Hackers destroy PS3 security in response to OtherOS removal

I was always baffled why Sony removed the OtherOS option as it was a massive selling point for the PS3.

+1 Christopher

Being able to run pirated software, and being able to run unsigned code is somewhat different.

@Christopher,
OtherOS does not make piracy undesirable, but it does make unnecessary to break the plaform DRM to be able to run homebrew stuff. Those who break it, are doing it to prove that it can be done... but there was no real interest as long as there was another option...

I installed Linux on my PS3 at one point. With low memory and no graphics acceleration I can't say it was a pleasant experience. Good for a laugh, but in no way useful. Wanting to install Linux is just an excuse, how many people buy a 360 to run Linux?

If the PS3 can now be defeated by software only, professional bootleggers will descend on the PS3 like a plague. Even if Sony moves to PS3.5 quickly, their protected install base is 0 again and the current PS3 about as attractive as a DRM-free PC. Multiplayer might be saved with 12-digit codes linked to accounts, but single player just left through the window.

On the bright side, it is probably a bad day for Gamestop used sales as well.

Solution: Buy an Xbox 360. :)

So Sony made a more than just basic mistake in their theoretically infallible security system...sounds like somebody just got canned.
Let's see how it turns out, I give it a good three months before anything real happens piracy-wise.

Klaus: Wanting to install linux is just an excuse? On a product that was purchased by those people to do specifically that after it was advertised and binaries and whatnot were circulated for the cell-architecture? Utter madness!

I guess it's beyond your and others' comprehension that some people like to do different things than other people. I've never run a linux machine - though we once had an openBSD server controlling our house network - but why would anyone want to run anything other than windows? I mean, thank God for everyone being identical and having the same preferences and if they don't then they must be evil or perverted or weird or....

I'm sure you get my point.

@Joe: You can play blu-ray's on the 360 now? ;)

Edited 1 times. Last edit by James Prendergast on 4th January 2011 1:39pm

@James

I watched their 40 minute 27C3 presentation and while I found a lot of gloating about the quality of Sony's mechanisms of protection, I did not see a lot of Linux being run. I did not have the impression that the goal was to to run Linux. I had the impression that the whole process was a step by step dismantling of any security feature Sony had developed to protect its business model.

If there is now an atmosphere of "you removed a paid feature you had it coming" from the Linux community, then it is actively destroying what little support they had at Sony. It is hypocrisy in its purest form to say "we are the open software community, we go around destroying your closed system and your business model because we will assimilate you and your technological distinctiveness will be added to our own."

Sure, you may bring a beautiful flower to blossom, but there is still a rotting corpse beneath it and it reeks.

I'd guess the real reason that they did it is for stories like this – they wanted fame, or at least as much internet fame as this is worth for hackers.

One thing I have to question though is giving such attention to such efforts – it amounts to validation and free advertising for their efforts.

@Klaus, i have to wonder if a company removed hardware support for something you used a lot (on a product you bought) on pretty much a 'static' device how you'd feel about that being hacked into existence again... e.g. Maybe you like watching Blue Planet on Blu-ray on your PS3 and then, due to licensing problems, SONY had to disable movie Blu-ray facilities on the PS3 (as opposed to the game-related blu-ray functionality).

The question really starts to become whether you want to live in a world where you have no control over any aspect of your life or anything you pay for (except whether to comply or not)...

[edit]
For another example - removed from the gaming industry - we recently had two TV channels removed from the service we were paying for without any warning (well, a day before) because it turned out that the company was illegally retransmitting them without permission.
Now, first off - the consumer has no fault here. Secondly, the consumer paid more money for these channels (they were not in the basic package).... and thirdly, where has all the extra money that this company has been getting from their customers going?

Now we have two new channels that we don't want but are part of the package and there's no accountability or recourse other than not to participate in that service (and there's no alternative). I can at least stop my subscription to the TV service (though often there's a penalty for doing so) and not watch any TV at all. I can't return my PS3 or my iPhone or whatever when they remove features i've paid for.

Edited 3 times. Last edit by James Prendergast on 4th January 2011 2:58pm

@Klaus,

There is absolutely no support provided by Sony, as OtherOS was removed via a firmware update a while ago.

@David,

This subculture is around since the 8bit days, and its not going to go away by ignoring a group of extremely talented and intelligent people. The demoscene never had much support from the mainstream media anyway, despite that its a valuable resource pool for the games industry.

The only question in my mind is that what on earth is the benefit in being able to run Linux on a PS3, over running linux on a machine built specifically for it? You buy a gaming console just to run linux on it? For what purpose? just because you can? Im no technology freak by any means and the must be something im missing here...please advice.

@Jordan Woodard: Massive selling point? Maybe massive for a select few. Of all the PS3's sold I imagine under 1% were bought just because of the OtherOS factor. It is always the smallest minority that is the most vocal, hence why we think that a lot of people miss the feature.

Im with Christopher B here on calling these excuses BS. Hackers/crackers/pirates are just becoming more politically correct nowadays. They pretend to do what they do to support the little man that is being walked on by the large international companies or similar. In reality its just about being able to run your own code and support/enable piracy. They will spin it whatever way they can but it wont change the fact.

Sony have themselves to blame. First, they state their system is unhackable. A big mistake as suddenly it attracted a lot of attention from the start.

Secondly, their encryption is incredibly rubbish. In laymen's terms it's almost the equivalent of 2 + 2 = 4 to produce a master key. The minute failOver worked this out then it opened all doors. The scene was set once the USB dongle hack was found; the psx scene has been buzzing since with a lot of developers dismantling the PS3.

The same applied to the xbox. That's open but thankfully for MS, not as wide open as the ps3.

On the plus side for users, at least games can be fully installed therefore the load times are now comparably to the xbox :)

Aleksi : "what on earth is the benefit in being able to run Linux on a PS3, over running linux on a machine built specifically for it?"

Unless no specific build was made for the PS3 (which is possible, I don't own a PS3) then, you can turn your statement upside down.
I've installed Linux (Knoppix, Red Hat/Fedora, Kubuntu and Xubuntu) on a few PCs (Laptops and Desktop : assembled or all integrated PCs) and there would usually be something wrong. It could be a TV card, a wifi dongle, or even a graphic card you couldn't find a proper driver for.

If Linux was operating 'out of the box', then it can be quite an improvement for beginners.
Now, remember there was always a scene for piracy, especially when marketing said the console was unhackable. (Game cube, dreamcast, Amstrad, whatever)

I'm not in favor of it, but if there was a major conception flaw, well, hard luck.

Maybe I'm in the minority, but I have DESPERATELY wanted a replacement for my original Xbox modded to run XBMC. I would continue to use it to this day, but the processor isn't powerful enough to render 1080p video. I can't be the only person that realizes that a PS3 its an HTPC waiting to be unchained.

Sony brought this on themselves. Maybe only 1% of their install base was interested in OtherOS, but with a 42 million unit install base worldwide that means they had roughly 420,000 users who were interested in it. That's a lot of people to piss off by pulling a marketed product feature. And by the way, the customers you're pissing off are the people who most likely have the ability to break the security model in your product.

Whether the users should have broken the encryption model or not is besides the point. If you're managing a technology platform, you can't piss off the most technically savvy users of your mainstream product and not expect that something like this would happen.

@Aleksi: for this PS3 Cell processor. the PS3 has more value as a hardware piece than it may have as a gaming machine. There are way more people than the rough 1% some attribute that uses the console for other purposes and the OtherOS was part of that.

I can understand why people are disappointed and angry with Sony, then we can debate if this action is or is not out of hand, but while it helped them boost sales when they were clearly behind their competition, Sony cared very much of the hand that feed them. It doesnt speak very well of a company to use methods like this either.

One thing is missing from this whole debate, and you can call BS on it all you want. But the missing link here is simple: the ongoing assault against actually owning what you buy.

Apple, Sony...would have you believe that using the hardware you purchased in a manner other than what they intended is wrong, immoral, and illegal. That's the real BS here. How many of you here would buy a car from Ford if it came with the hood welded shut? How many of you would buy a Ford with a hood welded shut, and a seal on the doors with a EULA printed on them?

The motives of F0f are truly immaterial when you get right down to it. DRM has always been a losing proposition. Millions and billions spent, cracking happens sometimes in mere months. This notion that you don't own what you buy is patently absurd. Pirates are always going to exist, whether groups like this exist or not. Dealing creatively with them is more productive than attempting to lock down hardware. Look at what the developers did with Arkham Asylum.

I buy a PS3, I'll use the hardware as I want to. If I want to run Linux, I will. Should I expect to be allowed on Sony's private network if I do? No. But if I buy a PS3, it's mine. I have possession. I can saw it in half if I want, or use the components to build something bigger. Or do anything I want with it. Be it homebrew, or whatever. It's time for companies to stop trying to "rent" what they sell us.

This is the real context of this argument, and many are missing it.

Christopher McCraken +1

With Tom on this one. Hackers do it for the same reason mountaineers do - Because it's there. Proving you are better than the rest is all.

Personally I think the biggest aspect of this story is the colossal balls-up of the constant k. How on Earth did that get past testing?

I'm with Chris on this. Hacking doesn't mean entering a closed system and run wild, hacking is the action of understanding how something works and of enhancing/altering its initial features. You hack a pocket light when you replace the original bulb with a lower voltage one; you're hacking your cdrom when you take the laser out and use it to light up a cigarette. Whether for many is dumb or not, whether the 1% is 420k persons or just 5, everyone is just as free to run Linux on a PS3 as you to play FIFA.
What sony did was nothing different than saying "ok, disc reader can potentially be used to read illegal copies, so I'm deactivating it. Even if only one person bought a PS3 for that single feature, their action is immoral. And I don't want to hear the usual "they're losing millions". Yeah, maybe many will use all this and torrent sites will be flooded with PS3 downloads. People always make the wrong use of things. Researchers come up with plenty of things that can and will be used as weapons to kill over and over, and no one ever stopped them. So what, blame the nature for giving people hands they could slap you with? Oh, I'm getting philosophical here...

Michael Crivello +1

I was going to say the same thing: The PS3 is entry-level Cell processing, an innovative and unique parallel chip architecture used in high-end server clusters and the like. Being able to program that natively is incredibly interesting to a lot of developers and hackers.

In addition, the OtherOS allowed students without dev kits to start building games for the PS3 without affiliation to Sony, it allows repurposing the PS3 by writing additional device drivers, etc. I'm pretty sure the Kinect can be made to work on a PS3, for instance -- they just need drivers!

The fact that OtherOS is based on Linux is completely separate to any argument regarding the morality of the crackers, or their intentions. Speculating about them is completely and utterly meaningless, unless we want to assume malice simply because the term "hacker" is employed by the media to describe the group, evoking the connotations and mystery surrounding that word.

Finally, the notion of ownership is absurd too, unless you imbue matter with the metaphysical property of "belonging". Unfortunately, since we're hominid vertebrates with a strong territorial streak, ideas of exclusivity and unrestricted availability are attractive -- allowing those with the power to keep property to propose such ownership as a virtue, an ideal to be respected and admired. Ka-ching!

As device and service become more and more tightly interwoven, the idea of using our machines without associated services will become ridiculous. What's an iPhone without the App Store? What's the Kindle without Amazon? Nothing. The current (waning) faith that a be-all, end-all convergence device is somehow going to become the new catch-all content delivery is actually a lot stranger: A single device unifying a variety of different content, all with different social status and role, with different expectations of convenience and mode of operation.

Right now, the PS3 and x360 are inconvenient and sluggish media players, truly poor sound systems, with under-developed content delivery channels and over-complicated input in addition to the numerous tecnhological standards that surround the product (BluRay, HDMI, memory card standards, etc).

The current spate of smart phones probably seem to contradict this, but they are all self-contained platforms rather than devices accepting particular types of media. See the distinction? An iPad is a streamlined PC, the PSP is an overwrought media player.

The new paradigm of digital content delivery will void any meaning ownership of media ever really had (since it was always trademarked, copyrighted and patented anyway), and will most likely usher way, way more competition into media distribution and marketing, most likely resulting in cheaper and better service more conveniently.

In a decade, the idea of sitting down on Sunday evening to catch X factor will be ridiculous. Why would you ever want to allocate a timeslot and find yourself in a particular location to catch a media event? Service-driven media means the content users want when users want it, rather than what advertising companies find tolerable whenever the most people eat dinner in front of the TV.

Well, nothing strange :) As I always was sure, the PS3 was not cracked ONLY because hackers didn't want it to crack. And when they want to crack, they will crack any defense system. Proved now by DRM on PC and this story about PS3.

The most interesting is what will publishers say as an excuse of not doing games on PC platform? Piracy?

@ Jarad Key

The PS3 is already a media player - run PS3media player, or Orb, or even share through Windows Media Player. Absolutely no need to hack the console at all.

I don'tcondone Piracy at all, but from a technical point of view this is interesting. To have a completely software based hack is the Holy Grail really, and something that hasn't been managed on the 360 yet.

Still, it is a shame as the market will be flooded with downloaded games, or cheap copied Blu-rays at every market.

I wonder what these 'Hackers' (hate that term, even if it is accurate) actually do for a living? Maybe Sony should employ them to design the security for the next console?

@Julian:

I have PS3 Media Server, and it's hardly an alternative to having native codec support on the device that is actually being used to display the content. Transcoding on the fly is flexible, but completely impractical with high bitrate video and audio. It also has a lot of difficulty with features that XBMC easily manages, like external sub files. Let's not forget the ancient XMB interface. It's great if you have five to ten items, but is unwieldy navigating a media server with 100+ directories.

Whatever the case maybe, PS3 remained unhacked the longest, which is a great achievement IMO. AFAIK, the Other OS option was used by academics for parallel processing. I read somewhere that one guy used it for his research to build a mini super computer using PS3s since he could not gain access to the super computer at his university.

Hackers would also be there whether we like it or not, so are pirates. On the other hand PS3 is now nearing its lifetime. I expect a PS4 or announcement sometime this year or next year. One indication of this is the release of almost all the major PS3 exclusive AAA titles this year. So I do not expect Sony to be troubled too much by this hack although it does hurt their pride.

@Aleksi: Linux Ubuntu could be easily installed with a program called kboot, and the PS3 was a cheaper alternative to a full PC of equivalent power for some (mostly researchers, but a few other groups like the U.S. Immigration and Customs Enforcement agency's Cyber Crimes Center also used them at one point). The major reason Sony included the option however, from what I understand, was to get a more favorable tax rate as a computer rather than a game console in certain European countries.

@Christopher: As for your suggested solutions, it really depends. the first may be possible, but even Microsoft has had only so-so success at banning hacked systems on their network. The second isn't possible in the slightest as mentioned in the article. It would require a massive restructuring of the security protocols that would render current software incompatible unless they leave a massive hole for the hackers to exploit.

@Clark,

There is Creators Club for the 360, so those 360s were definitely used for piracy. Also, most of the 360s hacks involve replacing the firmware for the optical drive, fooling it into receiving any type of media as legitimate.

Generally speaking - if a content has to be read to use it, then it can be read, therefore the encryption process must be repeatable at any given time. Therefore it can be broken. I am really sure that adding heavy DRM to an extent that it causes more hassle for the legitimate buyers than to the pirates looks great on a report for the shareholders, but has not proven very popular or particularly effective in the past.

Interestingly, the *ahem* "backup" tools have not been included in the first custom firmware release, just the ability to put your own programs on (Details from DF). Commendable.

Edited 1 times. Last edit by Sam Brown on 5th January 2011 12:14pm

i no just release a ps4

Sony has been oddly silent on this issue so far.

^well, the best thing for them to do IS be silent. Running around like a headless corporate chicken throwing legalese and legal teams at folks will pretty much be what some of the tinkerers want in this case. It's an odd thing in a way - these folks who have this somewhat productive talent act like tantrum tossing bullies when they don't get what they want (or think others want).

What's the goal here? Smash the "corporate man"? Be a big pest just because you can disrupt the flow of a certain service? I'm all for free expression, but there's a point where some sort of "professional" attitude and maybe a little respect might go a longer way than a bit of digital bullying followed by "Nyah, Nyah, lookit!". I say if those guys and gals want to "change" the way things are done or beat "the man" at his own damn game... get together, come up with a console of their own that runs any OS ever created and get it out there by any means necessary.

I love how the guy dropping the key says he "doesn't condone piracy" when he knows good and well that it's one inevitable result of what these actions are. How about a fair trade to even things out? Let Sony make a few million or so copies (equivalent to the PS3 user base or total number of shipped systems since the console launch) of the keys to all the hacker's houses and send them to random strangers with a note stating "we don't condone piracy..." and see what happens...;P

@Greg,

The scene is about proving that you could do it, even if its impossible. This is one of the reasons that people still create 4K demos. Or that fps in 96K (.krieger). There are already new releases for the PS3. Its not about smashing the corporate man, its about being able to run your own code on the console.

@Christopher

I guess you realise that "releasing another hardware version with stronger encryption standards, while selling it as something else", and in general selling things as something else, is considered unfair market practice and is generally frown upon in most civilized countries. Some of them have even gone so far as to declare it illegal (the bastards!).

I'd personally rather not go into a dynamic where the manufacturer's convenience prompts them to think that the end justifies the means if it is "to fight against piracy", and feel legitimised to willingly deceive their customers. You star with that and next thing you know, sony's Tekken Troopers are knocking at your door to question you about your lateness in updating...

.kriger was fantastic (and still is an amazing) achievement as are some of those 4k games I've seen/played, but there's huge difference between productive programming/hacks/cracks and pure malicious intent (which in this case is to "force" Sony to make new hardware so they can what? Crack THAT as well if it doesn't have what they want?). If games are the issue, hell, tell these folks to go make some 4K wonders or whatever and present them so they can be sold on PSN as minis. Everyone makes money, everyone's happy, tra-la-la end of tale. I'd see THAT as a positive than over been done here.

Mild comedy time:

You can ask someone why they climb mountains, free-run or jump from airplanes and they'll say they love the thrill or "because it's there" or something similar. However, failing at either on an extreme level will kill those folks pretty much dead. Other than the rush derived from figuring out how something works and altering stuff so it does something else (good or bad) someone who hacks really isn't "risking" much other than getting caught (and under certain circumstances where intent is involved, fined and/or imprisoned). In a way, there's no actual "danger" with these sorts of major cracks (unless some newbie hacker electrocutes himself on his first attempt) because legal loopholes stop these big companies from kicking doors in and dragging folks off even after they've done their damage and go public with what they've done. Unless, of course, you go after a politician - they they go out of the way to drag your ass into court and make you look like some sort of serial killing menace to society with a keyboard.

Hell, if these guys wanted to keep their Other OS on their PS3's they should have bought up a bunch of older models, figured out how to network them all off PSN (they ARE hackers, right), installed Linux or other OS' on them all, installed them in custom cases so they didn't LOOK like PS3's and made a fat profit selling them as cracked Linux-running systems that required a separate network before dumping instructions on "how to" for all who cared.

Yes, Sony would have sued them out the ass and the defense would have been "We bought these systems, so they're ours to do with what we wish", EULA be damned (and people seem to love interpreting them to fit their own means). THAT would have been at least, a more interesting battle worth debating over.

@Greg,

Copyright does not allow you to do this. Selling a PS3 in a disguise is no different from selling a book with a different cover.

Sony, and all of us for that matter, got owned...