Amazing work. Hector Martin (@marcan42) is an incredibly talented hacker. I still remember his post for enabling the hardware virtualization of the CPU in his laptop, an Acer Aspire 5930 [1], that had it disabled in the BIOS, and it was not user serviceable (I had a similar laptop, with smaller screen, so his post was useful for me). Also his hacks and comments in a Spanish forum [2] for the PS2, Nintendo consoles, and others were plenty insightful. Then the PS3 hack. And now, getting Linux working in the PS4, even with 3D acceleration (without help, just with few specs found in the web (!!!)). It is mind blowing :-)
> I still remember his post for enabling the hardware virtualization of the CPU in his laptop, an Acer Aspire 5930 [1], that had it disabled in the BIOS
Ha! Wow, I remember this too. I had a similar model (a 5760 I think?) which was my main "work" laptop at the time. I remember running this in the vague hope that it would work knowing full well that I could have a brick on my hands and it did work, flawlessly. Amazing how these things pop up again years down the line.
Everytime console hacking comes up I start to wonder how well a manufacturer would do if their next console was open. Would they see a decrease in legit purchases if the console was open for hacking and exploitation? I would think it would be a lot like the PC game market which as far as I can tell is still thriving today.
So assuming there is no economic impact, what is it that makes us want to lock down consoles (similarly cell phones) when we do not do the same to the personal computer we hold so dearly? It is a fascinating story that I suspect is due to timing and when devices hit markets but curious what others think about this.
They don't do it initially to lock the purchases so much so as to ensure people aren't getting free hardware.
Due to the economics and competition, consoles are almost always sold at a hardware loss early in the generation, and only begin to become profitable at some much later point.
Ergo, if someone buys a console and buys no games, Sony/MS/Nintendo (maybe not the last) loses money.
Exactly. People were making supercomputers and computing clusters with PS3 when it was possible to install Linux on them. It was at least partly because it was cheaper than paying for full-priced hardware.
Wasn't the PS3 originally sold at less than material cost which made this very economical for that kind of use case?
Also means it was in Sony's interest to sell many more games/accessories/licences/however else they make money with the PlayStation ecosystem than consoles.
Interestingly enough, none of the consoles in the most recent generation (PS4 / Xbone / WiiU) were ever sold at a loss leader price. They were all profitable at their release prices (400 / 500 / 300) from the get go.
Source? I seem to recall that the WiiU was sold at a loss from the get-go, but I may be confusing that from around a year later when they cut the price down to $250.
The hardware cost less than the retail price, but they had to recoup development costs. They claimed that the purchase of just one game was enough to make the console purchase profitable.
The WiiU hardware is previous generation class of hardware and nothing it uses would cost the price they sell it for. Same thing for the Wii at the time, it was never sold at loss.
The PS4 hardware became profitable after about 6 months, at launch it was described roughly as a loss that'd be offset by the buyer also getting a PS Plus subscription.
I'm not in the business, but I'm sure that the console makers, since they sell someone else's software, must probably take all measures to protect intellectual property. They must probably be able to demonstrate that to lawyers (and the lawyers for Electronic Arts may probably be of the most convincing type. )
What would make an "Other OS" feature enable piracy? Especially nowadays where the online service component is manufacturer hosted and controlled and we have access to relatively hard TPMs.
Sure, the hypothetical pirater now has access to device drivers and an open OS environment, but why wouldn't something like SecureBoot work to ensure that if you want to connect to the multiplayer / social network then you have to have loaded an unmodified OS as verified by the TPM.
No one said SecureBoot was a terrible idea technically, only that MS (and ARM/Android) were telling half-lies about a strong commitment to customers being able to make another OS choice, if they so choose.
That's the security through obscurity model though. As fail0verflow continually notes in their blogs [1], piracy is the least interesting use case of exploits for them.
Yes, the additional attack surface available when loading a user-controlled OS is helpful in writing exploits. But Sony bungling the PS3's PRNG for code signing would have still been broken even without Other OS.
>That's the security through obscurity model though.
Not quite. "Security through obscurity" refers to obscurity being the only layer of security. PS3 still had encryption and in ideal world, if the software was completely exploit free then it would not be an issue. However, all real software has bugs, which could be exploited. Not making it easy for an attacker to find these bugs is the Security 101.
Do you open file system on your servers for read to everyone? Do you enable guest accounts on your systems?
If you don't you are also practicing "security through obscurity".
>As fail0verflow continually notes in their blogs [1], piracy is the least interesting use case of exploits for them.
A search for e.g. "CFW PS3" will reveal a lot of people who are quite of opposite opinion.
You're being pedantic. Enabling or disabling another OS (while having the ability as the manufacturer to add hardware security mechanisms) is not STO in the same way that a guest account is. And furthermore, if my OS of choice has a security model that's so fragile that I don't trust guest accounts not to escalate then I've probably got larger problems.
Like most of HN, I'm familiar with the definition.
As to the group's feelings, I'll quote them, "On the PS3, we tried releasing the exploits and letting others sort out the community. The result was that, for all practical purposes, the only users were those interested in piracy."https://fail0verflow.com/blog/2015/console-hacking-2015-line...
The PS3 piracy script kiddies you highlight are exactly my point. Peek in on any of those communities and you'll be hard-pressed to find the caliber of technical skill required to engineer actual exploits. Hell, if it's not in (1) click this, (2) copy exactly this text, (3) ... form then you still see people bricking their hardware.
Remove the necessity of an exploit for running the interesting use cases (even an "Hardware will be opened up after 1 year of sales" promise as suggested), and suddenly the actually talented people are doing more interesting things than trying to assault your security model.
So you do keep guest accounts? In this case your security advice is appreciated but, I am afraid, is going to be ignored :)
> Peek in on any of those communities and you'll be hard-pressed to find the caliber of technical skill required to engineer actual exploits.
I am curious: so who, in your opinion, has been making all the CFWs for Xbox, Xbox 360, PS3, PSP, Vita, 3DS etc? Who made modchips, dongles and flashcarts for other systems? Who cracks PC releases? Space aliens? People eager to run Linux inside Call of Duty? People who need to run their website off a 3DS?
Most piracy users are dumb kids but it does not mean all people in the scene are. You only need one person to exploit the system and then the whole world can just copy the method.
>Remove the necessity of an exploit for running the interesting use cases (even an "Hardware will be opened up after 1 year of sales" promise as suggested), and suddenly the actually talented people are doing more interesting things than trying to assault your security model.
Why should anyone believe this? Do you have anything to support this claim? Here is an idea: if you are really running systems with enabled guest accounts as you implied - tell the board where they could be found. I am sure nothing bad is going to happen :)
You might want to drop the sarcastic smilies and "ip or it didn't happen" challenges if you're not trying to troll.
I told you I felt like a properly implemented OS validation/segregation model on custom hardware wasn't analogous to a guest account in terms of STO. You evidently feel differently, but haven't offered your reasoning. I'd be interested to hear it if you disagree that strongly.
As for piracy, the majority of the dongles, modchips, flashcarts, etc I've seen tend to be "take an existing POC exploit, package it up, put a logo and snazzy name on it, and try to make a quick buck off of someone else's work." See: https://m.youtube.com/watch?v=C4lJEOEd-_g&t=1m42s .
That seems like a biased presentation, but statistically speaking I feel like "most of those who can technically originate hacks have better things to do with their time than enable game piracy" is a pretty strong statement. Sure some will focus on that, and kudos to them for pursuing their dream. But if you enable interesting use cases by default then there are that many fewer people trying to break the security system to do something that could have been allowed in the first place.
Admittedly, I could be off base, so I'd be interested in any numbers or links you can offer in terms of piracy-first groups pioneering console hacks.
I repeat again, you misunderstand the whole concept of STO. Limiting the ways the system could be attacked is not STO but the mainstream approach to security. Neither disabling guest accounts on a private system nor disabling guest OS on a game console is STO by any definition. It's a sane approach to securing system and Sony was stupid enabling the guest OS in the first place. They seem to have learned their lesson, PS4 does not come with one any more (and the man behind the whole idea of turning the Playstation into a general purpose computer had been removed from the power).
As for piracy, I don't get your point. While I agree that most pirates do not discover exploits themselves, somebody had to do it first. You cannot copy something that does not exists. And, seeing how most CFWs do not run Linux, I ask again, who in your opinion developed the original exploits? I get it that most people copy them. Who wrote the original ones?
>That seems like a biased presentation, but statistically speaking I feel like "most of those who can technically originate hacks have better things to do with their time than enable game piracy" is a pretty strong statement.
I agree that most people capable of cracking a game console do not care about it in the first place. However, most people in console scene only care about piracy. Take a look on http://psx-scene.com/ for example. See many Linux enthusiasts swapping tips on configuring their distros? People do not spend years cracking consoles because they desperately need to run Linux but have no hardware available.
I just wanted to emphasize that the console maker, somehow, has to to demonstrate it takes appropriate measures to protect intellectual property. If the lawyers of the game publisher can prove that they are legally forced to use all measures technically available, then they will comply.
The fact that there exists other, less or more secure, operating system is not a question here. It's just the relationship between, say, EA FIFA 17 legal team and Microsoft game distribution team.
I'd buy a console if one of the companies makes a commitment to open it up after X amount of sales. They can keep that number as high as they want, but I'm sure lots of folks would be interested in such a promise.
Looking at piratebay, there are 1000+ seeders on most of the recent AAA PC titles. Who knows if those people would actually shell out 60$ for a game, but it still is a real issue the PC gaming market faces.
With current generation consoles, piracy has so far been impossible. Perhaps in the future this won't be the case, but currently every purchase is legit. I can't see any scenario where going from 0 piracy to who knows how much piracy would be rational
its perfectly rational if it increases sales, there are indications this is the case with PC piracy, especially with titles that would otherwise lack exposure.
Its also rational if it allows them to move away from custom designs entirely, and save a truckload of money, more than they lose to the nebulous spectre of "piracy".
But the parent post references AAA games. In reality "piracy is organic advertisement" is a tired excuse. Large titles are already spending spending large portions of their budgets on advertising (sometimes more than their development budgets!), and small titles get shafted by petty piracy all the time (see mobile gaming, I've known multiple devs whose games show up on pirated APK sites before their main sites on google).
People usually cite narrow cases where an AAA game succeeds in spite of lacking DRM as if piracy helped, or games that didn't spend anything on marketing and get big through marketing, which is an exceedingly rare lottery to win.
No one ever cites games like Crysis 3 which had been pirated more times than it ever sold days before release
Oh come on, people sell (and have sold) in millions of copies through PC gaming history, even though piracy was "rampant".
The major boost in sales was improving the sales process (Steam and similar stores) and dropping prices, not attacking legitimate users with DRM rootkits. People keep repeating this DRM suppor mantra when up until now there STILL hasn't been any good proof that it does any good. If anything, it only damaged sales due to people not buying games that randomly stop working when internet fails.
It seems to do a pretty good job of protecting the game from piracy when it's at its most expensive. Numerous companies now seem to be implementing DRM for launch and then quietly remove it after 3-6 months once it's fallen in price. That leads me to believe that they think piracy is a real issue at launch and not one later when prices fall.
but those pirated copies _would not_ have been sold had there been no piracy. I argue that piracy doesn't decrease sales, just increases the amount of utility that society gets from software.
I hear that all the time and I don't buy it. Denuovo is a DRM being sold on the premise that there are in fact people who will buy a game if it's not cracked at release, and in places dedicated to monitoring games with their DRM plenty of people have admitted they bought games they really wanted.
Piracy will obviously cause some non-zero number of people not to buy games because it turns a games cost from a price, to a suggested donation.
"I'll pay if I like it" isn't the profit model a publisher who puts out a multimillion dollar game wants to support.
Not to mention, paying for something can be a great motivator. It's a lot easier to dismiss a a game saying "I wouldn't have wanted to pay for this" at the slightest flaw when you haven't paid for it.
I'd say that is not true anymore - it used to be pretty hard to buy games before (with retarded regional restrictions and no Steam, etc). So people couldn't be assed to buy a game if they could not find a cracked one.
But today, you can do it with a few clicks, so if someone really wants to play a game because it looks cool/interesting/whatever, I'd say a lot of people will just pay for it if they can't find the crack.
Nevermind a game is quicker to download than install and complete the first level. Games get pirated and then not played. Heck, I got an entire Steam library of unplayed games.
They could sell an open variant for more money (+40% perhaps?) such that potential losses in games revenue are offset. Or the open variant could require an always-on internet connection to play games, as is already the case for some PC games (or Super Mario Run, even).
> They could sell an open variant for more money (+40% perhaps?) such that potential losses in games revenue are offset.
1) Developing a second SKU is expensive.
2) It seems that much of the PS4 hacking has been enabled by the minimal "open" surface provided by simply having a browser available on the PS4. The protections of an "open" SKU would likely be a roadbump.
3) Piracy is not the only problem. Hacking undermines multiplayer competition, the value of leaderboards, achievements, ...
Frankly, the cheapest option to solve all these problems would be to simply bundle an extra PC to make your "open variant". But of the question is: Why would they? What's the profit in it?
Um, that "open SKU" always exists - it's called the developer unit and can run any binaries so as a developer you can run your own game during the process.
They're just locked behind the dev kit licensing costs and NDAs.
As someone who has both the X1 and PS4 devkits on my desk, it's interesting to me that Sony actually goes through the effort and massive cost of developing a separate SKU, where the devkit is a huge machine with extra cooling, more ram, more ports, and then the X1 is exactly the same as a retail unit, just with a different certificate installed on it.
But yes, theoretically, "anyone" can buy a devkit and have access to the full architecture of PS4/X1 is they want to.
I had the same a year or two ago - both sets of kit have similar specs and design principles, so most of the differences were in the tooling and APIs.
At the time, PS4's tooling seemed much more polished/complete/reliable - I only needed to resort to the command line interfaces for integrating with our existing custom tooling, and CI processes, exactly as you'd hope. The APIs were mostly solid, retro, C style APIs - with sane error handling, few edge cases, and no callback hell.
I'm sure the XB1 has caught up somewhat in the tooling department at this point. Also, you may already support D3D11, and get to reuse a lot of code there. Not so much reuse with other WinRT APIs (for Win8/10 apps) although the APIs feel very similar.
> Um, that "open SKU" always exists - it's called the developer unit and can run any binaries so as a developer you can run your own game during the process.
Manmal seemed to be positing some kind of mass access semi-open SKU that didn't completely defeat the purpose of having a closed SKU in the first place. I'd argue that mass access to devkits would defeat the purpose of having a closed SKU in the first place.
I suppose you could argue I should've said "developing a third SKU is expensive", though.
The main issues that drive hacking are 1) running homebrew/reusing hardware and 2) region free games.
Manufacturers who enable both in some form see less hacking done on their consoles. Of course, hacking with piracy as the main goal always gets done, but at a much slower rate.
Also, these days the 'reusing hardware' part is not as important as it used to be. It used to be a big deal to repurpose a cheapo device for some other function because it was the only way to do it for cheap. However, these days everyone has access to very cheap and quite open platforms in both portable (Android cellphones) and home (Raspberry Pi) format.
So the main angle for homebrew functions these days seem to be adding multimedia/internet functionality to devices that have those limited in some way. One example is that everyone wants Kodi on their consoles for ease of use, so much that people resort to plugging ARM HDMI sticks that run Kodi into their XboxONE's hdmi-in port for ease of switching into the media player app.
So, all a producer needs to do to significantly lower the number of people motivated to hack their console is 1) have Kodi installed on it 2) have a decent browser installed on it 3) not needlessly inconvenience people who want to play a game from a different country 4) have some way of running simple homebrew in sandboxed environment.
Not the OP, but I do, in that I think that the piracy concerns do still exist. PS4 piracy is effectively impossible, and that's a very powerful argument for the platform holder to continue locking it down. One that both game developers and other application providers appreciate the control the platform provides; controlled platforms like phones and consoles are the only places that most people ever see YouTube ads, for example.
Another issue people overlook in these comments is quality control. You cannot get a Chinese PS4 knock-off, which would play some games and fail on others. Likewise, every licensed game you buy is, at the very least, verified to run adequately on every PS4 out there. It does not mean every game is going to be fun but even this low bar is impossible to reach on an open platform.
I was not much of a gamer in 1983 but I believe on-line gaming and cheating was not a significant issue at the time. Nintendo first moved to lock its system and take control over the content due to quality concerns.
Yes, because they are locked down for other reasons too, such as the fact that they are sold at a loss, with the assumption they are used for gaming and thus can recoup the loss.
What exactly is it that will distinguish this new open console from a PC? Unless there's a big difference, your platform is going to have the same drawbacks for game developers that a PC has (vastly easier piracy) without the advantages (many people already own one). Similarly users will lose out on the ability to run their normal programs on the same hardware, for the privilege of having access to less games.
The main advantage of developing for consoles is targeting exactly one hardware configuration. I don't think that's lost if the specs for the console are public.
If the PSP is any indication, it would do extremely poorly. Console sales were above 80 million, but any single title struggled to sell significant numbers, and it is widely believed that it was due to piracy(my personal view is that it's 100% piracy - when I was growing up I knew 7-8 people with PSPs and not a single one of them had one genuine game).
> And while I do love my PC for gaming, it definitely feels more and more like an afterthought these past couple of years.
Whenever people complain that the UI for AAA games like, for example, Skyrim, is designed with a controller in mind and not a keyboard & mouse, I just point out that Skyrim sold 10 times more copies for console than it did for PC.
If you want "PC master race" games, you gotta start selling games on that platform. Right now, it's a tiny fraction. (With a few exceptions, like Civilization games.)
I've been feeling better and better about PC gaming these past few years. Most people I know have been making the switch to PC from Consoles. The biggest factor being steam sales (or X company sales)... the sales themselves reduce the risk associated with buying games; especially, triple A titles which tend to be expensive and hit or miss.
Grand Theft Auto for PC at 4K, while requiring a helluva graphics card, blows away consoles. To be honest any game I've played on a PC has been a better experience (with the exception of racing games and some side scrollers which benefit from an input device not being a keyboard or mouse).
You're right, most games available on PC and console are usually better on PC, but I'm talking about Mortal Kombat, Batman Arkham Knight, No Man's Sky, Dark Souls, etc.
Admittedly, on PC, there's probably hundreds of great games for each bad port, but it seems to happen more and more. Maybe I'm conflating it with the rise of botched releases in general.
Lots of games from triple-a studios support DS4 controllers as well. As in switching button prompts and using the light bar. Without the need for DS4Windows or Steams new controller support.
It's true that it might have been due to other issues, but right now, the console industry have a very public, well covered by the press console, that has tried to be open from the start and that failed in a spectacular manner and is now a joke.
OUYA was mismanaged from the outset. Here's a great video that illustrates each mistake they made, point by point, as a supercut of other people's videos. https://www.youtube.com/watch?v=xTqhyHuKVKA
Open consoles aren't doomed just because they're open. OUYA was just a super underpowered system bundled with a crappy homebrewed controller.
They could have made a tiny Android board bundled with a PS4 controller. They could've shipped it in a no-frills box. They could've used some of that Kickstarter money to start a development fund, to help kickstart games on their console.
Instead, you get a crappy controller in a fancy box, and there are basically no interesting games you can play with your new device.
> when we do not do the same to the personal computer
Try installing Windows 7 or Linux on a newer HP laptop with UEFI. Those pricks also encrypt their BIOSes, make them non-downgradeable, and disable features for no real reason (locking RAM speed to 1333 MHz on Sandy Bridge comes to mind).
no need to wondee. The Amiga was a console like computer used mainly for games back in the days and it was completely open and cracked games were everywhere. It sold very well.
It sold ca. 5m. Which was a lot for a non-PC platform at that point, but not enough to prevent Commodore from going bankrupts (admittedly in part thanks to a lot of mismanagement). And while the low end Amigas were used largely for gaming, many were not and the high end models certainly not.
I love Amigas, but they're not exactly a stellar endorsement of that model.
The PS3 was a Cell processor, a new architecture promoted by Sony/IBM .. Toshiba? I think?
PS4s just have a regular old AMD x86/64 chip in them ... plus all that other garbage he described in the talk. With all the hacks it takes to get Linux to even boot, I'm pretty sure it's not worth the cost compared to just buying a real x86/64 PC based server.
This talk is hilarious and amazing. The PS4 hard drive plugs in over USB? The Southbridge is an ARM SoC? All the PCI devices are mapped into a single glue device? WTF?!
So what's more insane, the PS4 or the hacked together manufacture kernels and binary blobs on Android phones?
USB HDD: a cost saving measure: they already have a usb bus, why add sata on as well? we're talking a platform that's going to last for a decade possibly...
arm soc southbridge also not a surprise, xbox one has something similar. enables the console's rest mode to be "smart"
But in the talk he says the BlueRay player is hooked to the SATA bus. There is a SATA bus on there.
I know the xBox one hard drives are removable. Are PS4s the same way? (I haven't owned either; more a PC gamer). Maybe with their device hacks, USB was easier to plug-n-play than SATA?
Funnily enough, I'm a PS4 developer, have two devkits on my desk, and I had no idea about any of those things(they are certainly not mentioned in official documentation). It's just not relevant at all to software development how the hard drive is connected or what sort of south bridge it uses.
It is. And Sony provides us with minimum and maximum available hdd bandwidth. We have to make sure that the game works and is playable at both(the devkits have a special mode to simulate the minimum available bandwidth).
Have you worked on Linux kernels for embedded boards? I have seen shit just as crazy as he's talking about on the PS4 internals. He mentioned USB magically working; same thing happened when I worked for this company that was porting OpenWRT to this ralink/ppc board. The vendors kernel tree didn't even compile, and we spent days looking through their weird USB hacks trying to figure out how to enable power on the damn USB port (we won .. until we tried to rebase against the next kernel version).
Many ARM kernels from Android manufactures are so terribly put together than when they do eventually release the source, they're so full of holes they would never be accepted upstream.
It's the fault of their own business model which cuts cost on consoles (they have to compete against the other ones) only jack the price up later on games and make money there.
On the bright side, the Air Force made a really nice PS3 cluster.
It's reasonable to suppose that the ps3 was an edge case. Current gen consoles didn't cost more per unit to manufacture than they sell for nor if we continue to see x86 machines will the next generations
IIRC, it came to be because Sony and IBM tried to make Cell the next big thing in supercomputing. But the concept proved to be a massive hassle to program.
Sony's main motivation in providing OtherOS functionality was, as always, money. By being able to run alternative OSes PS3 was classified as a computer and not a console for tax purposes, and Sony had to pay less tax because of that. I'm not sure what the actual numbers are tho, so someone else feel free to chime in.
One funny side effect of this was that dev kits for the PS3 were rack mounted 1U (?) units. As a game developer this was ridiculous because we each had one of these on our desks, usually with a tv sitting directly on top of it. Thankfully this was changed to something reasonable on PS4. The PS4 dev kits are pretty cool looking IMO.
Cell is dead. There were a few similar machines -- Intel IXP comes to mind. They were universally difficult to program and did not provide a significant performance advantage once multicore x86 became cheap.
ARM chips took the many-independent-cores end of the market, GPUs took the wide-SIMD end, and may history show that the Cell approach was a failure.
I really hate my PS4 and PSN and want to run Linux or FreeBSD on it. I'm not much of a gamer, but I paid about $100 for a couple games I planned to play eventually. Then I got locked out of PSN and really can't be bothered to call Sony about it.
So now I have this awesome machine that should be running something actually interesting. I could care less about pirating games.
OpenBSD has a reputation for being more secure than Linux, because OpenBSD's developers put significant effort into security research and secure coding practices. People who expand this to other BSDs are mistaken. FreeBSD is a good general-purpose OS competing in the same space as Linux, and NetBSD will probably run on your toaster.
FreeBSD has a bunch of not-especially-secure stuff in it, but it's generally assumed that you've read the manual and will harden and tune a system based on its role. As a project, it doesn't have "secure by default" as a primary goal in the same way that OpenBSD does (not to say that FreeBSD developers don't care about security, just that security isn't elevated above other concerns to the same degree).
Yes, it was the 33rd annual Chaos Communication Congress (To prefix "C3" with the number is the chosen nomenclature, ie. "33C3". I've never seen the "CCC" prefix used in the wild).
I wonder if one day there could be some kind of law forbidding manufacturers to restrict running software on the hardware they sell. It seems like an anti-competitive practice.
It is not a classical x86. It might have an x86 instruction set but that's where its resemblance ends. It's a truly absurdly alien device. The authors had to define a new architecture type in the Linux kernel to get everything to work. I'd advice watching his talk from 33c3 (linked in top comment). It is hilarious.
[1] https://marcan.st/2009/06/enabling-intel-vt-on-the-aspire-89...
[2] https://www.elotrolado.net