Sony was an unstoppable force in the early 2000s. The release of the PS2 went swimmingly, and gamers worldwide were enjoying the technological advancements made by the console. Despite going on to become one of the best-selling consoles of all time, Sony wasn’t fully satisfied with how things were going later in the PS2’s lifespan. Much like its predecessor, the PS2 had a serious security problem. Once the copy protection was broken, it became the wild west, so much so, that if you buy a used PS1 or PS2 in 2025, there’s a good chance it has some kind of modchip inside. Things had to change for the PS3, and Sony had a plan.
Related
3 reasons Sony should stop focusing on live-service titles
Sony recently canceled a list of live-service titles being developed by various companies. It is time for Sony to stop with live-service games.
Righting the wrongs of the PS2
Sony was going all-in on security
Source: Nikita Kostrykin via Unsplash
Sony leveled up their security game big time with the PS3, opting for what’s called a hypervisor. A hypervisor is what allows Sony to ensure that only signed code gets run on their system, and along with other security measures like encrypted storage, signed executables, and especially the Blu-ray drive, they developed one of the most secure consoles of all time. Microsoft, who took a similar approach, had the security of the Xbox 360 broken in under 12 months from the date of its launch, so what was so different about the PS3? Besides the fact that you couldn’t exploit the DVD firmware of a Blu-ray drive in the same way you could the 360’s DVD drive, it came down to one key feature that wasn’t even a security one: OtherOS.
Related
5 reasons I can’t go back to Windows after trying Linux
As weird as it may sound, Linux has more game-changing QoL features than Windows
OtherOS and its demise
Sony makes a critical mistake
When the PS3 was being marketed, one of the key talking points was OtherOS, and how a user could transform their gaming console into a home computer running Yellow Dog Linux. This wasn’t the first time Sony touted Linux capability on a console; they did so with the PS2 early in its lifecycle, although they did it to a much smaller degree.
This is a key part of why the security on the PS3 lasted so long. Having a complete Linux sandbox that’s capable of doing essentially anything a computer can will take a lot of the heat off of your console from would-be tinkerers, but with the launch of the PS3 Slim in late 2009, the writing was on the wall for OtherOS. The Slim wouldn’t support it, and Sony gave no reasoning as to why. Just a few months later, Sony would go on to pull the plug on OtherOS, disabling it in a software update in April 2010. Sony was scared that OtherOS would be the entry point for getting around the hypervisor, and in an effort to keep their impressive run of security intact, they removed capability that was advertised before the console’s launch.
In an effort to sure up security, they had done the opposite; Sony had painted a huge target on the PS3, and hackers were already working full steam ahead on breaking the console’s security measures. To make matters even worse, just three weeks after OtherOS’ removal from the PS3, there was a class-action lawsuit filed against Sony for doing just that. Sony settled in 2018, and had to end up paying compensation of $65 to PS3 owners that purchased one between 2006 and April 2010.
Related
The 7 most accurate RetroArch cores for gaming like you remember
Mainline nostalgia, straight from your PC
The PS3’s security is broken
Once the genie was out, there’s no way it was going back in
In September, just 5 months after OtherOS’ removal, the PS3’s security had finally been broken. The method was extremely simple, and while it was proprietary for a period, it was quickly reverse-engineered, allowing it to proliferate quickly. The method involved fooling the PS3’s USB port that a USB hub had just been plugged in. This, in turn, allowed a payload to be pushed to the console, which gave access to the console’s recovery mode. By exploiting the PS3’s recovery mode, unsigned code could be run, allowing for homebrew and piracy. Sony evidently used USBs to put consoles into service mode during the manufacturing process, and the way they implemented it came back to bite them big time.
In a now-infamous presentation at the 27th Chaos Communications Congress, a hacker group known as “fail0verflow” talked at length about how the PS3’s security systems were breached, and it wasn’t pretty. One of the biggest blunders Sony made with the PS3 was how it handled encryption. In one of the stages of the process, a random number would be generated along with the private key, and this number would need to be calculated with an algorithm to gain access to the data. For some inexplicable reason, Sony used the same random number every time, across all the consoles, which is obviously a huge security blunder.
Related
How a pair of tweezers were used to defeat the Nintendo Wii’s security
If you ever modded your Wii, the story of what kicked things off is a pretty interesting one.
It had a great run
Sony managed to keep the PS3 secure for much longer than any competing consoles of the era. Despite the blunder of removing OtherOS and other overlooked aspects of the console’s security, the PS3 was ultimately a success, and Sony would use the lessons learned from the PS3 to secure the PS4, which remained difficult to exploit until recently. The PS3 today is a homebrew dream. With relatively powerful hardware, it’s an excellent emulation box and media center. And yes, you can run Linux on it.
#Sonys #broken #promise #transformed #PS3 #unhackable #homebrew #dream
source: https://www.xda-developers.com/how-sonys-broken-promise-transformed-the-ps3-from-unhackable-to-a-homebrew-dream/
