PS3 modding
Credit - Papersco

PS3 Modding – A History of Playstation Piracy: Part III

This is the third part of a series chronicling Sony’s decades-long fight with piracy and security. This week we are looking at the PS3 modding, hacking and cracking scene.

Be it the battle of the PlayStation’s region information exploit, the multifaceted sacking of just about every component of the PlayStation 2 —not to mention the crusades of the PlayStation Portable models (article coming soon)— it was fair to say that Sony had been KO’ed one too many times. If you’ve made it here in one piece, congratulations, because Sony didn’t. 

To put things into a timescale perspective though, the original PlayStation was hacked a year after launch, with an undetectable ‘stealth’ modchip available after two years. This may not seem like a long time but, considering it was Sony’s first console, it was a good effort. Profits weren’t lacking either.

PlayStation 2 was supposedly better-prepared for the real world, though its first hack was released a year after launch, too. It’s easy to pity Sony and their many attempts to keep their consoles secure. On the other hand, where hackability and piracy protection is concerned: the PlayStation3 comes into a league of its own.

PS3 console modding
Credit – Charlie @ Flickr

“Now Who’s Calling the Shots?” (Sony)

In the winter of 2006, the PS3 launched. Sony’s standing allowed them to retail the console at a premium, their consumer loyalty built entirely on the successes of prior consoles. While it didn’t reach the sales records of the PlayStation 2, it wasn’t far off. Up until now, the booming successes of Sony consoles have foreshadowed their fall, ringing hollow like a death toll or the whisper of Oblivion’s enemy encounter track. This didn’t stack with the PS3. 

The PS3 released a whole year later than its rival. This made the overwhelming success of the PS3 a bit of a shock as it shared many features with the Xbox360. It was much easier for those looking into consoles at that point to buy second-hand or refurbished 360s at a fraction of the cost. Adding more fuel to the fire, many developers argued that the Playstation3 was more difficult to develop games for.

PS3 blu-ray modding
Credit – Flickr

Secure Storage: Attempt Number Three

That said, PlayStation 3 was somewhat of a anti-piracy titan, completely surpassing the Xbox360’s short-lived twelve months of unhacked peace and all prior PlayStation consoles. One of the main reasons for this successful defence was their use of Blu-ray technology instead of plain DVD-ROM. The chop and change of Sony’s game hardware formats also heralded the doom of a console in the past, but not in this case. Blu-ray was uncharted waters where the modding community was concerned. 

One of the glaring similarities between Xbox360 and Playstation 3 was the Hypervisor. It falls into the category of ‘low-level code’ which should be inaccessible to all but Microsoft/Sony. The Hypervisor’s main purpose is to prevent tampering, be that through stopping the artificial overload of memory buffers to allow unauthorised editing or not allowing for the injection/alteration of code elsewhere. 

With the Xbox360, the Hypervisor was easily bypassed due to the now well-understood and arguably outdated DVD-ROM technology used for its discs, allowing modders a clear ‘in’. For once, taking a punt on new technology saved Sony and delayed PS3 modding for a significant period.

PS3 Linux
Credit – Wololo.net

Hush Money (Because Money Talks)

With the PS3’s disc drive ruled out for the time being, the nascent PS3 modding community took advantage of the console’s ‘Other OS’ option, allowing for some Linux distros (OSes) to be explored on the console. Hacking attempts were already in the works before Sony cut the ‘Other OS’ option completely with minimal explanation and incredibly fast timing. 

For hackers this was a tough deal, though it was arguably tougher for users who sought to use Other OS for legal purposes, as the console had been (now-falsely) advertised with this capability. After a class-action lawsuit was filed, Sony dug in its hoofs, paying out millions in compensation*, yet this seemed to them a worthy sacrifice when compared to the losses piracy would entail.

[*Editor’s note: it is believed that the option of using Linux on PS3 was to help Sony avoid paying the higher taxes/tariffs on electronic entertainment devices. Linux compatibility allowed PS3 to ship as computer equipment, it’s likely the pay off to consumers was covered by the taxes avoided]

It took four years alone for the PS3 modding and hacking community to make it to this basic stage of the plan before being kicked back down the stairs and witnessing their route blown to smithereens. As far as everyone was concerned, Sony had nailed console security; sustaining functional anti-piracy measures for longer than their two prior consoles had put together. While Sony was of the belief that they had just sealed all possible weak seams in the PS3 system, they had needlessly paid a lot of people a lot of money to extend peace for a handful of months. 

PlayStation 3 hacking cracking
Credit – PS3 Jailbreak (Driver AT series)

“Now… Who’s Calling the… Shots?” (Still Mostly Sony)

PS3 Jailbreak was a highly sophisticated device that had the ability to push unauthorised payloads through the USB port. With past consoles, it usually took a lot of trial and error to arrive at a method which involved no tampering of the internal hardware (hardmodding). PS3 Jailbreak was a peculiar case as it looked and performed like a finished 1.0 device rather than an alpha-stage prototype often seen in small modding communities.

In another fatal case of history repeating itself, similar to the Playstation2’s abandoned ‘memory card update’ project exploit, the USB ports had been programmed to accept Sony authorised repair/recovery drives. PS3 Jailbreak had managed to trick the console into identifying it as a genuine repair drive. By reverse-engineering this hardware, which the PS3 Jailbreak team allegedly had no intentions of distributing, the console’s tombstone had been commissioned. 

Meanwhile, at the 27th Chaos Communication Congress Conference of that same year, the modding/hacking group known as Fail0verflow revealed flaws which furthered the process of the PS3’s demise. The most critical was in the random keygen’s (code generator) method for protecting the console’s root key. By figuring out the basic algorithm, they were able to use the generated code to work their way back to the root key. This allowed for codes to be ‘signed’, paving the way for custom firmware to be developed. Patches were implemented by Sony following this news, but many savvy gamers knew to decline the update.

PlayStation 3 Multiman hacking mod
Credit – DeanK @ MultiMan

Modders Turn a Corner

As FreeMcBoot was to the PS2, MultiMan was to the PS3. In December of 2010, this modder’s dream appeared from the ether to unlock every feature a PS3 user could dream of: emulation, F2P, backups, an MP3 player, video and streaming apps/plugins, a web browser, custom skins and much more. Installation through a regular USB drive was made possible without any internal modding.  Even today, a PS3 is a formidable piece of homebrew technology which can be picked up second-hand for buttons. Poor Sony upped their game, and while the delay on finding an exploit was a long one, they fell from a much greater height. 

Thanks for reading our latest episode on PlayStation hackery, you can find the rest of the series here. Do you think Sony actually nailed console security with the PS3, or was luck on their side? Did the PS4 fare any better? Let us know in the comments!