Jump to content

Sony vs. Everyone - Tales of Exploits, Lawyers, Hackers, and Houseraids


Level 99
 Share

Recommended Posts

If anyone's been paying attention to the Sony news lately, they're likely in the know about how GeoHot got the private key and basically unlocked the PS3 for people. Sony pushed back, got a restraining order and is taking GeoHot to court.

Sony had also requested Google to get IPs and other info on anyone who watched the youtube that showed the key and the method of jailbreaking. Sony has basically stated they're basically going after anyone who sees or spreads that key.

Hackers have been fighting back at every turn. It's basically a game of trading blows right now, with Sony continuing for legal lockdown and the hackers going farther and farther to get the code and the info spread far and wide, publicly.

Sony took it to the next level this morning, when German Police raided the house of a PS3 hacker.

There's a great makezine article on Sony's trend of going after consumers and innovators that nicely sums up the mentality of the company.

I realize that is a metric fuckton of links, but I assure you, it's all interesting reading. Chime in with your thoughts on Sony's tactics and if there's any more info as things progress.

Edit: A little more backstory on the issue:

The larger models of the PS3, from launch day all the way up through the release of the slim models, supported the option to install an alternative operating system (mostly Linux flavors) on a separate partition on the PS3 hard drive. GeoHot, a notable hacker who jailbroke the iPhone, posted news and knowledge of a discovered exploit that granted Hypervisor and Read/Write memory access. This exploit was accomplished through Linux, and as a result, the new PS3s and the Sony firmware that followed the exploit's reveal removed the Install OtherOS option for "security reasons". Mind you, this was a feature that was highly marketed and pimped at launch, and for the people who bought a PS3 in order to run Linux on a highly specialized core and architecture were massively pissed.

People continued to try to hack the PS3 and, not too long ago, a group called fail0verflow was successful in getting past security countermeasures and found the ability to reveal the PS3 private key, which is used to sign software as being "Sony official". GeoHot released this key last month, publicly (heck, even Kevin Butler accidentally retweeted the key). Since then, all shit has hit the fan.

Link to comment
Share on other sites

To me it seems like the real problem here is that Sony got a little too arrogant. Even if it's a bit excessive, I understand exactly why they're being so anal about this piracy thing:They were so confident the PS3 couldn't be cracked, they have little-to-no security in place from it ruining their entire online service.

It's less about losing revenue on games, and more about opening up their network to being completely useless. Once someone can launch 3rd party software on the PS3 all bets are off. Any game that's popular on PSN will have cheaters and hackers all over it. That'll cause more lost revenue to legitimate customers than piracy will EVER do to a console. Sure Sony can ban a PSN account, but there's near nothing from stopping someone from making another one and going right back online. Hardly even a deterrent.

I feel like if they had a system in place, like Microsoft does, they'd essentially just ban the PS3 and be done with it. PS3s are EXPENSIVE. I don't think many people are going to risk hacking it for piracy, and having to buy another one to get online at all would be a serious pain. But right now there's near literally NO consequence besides Sony SUING you.

Less learned, I'm sure.

Link to comment
Share on other sites

It's not about ego Bleck. It's about the PS3 becoming in danger of what happened to the PSP. Regardless of whether or not people think hacking should be legal, the bottom line is that it is against the law and until the law is changed, Sony has every right to pursue measures to stop the spread of these hackers.

Link to comment
Share on other sites

It's not about ego Bleck. It's about the PS3 becoming in danger of what happened to the PSP. Regardless of whether or not people think hacking should be legal, the bottom line is that it is against the law and until the law is changed, Sony has every right to pursue measures to stop the spread of these hackers.

Hey now. I don't think this has anything to do with Sony's insistance on using propritory media for everyone on the PSP, or for making the controls extremely iffy, or for making the good releases on the PSP few and far between.

Don't get me wrong, I have a PSP, and I love it. There are some great games on the PSP...but there's 1 good game on the PSP for every 10 good games on any other hand held medium. It's too damn expensive. MemStick Pro Duos are STUPID expensive if you buy the real things...I mean, piracy is probably the best thing to ever happen to PSP.

I mean...don't even get me started on how Nintendo still manages to get money from the DS despite piracy...

Link to comment
Share on other sites

I liked the comment made in Extra Credits: "Sony, a word to the wise: do not tangle with the kind of people who install Linux on their Playstations. Trust me. You are wasting your time."

http://www.escapistmagazine.com/videos/view/extra-credits/2653-Piracy

A word to the wise? Shit, that's a life philosophy.

Never piss off Linux users.

Link to comment
Share on other sites

Apparently graf had a safe online storage for all his work even stuff he hadn't announced yet and when police showed up he gave the data to everybody he trusted and told them to spread it everywhere. Now its on just about every homebrew or hacking site and torrents everywhere. They took his computer and he doesn't have a stable internet to use but he is still woking on it! Released some new info even. Says he loves linux so much sony would have to kill him for him to stop!

They are trying to sue him for a million euro and he says it doesn't matter to him they could double it and he would not stop. Wow heh

And yeah psp has a lot more problems than homebrew or piracy. Both are done on ds and it was still very successful. Besides piracy was enabled via psjailbreak well before fail0verflow or geo or graf released anything. Sony is doing this to set an example. I think one has been set but maybe not one Sony wanted

Link to comment
Share on other sites

It's not about ego Bleck. It's about the PS3 becoming in danger of what happened to the PSP. Regardless of whether or not people think hacking should be legal, the bottom line is that it is against the law and until the law is changed, Sony has every right to pursue measures to stop the spread of these hackers.

actually the idea here is that hacking the PS3 itself is not against the law

piracy is illegal - wanting to install linux on your ps3 is not

but if sony had their way they'd lock up everyone who has ever even considered either of them

now I'm not going ignore the fact that the very large majority of people who hack their systems do so to enable piracy, but the fact of the matter is that making your system capable of piracy is not really a crime in itself, nor is spreading information regarding the methods in which you do so

Link to comment
Share on other sites

There's a lot of detail / context that this story is missing. First of all, GeoHot released the private key, yes, but that, in and of itself, doesn't enable piracy. In fact, the original homebrew hack that GeoHot distributed was carefully crafted and controlled so that it would enable enough system access to allow for homebrew, but not allow for direct piracy; piracy using the private key can happen, but pirates would first have to figure out how to use the key to resign discs that they mint themselves or would need to design a bootloader program that forces the system to ignore key checks for disc based content in the same way GeckoOS does on the Wii.

Second, people always fail to notice that all of the PSN hacking problems, especially the MW2 and CODBLOPS hacking, aren't GeoHot's fault at ALL: they're due to IW / Treyarch giving their games too much reliance on client-side data verification, and trusting client software too much. If their server side systems didn't give so much weight to client data, they could take the time to verify the packets being sent to the game servers to check if its being altered. Problem is, that slows the game down and creates MS of lag, which IW / Treyarch thought would cripple their games. They traded safety for speed, and lost. Not GeoHot's fault; they should have secured their games better.

Third, the crux of this case is not IP law, is not DMCA violations, and is not about safety or system security... it's about corporate control over the products you buy. If you actually read the court documents detailing the claims Sony is bring to GeoHot, you'd find out that they are, in essence, suing him for playing Super Mario on his PS3, and Super Mario isn't an "authorized game". Sony knows that, as the law stands, numbers can't legally be copyrighted, so releasing the private key isn't illegal, because it's not a trade secret. So, they brought a DMCA claim, but the claim boils down to "Sony wants to be able to control how you use the stuff you buy from them".

As a consumer, this is bad.

Imagine a scenario where you buy a car from Ford, but one with a shitty sound system. You figure out a way to rewire the car and make some body modifications so that you can replace the radio and install new speakers, all aftermarket and not bought from Ford.

Then, Ford takes you to court for modifying THEIR car and using it in an unauthorized manner.

You'd think they were off their rocker, right? Well, that's what Sony is doing. And, because of how courts have, historically, grossly misunderstood technology, Sony is on their way to finally getting LEGAL JUSTIFICATION for telling you that you don't actually own computer components you buy from them, but are essentially just getting the parts on loan.

The logical culmination of this is "Microsoft does not authorize you to run Skype on this machine; install Windows Live Messenger instead."

...yay.

Link to comment
Share on other sites

actually the idea here is that hacking the PS3 itself is not against the law

piracy is illegal - wanting to install linux on your ps3 is not

but if sony had their way they'd lock up everyone who has ever even considered either of them

now I'm not going ignore the fact that the very large majority of people who hack their systems do so to enable piracy, but the fact of the matter is that making your system capable of piracy is not really a crime in itself, nor is spreading information regarding the methods in which you do so

This is a cry from George Hotz on his website calling for people to boycott Sony.

boycottsony.png

And this is a very well thought out response to it. I did not make it but I agree with it.

So, without much fanfare, here we go.

Sony continually removes features from the Playstation 3 hardware that were a major ADVERTISED selling point for the system. This is a form of false advertisement and it is ILLEGAL.

The only feature Sony has ever removed from an advertised item is OtherOS, something they confirmed as being used than not even close to one half of a percent of people and done because George Hotz found a way to use it to hack the software.

Removal of BC, extra USB ports, and similar in later models wasn't illegal as those models were updates and were not advertised as having those features.

So, the statement of "continually removes" is completely false. I will grant that there was the removal of OtherOS, but it wasn't a focus of advertising, used by even half a percent of the current users, and was removed because of the attempt for users to obtain data that is reliant on ensuring the security of every PS3 out there.

Sony places customer's security at risk by allowing credit card information to be transmitted over the internet in plain text every time someone signs into the Playstation network.

Actually, all they know is that the information is stored in plain text. They still have not been able to detect how it is sent. It's far from unusual to store items in a text format on the client's end and then send it as a package of bits via the Internet.

While I agree it could be more secure, the information being sent isn't insecure. It's pointless information that does nothing to identify the person on the account or anything worthwhile that could be used to collect and use the CC data for fraudulent purposes.

Sony permanently bans Playstation 3 hardware from accessing the PlayStation Network for suspected (not proven) custom firmware.

Actually, they can confirm exactly if you are running CFW or not. From comparing the local XML/text files (such as the ToS text file), to checking the digital signatures of installed software to make sure it's not running any that aren't found on their end, to even just detecting if the account has enabled previously disabled features, such as OtherOS. No one has been banned that hasn't run CFW. It's very easy to tell who is running CFW and who isn't, since if you're not, everything would match up exactly with what the latest FW put out. Any changes to this requires that you had installed or otherwise hacked your PS3.

As far as the leap that they are taking in saying that "hackers found a way to change the hardware id of the Playstation 3 hardware" in order to ban an honest user. Total pablum and a pipe dream. The exact same thing could have been done with the 360 by now since Microsoft utilizes the exact same method of banning accounts/consoles. The reality is that knowing that information is sent isn't the same as being able to properly spoof the necessary information being sent; which includes decrypting it, generating a method for creating new valid keys, and then re-encrypting the data to be sent; and then sending it to Sony via a PSN connection without it being recognized as spoofed data by their Intrusion Detection/Prevention Systems. So far, this is just fear mongering. An attempt to get legitimate PS3 users scared and angry at Sony by saying it's possible without even attempting it.

Sony secretly sends micro updates to the Playstation 3 firmware without the user's knowledge anytime a user connects to the internet in order to prevent the installing of customer firmware.

Completely false. Like all things, Sony validates the access a console and account has upon each attempt to connect to PSN and updates any cached data used for validating this information on the PS3. This is the exact same as pretty much everything validating you being logged in and updating a cookie in your temporary internet files to mark your last visit and that you are still logged in.

In order to install any new code onto your system, they must halt you from using the OS. The newly compiled code cannot just be placed on your system without having to restart the OS as well. This isn't taking a PHP or similar page and overwriting the new one. The C code that is used on the PS3 requires that it be compiled and that the necessary configuration and relative files be compiled with it and updated at once.

Again, more fear mongering to get legitimate users worried and angry at Sony without any substance to it.

Jailbreaking or custom firmware are legal and completely within your rights to use.

Jailbreaking a phone is completely legal if used for custom programs and opening them up to use with different providers; jailbreaking is not legal for illegally obtaining the IP of others or adjusting any software that isn't related to allowing custom programs or unlocking the phone for use with a different service provider.

What is not legal at this time is jailbreaking a console nor taking Sony code (firmware) and modifying it as your own custom firmware. The reason behind this is that the CFW modifications made aren't illegal because they can run homebrew, they're illegal because they allow a person to bypass the security protocols and limitations set by Sony with the PSN code, which is illegal to modify.

Unlike phones, the firmware for the PS3 and similar consoles contains specific data for processing sensitive data and purchases on the provided network (XBL/PSN). The modification of this code is akin to customizing a credit card processing machine to send the person's personal information to a source not specified for the machine's design.

Furthermore, this isn't about allowing people to run homebrew, it's about A) the sharing of sensivite and secure information that is integral to Sony's ability to provide a secure environment for their business and therefore each of their users (metldr key data); and B) the modification of Sony IP, specifically the firmware code which also acts as the framework for PSN.

Conclusion: I'm not one to stop someone from boycotting. Go right at it, it's your right. But this stuff kind of pisses me off only because it's riddled with a lot of misinformation. It's fear mongering at its worst, knowing that the general public doesn't know enough to question what they're being told and immediately worrying if Sony is keeping their purchase and personal information safe.

The people who are spreading this information are liars or some of the most ignorant people I've yet to see on the Internet. I find it hard to believe that they don't know that what they are saying is false. I do know that they are, unfortunately, getting the attention they want, and this will only force Sony to have to work harder to fight against the poor publicity.

All of this because Sony needs to protect their business from people who didn't care how their actions would affect them or the legitimate customers of their hardware. And as gamers, we tell people every day to support the people who make the games we like. Looking at 2011 and what Sony is doing for the gamers, I wonder where people's heads are at the moment.

Link to comment
Share on other sites

Near the end is the reasoning for me disagreeing with what you said. The part about it indeed being illegal.

comparing a credit card machine to a video game system is a terrible analogy because one of these things is a credit card machine and the other is a video game system

the code that something runs on is only sacred insofar that nobody else is trying to make money off it when it is not their place to do so

again, unless you are stealing something than you can pretty much do whatever you want to your video game systems

Link to comment
Share on other sites

comparing a credit card machine to a video game system is a terrible analogy because one of these things is a credit card machine and the other is a video game system

the code that something runs on is only sacred insofar that nobody else is trying to make money off it when it is not their place to do so

again, unless you are stealing something than you can pretty much do whatever you want to your video game systems

No you can't. You can alter the hardware, (smash it, burn it, throw it off the Empire State Building) But you don't have the right to alter the software that it runs on. Don't you know? Every time you click the "I agree" button on firmware updates, you agree not to alter the system in any way other than what it was intended to be used for. So since these hackers all signed the user agreement, they don't have any claim to innocence in whatever court Sony is dragging them into..

Link to comment
Share on other sites

Um, thin crust? That's kind of the problem. No other product type in the history of products and selling them has ever been treated that way, but somehow digital media SHOULD? If you buy something, you own it. That includes the copy of the software that Sony willingly provided you on the physical system you bought.

Thus, the copy on your PS3 is your property to do with as you wish, provided you don't sell it. Mod it, reverse engineer it, do whatever. except, Sony doesn't want you being able to create products or services for yourself that would make it so that you don't HAVE to give them money, so they want legal protection. It's dumb, and its not in the consumer's best interest.

Link to comment
Share on other sites

Um, thin crust? That's kind of the problem. No other product type in the history of products and selling them has ever been treated that way, but somehow digital media SHOULD? If you buy something, you own it. That includes the copy of the software that Sony willingly provided you on the physical system you bought.

Thus, the copy on your PS3 is your property to do with as you wish, provided you don't sell it. Mod it, reverse engineer it, do whatever. except, Sony doesn't want you being able to create products or services for yourself that would make it so that you don't HAVE to give them money, so they want legal protection. It's dumb, and its not in the consumer's best interest.

They are giving you a free software update. But there are strings attached which include a contract saying you are not to change it. Sounds like a legally binding agreement to me.

And I would also like to know why stopping hackers is not in the consumers best interest. When a game is pirated, it decreases profits from the developers and will halt production on a sequel. Case in point, Alan Wake is a great game that was pirated much more than it was bought. It never reached 1 million in sales in almost a year since it has been released. Considering its 5ive year development cycle, this puts them at such an incredible loss that there is no way to reconcile it. Because of this, like Zircon says, developers no longer make unique games. They make games that will sell. And it also raises the prices for the honest consumer because less sales means less profit and it needs to be made back somehow. So there are plenty of reasons for the best interest to people like me who buy games to be the same course that Sony is taking right now.

Link to comment
Share on other sites

Oh, you obviously don't know very much about the history of this subject, do you?

First of all, piracy is NOT the issue here; it's what Sony WANTS you to focus on, but it's not the main target; the people Sony want to take down in the name of stopping pirates are people who modify their tech or use their software in ways they don't want. Why is this? Simple: because it opens the doors to competitors. Imagine if homebrew modders use this hack to port Android to the PS3. All of the sudden, you have another app store on which to buy downloadable titles on your PS3, one that ISN'T PSN. This costs Sony money, and so they want to stop it. If modders make homebrew games, they could make games that compete with Sony's games, and they would lose money. This is not really about piracy, this is about corporate control; the "piracy" argument simply gives Sony more moral ground to stand on so that they can trick uneducated people (kind of like what they're doing to you).

Second, there are 4 kinds of "unauthorized content distribution", and only 1 kind is harmful to an industry. Type A distribution is when people DL something they would have bought, but won't since it's free. That's bad. Type B is when people DL something that will later cause them to buy the product, such as trying out a game or software as a demo (especially if a demo doesn't exist, but that's not a requirement). Cory Doctorow publishes his books like this all the time; he allows people to DL copies online for free, and the free publicity ends up causing more people to buy his books in stores. It's proven and it works.

Type C is when content is no longer on the market to buy. It's simple to see how this is ok; if you're not selling something anyway, how are you "losing sales"? Type D is when the content is non-commercial anyway. If I download a song that an artist puts online that isn't being sold anyway, it's obviously fine to DL it.

Piracy is only a problem when Type A downloads outweigh Type B downloads. Otherwise, "illegal" downloads actually help your bottom line, since the Type A downloads are being outnumbered (think of it as a necessary evil). Sony isn't trying to stop Type A downloads... they are trying to have so much control that they control ALL TYPES of downloads using their system, including Type D content creation, which is retarded.

That's how it hurts consumers. Because Sony is trying to use the platform of piracy as a spectre to allow courts to give them control over ALL content creation using their system, and this is not in the consumer's best interest.

...man, I wish I didn't have work in 30 minutes.

Link to comment
Share on other sites

The statement about not being able to alter the software due to agreement to the EULA is 100% correct. I had a conversation with my co-worker, who's a lawyer, and he is also a big gamer, so he had much relevant legal insight into this. The hardware is fine to fuck with, its yours, but if you want to run any software on it that isn't Sony's you better make damn sure its your software from the ground-up and nothing from Sony's whatsoever. This is why WINE is a legal implementation of windows executable architecture and directx: it's a clean-room reverse engineering and the people working on it have to sign an agreement that they have not, and will not, have access or extrapolate data from Windows source code.

I, however, am an advocate of invention, and the more Sony keeps fighting these hackers, the more their exploits are going to be public and pushed farther. Sony should have offered these kids a job: make them sign a NDA, get paid to do ACTUAL work for the company, and further allow people to do what the PS3 was originally designed to do: run Linux.

You don't fuck with Linux people. Ever. Sephfire hit that nail on the head.

Link to comment
Share on other sites

The statement about not being able to alter the software due to agreement to the EULA is 100% correct. I had a conversation with my co-worker, who's a lawyer, and he is also a big gamer, so he had much relevant legal insight into this. The hardware is fine to fuck with, its yours, but if you want to run any software on it that isn't Sony's you better make damn sure its your software from the ground-up and nothing from Sony's whatsoever.

That's how it is NOW, but that's also what GeoHot and the internet wants to fight: that somehow digital IP is "special" and gets afforded to it special protections that physical products do not.

"You can modify the hardware, but not the software" is stupid, and should be treated as such, legally.

Link to comment
Share on other sites

That's how it is NOW, but that's also what GeoHot and the internet wants to fight: that somehow digital IP is "special" and gets afforded to it special protections that physical products do not.

"You can modify the hardware, but not the software" is stupid, and should be treated as such, legally.

I disagree to a certain extent, actually. Certain fundamental things, like drivers, cpu service code, and BIOS-style things should be made open for public knowledge and tinkering. Other things, such as their interface, should only have a moderately open policy. There is a line that needs to be drawn between openness and giving stuff away, it's just that right now some "hackers" are fighting for what they morally should have access to, while other "hackers" are trying to access stuff they do not. Things, like the private key, do not belong in the hands of the public. Having the ability to run a Linux kernel that has access to all 8 cores and the gpu is something that should.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...