OtherOS: From The Mind of A Hacker
This is a re-print of an article originally posted on another site, included here so that the blog is a complete repository of my written work. The article is reproduced without pagination, formatting, images or editorial changes made on the original site prior to original publication.
I am a software developer. I got my first computer in 1982 (I was 2 years old) – a VIC-20 with 3.5k of RAM. In those days, computers came with manuals which tought you how to program in BASIC. The systems were not locked down and anyone could learn to program without any extra purchase or licensing. Most of the machines also let you program in assembler, and as 1990 rolled around, C compilers became freely available as 16-bit machines came into force.
In those days, people often wrote games for fun. One person could stretch the ability of the machine to the limit, and no modelling or complex graphics or sound was required. The very important point is, many if not all of today’s best programmers taught themselves at home on their 8-bit computers. They did not come from Universities.
If those machines hadn’t existed in an open architecture, we would not have the games we have today. I strongly believe that. We would also not have an internet that is mature as it is, or many other programs and devices we now take for granted. Ask almost any game developer how he or she got started, and they will most likely say, in the 1980s, on their home computer.
For hobbyists, and people who want to tinker in this day and age, setting up is complicated and expensive. Programming is a lot more tricky than it used to be, and the development tools are insanely complex for a beginner. Unlike in the old days, it is also extremely difficult to do anything unless you are programming for a popular platform (Windows, Mac, Linux) because everything is locked down.
Some of you may remember when PS1 was released, you could buy a home development kit called Net Yaroze. It wasn’t a full-blown product to let you develop commercial games – it was for homebrew hobbyists. It did not have a significant impact on the level of pirated PlayStation 1 games and was available throughout the lifetime of the console.
If you want to get your foot in the door of something other than writing Windows applications and you have a healthy interest in proprietary platforms, the PS3 was a very compelling purchase. You could do something completely different: learn to program basic assembler using the Cell architecture. IBM published a free SDK (software development kit) especially for PS3 users wanting to experiment with this, and have a large collection of tutorials on their web site. For me, that is an excellent precedent to set to young programmers in this era of encrypted filesystems, locked down custom application install and DRM craziness.
There is no doubt in my mind that PS3 has already been reverse-engineered plenty of times by bright minds. GeoHot made a stupid mistake by going public.
While GeoHot was naïve to post his work on his blog, I have to take issue with the people telling him he’s an asshole and that he should be sued. It’s very important to realise that genuine hackers (not the people who steal Warcraft accounts) are the backbone that created much of this industry in the first place, including the internet, and the PS3’s security.
In order to improve the security of a device, it has to be tested and pushed. Smart companies always hire the hackers – which is what Sony should do at this point – and I have proof.
My time at News Corporation
Not a lot of people know this, but in 1997 I reverse engineered the current Sky card of the time and let the code leak out via other pirates. I’m very familiar with piracy, it’s a multi-billion dollar industry. It was the first dual-processor smartcard ever manufactured and I was 17. It took me about 8 months to crack it. As with the GeoHot farce, this led to months of cat-and-mouse between myself and Sky as they issued updates to the genuine smartcards over the satellite and I had to produce countermeasures to keep the pirate cards working. And as with the GeoHot farce, it was in the newspapers and led to a flood of worshipping fans; however I remained anonymous and used tons of pseudo-aliases.
I did it, not for the fame, or for money, or for free TV, or to please my fans. Indeed, several pirate card companies took the designs and software I had published, copied them and sold them for hundreds of pounds a pop. They made millions of pounds from my work. On my part, that was completely expected. If I had been out for the money, I could have done that myself. But I didn’t, because I did it for the challenge of proving it could be done. There is nothing like a company claiming a product is unbreakable to give inquisitive minds the momentum to break it.
What happened as a result of that? I gained an exquisite knowledge of cryptography, security, set top box and smart card design. I learned several new programming languages, new techniques and new algorithms which can be applied in every day work.
One day, NDS (a branch of News Corporation) – the designers of Sky cards – caught up with me. They tested me on my knowledge to make sure I was the real hacker, and then hired me to provide information. The next card released was the result of a £21 million redesign and redistribution. This was already well underway by the time they talked to me, but I was given the opportunity to stand in front of some engineers and highlight what was wrong with the existing card. The replacement was never reverse-engineered publicly. I privately reported several vulnerabilities in the new card including how to dump 1k of memory which contained the addresses of all the main over-the-air data processing routines, and they were patched via satellite before anyone else figured out how to take advantage.
Among other things, the new cards also had the two processors glued together top-to-bottom, so you could no longer melt the card in acid and extract the two processors and probe them separately. Separating the processors in the new card destroys them both. I raise this point because it demonstrates that to be a successful security expert, you need knowledge of both software and hardware exploits, and the best way to gain that knowledge is to hone your skills by hacking something that hasn’t been publicly hacked before. This is exactly what GeoHot has accomplished with the iPhone and PS3.
A real hacker will never bother to get into someone’s Facebook account. It is boring and there is no challenge in it, and it’s been done over and over already. These are not the people I am talking about. They are parasites to the industry. The real hackers are future assets and should be treated as such.
Did all of my mischief make me a bad person? No, actually it put me at the top of my field. It was a well paid job, Google wanted to hire me without interview but I said no because I didn’t want to move to California. I would not have the skills I have now if I hadn’t been allowed to carry out that hacking exercise, and because it had never been done before, it is the sort of thing that earns you a lot of respect among your peers. Sky also saved a lot of money on piracy in the long run into the bargain.
What did NDS actually employ me to do? Sit in my University dorm and hack their products. A few weeks after SkyDigital was launched (1st October 1998) I presented them with the first firmware dump of the set-top box. That was quite the vulnerability for them, not least because the box could record upto 25 PPV purchases before phoning home, among other reasons. Future set-top boxes were modified to make it harder to dump the firmware. If someone else had got there first, they could have made a complete farce of the pay-per-view system – which ultimately, as the bankruptcy of other European satellite networks due to piracy such as FilmNet shows, will affect the quality of programming legitimate customers receive eventually. Satellite networks facing massive piracy turned to NDS and became their customers, because they had ultimately designed the most secure system – and a high proportion of the developers were former hackers. The result? We now have a better satellite TV delivery network.
There is nothing wrong with hacking for the sake of hacking. People need to understand that it leads to the output of some of the most skilled people in our industry. Don’t knock it. Hacking requires skill and dedication, and most hackers stop hacking when they get out of school and learn that the real world places too many demands on their time. I have seen this over and over again. Then they get good jobs and produce products that benefit and entertain you and me.
Why saying “it will blow over” is bad for you
Turning political, consider this argument which I have seen on TSA several times: “why the fuss? This will all blow over, Sony will release some cool upgrades and everyone will forget about it, it’s only a tiny minority of users affected,”. That kind of thinking is a microcosm of why you don’t live in a free society anymore. According to the National Autistic Society about half a million people in the UK suffer from autism. That’s less than 1% of the population, so, maybe we should just not give them the facilities they need? Which is exactly what happens. What excuse does the government give for why the NHS is so shoddy at dealing with minority disorders? Cost-cutting. A certain ring of familiarity, no?
Is one of the cool content upgrades Sony will release something that lets me tinker around with the Cell processor again? No it isn’t. Will cross-game chat and 100 free Blurays make this problem go away for me? No it won’t. Is it fair that I should be able to stand up for my rights and keep what I paid for? Yes it is, so stop bitching that I’m in a minority, therefore I don’t matter.
An apology from Sony doesn’t cut it. That is the corporate way of fobbing off the consumer.
Over in the free world
I live in Norway. When the iPod was released, the Norwegian Supreme Court declared it to be an illegal device. The reason? Norwegian law states that you should be able to export purchased media from any device to any other device. Videos, music and photos. The iPod was temporarily banned while it was modified to comply with local laws, and the public were in favour of the ban, because they believed they had a right to control their own media and pushed for their rights. They could have let Apple get away with it, but they didn’t. The result? A fairer, less DRM-riddled marketplace.
Sony audio CDs with certain copy protection on them were also banned here as a result of consumer protests, and were re-released without copy protection.
In other, less related examples, the FBI tried to prosecute Norwegian cellphone network provider NetCom because they refused to release the contents of SMSs sent by a suspected terrorist. It went to court, and NetCom won the case. Personally, I applaud that decision. It shows that NetCom respects its users’ privacy and gives me more confidence when I use my phone.
Viasat – one of the two main satellite networks here – decided to get rid of MTV from its channel line-up because people basically didn’t like it or want it. MTV Networks drove vans around Oslo with megaphones and loudspeakers in protest, and they were ignored. The general public consensus was that the world was a better place without MTV, and it was the public who got rid of it from our airwaves – not a forced decision by a company. What is the effect of getting rid of MTV? Less children watching immature irresponsible crap on TV.
What does all this mean? It means that in civilised society, the consumer has the final choice, as it rightly should be. But you must stand up and speak out to avoid your rights from being eroded away.
If a group of Scandinavians came together and sued Sony over the OtherOS removal, Sony would get their asses kicked. It is practically beyond doubt. I hope it happens soon.