This is the second episode of a series detailing the modding community’s relentless assault on Sony consoles. Following on from the first article, featuring the defeat of the PS1’s security and Sony’s banana peel defence strategies, this series continues where it left off. Sony, sore but wiser, with a hit console under their belt, marching towards a sequel.
Over Nine-Hundred Thousand
After a piracy-filled yet still-profitable period of around six years, the PlayStation finally had its follow-up. Sony was determined to create the most secure console ever, investing heavily in anti-piracy protection. The Sony PlayStation2, known to many as the ‘bestselling console ever sold ever’ officially released in Japan on the 4th of March, 2000. Supposedly, it had been in the thinktank since the release of the PS1 back in 1994.
Within one day of the PS2’s release, even with sales restricted to Japan alone, Sony had already sold 980,000 consoles. Sales were exceeding predictions to the point where manufacturing lagged behind demand. Shop shelves were empty. We’d best hope, then, that Sony had learned from their failures and that their new investments were informed, not wrongfully placed. To be clear, that was ominous foreshadowing.
READ MORE: Pivotal Decisions in Gaming History – PlayStation 2 and DVD Playback
Old Habits Don’t Die
When discussing the PlayStation2’s security features, it’s difficult not to raise a brow at history repeating itself. Game developers were already beginning to find CD-ROM storage too limiting, resulting in a range of inconvenient multi-disc games for the PS1.
Sony decided to make the jump from CD-ROM to DVD-ROM to get ahead of the competition. Many believe this move explained extra sales, as the PS2’s capabilities as a DVD player and its price point set it apart from other consoles of the time. To mirror the first article, though: Sony’s choice proved to be two parts: selling point, two parts: vulnerability.
Wobble Grooves 2: Trouble Wobble
Sony stuck with the historic ‘wobble groove’ copy protection that had been thwarted easily by modding groups on PS1 games.
Rather than containing the region information of the game as it was with PS1 discs, however, the wobble groove on the inner rim of PS2 discs contained a decryption key for the: ‘Sony Computer Entertainment’ animated logo screen which loaded as proof of an authentic disc.
Backup discs without the groove simply wouldn’t work as traditional CD/DVD burners couldn’t replicate this information. In principle, it was the same idea implemented on the PS1, just more modern in its method. Backup discs were simple enough to make and the encryption on the discs was quickly flattened. Aside from the infamous PlayStation 2 RSoD as pictured above, which the internet would have you believe was the leading cause of PTSD in gamers of the day, other traps still awaited the curious.
The Way to a PS2’s Heart is Through its USB
The first ‘in’ for modders wasn’t by going through the DVD-drive, as many had guessed, but instead, it took advantage of the PS2’s USB ports and one wire’s worth of soldering. By plugging in one of these blocky ‘keys’ and by wiring it in, it was simply a matter of putting an action replay disc in the drive and then swapping it out for a backup disc after the paired exploit had done its thing.
The mod USB key and wire bridge authenticated pirated backups as if they were PS1 discs, which allowed the action replay disc to perform the second bit of wizardry: forcing the console into thinking the backup was a PS2 CD.
In their infancy, keys were unable to run anything more than CD-based games, which presented another obstacle in the path of modders. Just like with the PS1, having the console run its checks for an authentic disc at the beginning of the boot process left the console vulnerable. Lesson not learned.
That Time Sony Had its Chips… Again
With mod keys scratching nearly all itches, a further improvement to the method was discovered, this time taking advantage of the MECHACON, a chip responsible for all things disc drive related. The media flag of genuine PS2 games was set to DVD-ROM. The PS2 checked for the presence of this media flag type before making its decision to boot into a disc or not. When illegal backups were made, they were automatically set to the media flag of DVD+R, causing them to fail to boot.
By lightly soldering some jumper wires in specific locations on the MECHACON chip, it forced the console to accept all discs as being DVD-ROMs, resulting in a successful boot. Nonetheless, this was still a system which required the key, soldering and an action replay disc to boot. Imported games from Japan etc. would not work and some EA games required extra tinkering to get them working.
Chipsus Christ Superstar
Next came the modchip most people remember, nicknamed the ‘Messiah’ for its Christ-like reputation. With the Messiah as your Lord and saviour, import games were now possible to load with both PS1 and PS2 games, as well as backup PS2 discs and EA game backups. No key, no disc, no switcheroo required.
The catch? That would have to be soldering 23 wires from the modchip to a series of locations dotted around the motherboard. This was no simple task for your average modder.
The Ol’ Switcheroo… Again
The console had already been beaten, but the modding community continued looking for simpler, more accessible exploits to boot into backup games. They say vintage never gets old. For this reason, strangely, they arrived back at the switcheroo method, something modders had learned from exploits on the PS1. This resurgent solution was SwapMagic.
It involved replacing the top cover of the PS2 so that the disc was accessible without triggering the eject sensors in the device and having a simple lid reminiscent of the PS1’s disc tray. By avoiding these sensors and the eject button altogether, modders were able to throw out the idea of modchips and boot into games successfully.
The catch was that it still required a third-party case mod and a disc. The disc worked just like an authentic PS2 disc except for the intentional ‘bad sectors’ it contained, causing to PS2 to retry loading it before giving up after a few times. The console giving up on the read caused the disc wheel motor to stop, allowing the user some time to replace the disc without the console being aware of anything. This mod was released by Datel (a video game enhancement company which is still going strong) and the full story of how they managed to find and use this loophole to their advantage is unknown.
Sony: Do You ReMember
Finally, after each mod so far had consecutively eliminated yet added extras and compromises to the process of loading backups, a one-fits-all no-compromise solution was created. FreeMcBoot was a defining moment in modding history. Homebrew, imports, backups, even game save file tinkering was possible. It demonstrated the inevitability of defeat for console companies against the hivemind.
Many argue that the PS2 was easier to beat than its predecessor, despite having more preventative measures in place. It also took a very minimalist approach unseen thus far. After the USBs, the motherboard, the MECHACON chip, the case and the disc drive, what else was there to tinker with?
READ MORE: The Enduring Legacy of PlayStation 3
Through the Memory Card Slot
Unfortunately, Sony had created PS2 memory cards intending to push updates through them. The update project was abandoned because the PS2 contained no NAND memory or local storage method to permanently store the update file, meaning that the update would remain on the memory card alone. And after abandoning the idea, they didn’t lock the door or throw away the key behind them.
This glaring loophole allowed FreeMcBoot to trot past PS2’s copy protection without hope of retaliation or patchery.
If you find yourself feeling sorry for Sony at this point… well, there’s always the PlayStation3, right?
Thanks for reading our latest episode on PlayStation hackery, you can find the rest of the series here. Do you think Sony should have abandoned the wobble-groove idea? Were security measures lacking on this device? Let us know in the comments!