fail0verflow group didn’t disappoint. As anyone who hasn’t been in a cave the past three weeks can tell you, at the 2010 Chaos Computer Congress in Berlin, fail0verflow members gave a public presentation where they outlined how secure code signing – the PS3’s ability to determine if code running on the console was legitimate or not – could be spoofed.

The team had previously earned its stripes, having managed to defeat Wii’s code-signing process in order to allow homebrew software to run on the device. But PS3 was a much bigger catch. Unlike Wii (and Microsoft’s Xbox 360), the PS3’s layers of encryption on its hard drive and Blu-ray player – with the unfamiliar Cell’s chip’s architecture as gatekeeper – made it a tough cookie.

The stated reason for defeating PS3’s code-signing? To return Linux functionality to the machine. Judging by entries on fail0verflow’s twitter account that message isn’t necessarily getting through to some of their fans, with the group repeatedly stating they will not be working on software piracy tools.

Hotz, meanwhile, hadn’t been idle. By the end of the first week of the new year, Hotz had demonstrated homebrew applications running on Sony’s current 3.55 Firmware, and followed up by releasing tools that allowed homebrew makers to “sign” their files so they would be recognised as legitimate on the PS3.

The “P” word

The obvious knock on effect, one already in evidence, is that if PS3 can be fooled into running “homebrew” code as legitimate, it’s only a short jump for pirated software to be run in the same fashion. Would-be pirates materialised on all manner of homebrew and hacking sites, begging, pleading and in some cases demanding a convenient manner to enable pirated games to run on PS3.

For Sony, it’s a potential nightmare. Illicit copies of PlayStation 3 titles being able to be run on unmodified PS3 hardware is exactly the opposite of their pitch to content partners. Hardware “mods” to piracy are one thing – they need to be physically obtained and installed, they’re usually easy to detect by the platform holder once the user goes online, and there’s always the attendant risk of “bricking” several hundred dollars worth of kit . But a software-based hack – conveniently available, able to be updated with impunity to match whatever new Firmware Sony brings out – has the makings of a calamity.

Or does it? Wedbush analyst Michael Pachter told VG247 the financial hit will be short lived – if at all.

“I don’t cover Sony as a stock, but it seems that the potential monetary loss is very small,” he wrote. “Most people are not inclined to steal, and half of the market (at least) is well-regulated and won’t see meaningful erosion.

“At most, I’d guess that this will impact game sales by 5 percent while there is no solution, and as I am confident Sony will crack the code, I don’t see it as having lasting impact.”

Pachter’s comments – issued to VG247 prior to Sony serving papers on Hotz – predicted legal action, and also suggested the US, where Hotz and at least one of the fail0verflow defendants reside, is not the best place to be a hacker or pirate.

“Sony is pretty aggressive in pursuing legal remedies, and I expect them to keep piracy to a minimum in the US. It’s harder to accomplish in parts of Europe that have more relaxed regulation, so there is some potential that piracy will impact software sales there,” he said.

The analyst also noted that fail0verflow did Sony a favour by publicly exposing the exploit.

“Clearly, knowing about the threat before it materializes or contemporaneously is a better outcome for Sony than learning about it after millions of illegal downloads have been made; I think that Sony will quickly produce a software patch that adds another layer of DRM to PS3 games, and we will likely see a system update shortly,” he added.

Knock knock

Which brings us to the present – and Sony’s legal action. Hotz promptly published online copies of the three documents he has been served with – essentially orders that, if granted, would compel Hotz and his co-defendants to hand over any hardware or information about their PS3 code-signing defeats to Sony’s legal team.

As part of the legal filings, Sony has included a full transcript of the terms of use agreement PS3 owners are forced to agree to should they wish to use the system they paid for, an onerous document rarely read in full by consumers.

The short version is Sony wants to sue Hotz and failoverfl0w for modifying PS3 software, circumventing what they describe as the PS3’s TPM (“technological prevention measures”), and distributing the means to do so.

The actions of Hotz and fail0verflow, the legal document claims, are “knowing, deliberate, willful and in utter regard” of Sony’s rights. Sony also has to consider its relationships with third party software developers, who will be monitoring the situation closely.

“Yes, of course it impacts Sony’s relationship with third party content providers, as those people want assurances that they will be paid for their work,” said Pachter.

“That’s one key reason why Sony will move quickly to address the threat. I’m not sure that any third-party will stop supporting the PS3, which saw phenomenal software sales growth in 2010 and is expected to see further growth in 2011, but piracy affects all content providers.

“If Sony can’t stop the hack, yes, I think it will impact their relationship with all content providers in games, movies and music,” he concluded.

If Sony doesn’t want to get served with papers of its own, it needs to be seen to be protecting not only its own intellectual property, but also those of other companies putting their work on the PlayStation Network.

While Pachter may peg the hit of unchecked piracy at around 5 percent of game sales, PlayStation 3’s reputation is on the line. With EA head John Riccitiello on record stating his belief EA’s digital business will outsell their traditional boxed goods in 2011, Sony has to be seen to be making its best effort to secure the platform, even as hacking groups claim the cat’s out of the bag.

Whose rights are more at risk?

Though Sony wouldn’t be drawn to comment on specific questions, and US industry lobby group the Entertainment Software Association wasn’t prepared to speak on the record, the risks for the games industry are pretty clear: brand damage, the potential for lost sales, and the risk of competitors getting a leg up are the obvious ones.

What isn’t so clear is the rights of the individual consumer. When a team embarks on a systematic reverse engineering of complex technology, can it be called an an innocent hobbyist pursuit? Is “homebrew” just a nice camouflage for pirates to manoeuvre around, as some commentators have suggested?

The problem for users tweaking their game consoles, at least in comparison to the smartphone market, is the legalities are anything but clear. When Apple tried to outlaw jailbreaking on the iPhone under the auspices of the Digital Millennium Copyright Act (DMCA), it was rebuffed. The DMCA granted an exemption to iPhone users: you couldn’t be sued for jailbreaking your phone.

However no such exemption exists for the distributors of console jailbreaks, leaving people like Hotz potentially liable, although as consumer digital rights organisation the Electronic Frontiers Foundation has observed the mere act of distributing a jailbreak has to be accompanied by an infringement of some sort.

The papers served by Sony include exactly that: allegations of DMCA infringements, which could spell trouble if Hotz or his co-defendants go down the legal route of seeking an exemption for their activities.

EFF technical director Chris Palmer is empathetic to Hotz and fail0verflow’s predicament.

“No, there is no direct or necessary correlation between taking full ownership of hardware that you paid for and copyright infringement,” he told VG247.

“People want to run Linux, people want to run homebrew games, people want to add new features to all sorts of devices in this class. Such activity is legitimate, but unfortunately requires some hacking. It’d be better for everyone if console and other device manufacturers worked with their customers instead of against them. The same phenomenon occurs in the smartphone and DVR markets.”

Palmer’s EFF bio lists him as having worked for Google on Android’s security, as well as hacking “a wide variety of applications and platforms” as a security consultant. He has no problems at all believing fail0verflow’s motives were as stated – opening up the PS3 for Linux and homebrew use.

“The stated rationale is plausible: homebrew games and alternative, open operating systems are useful and fun on these machines.” he told VG247.

“As they state in their presentation, fail0verflow’s Homebrew Channel for the Wii has over 1 million users, which is 1 percent of the Wii userbase. Thus, a proportionally small (but large in absolute terms) number of users want the platform to be opened. And that’s just the portion of the user base that is willing and able to apply one of the hacks – if it were easier to open the device to alternative software, that number would likely be higher.”

Palmer believes console owners wanting to mess with their machines are largely in the clear.

“Hobbyist tinkering is always legitimate and there should be nothing illegal about it. People do and should have the fundamental right to tinker with their legally acquired property,” he wrote, before adding a caveat: ”Individuals have the responsibility to acquire their property legally, such as by paying for it; after that, it’s theirs – end of story.”

The convenience-popularity argument Palmer puts forward makes sense, but puts game developers in a potentially tight spot. If the easier the exploit is to enact, the more popular it becomes, the logical interpretation is not only that there will be a lot more homebrew fans making the change, but also people bypassing security for piracy reasons.

Just how much time and money should platform holders have to devote to security? Won’t there always be a fail0verflow or George Hotz, brilliant minds (misguided or not) who devote themselves to opening what is closed? Does the money spent on increasingly sophisticated protection mechanisms ultimately make paying gamers the real losers, forced to either jump through arcane copy protection hoops or use hardware with a featureset eroded by the expense of making the platform temporarily secure? Nobody seems fully satisfied with the current state of affairs, except for perhaps intellectual property lawyers and media outlets.

The final, long view

Perhaps the best perspective amongst the sea of hacker braggadocio, excited homebrew enthusiasts, grasping would-be pirates and waves of ominous legal missives comes from independent game developer Jonathan Blow.

The maker of Braid, currently working on The Witness, would much rather talk about the games themselves than pontificate about platform foibles, but when pressed to comment he suggested lost consumer rights around their devices could overshadow lost sales.

“I don’t like software piracy, and I do wish many fewer people would pirate games, and I would certainly like to sell more copies of my games if possible,” he told us.

“But if we start talking about a future in which all common computing devices are locked down – which is what we seem to be looking at, as the market shifts away from PCs toward tablets, and so on – then that is a worrisome future that may well be worse than rampant piracy.

“If there’s one thing I have learned on the business side as a developer, it’s that Sony, Microsoft, Apple, etc, are not my friends; they are especially [Emphasis Blow’s own – Ed] not the friends of their customers.

“As a resident of the USA, I find the country to be alarmingly fascist in 2011, compared to the USA I was born in. I am not eager to push things further in that direction, even if it costs myself and other software developers money.”

Latest