Tech Focus: The Fight Against Console Piracy
Digital Foundry on Sony and Microsoft's technological battle to secure their systems
Over and above that, new anti-piracy checks have also been put at the disposal of game developers themselves in the form of what is known as Content Integrity Verification (CIV). Here, checks can be accessed in-game, potentially allowing for devs to limit access to their games should it turn out that the user is running a copied game. However, in light of the recent Microsoft climbdown, questions need to be asked about whether "stealth" technologies like this are worth pursuing. Despite an extensive beta testing program, Microsoft's previous measures were still found to be wanting, and while the impact was supposedly limited to a "handful" of consoles, it may well be that the era of the arbitrary Xbox Live ban is over.
In the wake of Stephen Toulouse's announcement last week, hackers once again claim to have defeated the anti-piracy measures introduced with XGD3 and once again burning copied discs appears to be a viable option for the determined pirate. Other hacks, including optical drive emulators (which allow for disc images to be stored on external hard drives) and a new JTAG-style hack (that actually offers the potential for homebrew, unlike the DVD firmware attacks) are making the job of securing the Xbox 360 ever harder. In all likelihood, the platform holder may have to concede defeat and instead focus more strongly on making sure that the integrity of Xbox Live is not compromised. At the very least, the CIV initiative should ensure that games that are run on the multiplayer service haven't been adjusted, giving hackers unfair advantages in-game.
Recent Xbox Live bans wrongly targeted some perfectly innocent 360 owners with support centre staff telling them to go out and buy new consoles
In the meantime, after what has been a pretty disastrous year from a security perspective, Sony goes into Q4 with a renewed sense of optimism about the integrity of its online service and the ability to protect its platform from the losses incurred by counterfeit software. The manufacturer spent the best part of nine months re-securing its systems in the wake of the original PSJailbreak - an ingenious USB-based exploit that allowed for Blu-ray games to be dumped and played from hard drives. After a pitched battle with hackers who found an enormous hole in Sony's private/public cryptography, not to mention Geohot, who published the root key of the PS3 itself, Sony finally appears to have regained the upper hand. After the tragic PlayStation Network security breach (now seemingly being retconned by corporate PR into a mere "outage") where the perpetrators were never caught, Sony also appears to have recaptured the faith of the audience.
The clean-up operation appears to have been thorough elsewhere too. The cryptography debacle made PlayStation 3 vulnerable to softmodding - a hack that requires no adjustment of the hardware, and could be achieved with just one download and a USB stick. It was exactly this kind of simplistic hack that plagued the PSP, but with the more sophisticated security of the PlayStation 3, Sony was able to come up with revised security keys for encrypting newer PS3 titles, and was also able to hide those keys in places within the system update that hackers were no longer able to read with ease.
In the here and now, pirates are locked onto the obsolete firmware 3.55 and without the decryption keys from more recent system updates, they are completely unable to access the PlayStation Network or indeed play any titles requiring 3.60+ firmwares unless they upgrade. From being the most compromised, piracy-ready platform on the market for a period of months, the PlayStation 3 is now the most secure.
While there may be the worry that the newer decryption keys could be extracted, Sony can rest easy in the knowledge that hackers cannot effectively monetise that knowledge - and at the end of the day, while "true" hackers search out exploits for launching homebrew code, piracy is sustained by the markets for enabling peripherals - be it from tools to open Xbox 360s, replacement DVD-ROM PCBs, or other devices. The softmod approach to the PS3 effectively killed off that economy, and it remains to be seen what other hardware exploits remain on the Sony platform and whether the recent waves of modchips will puncture Sony's security provisions.
For its part, Nintendo appears to have all but given up on the Wii, where certain games have save game exploits that can run unsigned code and enable both homebrew and piracy, while recent rumours suggest that Far East companies that make their living from facilitating piracy are working on a 3DS flashcard hardware that allows for the counterfeit games to run on the handheld - a project that could be potentially catastrophic for developers and publishers supporting the the fledgling system.
Once exploits have been discovered, re-securing a console becomes a cat and mouse game between hackers and console manufacturers. The important thing here - as with all anti-piracy technologies regardless of platform - is to ensure that legitimate users do not have any kind of impacted experience and shouldn't even be aware of the measures being taken at all. Sony's all-too-frequent firmware updates do upset many - though perhaps not as much as the lengthy software patches - but when innocent gamers are locked out of services they have paid for, questions do need to be asked about how infallible these technologies actually are, and how transparent the platform holders are being in the measures they are taking against their own userbase.