Tech Focus: The Fight Against Console Piracy

Digital Foundry on Sony and Microsoft's technological battle to secure their systems

As we move into Q4 and the games industry prepares for what is traditionally the busiest - and most lucrative - time of the year, security specialists at the major platform holders are preparing themselves for the latest battle in the never-ending war against piracy. It's a story of mixed fortunes for Microsoft and Sony, while Nintendo looks on in worry as Far East reverse-engineers probe the security systems of the floundering 3DS.

Comparisons between console and PC anti-piracy countermeasures are intriguing: owing to the open nature of the PC platform, copy protection measures can be a very real, intrusive issue for players, but in theory, on a fixed console platform, anti-piracy technologies should be no more inconvenient for gamers than an occasional firmware update: the engineers have control of the complete ecostructure of the system, including the all-important OS itself.

That said, the situation doesn't look so fantastic right now for Microsoft, the most pro-active of all of the console manufacturers in its attempts to secure its system: recent efforts to lock out pirates from Xbox LIVE have resulted in innocent victims of a perhaps over-zealous ban wave - and hackers always seem to be one step ahead of Microsoft's attempts to block copied games.

The Xbox 360's security architecture is known to be very tight, but Microsoft made a critical error: its off-the-shelf DVD drives had unencrypted firmware, opening the door to piracy

Historically, the Xbox 360 format has suffered from the blight of copied games owing to a major oversight in the design of the console itself. From a security standpoint, the design of the hardware is very elegant, and hardware exploits such as the notorious "JTAG" hack were able to be patched with dashboard updates. But the unencrypted nature of the DVD-ROM firmwares in earlier 360s enabled games to be copied and played on the hardware, and that "in" to the way the system works has allowed hackers to overcome later revisions to the DVD-ROM architecture.

Many moves have been made to lock out hacked DVD drives. Most notably, 11 months ago, Microsoft introduced its so-called AP2.5 update, which sought to lock out pirates using two approaches: firstly a new boot check was carried out that stopped existing pirates from loading new games. Secondly, new security checks for the most popular Xbox Live titles such as Call of Duty: Black Ops were semi-regularly downloaded to consoles - each update coming up with new ways to check whether the disc in the drive was an original or a burned copy.

They thought it couldn't be done, but on August 18, 2010, news first broke that the PlayStation 3's security had finally been compromised by the USB stick dubbed 'PSJailbreak'. It took Sony around nine months to fully resecure its system.

Microsoft's advantage here is that burned copies can never be exact 1:1 replicas of the originals and the hackers need to come up with the ways and means to mimic security checks via the hacked firmwares they flash onto the Xbox 360 DVD drive. If new challenges are not meant by the appropriate response from the disc, typically the console is flagged for a ban on Xbox Live.

In the event though, AP2.5 turned out to be a damp squib for Microsoft. The boot checks were easily circumvented with a new piracy-enabling DVD drive firmware, so copied games still ran easily enough, while the updated security checks from Xbox Live were merely built into new burned copies of the games.

Worse still, it's believed that the new anti-piracy technology didn't actually work properly in 100 per cent of cases, and within the last fortnight Microsoft's head of the Policy and Enforcement team, Stephen Toulose acknowledged that consoles were banned from Xbox Live by the company because they were wrongly flagged as having modified DVD drives. Worryingly, it took a concerted campaign from those affected, including the involvement of BBC Watchdog to get past intransigent support centre staff and for the issue to be correctly resolved, the bans lifted and relatively paltry compensation doled out.

In the meantime, Microsoft has continued its crusade against piracy with a number of interesting new technologies. Developers will be aware that the oppressive 6.8GB limitation on Xbox 360 games has now been lifted, and it's believed that around 1GB more space is available for game-makers to utilise - finally bringing the Microsoft console into line with the PlayStation 2 and Wii (!). Previously, Xbox 360 game discs featured a video partition in the standard DVD-Video format that told people who had mistakenly put their game discs into DVD players to try an Xbox 360 instead. This partition occupied a massive amount of space on the disc for no reason other than to also house the security sectors on the disc.

Bearing in mind that the hacked DVD firmwares made a mockery of the whole security sectors concept, Microsoft removed the video partition in its latest XGD3 disc format, introduced during the summer dashboard update. Games like Gears of War 3 and apparently RAGE bust through the 6.8GB upper limit for the first time, but XGD3 also saw a brand new approach to Microsoft's anti-piracy technology.

Firstly, the new dash rewrote the DVD-ROM firmware - meaning that hacked drives were restored to factory settings, killing off any modifications, meaning that determined pirates would need to dismantle their consoles again and reflash the drives. Secondly, the new, pressed XGD3 discs actually compress the tracks on the discs themselves, allowing for more data to be added over a traditional DVD (Dreamcast fans may remember the GD-ROM which did much the same thing with normal CDs). In Microsoft's approach, the increase in available data in miniscule, but it makes it virtually impossible for downloaded disc images to be burned in their entirety onto blank discs.

Over and above that, new anti-piracy checks have also been put at the disposal of game developers themselves in the form of what is known as Content Integrity Verification (CIV). Here, checks can be accessed in-game, potentially allowing for devs to limit access to their games should it turn out that the user is running a copied game. However, in light of the recent Microsoft climbdown, questions need to be asked about whether "stealth" technologies like this are worth pursuing. Despite an extensive beta testing program, Microsoft's previous measures were still found to be wanting, and while the impact was supposedly limited to a "handful" of consoles, it may well be that the era of the arbitrary Xbox Live ban is over.

In the wake of Stephen Toulouse's announcement last week, hackers once again claim to have defeated the anti-piracy measures introduced with XGD3 and once again burning copied discs appears to be a viable option for the determined pirate. Other hacks, including optical drive emulators (which allow for disc images to be stored on external hard drives) and a new JTAG-style hack (that actually offers the potential for homebrew, unlike the DVD firmware attacks) are making the job of securing the Xbox 360 ever harder. In all likelihood, the platform holder may have to concede defeat and instead focus more strongly on making sure that the integrity of Xbox Live is not compromised. At the very least, the CIV initiative should ensure that games that are run on the multiplayer service haven't been adjusted, giving hackers unfair advantages in-game.

Recent Xbox Live bans wrongly targeted some perfectly innocent 360 owners with support centre staff telling them to go out and buy new consoles

In the meantime, after what has been a pretty disastrous year from a security perspective, Sony goes into Q4 with a renewed sense of optimism about the integrity of its online service and the ability to protect its platform from the losses incurred by counterfeit software. The manufacturer spent the best part of nine months re-securing its systems in the wake of the original PSJailbreak - an ingenious USB-based exploit that allowed for Blu-ray games to be dumped and played from hard drives. After a pitched battle with hackers who found an enormous hole in Sony's private/public cryptography, not to mention Geohot, who published the root key of the PS3 itself, Sony finally appears to have regained the upper hand. After the tragic PlayStation Network security breach (now seemingly being retconned by corporate PR into a mere "outage") where the perpetrators were never caught, Sony also appears to have recaptured the faith of the audience.

The clean-up operation appears to have been thorough elsewhere too. The cryptography debacle made PlayStation 3 vulnerable to softmodding - a hack that requires no adjustment of the hardware, and could be achieved with just one download and a USB stick. It was exactly this kind of simplistic hack that plagued the PSP, but with the more sophisticated security of the PlayStation 3, Sony was able to come up with revised security keys for encrypting newer PS3 titles, and was also able to hide those keys in places within the system update that hackers were no longer able to read with ease.

In the here and now, pirates are locked onto the obsolete firmware 3.55 and without the decryption keys from more recent system updates, they are completely unable to access the PlayStation Network or indeed play any titles requiring 3.60+ firmwares unless they upgrade. From being the most compromised, piracy-ready platform on the market for a period of months, the PlayStation 3 is now the most secure.

No-one's 100 per cent sure if this video is real or fake, but if hackers are indeed well on their way to circumventing the Nintendo's anti-piracy mechanisms, it could spell disaster for the fledgling 3DS handheld.

While there may be the worry that the newer decryption keys could be extracted, Sony can rest easy in the knowledge that hackers cannot effectively monetise that knowledge - and at the end of the day, while "true" hackers search out exploits for launching homebrew code, piracy is sustained by the markets for enabling peripherals - be it from tools to open Xbox 360s, replacement DVD-ROM PCBs, or other devices. The softmod approach to the PS3 effectively killed off that economy, and it remains to be seen what other hardware exploits remain on the Sony platform and whether the recent waves of modchips will puncture Sony's security provisions.

For its part, Nintendo appears to have all but given up on the Wii, where certain games have save game exploits that can run unsigned code and enable both homebrew and piracy, while recent rumours suggest that Far East companies that make their living from facilitating piracy are working on a 3DS flashcard hardware that allows for the counterfeit games to run on the handheld - a project that could be potentially catastrophic for developers and publishers supporting the the fledgling system.

Once exploits have been discovered, re-securing a console becomes a cat and mouse game between hackers and console manufacturers. The important thing here - as with all anti-piracy technologies regardless of platform - is to ensure that legitimate users do not have any kind of impacted experience and shouldn't even be aware of the measures being taken at all. Sony's all-too-frequent firmware updates do upset many - though perhaps not as much as the lengthy software patches - but when innocent gamers are locked out of services they have paid for, questions do need to be asked about how infallible these technologies actually are, and how transparent the platform holders are being in the measures they are taking against their own userbase.

Related stories

Microsoft takes a stand against "offensive language" on Xbox Services

Amended Services Agreement will use suspensions and bans to fight toxic behaviour

By Matthew Handrahan

Microsoft: 'We're growing our gaming business beyond the console'

The company lays out its vision to attract two billion gamers by 2020

By Christopher Dring

Latest comments (8)

Kevin Clark-Patterson Lecturer in Games Development, Lancaster and Morecambe College6 years ago
All this indeed points to cloud on live services in the [near] future
0Sign inorRegisterto rate and reply
Tony Johns6 years ago
Piracy is bad. But all of these lengthy download updates as well as these DRMs that require codes to prove that you have purchased a game you have already paid for, but never able to resell it, is only going to hurt the industry with casual consumers not wanting to play games at all, and all of the industries hard work to try and bring in new gamers is going to fail because of these anti piracy measures.

My guess is that publishers should just try to provide the best experience on their consoles, not worry about pirates because there is seriously nothing you can do about them.

And even if you do try to stop the pirates, you only hurt your own business when innocent gamers get wrongly accused of being pirates. And that is even more worse than the piracy issues.
0Sign inorRegisterto rate and reply
Klaus Preisinger Freelance Writing 6 years ago
Let's not forget that there is no history of piracy-proof systems outperforming those which are hacked. If anything, quite the opposite seems to be the fact.

PSP and DS were both hacked to the point where you have to wonder how anybody still sells a game on these systems. Blaming piracy for the failure of the PSP is nothing more than a reflex.

The tough to copy Nintendo 64 did not outperform the Playstation. The still undefeated copy lock of the Saturn did not turn the tide in its favor.

Piracy may be something you can blow up to be this huge threat to your bottom line, but from looking at the past 20 years of computers and consoles, there seem to be more important factors at work than piracy which determine the success of a platform.

It is best observed on the 360. The copy lock was defeated pretty early on and continues to be defeated. But Microsoft did not make it about the rat race, they improved their service time and again. These advancements helped the 360 to become a success, Piracy cannot prevent that from happening. Sony only has ads claiming their console can do everything, while Microsoft delivers when it comes to doing everything. That's what makes or breaks a console, pirates and hackers get way too much credit.
0Sign inorRegisterto rate and reply
Show all comments (8)
I personally think two steps need to be made and more notes taken.

What are the most common types of hacked games and extensively work on them before release. Then end region locking, I'm not sure of the percentage but it hurts sales from a good and bad stand point. People want games they cant have and the developer loses sales for not attempting to sale even if its a micro market.

I hope Nintendo stays try to releasing there so-called anti piracy measures for the 3ds. People may complain they cant brick their system but yes they can because they don't have to, you did it yourself. We need more hard anti piracy measures.

0Sign inorRegisterto rate and reply
Jamie Watson Studying Bachelor of Games & Interactive Entertainment, Queensland University of Technology6 years ago
i think that yes piracy will remain but console makers need to design system which are worth not pirating.

untill that day piracy will continue to grow.
0Sign inorRegisterto rate and reply
Sam Brown Programmer, Cool Games Ltd.6 years ago
"In Microsoft's approach, the increase in available data in miniscule, but it makes it virtually impossible for downloaded disc images to be burned in their entirety onto blank discs."

I remember once being told to put extra audio tracks that the game didn't ever use onto a master simply to push the used space up to the limit of an extended CD so that people couldn't just copy it onto a normal CD. The result? The ISO that appeared on the warez sites simply had the DirectX runtime installer removed to get it back down to 660MB. Curses. :)
0Sign inorRegisterto rate and reply
Nick McCrea Gentleman, Pocket Starship6 years ago
"Let's not forget that there is no history of piracy-proof systems outperforming those which are hacked. If anything, quite the opposite seems to be the fact. "

People keep using this logic, but when I see the most pirated systems being the most successful I don't think 'AHA - ease of piracy contributes to success!', I think 'The most successful systems are the ones targeted by pirates. Seems obvious'.
0Sign inorRegisterto rate and reply
Hakki Sahinkaya6 years ago
Don't fight it, plan for it - Is all I will say.

Putting in annoying measurements that only stops pirates for a week at most, is NEVER going to work and you just annoy legit consumers.
Just check Metacritic score on some PC games that get rated down due to DRM measures.

Publishers have a bigger battle to fight anyway; second hand sales.
0Sign inorRegisterto rate and reply

Sign in to contribute

Need an account? Register now.