Tech Focus: The Fight Against Console Piracy
Digital Foundry on Sony and Microsoft's technological battle to secure their systems
As we move into Q4 and the games industry prepares for what is traditionally the busiest - and most lucrative - time of the year, security specialists at the major platform holders are preparing themselves for the latest battle in the never-ending war against piracy. It's a story of mixed fortunes for Microsoft and Sony, while Nintendo looks on in worry as Far East reverse-engineers probe the security systems of the floundering 3DS.
Comparisons between console and PC anti-piracy countermeasures are intriguing: owing to the open nature of the PC platform, copy protection measures can be a very real, intrusive issue for players, but in theory, on a fixed console platform, anti-piracy technologies should be no more inconvenient for gamers than an occasional firmware update: the engineers have control of the complete ecostructure of the system, including the all-important OS itself.
That said, the situation doesn't look so fantastic right now for Microsoft, the most pro-active of all of the console manufacturers in its attempts to secure its system: recent efforts to lock out pirates from Xbox LIVE have resulted in innocent victims of a perhaps over-zealous ban wave - and hackers always seem to be one step ahead of Microsoft's attempts to block copied games.
The Xbox 360's security architecture is known to be very tight, but Microsoft made a critical error: its off-the-shelf DVD drives had unencrypted firmware, opening the door to piracy
Historically, the Xbox 360 format has suffered from the blight of copied games owing to a major oversight in the design of the console itself. From a security standpoint, the design of the hardware is very elegant, and hardware exploits such as the notorious "JTAG" hack were able to be patched with dashboard updates. But the unencrypted nature of the DVD-ROM firmwares in earlier 360s enabled games to be copied and played on the hardware, and that "in" to the way the system works has allowed hackers to overcome later revisions to the DVD-ROM architecture.
Many moves have been made to lock out hacked DVD drives. Most notably, 11 months ago, Microsoft introduced its so-called AP2.5 update, which sought to lock out pirates using two approaches: firstly a new boot check was carried out that stopped existing pirates from loading new games. Secondly, new security checks for the most popular Xbox Live titles such as Call of Duty: Black Ops were semi-regularly downloaded to consoles - each update coming up with new ways to check whether the disc in the drive was an original or a burned copy.
Microsoft's advantage here is that burned copies can never be exact 1:1 replicas of the originals and the hackers need to come up with the ways and means to mimic security checks via the hacked firmwares they flash onto the Xbox 360 DVD drive. If new challenges are not meant by the appropriate response from the disc, typically the console is flagged for a ban on Xbox Live.
In the event though, AP2.5 turned out to be a damp squib for Microsoft. The boot checks were easily circumvented with a new piracy-enabling DVD drive firmware, so copied games still ran easily enough, while the updated security checks from Xbox Live were merely built into new burned copies of the games.
Worse still, it's believed that the new anti-piracy technology didn't actually work properly in 100 per cent of cases, and within the last fortnight Microsoft's head of the Policy and Enforcement team, Stephen Toulose acknowledged that consoles were banned from Xbox Live by the company because they were wrongly flagged as having modified DVD drives. Worryingly, it took a concerted campaign from those affected, including the involvement of BBC Watchdog to get past intransigent support centre staff and for the issue to be correctly resolved, the bans lifted and relatively paltry compensation doled out.
In the meantime, Microsoft has continued its crusade against piracy with a number of interesting new technologies. Developers will be aware that the oppressive 6.8GB limitation on Xbox 360 games has now been lifted, and it's believed that around 1GB more space is available for game-makers to utilise - finally bringing the Microsoft console into line with the PlayStation 2 and Wii (!). Previously, Xbox 360 game discs featured a video partition in the standard DVD-Video format that told people who had mistakenly put their game discs into DVD players to try an Xbox 360 instead. This partition occupied a massive amount of space on the disc for no reason other than to also house the security sectors on the disc.
Bearing in mind that the hacked DVD firmwares made a mockery of the whole security sectors concept, Microsoft removed the video partition in its latest XGD3 disc format, introduced during the summer dashboard update. Games like Gears of War 3 and apparently RAGE bust through the 6.8GB upper limit for the first time, but XGD3 also saw a brand new approach to Microsoft's anti-piracy technology.
Firstly, the new dash rewrote the DVD-ROM firmware - meaning that hacked drives were restored to factory settings, killing off any modifications, meaning that determined pirates would need to dismantle their consoles again and reflash the drives. Secondly, the new, pressed XGD3 discs actually compress the tracks on the discs themselves, allowing for more data to be added over a traditional DVD (Dreamcast fans may remember the GD-ROM which did much the same thing with normal CDs). In Microsoft's approach, the increase in available data in miniscule, but it makes it virtually impossible for downloaded disc images to be burned in their entirety onto blank discs.
Over and above that, new anti-piracy checks have also been put at the disposal of game developers themselves in the form of what is known as Content Integrity Verification (CIV). Here, checks can be accessed in-game, potentially allowing for devs to limit access to their games should it turn out that the user is running a copied game. However, in light of the recent Microsoft climbdown, questions need to be asked about whether "stealth" technologies like this are worth pursuing. Despite an extensive beta testing program, Microsoft's previous measures were still found to be wanting, and while the impact was supposedly limited to a "handful" of consoles, it may well be that the era of the arbitrary Xbox Live ban is over.
In the wake of Stephen Toulouse's announcement last week, hackers once again claim to have defeated the anti-piracy measures introduced with XGD3 and once again burning copied discs appears to be a viable option for the determined pirate. Other hacks, including optical drive emulators (which allow for disc images to be stored on external hard drives) and a new JTAG-style hack (that actually offers the potential for homebrew, unlike the DVD firmware attacks) are making the job of securing the Xbox 360 ever harder. In all likelihood, the platform holder may have to concede defeat and instead focus more strongly on making sure that the integrity of Xbox Live is not compromised. At the very least, the CIV initiative should ensure that games that are run on the multiplayer service haven't been adjusted, giving hackers unfair advantages in-game.
Recent Xbox Live bans wrongly targeted some perfectly innocent 360 owners with support centre staff telling them to go out and buy new consoles
In the meantime, after what has been a pretty disastrous year from a security perspective, Sony goes into Q4 with a renewed sense of optimism about the integrity of its online service and the ability to protect its platform from the losses incurred by counterfeit software. The manufacturer spent the best part of nine months re-securing its systems in the wake of the original PSJailbreak - an ingenious USB-based exploit that allowed for Blu-ray games to be dumped and played from hard drives. After a pitched battle with hackers who found an enormous hole in Sony's private/public cryptography, not to mention Geohot, who published the root key of the PS3 itself, Sony finally appears to have regained the upper hand. After the tragic PlayStation Network security breach (now seemingly being retconned by corporate PR into a mere "outage") where the perpetrators were never caught, Sony also appears to have recaptured the faith of the audience.
The clean-up operation appears to have been thorough elsewhere too. The cryptography debacle made PlayStation 3 vulnerable to softmodding - a hack that requires no adjustment of the hardware, and could be achieved with just one download and a USB stick. It was exactly this kind of simplistic hack that plagued the PSP, but with the more sophisticated security of the PlayStation 3, Sony was able to come up with revised security keys for encrypting newer PS3 titles, and was also able to hide those keys in places within the system update that hackers were no longer able to read with ease.
In the here and now, pirates are locked onto the obsolete firmware 3.55 and without the decryption keys from more recent system updates, they are completely unable to access the PlayStation Network or indeed play any titles requiring 3.60+ firmwares unless they upgrade. From being the most compromised, piracy-ready platform on the market for a period of months, the PlayStation 3 is now the most secure.
While there may be the worry that the newer decryption keys could be extracted, Sony can rest easy in the knowledge that hackers cannot effectively monetise that knowledge - and at the end of the day, while "true" hackers search out exploits for launching homebrew code, piracy is sustained by the markets for enabling peripherals - be it from tools to open Xbox 360s, replacement DVD-ROM PCBs, or other devices. The softmod approach to the PS3 effectively killed off that economy, and it remains to be seen what other hardware exploits remain on the Sony platform and whether the recent waves of modchips will puncture Sony's security provisions.
For its part, Nintendo appears to have all but given up on the Wii, where certain games have save game exploits that can run unsigned code and enable both homebrew and piracy, while recent rumours suggest that Far East companies that make their living from facilitating piracy are working on a 3DS flashcard hardware that allows for the counterfeit games to run on the handheld - a project that could be potentially catastrophic for developers and publishers supporting the the fledgling system.
Once exploits have been discovered, re-securing a console becomes a cat and mouse game between hackers and console manufacturers. The important thing here - as with all anti-piracy technologies regardless of platform - is to ensure that legitimate users do not have any kind of impacted experience and shouldn't even be aware of the measures being taken at all. Sony's all-too-frequent firmware updates do upset many - though perhaps not as much as the lengthy software patches - but when innocent gamers are locked out of services they have paid for, questions do need to be asked about how infallible these technologies actually are, and how transparent the platform holders are being in the measures they are taking against their own userbase.