In advent of the much-anticipated PS5’s release and having bore witness to yet another game-changing PS4 exploit earlier this year, the epic of Sony’s long struggle against piracy and general hackery seems as suitable a history to record as the history of the consoles themselves. Spanning twenty-five years and four console generations, here’s a series telling the story of the curious war half of us never noticed… it starts with PS1 modding.
The Sony PlayStation first released in Japan, 1994, rising from the ashes of a failed collaboration with Nintendo dating back to 1988, the abandoned project itself nicknamed the ‘PlayStation’ or the ‘Super NES CD-ROM’.
The 94/95 release was by all means a raging success. After all, they’d had some considerable time to redesign their first console following Nintendo’s betrayal. Sony stuck with Nintendo’s original idea for using CD-ROM technology in their console. This was owing to the CD’s low cost and build complexity in comparison to proprietary cartridges and floppy-disc formats seen in most other consoles at the time.
Choosing discs came with additional benefits such as increased storage capacity. This format was especially attractive to game developers of the time as games could feature longer and more extravagant details with fewer constraints. Ultimately, the CD-ROM would be one of the PlayStation’s strongest assets and also its greatest vulnerability.
Wobble Grooves and the Ol’ Switcheroo
The first loophole was, of course, by taking advantage of Sony’s inexperience with CD protection and console design in general. While some anti-piracy protocols were in effect from the get-go, Sony’s oversight of the fast-falling prices and availability of CD burners to consumers had a huge knock-on effect for them down the line. Sony thought they had accounted for this by implementing a ‘wobble groove’ on the inner rim of every PlayStation disc.
Containing the region information of the game and requiring specialised technology beyond any consumer-grade burner to replicate, this groove doubled up as a form of copy protection. Alledgedly, the reasoning behind the iconic black coating on every genuine PlayStation disc was for its ‘anti-piracy properties’, though many disagree on that detail as in practise the coating gave the disc nothing more than a sleeker look. That, as well as region locking consoles to make things even more difficult, was as far as piracy protection went.
The discs still lacked encryption of any type though, so everything could be backed up and dumped on a standard disc with minimal effort. As PS1 modding and piracy was in its infancy, the Artful Dodger(s) of the gaming community used this paltry loophole to their advantage, propping open the disc tray lid and switching it for a plain CD backup after the console had performed its ‘wobble checks’ on a genuine disc during boot.
This method allowed one friend to borrow a game, back it up over the course of a classic 90s sleepover and then boot it up again just before the genuine-copy holder/poor-sucker-friend returned home with their game for Chinese takeaway night.
That Time Sony Nearly Had its Chips
Not long after this discovery, the once nigh-on uselessness of the disc switcheroo evolved. The manual method became ancient history when the first modchips arrived on the mainstream market. These chips were able to bypass the ‘wobble’ checks by sending region information where it needed to go on behalf of the wobble groove, rendering a genuine disc unnecessary to boot into a game. Having a genuine disc and access to a burner for a day got interesting. Pairing this with the zero percent encryption on PlayStation discs meant that piracy among console-owners swelled to near-uncontrollable levels.
It was about at this point that Sony realised their mistake and did their utmost to counter what could have been a fatal blow. To make matters worse, PS1 modding was being targeted by now-infamous groups such as Paradox and B.A.D sprouting up all over the internet.
Two-Pronged
It was a golden age for creating cheat-discs, too, as without security all these groups had to figure out was how to tamper with the game’s memory locations. Handymen started offering chip installation services for a fee. As Sony couldn’t just recall the consoles they’d sold and patch this exploit via the internal software or hardware, if they had to get clever it would have to be with their discs.
In response to this software witchcraft which was a little too rife in the gaming community, Sony hit back by implementing checks in all of their discs. When inserted, the disc would probe the PlayStation for the presence of a modchip. Because the wobble groove of a genuine disc only sent out its regional information when the console booted, to detect a chip all the check would need to do is look for a constant stream of this information, as the chips were always on.
Once detected, players reported all manners of game crashes, warning screens and, in some cases, messages/surprises from the game developers themselves. It didn’t take long for modchips which deactivated themselves after booting to pop up. This rendered modchips virtually undetectable, and it seemed like modders had won the war.
Counter-Attack
Sony tried to create a more complex system for piracy detection and prevention known as LibCrypt which was four-tiered in its method. Firstly, checking for the presence of a (detectable) modchip. Secondly, decrypting the LibCrypt code from its subchannel data stored on the disc. Thirdly, LibCrypt was particularly difficult to replicate with typical CD-ROM burners as they rarely supported cloning subchannel data. Fourth: the game then needed to be cracked after cloning to extract the LibCrypt code stored in the subchannel data. Modders found a way to patch out this protection completely, rendering LibCrypt a fruitless venture.
Here Be Dragons
Out of sheer desperation, Sony began working with game developers to add anti-piracy measures to their games in other ways. One of the most talked-about instances of such a partnership was with Insomniac: the makers of the Spyro series. For Sypro 3: Year of the Dragon LibCrypt was used in tandem with CRC checksums in the game code.
Though LibCrypt had been beaten, CRC checksums were able to detect if any game data had been tampered with 1:1 accuracy, and some tampering was necessary to get the game running on a backup disc. When the CRC checksum detected an anomaly, strange things began to happen.
Soft Crippling
From gems vanishing, save data getting wiped, ceaseless automatic language changes to in-game characters notifying you that your copy of the game was a fake, it seemed that Sony had finally put a stop to these amateur modding groups.
A couple of months later and with great effort, Paradox had already bypassed these security measures. With the added time and monetary cost to developers of programming these security measures into their games, many chose to release their games without extra protection.
Ultimately, it was this series of unfortunate events which helped Sony wisen up to the ingenuity of modding/hacking communities. The inevitability of vulnerabilities and exploits no matter how well-protected they thought they were heavily informed their strategy for their second war: The PlayStation 2.
Do you think Sony should have stuck with cartridges, or might there have been a better alternative to LibCrypt using software/technology of ‘those days’? Have you ever reaped the benefits of the PS1 modding scene?
Thanks for reading this brief history of PS1 modding, our first in a series on PlayStation hackery.