Sony Goes After Alleged PS3 Hackers, Wants Them To Hush Up

Hackers have apparently shredded the security innards that stop people from messing with PlayStation 3 firmware, so Sony is wielding its legal katana.

Under the Digital Millennium Copyright Act, which prohibits people from busting digital rights management features, Sony is calling for a temporary restraining order against distributing “circumvention devices,” as well as calling for the impounding of any storage places on which the accused hackers store information others can use to open up PS3s to piracy.

The hackers Sony is targeting allegedly formulated measures that allowed people to run software of their own choosing on PS3s, including pirated and unlicensed games.

[Kotaku]
Sony goes to court to get PS3 key crackers to shut up already [Ars Technica]

Comments

Edit Your Comment

  1. Robofish says:

    They also went after GeoHot since he has a paypal donation thing on his site claiming he gets monetary gain from hacking. I’m fine with the hacking for homebrew, but it’s when the piracy comes in that that it bothers me.

    • goodpete says:

      GeoHot is a major opponent of piracy. The problem is that the restrictions that keep homebrew out are the same restrictions that stop piracy. Sony used to deal with this issue by offering a platform for custom code via their “OtherOS” feature. That way, people could do homebrew without having to circumvent the anti-piracy features.

      Sadly, the OtherOS feature was removed from recent firmware updates, so that left homebrewers with no other option than to break the anti-piracy features to run their code. As the fail-overflow people noted in their presentation, Sony’s trusted-execution system went much longer than any other console without getting circumvented.

      However, if you start the clock from when the OtherOS feature was removed, the time taken to break the system falls in line with most other consoles. Which would seem to indicate that this sort of console hacking isn’t the result of people wanting to pirate games (if it were, then the system would have been cracked years ago), it was simply the result of people wanting to run their own code.

      • RvLeshrac says:

        This. And I wonder if Sony’s shareholders know just how little they actually did to secure the PS3? If not, they will shortly.

        • Eviile says:

          Spoken exactly like someone who doesn’t have a clue what they’re talking about.

        • Cosmo_Kramer says:

          I understand there were vulnerabilities, but how can you say they did little to secure it when no one was able to hack it for four years? That’s nearly the length of a regular console generation.

        • Cosmo_Kramer says:

          How little? There was a vulnerability, but considering that it took 4 years to find and exploit it I wouldn’t say they did little to prevent it.

      • Robofish says:

        I’m well aware of GeoHot and what he’s done for the tech world. ( iPhone users rejoice! ) I just hate that when you homebrew something it totally opens it up for piracy. Such is life.

      • Eviile says:

        You’re sort of right.

        Install other OS allowed someone to install another OS (linux, usually) not run ‘home-brew’. That feature allowed you to turn your PS3 into a computer, not run it as a game console (given the only poor choices for drive partitioning, I’d argue that strongly). This functionally isn’t much different than installing linux on a laptop.

        Sony took out the ‘install other OS’ feature because of GeoHot. In short, he was juicing some traces off of the memory bus to keep memory addresses open that shouldn’t. The only way to do that hardware exploit is with the help of ‘install other os’. What GeoHot was able to do was shut down hypervisor, which is what kept ps3 hacking in the stone age.

        If you change the first sentence in your last paragraph to read as what actually happened, the rest of the paragraph is baseless.

        Quite simply, no one had the ability (the knowledge, actually) to crack the system until shortly before Other OS was removed. That isn’t evidence of the intent of anyone.

  2. Zowzers says:

    Too late. They have obtained Sony’s private key. Game over. The only thing Sony can do to stop this is to issue all new hardware to PS3 owners.

    I do like their request to “impounding of any storage places on which the accused hackers store information others can use to open up PS3s to piracy.” So they want to impound the whole internet then?

    • Cheap Sniveler: Sponsored by JustAnswer.comâ„¢ says:

      “So they want to impound the whole internet then?”

      Nice.

    • Eviile says:

      I accidentally the internet. Yup, the whole thing.

    • kujospam says:

      There are plenty of things they can do to fix this. It just depends on what lengths the hackers want to go. Sony can use a new key going forward that all new programs require. So sure you can use all the whole junk just fine, but then you do a self imposed ban on yourself. Also, you can be locked out of PSN pretty easily which a lot of people care about. At least if you care about multiplayer games.

      • Trel says:

        Actually not at all.

        Sure they can use a new key that all new programs require. However, that’s useless. Unless they want to make EVERY legitimate game cease to function, the old one has to be accepted as well.

        That being the case, anything signed with the old one will work just as well.

        So no. Once this was obtained, it was game over for Sony.
        They can’t even lock someone out of PSN for it, because how do they plan to detect it if it’s signed with a legitimate key?

  3. Cheap Sniveler: Sponsored by JustAnswer.comâ„¢ says:

    Son’ys been playing this game- and losing – on the PSP, releasing new firmware “upgrades” to thwart hackers who just want to write their own software. Losing, that is, until they went after a few makers of obscure hardware that allow the PSP to be hacked.

    And now, a word to hardware makers: If you insist on locking down your hardware, someone will always take that as a challenge. And your engineers are no match for the Hive Mind of the internet.

    (I’ve never met a DVD I couldn’t backup, BTW)

    • MaxH42 thinks RecordStoreToughGuy got a raw deal says:

      Well, there’s always the analog hole; if you can view it, you can record it.

      (I also just like saying “analog hole”.)

      • sparkypinball says:

        …and this is why all the studios are pushing for 3-D in theaters. That way, They guy with the camera in the theater can’t put a video up on the internet.

    • LandruBek says:

      I agree, and there’s a corollary: notice that the PS3 went unhacked for a long period of time, compared with other consoles like Xbox and Wii — but as soon as the OtherOS capability was scuttled, it was hacked pretty quickly. The more you tighten your grip, Sony, the more console systems will slip through your fingers.

  4. RubiksDude says:

    This isn’t any different from jailbreaking iphones, and that was made legal. Wah wah, Sony. Shouldn’t have taken the ‘Install other OS’ away.

    • Cheap Sniveler: Sponsored by JustAnswer.comâ„¢ says:

      Yep. PSP or PS3: That new machine from sony isn’t better, just more user – unfriendly. They also crippled the PS3 by removing the hardware that made it nearly 100% backward compatible with PS1 and PS2 software. That was one of their biggest selling points for PS3, and they threw it out after the 60gb model to save a few bucks.

      • Eviile says:

        Lets see… Make PS3 for $700 in parts, sell for $400. Wonder why they wanted to cut costs.

        That was a big selling point @ launch, where there were only a handful of games for the PS3. Now, it’s a near useless feature.

      • TheGreySpectre says:

        Not really, yes it was a selling point for some people, but it raised the price a fair amount taking away buying motivation for a lot of other people. Notice how the PS3 didn’t really take off all that much when they were $500. Also, everyone I know who was excited for the backwards compatibility already has a PS2, hence they can already play their ps2 games. The people who don’t have PS2s generally don’t have PS2 games and hence don’t really care about the ability to play them.

  5. mkuch90 says:

    Jail-breaking was recently ruled to be a legal practice. The case Sony makes relies on the DMCA anti-circumvention rules for copyrighted works which were recently ruled to exclude jail-breaking.

  6. JoeDawson says:

    Pandora’s box has been opened. The Streisand effect… Cant impound the whole internet!

  7. Loias supports harsher punishments against corporations says:

    I 100% understand wanting to control online multiplayer content to ensure hackers do not gain an advantage against other players and diminishing the game experience for the general populace.

    But, I just don’t understand all company’s vehement attempts to prevent hardware modifications. It generally is futile, and if they just opened and said “You bought it, do what you want with it” they would be considered a more desirable brand. It makes them look good, and makes people want their product more.

    • Marlin says:

      I agree, some what. But sony lost a lot of money selling the hardware and needs software sales to make it up.
      With this break anybody can copy a game and sony loses big.

      • rambo76098 says:

        Simple fix: Raise the upfront cost, lower the game cost. If they can’t succeed with their current pricing, they are free to change it.

        • Fafaflunkie Plays His World's Smallest Violin For You says:

          If there weren’t competition, you may be on to something. Except there (thankfully) is competition in the gaming world. Let’s say Sony employed your idea. Want to bet Nintendo and Microsoft would do likewise? What will most consumers notice when they’re first confronted with gaming platforms? If you said “price,” you win one internet. In other words, Sony would be back at square one with the PS3 — offer some awesome piece of equipment, but for a price nearly twice that of the Xbox 360 and almost 3x that of the Wii, with Sony subsidizing the hardware cost to boot! Alas, just as Nintendo will no longer keep hackers out of softmodding the Wii (two words: Smash Stack), Sony will be SOL in keeping hackers from running unsigned code on the PS3. That’s what you get for removing the “OtherOS” option.

  8. coren says:

    It was probably a bad idea to include the information needed to hack the psp on the ps3, eh? I’m not up to speed on this entirely, but from what i remember, the information they obtained that makes homebrew on the ps3 possible was also unnecessary to have on the physical ps3 but that might have been misexplained (or I might be misremembering)

    • Zowzers says:

      The issue was with their random number generator used in creating the public keys… it wasn’t really random, but rather used a single number as the seed. so all you need to do is look at the public key form a few PS3′s and you can use relatively simple math to back track to the Private key that was used to make em.

      And once you have the private key, the game is over. The PS3 will have no way of differentiating a firmware update between Sony and a 3rd party.

  9. tborodarc says:

    I believe the reason for this is that manufacturers don’t really make money on consoles. It’s the accessories and games that are profitable. So when someone figures out a way to play a pirated (copied) game and starts spreading this info, manufacturers – like Sony here – have to react to protect money invested in R&D + manufacturing of consoles. An inevitable decline in game sales would hurt…

  10. VashTS says:

    Been waiting a year for Call Duty: Modern Warfare 2. Been afraid because I hate DLC; always feel they’re making me buy half a game, and was hoping for GOTY edition. Maybe I should stop being afraid. Oh thanks you smart people who despise corporate and government agenda’s thank you.

  11. Invader Zim says:

    Sony goes after alleged PS3 hackers, Want them to shut up. In the process creates headlines that inform the world that it can be done, and is. brilliant!

    • DerangedKitsune says:

      Same thing happened back in the 90s with Metallic and Napster.

      Before the lawsuit, P2P was much more of a geek or niche thing; once the lawsuit gained publicity, the general public suddenly realized “Hey! I can get free music from this?! Rock!” and, well, we know the rest of that story.

  12. rbb says:

    Just host the hacker’s documents on wikileaks and let Sony do what the US government can’t – take down assange…

  13. MeowMaximus says:

    Attempting to use legal remedies to stop hackers is like trying to use a colander to stop the tide. Good luck with that.

    While I agree that hacking for the purpose of piracy is wrong, hacking that frees you to use YOUR hardware to in the way that YOU want to I support fully.

  14. horns says:

    Hacking hardware that is not yours is illegal, if you own it you can modify it. However, this doesn’t mean piracy necessarily. Some people want home theater centers, Linux, better Internet apps, not to pirate games.

    • AnthonyC says:

      “Hacking hardware that is not yours is illegal, if you own it you can modify it.”
      This is not always true. The DMCA makes it illegal to circumvent most DRM measures, regardless of whether there is any intent of copyright infringement, and regardless of whether such infringement occurs.

  15. tz says:

    Their “random number generator” always returns the same value, and the math of the crypto allows you to recover the supersecret key if you can obtain two encrypted values with the same “random number”. Epic fail. With just the above you can figure the rest out.

    Also, they are in Europe that has different laws. And we have freedom of speech – the press, so it is not unlike when a DVD key was found (or worse, it was found that the crypto was so weak you could crack it in a fraction of a second on a netbook).

    But many people bought the PS3 to run linux. They sold it as a feature. They then had an update that disabled Linux – but you need the update to continue playing some online games, so it is defective either way. They should have offered refunds if they were going to break it that badly. They didn’t. So I have no sympathy. There should be a class action suit so anyone who bought a PS3 before they disabled Linux should get a full refund.

  16. masterage says:

    The legal document heavily implies that Geoh0t himself is distributing pirated games and making a profit on them. Amongst being pure evil. (blatant lies, lol)

    Sony probably will have a legal leg to stand on once the judge is factored in; they’ll likely get the injunction before any reasonable defense is made.

    • masterage says:

      oh, and actually a followup: Turns out the documents are trying to stop the group from releasing legal programs that do not contain sony code or the key in addition to everything else.

      So they release the tools anyway. At this point, the tools have been cloned far enough that removal is now impossible, and mirrors on every download service in existence.

  17. WickedCrispy says:

    You mean… the evil hackers made it so you could run your own software on your PS3… again?

  18. WickedCrispy says:

    “But many people bought the PS3 to run linux. They sold it as a feature. They then had an update that disabled Linux – but you need the update to continue playing some online games, so it is defective either way. They should have offered refunds if they were going to break it that badly. They didn’t. So I have no sympathy. There should be a class action suit so anyone who bought a PS3 before they disabled Linux should get a full refund.”

    Well friggin said, mate!

  19. WickedCrispy says:

    P.S. I bought the hardware. I don’t rent it. I can do whatever I like with my PS3. Even if this includes letting it collect dust while holding down my entertainment center… which is what it does wonderfully well.

  20. Bby says:

    I may be wrong on this, but when you fire up those consoles don’t you have to agree to their terms and conditions of use? Wouldn’t that include not hacking it?

    • Fafaflunkie Plays His World's Smallest Violin For You says:

      You’re right. The question you must now ask is “is that enforceable?” For instance, I can bury in 5000+ lines of legalese in a EULA words to the effect of “we now lay claim to your children.” Does that mean I can come grab your child/ren? “Well, you clicked ‘I Agree’ didn’t you?”

    • PossibleCabbage says:

      The Specific line in Sony’s EULA that describes the penalty for hacking, running your own code, etc. is “Without limiting the scope of SCE’s remedies, any violation of these restrictions will void the PS3â„¢ system’s warranty”. So what they’re saying is that if you break the EULA they’ll void your warranty and do whatever else they’re allowed to do to you. But if you hack the console in a way that is entirely legal, all you’ve effectively done is voided your warranty. Or at least, I’m assuming that SCE doesn’t have any remedies that are available to them if I alter a piece of my own property in a legal fashion.

  21. golddog says:

    Oh Sony, so cranky, so determined to shoot yourself in the foot. Nobody gave a crap about cracking your private key and homebrew until you removed Other OS and BC (but mostly Other OS). You had a loyal user base that almost universally acknowledged that kicking in the front door of the PS3 and opening it up to piracy would be a bad thing. Then you got all bitchy about it…

    To provide an analogy, George and Failoverflow didn’t demolish a building, they just constructed a bulldozer. If someone else finds the (pretty complicated) bulldozer, makes petrol for it, figures out how to start it and flattens a small town, it’s not their fault.

    They were simply looking to restore the functionality they originally purchased and back up disc based games to HDD. Someone else may build on their techniques to do something else, but that’s on them. Sony should have built a more secure console.

    • Eviile says:

      Remove OS was done AFTER the PS3 was hacked by GeoHot.

      Are you daft enough to believe that backing up a game to the hard drive doesn’t allow piracy?

      • golddog says:

        Oh I know Sony took Other OS *after* Geohot released his exploit. I was referring specifically to cracking the PS3′s private key.

        His first exploits didn’t really allow you to do much…couple of simple code executions via the hypervisor via Linux. His original stated goal was to allow 3rd party development and unsigned code execution. He explicitly stated that his work was not intended to promote piracy – I liken it to Activision cracking the Atari 2600 as an unlicensed 3rd party developer w/”unsigned” code. Atari lost that case. I was just thinking that had Sony not removed Other OS, Geohot’s development would not have gone down the road it did, with cracking the private key and all.

        And I was deadpanning a bit in my OP. Of course disc backup is opening the floodgate. But suing these guys is barking up the wrong tree. First, there’s other people selling USB mod chips that already do this and give you Other OS back and allow custom firmware. You could make the argument that this is a circumvention device but I’m not sure they’re based on his work, and jailbreaking (which I’m more inclined to classify this as) has been determined to be legal per the iphone case. Second, the PS3 is basically a computer. How insane would Intel sound if they tried to do what Sony does, to your PC?

        • Eviile says:

          GeoHot’s intentions are completely immaterial. Without GeoHot’s exploits that “didn’t really allow you to do much”, the root key would have never been retrieved. Years of effort were put it to retrieve it, and even on a much more hacked platform (PSP), the root key had not been obtained. This singular event is the cause of this tidal wave.

          You argue that the private key wouldn’t have been hacked had the “Other OS” option not been removed. This is only a reasonable argument if you have evidence to suggest that there is a plausibility of running unsigned code without the hacking of the root key. Considering years worth of attempts at doing just that w/o the root key were unsuccessful, I would surmise that the root key was the path of least resistance.

          Going after GeoHot et al may not be fruitful, but they are barking up the right tree. These are the people who have and will cause damages to Sony.

  22. Eviile says:

    It appears as though there is a bit of confusion as to the chronology of events.

    Sometime before January, GeoHot ‘Hacked’ the PS3, using an exploit that required the ‘install other os’ functionality. This exploit was a fundamental step to developing other ‘hacks’. Without what he had done in January, the PS3 would not be hacked today. http://kotaku.com/5457741/jailbreak-hacker-releases-his-ps3-exploit-to-the-public

    Other OS being removed was announced March 28th. That’s 2 months later. http://blog.us.playstation.com/2010/03/28/ps3-firmware-v3-21-update/

  23. MacMasterShane says:

    You know, i really wish a company would take this as a bit more of an opportunity than a bane.

    Look, your system’s going to get hacked one day. period. Sony arguably had the best anti hacking stratagey of them all when they had the load other os option around… ease. Hackers aren’t usually hacking things because it’s easy, it’s because it can be difficult and someone wants to climb the hill first.

    now, if sony instead of panicking and going all lawsuit happy, just went and released a Dev Kit to the public for free, think of how much innovation would be spurred by easing the development on something which is now for all intensive purposes, open? Expand! let these people publish to your app store, follow a percentage based model ala apple and approvals. Let the PS3 become the “it does everything” machine it can be.

  24. Cetan says:

    AACS encryption key all over again!

    09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 !

  25. Mole90 says:

    Whatever…. I just wish they would stop forcing you to launch firmware updates that freezes your Blu-ray player to the 98% of us who do not use hacks. I’m on my 3rd PS3 due to my blu-ray player freezing up on the two prior. Coincidently right after I was forced to update my firmware. Sony refuses to admit responsibility.

  26. SkyHawk says:

    If any of you saw it, there was an interview on G4′s Attack of the Show. In which George Hotz said himself that you can’t pirate PS3 games with it. Just run unsigned code (i.e. homebrew). That’s it. So all Sony is suing him for is the fact that he pissed them off.

  27. Duckula22 says:

    I accidentally bought a hammer with DRM, if it’s not “****insert brand here***” nails the head turns automatically into thes bubble gummy material. What can I do?

    Actually not, of course, but if when I buy a hammer I own the hammer. Why can’t I not own a PS3 unit when I buy the PS3 unit? I’m OK with licensing software, hardware on the other hand… hmmm, you own it if you pay for it. Besides when I go to a retail chain and buy a PS3 unit I am not agreeing to anything, no EULA, nothing. I give you my moeny, you give me a PS3 unit. End of the story.

    I am glad the PS3 got hacked, because now that it’s possible to actually own it fully, I may buy one finally.