Why Sony Cannot Stop PS3 Pirates 378
Sam writes "A former Ubisoft exec believes that Sony will not be able to combat piracy on the PlayStation 3, which was recently hacked. Martin Walfisz, former CEO of Ubisoft subsidiary Ubisoft Massive, was a key player in developing Ubisoft's new DRM technologies. Since playing pirated games doesn't require a modchip, his argument is that Sony won't be able to easily detect hacked consoles. Sony's only possible solution is to revise the PS3 hardware itself, which would be a very costly process. Changing the hardware could possibly work for new console sales, though there would be the problem of backwards compatibility with the already-released games. Furthermore, current users would still be able to run pirated copies on current hardware."
An anonymous reader adds commentary from PS3 hacker Mathieu Hervais about Sony's legal posturing.
Evil commenting on evil (Score:5, Interesting)
I must say, it does feel like having an Ubisoft exec comment on the chances of Sony being successful in combating piracy feels a bit like having Sauron publish an article on Voldemort's chances of taking over the world.
He's probably right, of course. A software-only hack is very bad news indeed for Sony. It's worse news than such a hack would be for Microsoft. Why? As TFA notes, Sony probably will be able to catch and ban people with custom firmware who connect to the Playstation Network, just as MS can with users on Xbox Live. However, as an owner of both consoles (who has no strong overall preference for either), I can fairly confidently say that Xbox Live is a much more central part of the whole "360 experience" than the PSN is to the PS3. It's not that Sony haven't put a lot of time and effort into improving the PSN - it is certainly far better than it used to be - but it still feels like something that sits off to the side a bit from the PS3's main functionality, while a 360 without Xbox Live feels fundamentally incomplete.
As for a new PS3 hardware iteration to solve this - I just don't see how, short of sending some kind of self-destruct signal to every existing PS3 out there (and I don't think even Sony would go that far) they could plausibly make that one work.
If Sony has one sliver of hope left, it's that the extremely large size of many of the big-name PS3 games (and hence the time and bandwidth needed to download them), combined with the relatively high price of writable blu-ray media, will still act as something of a deterrent. Of course, lots of big-name cross-platform releases like the Call of Duty games are basically identical to the 360 versions and could probably fit on a DVD.
Re:Evil commenting on evil (Score:3, Interesting)
Yes, true, I hadn't thought of that. Though in that case, hard disk space may well emerge as the alternative constraint.
Still, for a pirate who downloads a couple of games a month, plays through them and then discards them (you almost certainly won't be doing online play on pirated games) this is not going to prove a huge barrier.
eFUSE (Score:5, Interesting)
Sony's only possible solution is to revise the PS3 hardware itself, which would be a very costly process.
Maybe. Cell has IBM's eFUSE [wikipedia.org] system. It may be possible for Sony to issue a system update which changes the behaviour of all existing PS3s in some way to detect pirated games.
Why stop pirates? (Score:4, Interesting)
Platforms like the PC, Amiga, C64 and others thrived because of piracy... People (mostly kids) would trade games with their friends and keep copies, most of the people i knew bought as many games as they could afford and then pirated others. Without piracy, those people would just have had less games, they simply didn't have the money to buy more. I still have a stack of original games from publishers who i would never have heard about had i not pirated their games from friends.
All DRM schemes, including those on consoles do is hurt legitimate consumers...
Lost/damaged media (especially when kids are involved)
Inconvenience of having to have the media instead of playing a game from HD
False positives from DRM schemes preventing paying customers from playing
Actual organised pirates don't care about any of this, they actually have a superior product for a cheaper price..
So what they should do is tollerate casual piracy (eg kids sharing games with friends), stop wasting their time/money/public image on implementing draconian drm schemes and ensure that legitimate customers actually get a better product than the pirates do.
Re:Lots of things they can do to stop pirates (Score:5, Interesting)
causing games to bug out midway through if they fail checks
They've done that before:
http://www.webcitation.org/5vN0X2AgG [webcitation.org]
Re:Evil commenting on evil (Score:4, Interesting)
allow the old key for a whitelist of known past titles
Depending on how the whitelist was done, couldn't a softmodder just have his code say, "oh, yeah, I'm [some whitelisted game]. So use the old key for me"?
No. The signature verification stars by SHA-1 hash of the executable itself. This is what is "signed".
The whitelist would be a list of SHA-1 hashes.
SHA-1 is still secure, in that it's not possible in any reasonable time to work out which few bytes you would add to the end of your homebrew that would transform your homebrew's SHA-1 hash into one of the hashes on the list.
all Sony need to do is to pull their database...
That assumes that such a database exists, which isn't necessarily true. And if Sony is sending that data over the Internet, it's just a matter of poking around the updating code and listening to the netwiork traffic, and then the hackers could have Sony kindly supply them with the factory key of any system they have an identifyer for.
Not quite. This is what's called a collusion attack, and we don't know if it's possible with the encryption algorithm Sony used, because we don't know what algorithm they used (yet) - we haven't seen bootldr.
It would be nice to have a plaintext of metldr, but we don't have that - only George Hotz does, and even then I suspect he only has some of it, not all of it.
If Sony pre-encrypt all metldrs handed out, and all console-specific keys were random (i.e. not generated based on the serial number), there's no way to map serial number to console-specific key without Sony's database (presuming it exists).
If we can't work out the encryption used on metldr, and we can't get a plaintext of the updated metldr Sony hands out, then we can't reverse their encryption mechanism and therefore work out the console-specific key for any given console.
So, our only hope is to find out where the console specific key is stored, and to become able to extract it in future. Once we have that, we can encrypt our own metldr, which is easily accessible on the flash chip.
Furthermore, if we try and work out the encryption based on large numbers of requests to Sony's update servers, they potentially could detect us and start serving us phony updates, which would scupper our attempts (and would also entirely brick a PS3 if they mistook a genuine PS3 updating)
Re:Piracy..? (Score:5, Interesting)
I'm not really interested in fairness and 'politcal correctness' towards Sony anymore. As far as I'm concerned Sony 'altered the deal' and is muttering that we should pray it alters it no further.
Unfortunately for Sony, as soon as you change one end of the bargain unilaterally, I feel no obligation to uphold any the deal from my end and so I feel no obligation towards Sony. None. Whatsoever.
(The fact that buying a PS3 was my first Sony purchase after the DRM fiasco and making me feel like a sucker now for slowly starting to trust them again has nothing to do with it. No. Really. ;p )
Re:Enough with the "Evil" hyperbole (Score:3, Interesting)
This comment reads like you think people dying for no good reason (real war) is less of an issue than the chance you might not be able to mod your PS3 ("war on culture"?). At first I thought I read it wrong so I went through some of your older comments, apparently you believe "copyright is a crime against humanity". And yet, based on previous comments you appear to support the GPL (a copyright license) without pushing for open source to go public domain.
You're redefining evil to suit your agenda just like the *IAA redefines theft to suit theirs.
Re:Evil commenting on evil (Score:5, Interesting)
Greetings from Latin America!
Down here, most of the piracy is in the form of someone selling a pirated DVD right on the street. Maybe simply because $80 is not a reasonable price for a game (BTW, the PS3 costs $800 here, instead of the US $200). We're also not allowed to join XBOX Live or PSN even if we pay for it. You have to lie and sign up as someone from US. For XBOX live, you have to pay using a xbox live prepaid card - they won't take your Visa because it was issued outside the US/EU/ETC.
And before you say anything, keep this in mind: Movie tickets cost $3 here and the release date is usually 1 day before US (premieres here are thursdays). So if Hollywood can lower their prices to match what the market can pay for, then why can't the video game industry do the same? BTW, PC games are much cheaper than console games, at about half the price. They're expensive, but still more reasonable than console games.
The whole piracy thing is a fuckup from Sony, Microsoft, Nintendo, etc. who keep insisting that "developing countries" like the ones from latin america are too poor to afford their systems, except for the rich people, so they keep their prices really high - assuming that only rich people, who can afford them, will buy them. Well, this isn't true. Most people buy grey-market import consoles which cost half the price and come already chipped.
So considering all this, will you tell me why sould I care about getting a $800 console (almost 2 months salary), pay $100 for a game, and be told by sony/MS "we don't allow your kind here, get the fuck out" on PSN/Live. For me, piracy is a form of boycotting sony, for treating me like a second-class citizen.
Keep all of that in mind before thinking people who pirate games are just "cheap".
Re:Evil commenting on evil (Score:2, Interesting)
They can't update metldr because:
1) metldr is encrypted and signed with a per-console key
2) metldr's plaintext also includes per-console private constants
3) metldr is only present in one place in flash and changing it is a huge bricking risk
4) they can't implement a mandatory on-line per-console update procedure because updates need to work offline for new games
5) they don't have the infrastructure to do that anyway
6) there is no way to get the per-console key from a console, even from the metldr level itself
7) they never planned for any of this and probably don't even have a database of the per-console keys anyway
Without being able to update metldr, they're screwed, because metldr is the root of secrecy and trust on the console. Old metldrs must be able to decrypt new firmware. That means all future PS3 firmwares, and, by extension, all future game encryption keys, will be decryptable using the metldr keys, directly or indirectly. Once you can decrypt games and firmware, you can patch anything you want to patch.
Sony has permanently lost the entire population of PS3 consoles to hardware mods, and they have permanently lost all secrecy in present and future games and firmwares.