rdist

May 11, 2010

A new direction for homebrew console hackers?

A recent article on game console hacking focused on the Wii and a group of enthusiasts who hack it in order to run Linux or homebrew games. The article is very interesting and delves into the debate about those who hack consoles for fun and others who only care about piracy. The fundamental question behind all this: is there a way to separate the efforts of those two groups, limiting one more than the other?

Michael Steil and Felix Domke, who were mentioned in the article, gave a great talk about Xbox 360 security a few years ago. Michael compared the history of Xbox 360 security to the PS3 and Wii, among other consoles. (Here’s a direct link to the relevant portion of the video). Of all the consoles, only the PS3 was not hacked at the time, although it has since been hacked. Since the PS3 had an officially supported method of booting Linux, there was less reason for the homebrew community to attack it. It was secure from piracy for about 3 years, the longest of any of the modern consoles.

Michael’s claim was that all of the consoles had been hacked to run homebrew games or Linux, but the ultimate result was piracy. This was likely due to the hobbyists having more skill than the pirates, something which has also been the case in smart phones but less so in satellite TV. The case of the PS3 also supports his theory.

Starting back in the 1980’s, there has been a history of software crackers getting jobs designing new protection methods. So what if the homebrew hackers put more effort into protecting their methods from the pirates? There are two approaches they might take: software or hardware protection.

Software protection has been used for exploits before. The original Xbox save game exploit used some interesting obfuscation techniques to limit it to only booting Linux. It stored its payload encrypted in the JPEG header of a penguin image. It didn’t bypass code signature verification completely, it modified the Xbox’s RSA public key to have a trivial factor, which allowed the author to sign his own images with a different private key.

With all this work, it took about 3 months for someone to reverse-engineer it. At that point, the same hole could be used to run pirated games. However, this hack didn’t directly enable piracy because there were already modchip-based methods in use. So, while obfuscation can add some time to pirates getting access to the exploit, it wasn’t much.

Another approach is to embed the exploit in a modchip. These have long been used by pirates to protect their exploits from other pirates. As soon as another group clones an exploit, the price invariably goes down. Depending on the exploitation method and protection skill of the designer, reverse-engineering the modchip can be as hard as developing the exploit independently.

The homebrew community does not release many modchips because of the development cost. But if they did, it’s possible they could reduce the risk of piracy from their exploits. It would be interesting to see a homebrew-only modchip, where games were signed by a key that certified they were independently developed and not just a copy of a commercial game. The modchip could even be a platform for limiting exploitation of new holes that were only used for piracy. In effect, the homebrew hackers would be setting up their own parallel system of control to enforce their own code of ethics.

Software and hardware protection could slow down pirates acquiring exploits. However, the approach that has already proven effective is to limit the attention of the homebrew hackers by giving them limited access to the hardware. Game console vendors should take into account the dynamics of homebrew hackers versus the pirates in order to protect their platform’s revenue.

But what can you also do about it, homebrew hackers? Can you design a survivable system for keeping your favorite console safe from piracy while enabling homebrew? Enforce a code of ethics within your group via technical measures? If anyone can make this happen, you can.

21 Comments

  1. Was the PS3 really cracked? My understanding was that:

    a) The hypervisor exploit wasn’t quite usable for piracy yet as parts of the code you’d need to beat were actually isolated from the hypervisor too

    b) Sony pushed an update that removed the Linux support completely anyway

    As far as I know, games distributed exclusively via Xbox Live are still piracy proof despite Domkes hack. The methods the pirates used on the Xbox 360 didn’t bear any relation to the techniques the homebrew guys used anyway, so in the end not supporting Linux doesn’t seem to have made much difference. The real reason the X360 has piracy problems and PS3 doesn’t is that the Xbox uses DVDs and third-party DVD drives with relatively weak protections. PS3 uses BluRay which most people can’t burn, and an in-house drive that’s well protected against reflashing anyway.

    Comment by Mike Hearn — May 11, 2010 @ 11:33 am

    • Yes, the Xbox360 had piracy problems before it was fully cracked to run arbitrary code because the DVD drive firmware was not protected. This is the worst possible situation for a game console vendor — where it’s easy to copy games without even attacking the main host CPU security that you spent so much effort on.

      The PS3 was cracked if you believe the author (geohot). He claimed in a followup post that from the vantage point of the HV, you can slave the SPU to decrypt arbitrary data for you, including disc packages. I have not independently verified that claim, but he seems decently reliable.

      Sony’s update can be patched to re-enable Linux support. So this version would only have disabled this route for users who mistakenly upgraded first.

      Finally, there’s no reason this kind of hack won’t work from GameOS mode. Sure, you don’t have the low-level access that Linux has to page tables, but that only made it easier. With very precise timing, the ordinary setup of GameOS page tables could be thwarted with a glitch from a modchip. This would be a lot of effort to develop the first time, but once it was working, could be cheaply replicated.

      Comment by Nate Lawson — May 13, 2010 @ 8:16 am

  2. Funny, someone actually claimed we would be restricting apps for the Homebrew Channel on the Wii, but we never actually had any (serious) plans to do so. I wrote about this in some more depth on our blog — http://hackmii.com/2010/05/of_homebrew_and_antipiracy/

    Comment by bushing — May 14, 2010 @ 11:10 pm

  3. Bunny hacked the xbox first in hardware.
    Without that hack the software hacks could not have been discovered.

    If this is loosely attempting to describe the situation Geohot finds himself in then the article should be more direct.

    Geohot cannot release an exploit without it eventually leading to piracy.
    And I am sure he wont take the Dark Alex approach to protecting his work.

    Comment by erexx — May 16, 2010 @ 8:00 am

    • I’m not talking about geohot specifically, no. He’s already released a relatively low-level exploit, unobfuscated.

      I’m talking about a general strategy of 1. targeting exploits at areas least likely to lead to piracy and easiest for the vendor to fix and 2. obfuscating the exploit in various ways to prevent it being easily adopted for piracy. My theory is that such an approach may be somewhat effective to separating homebrew from piracy.

      Comment by Nate Lawson — May 16, 2010 @ 11:13 am

      • I can see the strategy of targeting exploits at areas least likely to lead to piracy, but I don’t see why it becomes the homebrew community’s obligation to help manufacturers lock down their systems against homebrew code execution by choosing only the low-hanging fruit.

        Why is it so untenable a position that, if the console manufacturers and apple and all these other companies whose stuff is getting reversed don’t want to have to worry about highly skilled people reversing their stuff, they should allow these people to develop for the devices? I’m not talking full support, just not actively sabotaging their work. Similar to the PMPs that Rockbox runs on.

        Comment by r4 — May 21, 2010 @ 11:24 am

      • I’m not saying it’s an obligation of the homebrew community to do this. I’m saying that for those willing to try to do something about piracy, this is one route that may be effective. There are a lot of factors that determine if it will be effective, most out of the control of the homebrew hackers. But I’m trying to address those that would say “there’s nothing at all we can do about piracy”.

        I think we agree on the second part: providing some access to homebrew is often a good strategy for vendors.

        Comment by Nate Lawson — May 22, 2010 @ 12:04 pm

      • It isn’t so much “there’s nothing at all we can do about piracy” it is “going vigilante does more harm than good.”

        This really isn’t the homebrew community’s fight, and its basically hypocrisy, breaking Nintendo’s DRM because you don’t want to use the hardware on their terms just to install your OWN DRM and force others to use it on YOUR terms.

        Obfuscating code harms the entire community, not just pirates, especially with said person calls it quits and we are stick between choosing outdated system files or actually using the system with anything legit made after new protection schemes have rendered the old methods useless.

        On top of that, this is making the rather egotistical impression that the homebrew community and only the homebrew community are the ones who find all the methods to run homebrew and pirates only steal these for piracy purposes, that pirates would be nowhere without the homebrew community.

        A console getting hacked is an inevitability, a console getting pirated is an inevitability. No, I am not saying just give up and enable piracy and release iso loaders, of course not, I am saying this is not the homebrew scene’s fight, they are basically being hypocrites by breaking one person’s locks just to install their own, yet they act as if they have the moral high ground and some actually believe that the producers of said consoles will support them with an official “homebrew mode” on their own terms instead of seeing them as being no better than pirates.

        Sony, Microsoft, Nintendo, these people couldn’t care less of your reasons, you are running code they didn’t approve, that is all they care about, to them its the same as if you were pirating a game, they don’t care your reasons and will treat you the same, adding anti-piracy measures just simply harms the community by making homebrew enabling hacks difficult if not impossible to maintain, especially once the original creator has left, but said measures can start to actually cause problems, many “easter eggs” have been turned around and used for exploits or just plain caused system instability. Finally, there is a reason being a vigilante is illegal, not all people have the same mentality of how far one should go, there have been examples of people who willingly put code that could cause harm or even bricks if somebody messed with it, some feel this is justified “to stop piracy” or just to protect their hack from being dissected, many others would see this as going too far, its no different than somebody slashing the tires of someone who parked across two handicap spots, report it but its not your fight to do something about it, especially something destructive. Not to mention if this little payload ever went off by accident.

        Comment by Mike — May 22, 2010 @ 6:02 pm

      • I fail to see the hypocrisy here. If they create something (in this case an exploit), they have every right to implement it however they want. They could require payment, obfuscate it, or force you to beat 3 levels of Pacman before you get to run your homebrew game.

        If you aren’t the vendor or the person who discovered an exploit, you have no standing in this matter. Let me repeat that: nothing you say matters. The other two parties will continue to operate as if you don’t exist.

        If this bothers you, perhaps you could find your own holes or reverse the obfuscated exploit released by the homebrew group? Then perhaps you can demonstrate your wonderful goal of enabling ISO loaders for all, destroying the revenue of game authors and hastening your platform’s eventual slide into disuse.

        Comment by Nate Lawson — May 23, 2010 @ 10:07 pm

      • How wonderful that you instantly label me as a pirate purely because I don’t agree with your views, I suppose anybody who does not hold the homebrew community in some sort of high infallible regard must be a pirate then?

        You claim “you have no standing in this matter” yet act as if you yourself have a say on how to practically enforce the law just because you found a way to run linux on a game console. Do you think anything you say or do matters to Nintendo beyond “how can we stop this guy?”.

        I have seen myself how propitiatory code, even with good intentions, can cause havoc due to bugs or lack of support. If you seriously cannot see forward enough to understand why adding DRM and limitations to code based on an arbitrary set of rules that YOU invent would be no better than what we already have on the console, well, then I suppose I over-estimated that we could have a logical discussion about this.

        Yes, its true that you made the code and can do whatever you want with it, its also true that Linus can start making the Linux kernel closed source and do whatever he wants with that as well, there are certainly people who use it for malicious purposes, but I suppose he figures that the good uses people can get out of a completely open source kernel and subsequently, operating system, outweigh attempting to lock the system down to prevent malicious use.

        It is also true that you are trying to fight a war for something in which the very people against it see you as the enemy as much as them, and no, they are never going to see it “your way” or agree to a homebrew enabling mode.

        But I wonder if you are actually willing to discuss this rationally, after all, you dismissed my entire post with essentially a three sentence “You are a pirate so I won’t even listen to you, we can do what we want” when my goal is most definitely not piracy, I honestly do believe that obfuscating code and adding DRM just hurts the homebrew community, after all, it is based on the very concept of creating code on your own instead of within a corporation with development kits, usually with community help, especially when its to fight an enemy that is not your fight, you start trampling over other homebrew community members in a mad dash to get to this enemy whom nobody but you care about, and Nintendo most certainly wouldn’t care if you put a stop to it as well, they will just continue to stop your efforts.

        If Nintendo devised a new way to block the homebrew channel, but it would not block the piracy enabling software, do you think they would actually care? Of course not, they would release it and block homebrew again, sure they would want to block the piracy enabling software as well, but to them blocking ANY unauthorized code is a win. Now, what if (and this DOES indeed happen often) a key person in the homebrew community leaves? Now what is going to happen with that obfuscated code? As opposed to the code for piracy enabling software that is released as open source? At that point the homebrew community will start to die because it needs to essentially re-crack the code while the piracy community flourishes, this would not happen if the homebrew code was not locked down.

        Again, I am not arguing this because I want piracy, I am arguing this because obfuscated code hurts everyone, but especially the homebrew community, it does more harm to the community than good, especially in a fight that the people who are at war with don’t want you to join and would gladly fight against you too than with you.

        Comment by Mike — May 24, 2010 @ 5:03 pm

      • I’m not labeling you a pirate. I’m saying that your suggestion of distributing an unobfuscated exploit is proven to assist pirates. Assuming homebrew hackers want to avoid contributing to piracy, obfuscation or hardware protection may be one route that slows the pirates down.

        Just to be clear: I don’t hack consoles so I have no standing in this matter either, same as you. The difference is I don’t pretend to be able to tell anyone how to do things. This blog post was a thought experiment and a request for feedback. As you can see above, some Twiizer members have already tried what I suggest and reported results on their blog. This is exactly what I was looking for.

        Basically, your argument is:

        1. You don’t care about piracy because the vendors are fighting homebrew
        2. An obfuscated exploit is a detriment to homebrew because it is hard to maintain

        For the first case, it appears that some homebrew hackers disagree with you. They actually care to make some effort to prevent piracy. Your second point is inconsequential because the same techniques used to hack a console can be used to reverse-engineer an exploit. It’s just more fun to be had by everyone!

        In case you weren’t aware, my company helps design software and hardware protection schemes and one use of those is DRM. So I’m actually a fan of what software protection can do by providing a technical way for authors to control how their products are used. This blog post was based on the insight that homebrew hackers can slow down piracy (if they want) by using these same techniques, and this duality is what I find fascinating.

        Comment by Nate Lawson — May 25, 2010 @ 12:14 pm

  4. I like the idea of a modchip that only allows content signed for it :) Problem is once you can run code it becomes easier to break out of your limits and gain full control. Therefore even a “homebrew modchip” would likely get extended to be a full modchip.

    Also on the xbox1 savegame exploit, it was hacked upon release however not publicly released. The reversed code was quite simple making the public key alteration quite obvious.

    Lastly I can vouch for the fact that when you learn how to bypass copy protections you can then learn how to make them for commercial use.

    Comment by xorloser — May 24, 2010 @ 5:20 am

    • Thanks for your comments. I agree that releasing any exploit (even an obfuscated or hardware-protected one) can give pirates a quicker method than independently discovering a flaw. The question I was wondering is: at what point will pirates give up trying to reverse the homebrew-only exploit and switch back to the independent discovery route?

      This will depend a lot on the particular environment, vendor, console hardware, revenue pirates can collect, etc. It will differ depending on platform. For example, pirates can make much more money on a modchip than a softmod because the software exploit is easier to pirate itself.

      I find it very interesting that on the Wii, the Twiizers team was able to give the vendor quite a while to thwart piracy with software obfuscation only. So this route may have some usefulness.

      Comment by Nate Lawson — May 25, 2010 @ 12:02 pm

  5. Interesting conversation. Sorry if this response is too long.

    “Michael’s claim was that all of the consoles had been hacked to run homebrew games or Linux”

    This is true. There are very few people willing to spend the amount of time it takes to find an exploit just to pirate games, because that really goes against what pirates are, lazy. Analyzing every syscall and their subs to look for the tiniest mistake on the 360 is time consuming and requires deep knowledge of the instruction set. It takes dedication, time, and maybe teaming up with someone else who might have a bit more info, and a majority of reversers will not team up with a pirate. For the 360, it was the drive hack that was the first method for running the exploit, though I don’t believe the original people who hacked the drive had intended it to go the way it did.

    “Starting back in the 1980’s, there has been a history of software crackers getting jobs designing new protection methods.”

    This is true to this day. There are at least 3 very well known game crackers who got hired to work on a protection for a big company I won’t name, as part of an agreement after they were arrested in the early 2000’s and still do work there. When working on protections they know there will always be someone who can break it, but the goal is to make it so time consuming and have so many hidden things that by the time someone does crack it, it won’t effect sales as much. I believe that it’s important to have someone looking at your code from the other perspective, but it’s more important that those people have ethics, which pirates do not.

    “Another approach is to embed the exploit in a modchip”

    One problem with this is the stigma attached to the word and idea of a modchip. Modchips are pretty much only associated with piracy at this point, so I can’t see any
    reverser that just wants linux associating themselves with producing a chip and possibly charging money to compensate. Money is a huge complication.

    “Enforce a code of ethics within your group via technical measures?”

    Absolutely. For instance, keeping people off of Console gaming services like xbox live with exploited boxes is a big priority for the 360 homebrew scene and the full disabling of live from freeboot is supposed to be coming. Nobody really knows what the companies do or don’t want the box to be capable of if it is hacked, I’m sure that if they approached the homebrew scene and had discussions about what they would be ok with, even unofficially, then compromise could be made, but keeping the consoles offline is one thing that’s definitely better for all sides.

    Comment by s88 — July 24, 2010 @ 5:50 pm

    • Thanks for the detailed reply. I hope more hackers will learn from the experiences of this Wii team. I think both vendors and the hackers can reach an equilibrium some day.

      Comment by Nate Lawson — July 26, 2010 @ 10:27 am

    • Keeping the xbox360 homebrew community off xbox live isn’t too hard since MS does this anyway. While connected to xbox live small signed code packets are executed on the xbox which can detect a hacked system. Once detected your xbox will be added to a list of consoles to be banned in the near future.

      Comment by xorloser — July 26, 2010 @ 6:34 pm

      • I assume the homebrew authors include an option to prevent going on Xbox Live with the patch installed? Or is it semi-permanent?

        The reason I ask is that it seems that cheaters wouldn’t care much since they want to go online, but homebrew users wouldn’t want to accidentally revoke access to their commercial games.

        Comment by Nate Lawson — July 27, 2010 @ 10:37 am

  6. This is true, they do send the encrypted code while signed in, but apparently the banning time can take anywhere from 5 hours to “the near future”, and when they do get banned, these people just buy new keyvaults and are back on cheating on games, especially mw2.

    I think the equilibrium is the cat and mouse game and always will be, and honestly, isn’t that more fun sometimes?

    Comment by s88 — July 26, 2010 @ 10:18 pm

    • Sure banning is far from instant, however getting a replacement keyvault isn’t such an easy thing. The console certificate in a keyvault is signed so keyvaults can only come from an existing xbox360. This means that someone has to have exploited, dumped and decrypted the keyvault from another xbox360 in order to “sell” it. So I would assume the only keyvaults for sale are from xboxes which have died, rendering the keyvault useless to the original xbox owner.

      cheating in multiplayer games can ruin it for all players, however the more widespread cheating tends to be from exploits in a games design. other methods include altering files on a disc image (only requires a drive mod which is way more prevalant that a jtag exploited xbox) and network packet alteration which can be intelligent based on the packets themselves or dumb using a “lag switch”.

      Comment by xorloser — July 27, 2010 @ 12:07 am

    • This is similar to the satellite TV industry about 10 years ago. The provider would ship code updates in the channel data and hash for modded smart cards. This can be an effective strategy, especially when you have a backchannel like Xbox Live has.

      Comment by Nate Lawson — July 27, 2010 @ 10:40 am

  7. I believe lag switches are detectable, halo 3 was detecting that when I used to play. Yes it would be difficult for people to get a new keyvault if irc chans didn’t exist where people sell them, but unfortunately it really only takes 5 minutes for someone to get a new one from a seller, and the sellers have tons.

    Either way, once a box is hacked it pretty much opens up everything and it’s hard to control what people can or can’t do, and in the 360’s case, the drive protection has been broken for years due to the replay attack on the c/r, which is ridiculous. The new protection seems like it might do the job, but I think it’s only for the new trinity hardware.

    Comment by s88 — July 27, 2010 @ 9:56 am


RSS feed for comments on this post.

Blog at WordPress.com.