Homebrew GameCube Coding Tools Released

EGSonikku writes "Costis has released his PSOLoad (for Win32) tool, which takes advantage of an exploit in the GameCube game Phantasy Star Online to upload and run code on a totally unmodified GameCube. A demo is included, and you can build your own GameCube binaries using Torlus' GCC build." Although it still has the potential for misuse, this could have more positive ramifications than trying to copy existing games.

Implications on computer security?

[bobthemonkey13]

This certainly seems to be the trend for defeating conole protection systems in software -- unless all code that has been signed is 100% secure from local attacks (ha!), you can simply insert code into a signed program and take control. It seems like this might be a weak point in new computer security systems like Microsoft's Palladium (in fact, it's been rumored that the Xbox's protection system is a testing version of Palladium, and that's been completely broken this way). If Palladium is being used for DRM for example, then a bug in Windows Media Player might let a user slip in code to save the decoded audio stream, thereby defeating the DRM. But it could also be used by malicious programs to defeat security measures imposed on behalf of the user (indeed, as buffer overflows are used now). I guess it comes down to this question: How will systems like Palladium guard against security holes in signed programs that could compromise the whole security model?

The truth about this exploit

[Myria]

The reality is that this is not exploiting a bug - it's exploiting a back door. In the Dreamcast PSO Version 2, Sega added a packet command named RcvProgramPatch. (The game had debug symbols.) This packet was added to make cheating more difficult and fix bugs. Basically, the server can send assembly code to the client to execute. But back doors work both ways. The GC version and Xbox version have the same packet, and this is the result.

Sonic Team did encrypt the packets, as most online games do. In fact, it is with a custom algorithm that is different from the already-cracked Dreamcast encryption. This system should have been secure: Gamecube disks are basically unreadable, and you need to read the disk in order to break the encryption!

However, Sonic Team made a fatal mistake. They used the same encryption in the Xbox version. Those disks are readable. Hackers found out, and used the Xbox encryption algorithm to break the Gamecube encryption.

It's believed that the GC ISO copies were made using this PSO exploit, as well as the N64 ROM of Zelda Master Quest, which in fact was dumped off the Zelda bonus disk using PSO.

I'm really wondering what Nintendo and Microsoft will do about this... Microsoft, for one, has told developers that anyone who puts a back door into a game will lose their developer's license >_<

Melissa ^-^