Slashdot Mirror

← Back to Stories (view on slashdot.org)

Why Sony Cannot Stop PS3 Pirates

Posted by Soulskill on from the of-pots-and-kettles dept.

Sam writes "A former Ubisoft exec believes that Sony will not be able to combat piracy on the PlayStation 3, which was recently hacked. Martin Walfisz, former CEO of Ubisoft subsidiary Ubisoft Massive, was a key player in developing Ubisoft's new DRM technologies. Since playing pirated games doesn't require a modchip, his argument is that Sony won't be able to easily detect hacked consoles. Sony's only possible solution is to revise the PS3 hardware itself, which would be a very costly process. Changing the hardware could possibly work for new console sales, though there would be the problem of backwards compatibility with the already-released games. Furthermore, current users would still be able to run pirated copies on current hardware." An anonymous reader adds commentary from PS3 hacker Mathieu Hervais about Sony's legal posturing.

7 of 378 comments (clear)

  1. Evil commenting on evil by RogueyWon · · Score: 5, Interesting

    I must say, it does feel like having an Ubisoft exec comment on the chances of Sony being successful in combating piracy feels a bit like having Sauron publish an article on Voldemort's chances of taking over the world.

    He's probably right, of course. A software-only hack is very bad news indeed for Sony. It's worse news than such a hack would be for Microsoft. Why? As TFA notes, Sony probably will be able to catch and ban people with custom firmware who connect to the Playstation Network, just as MS can with users on Xbox Live. However, as an owner of both consoles (who has no strong overall preference for either), I can fairly confidently say that Xbox Live is a much more central part of the whole "360 experience" than the PSN is to the PS3. It's not that Sony haven't put a lot of time and effort into improving the PSN - it is certainly far better than it used to be - but it still feels like something that sits off to the side a bit from the PS3's main functionality, while a 360 without Xbox Live feels fundamentally incomplete.

    As for a new PS3 hardware iteration to solve this - I just don't see how, short of sending some kind of self-destruct signal to every existing PS3 out there (and I don't think even Sony would go that far) they could plausibly make that one work.

    If Sony has one sliver of hope left, it's that the extremely large size of many of the big-name PS3 games (and hence the time and bandwidth needed to download them), combined with the relatively high price of writable blu-ray media, will still act as something of a deterrent. Of course, lots of big-name cross-platform releases like the Call of Duty games are basically identical to the 360 versions and could probably fit on a DVD.

    1. Re:Evil commenting on evil by kyz · · Score: 3, Interesting

      allow the old key for a whitelist of known past titles

      Depending on how the whitelist was done, couldn't a softmodder just have his code say, "oh, yeah, I'm [some whitelisted game]. So use the old key for me"?

      No. The signature verification stars by SHA-1 hash of the executable itself. This is what is "signed".

      The whitelist would be a list of SHA-1 hashes.

      SHA-1 is still secure, in that it's not possible in any reasonable time to work out which few bytes you would add to the end of your homebrew that would transform your homebrew's SHA-1 hash into one of the hashes on the list.

      all Sony need to do is to pull their database...

      That assumes that such a database exists, which isn't necessarily true. And if Sony is sending that data over the Internet, it's just a matter of poking around the updating code and listening to the netwiork traffic, and then the hackers could have Sony kindly supply them with the factory key of any system they have an identifyer for.

      Not quite. This is what's called a collusion attack, and we don't know if it's possible with the encryption algorithm Sony used, because we don't know what algorithm they used (yet) - we haven't seen bootldr.

      It would be nice to have a plaintext of metldr, but we don't have that - only George Hotz does, and even then I suspect he only has some of it, not all of it.

      If Sony pre-encrypt all metldrs handed out, and all console-specific keys were random (i.e. not generated based on the serial number), there's no way to map serial number to console-specific key without Sony's database (presuming it exists).

      If we can't work out the encryption used on metldr, and we can't get a plaintext of the updated metldr Sony hands out, then we can't reverse their encryption mechanism and therefore work out the console-specific key for any given console.

      So, our only hope is to find out where the console specific key is stored, and to become able to extract it in future. Once we have that, we can encrypt our own metldr, which is easily accessible on the flash chip.

      Furthermore, if we try and work out the encryption based on large numbers of requests to Sony's update servers, they potentially could detect us and start serving us phony updates, which would scupper our attempts (and would also entirely brick a PS3 if they mistook a genuine PS3 updating)

      --
      Does my bum look big in this?
    2. Re:Evil commenting on evil by hjf · · Score: 5, Interesting

      Greetings from Latin America!

      Down here, most of the piracy is in the form of someone selling a pirated DVD right on the street. Maybe simply because $80 is not a reasonable price for a game (BTW, the PS3 costs $800 here, instead of the US $200). We're also not allowed to join XBOX Live or PSN even if we pay for it. You have to lie and sign up as someone from US. For XBOX live, you have to pay using a xbox live prepaid card - they won't take your Visa because it was issued outside the US/EU/ETC.

      And before you say anything, keep this in mind: Movie tickets cost $3 here and the release date is usually 1 day before US (premieres here are thursdays). So if Hollywood can lower their prices to match what the market can pay for, then why can't the video game industry do the same? BTW, PC games are much cheaper than console games, at about half the price. They're expensive, but still more reasonable than console games.

      The whole piracy thing is a fuckup from Sony, Microsoft, Nintendo, etc. who keep insisting that "developing countries" like the ones from latin america are too poor to afford their systems, except for the rich people, so they keep their prices really high - assuming that only rich people, who can afford them, will buy them. Well, this isn't true. Most people buy grey-market import consoles which cost half the price and come already chipped.

      So considering all this, will you tell me why sould I care about getting a $800 console (almost 2 months salary), pay $100 for a game, and be told by sony/MS "we don't allow your kind here, get the fuck out" on PSN/Live. For me, piracy is a form of boycotting sony, for treating me like a second-class citizen.

      Keep all of that in mind before thinking people who pirate games are just "cheap".

  2. eFUSE by Anonymous Coward · · Score: 5, Interesting

    Sony's only possible solution is to revise the PS3 hardware itself, which would be a very costly process.

    Maybe. Cell has IBM's eFUSE system. It may be possible for Sony to issue a system update which changes the behaviour of all existing PS3s in some way to detect pirated games.

  3. Why stop pirates? by Bert64 · · Score: 3, Interesting

    Platforms like the PC, Amiga, C64 and others thrived because of piracy... People (mostly kids) would trade games with their friends and keep copies, most of the people i knew bought as many games as they could afford and then pirated others. Without piracy, those people would just have had less games, they simply didn't have the money to buy more. I still have a stack of original games from publishers who i would never have heard about had i not pirated their games from friends.

    All DRM schemes, including those on consoles do is hurt legitimate consumers...

    Lost/damaged media (especially when kids are involved)
    Inconvenience of having to have the media instead of playing a game from HD
    False positives from DRM schemes preventing paying customers from playing

    Actual organised pirates don't care about any of this, they actually have a superior product for a cheaper price..

    So what they should do is tollerate casual piracy (eg kids sharing games with friends), stop wasting their time/money/public image on implementing draconian drm schemes and ensure that legitimate customers actually get a better product than the pirates do.

    --
    http://spamdecoy.net - free throwaway anonymous email - avoid spam!
  4. Re:Lots of things they can do to stop pirates by CronoCloud · · Score: 4, Interesting

    causing games to bug out midway through if they fail checks

    They've done that before:

    http://www.webcitation.org/5vN0X2AgG

  5. Re:Piracy..? by geschild · · Score: 5, Interesting

    I'm not really interested in fairness and 'politcal correctness' towards Sony anymore. As far as I'm concerned Sony 'altered the deal' and is muttering that we should pray it alters it no further.

    Unfortunately for Sony, as soon as you change one end of the bargain unilaterally, I feel no obligation to uphold any the deal from my end and so I feel no obligation towards Sony. None. Whatsoever.

    (The fact that buying a PS3 was my first Sony purchase after the DRM fiasco and making me feel like a sucker now for slowly starting to trust them again has nothing to do with it. No. Really. ;p )

    --
    Karma? What's that again?