Who Owns Your PS3? KaKaRoTo Talks Modifying The PS3’s Firmware, Piracy and DRM

The Electronic Frontier Foundation believe  that technology should be open, and that when you buy a console, you should be able to do what you want with it. Sony and Microsoft, on the other hand, believe that their systems should be controlled, and that if you sign up to their terms of service, you should abide by them. This differing belief has caused there to be a divide amongst gamers – some happy to live in a closed system, with the security and advantages that the system brings, and others who try and open up the console to try and tinker with what’s inside – no matter the consequences. Having developed the first “Modified Firmware” for the PlayStation 3, Youness Alaoui, aka KaKaRoTo, is a believer in open, so, to understand his motives, we talked to him about piracy, black hat hackers, who really owns your PS3, and fridges.

So, to start, could you introduce yourself?

I’m Youness Alaoui, I’m a software engineer, of Moroccan origin, currently living in Canada, my passion is programming and I’ve been doing open source development for over 10 years now.

You caught the attention of the gaming world when you were the first person to make CFW for the PS3.

Apparently, yes. Although I prefer to call it MFW (Modified Firmware) rather than CFW (Custom Firmware) since it was just a modification to the firmware rather than an entirely custom one.

Makes sense. Since then, a lot has happened, and we’d love to get your views on some of the events. What was your take on Anonymous’ attack on the PSN and Sony?

I’m still a bit torn about that subject. I initially disagreed with it, but someone explained to me how DDoS is like pacifists sitting in front of a building, blocking people from entering it as a way of protest, and that makes sense. I’m not sure thought that I agree with the whole thing though.

I believe they made the right choice by deciding to stop their attacks when they noticed that the PSN was being affected and that it was causing issues to customers.

And I guess you’re against groups like LulzSec?

yeah, I don’t really understand the whole idea behind the “lulz” and I think they should use their skills to do more constructive work than what they have been doing lately.

And do you think Sony responded adequately to Anonymous’ attacks, and the PSN hack?

I don’t think they did. The Anonymous attacks were done to protest the abusive lawsuits that Sony have been doing, but they are continuing and Alexander Egorenkov is still being sued into bankruptcy as we speak, and they are still sending Cease & Desist letters and making threats to anyone who dares participate in the hacking scene.

As for the PSN hack, I think they took too long to tell people about it, and they tried to downplay what happened…

Their welcome back package was a nice gesture, but they try to point out as much as possible that it’s about the “PSN downtime” rather than about the “loss of millions of user’s information”.

Their use of words is also quite irritating, throwing “cyber-terrorism” and making the emphasis of how they are a victim of a criminal act, rather than accepting that the PSN hack happened as a result of their incompetence in securing their own network.

A month or two before the PSN hack, we tried contacting Sony in many ways telling them that they are using outdated and vulnerable software and they should secure their network better, but they ignored us, and that’s the result, and they should take responsibility for ignoring those warnings.

They have – or are in the process of – setting up a new security division. Is it easier for you to contact Sony now?

I don’t know about that. I don’t think this “new security division” is nothing more than propaganda and buzz words to make people feel safer. They should have had that from the start, and they probably had, but they were incompetent. They may have fired a few people and hired new ones, but if their management is still as arrogant as it was before, I don’t think that’s going to change anything.

So do you think it’s likely that they will be hacked again?

I believe that the best for them to be more secure is to be more humble and less aggressive against their customers. I don’t know if they will be hacked again, probably, maybe not in the same scale as what recently happened though.

You want Sony to provide us with a legitimate way to create and play homebrew applications for the PS3 right?

Yes, I do. That’s why I launched the Humble Homebrew initiative where I’m providing a few homebrew games for free for jailbroken PS3 users to enjoy (as well as other platforms).

Sony only understands when you talk about money, and when you look at Microsoft, Apple and Google, they are all making a lot of money with no investment, simply by allowing hobbyist developers to release their hard work for everyone to enjoy.

But it’s really about freedom, we should have the freedom to use our devices any way we want (within the boundaries of the law and without infringing on other user’s freedom), and having a legitimate path to homebrew is getting one step closer to that freedom. The PS3 wasn’t hacked for 4 years because we had Linux support which allowed countless people to experiment with the Cell processor, but as soon as they illegally removed Linux support from our PS3s, they have unleashed the developer’s thirst in getting their freedom back.

But don’t you worry that by hacking the PS3 and creating an underground scene you have made it so that Sony will never open up the platform? They don’t want to seem like they are backing down to hackers after-all.

That’s why I say they are arrogant. They shouldn’t open it up because we’re asking them or because we hacked the console, they should do it because they have wrongfully harmed all their customers by illegally removing an advertised feature (Linux). Also because they can generate more revenues by opening up the console with zero investment on their part. It is the logical thing to do, and most importantly, it is the right thing to do.

But if they give in to one demand, surely they open themselves up to far more requests from people in the hacking scene? Much like Reagan’s: “We don’t negotiate with terrorists” stance.

But we are not terrorists 🙂 And I don’t believe they’d open themselves up to any requests because they’d give in to that demand. They wouldn’t actually give in to a demand, they would actually rectify what they did wrong. They screwed up their security and they gave free games to their users as part of the welcome back package. That doesn’t mean that people will try to hack PSN again just to get free games and people aren’t thinking that we got those free games as a negotiation with the hackers. They did something wrong (which was already ruled illegal by the courts in a few countries), and they should rectify it. The only reason they are not doing it is because they are too arrogant.

So are you only involved in the homebrew scene because they removed Linux?

Originally I got involved because I was curious and it was challenging, entertaining and a great source of knowledge. I later stayed involved because I want to protest the best I can against Sony’s actions. Because they removed Linux, and because of the threats and abusive lawsuits that they’ve done. The more I’ve been reading the court documents in the Geohot vs. SCEA case, and the more infuriated I became. Sony have been manipulating, lying to the court, falsifying proof, and just simply insulting. They have done their best to threaten and scare everyone and I felt oppressed. They tried to remove my legal right by oppressing me with invalid threats, and I don’t respond well to threats. So I felt compelled to keep the fight going and to let them know that they cannot silence the world, they cannot break the law and violate freedom of speech simply by throwing some dollar bills in the air.

If Linux never existed on the PS3, do you think people would have still pushed for homebrew?

I believe so, and I believe that the PS3 would have been hacked in a matter of months if they never included Linux initially. It is human nature for people to seek freedom. If you buy a house and there’s a locked room in the house and the previous owner refused to give you the key, would you live all your life in that house without ever using that room? No, I believe you would break the door or the wall, but you would try all you can to get full access to your property.

But if he sold the house to me saying “do not open that door, I don’t want it opened, so I’ll sell the place for less”

First of all, he would have said that only after you paid the house, secondly, it is still your property, you still own the room, and even if you agreed to it at first, what alternative do you have if after 10 years, you’re out of space in your home and you don’t want to agree to that any more?

And there’s also of course the issue of curiosity. How long can you resist? 😛

I believe I have explained this issue quite well in my latest blog post where I compare it to buying a fridge but on page 258 of the manual of the fridge, they tell you not to put any bread or pastries in the fridge.

And the only reason is because LG/Frigidaire (or whoever made the fridge) didn’t make a deal with the bakeries to allow their products to go into the fridge. LG wants to force bakeries to pay their half their revenues so they will authorize their products in the fridge, and in the end, you, the consumer, you are the one paying more for your bread just so you can put it in the fridge.

And you are also paying more for the fridge, because it has to have this microchip that detects whether or not there’s bread in it so it can turn itself off automatically if it detects “unauthorized content”. It reminds me of the Mafia, where local shops have to pay the Godfather for “protection”, this is absolutely absurd. They should sell you the hardware, and once you own it, you do what you want to do with it (as long as it’s legal)

To be fair, it’d kind of be your fault for buying the fridge – Sony don’t deny the PS3 is a closed system, and there are open alternatives. So, continuing the analogy, if you weren’t a fan of the closed fridge system, you could get a different one.

Not really, because, first of all, there aren’t really any open system, also, that fridge just happens to have this water dispenser integrated and it’s the only model that has it, and also, your local supermarket won’t let you buy any of their products if you don’t own that specific fridge

And I’m not saying that I’d be shocked in knowing I can’t put bread in it, I would know beforehand, and maybe I accepted that, and I got used to looking for my fridge’s logo in local stores before entering, and I’m used to checking ‘compatibility lists’ whenever I buy a tomato, but, that doesn’t mean I can’t find it to be absolutely absurd.

I accept and I understand the PS3’s license agreement, and it is for the software that runs on it, the GameOS firmware. However, a license that I accept isn’t necessary “until death do us part”, and if I suddenly decide that I don’t like it, and I don’t want it, there is no way for me to remove their firmware from my console and use my own custom firmware (or Linux).

What should I do with the hardware that I own if I don’t want to use the software that’s on it?

Quoting from that same post:

A closed source (or “proprietary”) program is like going to a restaurant where they serve this dish that you like, but when you ask the waiter/waitress what’s in it, they refuse to tell you the recipe for it. And open source is when you go to your friend’s house, you eat something that you like, and when you ask what’s in it, your friend tells you “oh, let me give you the recipe.

Now imagine a world where no one could ever get a recipe for anything, you want to cook something, you have to relearn from scratch, experiment yourself with everything and see if the result is satisfactory, without having any references…

…Thankfully, this isn’t the world we live in, and in the same way as you might enjoy cooking and exchanging recipes with your friends and family, we, programmers, enjoy sharing source code with each other, making our ‘recipes’ publicly available to everyone.

But the fact is that restaurants do protect their cooking styles and recipes so that they stay in business. That way we can be guaranteed a great meal when we go to a restaurant. With friends – you may or may not get a great meal, but you have more choice and creativity.

So couldn’t it be argued that the PS3 is a restaurant – stuff is secret, but everything is produced by professionals who get paid to ensure that the product is top notch? Meanwhile, the PC can be used for sharing ideas and making better recipes.

Well, first of all, that quote was to explain in simple terms the difference between closed and open source software. And you are right, restaurants do protect their cooking styles and recipes, but they will not sue you into oblivion if you taste their meal then start thinking “I think they added some cinnamon to it”.

But they’d kick you out if you went in there and started eating your homecooked meal.

Also, when you compared the PS3 to a restaurant, the analogy is a bit flawed in that you don’t own the restaurant, you just go to it and pay for a meal. While with the PS3, you actually own the hardware.

So it would (maybe) be a bit more like saying you go to a restaurant (Sony) and you buy a cheese burger (the PS3 hardware that you now own), and the restaurant owner tries to put you in jail because you added ketchup to your burger (you modified the ‘vision of the chef’, you modified their secret recipe). In my blog post, I do these comparison, where I explain that hacking is basically like adding some salt to your meal or ketchup to your burger, and that reverse engineering is the same as eating a meal and wondering if it contains garlic or not

But, in working out that garlic’s in the meal, you inadvertently let everyone know what’s in the meal, and no one buys the meal any more.

Do you know how to make a hamburger? the answer is probably yes… do you still buy hamburgers in restaurants and fast food chains? The answer is probably yes. The thing is that I’m not seeing Burger King yelling everywhere that they are losing millions because people learned how to put beef on top of a slice of bread. You pay for the service of having someone do it for you and you pay for the ingredients used to do it

But if the burger was the same – happy meal toy and all – maybe I would eat that burger. While you don’t promote piracy, it is a consequence of homebrew.

To compare it to the iPhone, it is easy to jailbreak it, people are jailbreaking it, and you can pirate apps on the iPhone from what I heard, but the iphone market is very profitable. As Wolfire Game Studios explained in their blog post, piracy is just an excuse for people who write bad games. In reality, if 90% of your users have pirated your software, then you probably lost less than 1% in sales.

That’s because most people who pirate would never have bought the software anyway, so it’s very wrong to believe that every download equates a lost sale. That’s just what project managers tell their boss to justify why their software doesn’t sell.

I don’t promote piracy, and I don’t want people to pirate games/software/etc. But I don’t believe that it’s as hurtful as they make it out to be. Also, piracy is definitely not a consequence of homebrew. The Xbox 360 has a homebrew program and that has nothing to do with piracy

(Xbox live indie games). What you could argue is actually the jailbreak that could cause piracy, in that case, yes I agree, but it’s the same thing as saying that a knife or cars can kill people, and many people are suffering everyday from the loss of someone dear to them because they were stabbed or died in a car accident.. but I haven’t seen knives and cars being outlawed yet.

MFW is needed to play pirated games though.

Yes, and MFW is also needed to play homebrew (because Sony doesn’t give us an official way to do that). And also, for your information, while some people are pirating games, I know a lot of people who are using MFW to play only their legally owned backups.

It is more convenient for many, and for those who got their discs scratched or broken, or who have a broken disc player, it is the only alternative, other than being forced to pay twice for the same thing (which is I think is generating more profit to these companies than what they lose in pirated copies).

Reading your blog post, you talk about ‘greedy corporations’. Greed is a result of capitalism – the most profitable companies survive, not the kindest – would you say you disagree with capitalism?

That’s a tricky question 🙂

I don’t disagree necessarily with capitalism, but I don’t agree with what people/companies do in the name of capitalism. I don’t agree that capitalism means someone will have so much money that he doesn’t know what to do with it (and he tried everything) while someone else doesn’t even know how he’ll be able to eat today. That may or may not be capitalism itself, but it is a result of capitalism.

The most profitable companies survive, but when they are the meanest, they will lose customer trust and they will fall… while the kindest will have the loyalty of their users and they will not disappear. You need a good balance.

If you read my post, I said that I’m not against DRM, I’m not against a company protecting its interests, and I’m not against a closed system (I am for freedom, and freedom also means that you are free to decide if you want to release your work as a closed system).

But what I also say is that “One’s freedom stops where someone else’s freedom starts”, and I don’t agree when your DRM or your protection infringes on my basic rights and on my freedom. If you look at the humble indie bundle, it was a huge success, they’ve made millions, and there was no DRM, and there was no lawsuit or effort against those who pirated it.

You only needed to pay 1 cent to get the games, but most people were paying on average 15$ I believe. That was the kindest, and they didn’t get crushed.

But it could be said the humble indie bundles worked because of its uniqueness – do you think that if people could choose what to pay on PSN it would be just as successful?

No, of course not. But I am saying that being kind to your users doesn’t mean you get crushed, there will always be a balance. When Sony released the PS3 with Linux support, it didn’t get hacked. When they removed Linux support, it did. The world balances itself out.

I can’t speak for anyone, but in my case, I had a choice between the PS3 and the Xbox 360. I knew no one with a PS3 and quite a few people with an Xbox, which was also 100$ cheaper if I remember correctly.

I bought the PS3, and I convinced maybe 10 friends to buy one, for these reasons :

  1. It had Linux support. While I never really used it on the PS3, I wanted to embrace and encourage this company who thought of Linux
  2. It had a standard Hard drive, and I’m all for standards
  3. It has a standard USB and I’m all for standards
  4. You could use a normal keyboard/mouse/webcam with it

Those are the reasons I bought it, and those were my arguments for converting everyone I knew. They removed Linux, and that was a huge slap in the face, and they already made a firmware update that blocked all USB devices that aren’t licensed by Sony. And there have been two (accidental, then later fixed) firmware updates that refused to boot if they didn’t have the original hard drive it was sold with.

The result of all this? I’ve changed my stance and now I’m convincing people to never buy any Sony product, and believe me, a boycott will hurt them 10 times more than any piracy ever could.

Well the reason they claim to have removed Linux was because GeoHot was looking into jailbreaking the PS3- he may or may not have been successful, but it’s not entirely true that the hack was only because of the removal.

That isn’t true, I know for a fact that they removed it because IBM forced them. It was all about money and nothing else. What Geohot tried to do is enable Linux on the Slim which didn’t have it, so technically, they started it, the initial geohot hack was as a response of Sony removing Linux from their PS3 Slim. It wasn’t really much actually, since first of all, the Slims never had Linux support so it wasn’t an issue of them breaking any promise, and secondly, what he did didn’t have any kind of repercussion on GameOS (the XMB firmware). The proof being that the first hack was through an exploit in their USB stack, and had nothing to do with Linux.

Also, whether they removed Linux in 3.21 or not, what difference would it have made? The only thing his hack allowed was to read and write to the memory of the PS3, and he dumped the hypervisor code. Even if they removed Linux, the hypervisor code was already dumped, so it would have made no difference, it was too late.

Sony did, however, manage to “re-secure” the PS3 – while the PSN’s security was lacking, and I think you said the PS3’s initial security looked like it was “made by five year olds”. Was the re-securing an impressive feat of programming?

Yes, I was surprised by how they re-secured it. It’s still not really secure, but they were able to block the immediate jailbreak solution.

They did the only possible solution to block the spread of these MFW. The first step was to add a new, additional layer of security in the firmware update files that would get checked by the newer firmwares, this means that we can’t install a MFW on 3.56 (and up) because they check these new files for authenticity, but we could create a 3.66 MFW that could be installed on lower firmwares (but no one did because it’s not interesting enough I suppose).

Then the second step, once they made sure that it worked and that most people were away from the vulnerable firmware versions, they made a new firmware where they decided to hide all their important files in the single file that was left protected.

The PS3’s core system consists of multiple files with a chain of trust, A decodes B, B decodes C, C decodes D, etc… and we have the keys to all these layers, so when a new firmware comes out, we can just decrypt A and get the decryption keys for B, then get the decryption keys for C, etc…

However there was another independent file (lv0) that isn’t part of this chain, for which we didn’t have the keys, so they hid this A file inside of lv0, so we can’t access it and we can’t decode the whole chain. This single secure point was all they needed to resecure everything, and that’s exactly what they did. However, this lv0 file is just as vulnerable as the rest of the system was, so it’s just a matter of finding the keys for it (some developers are very close to doing that), then we’ll be able to get access to A and subsequently decode the whole thing again. And that would be the highest level of trust you can get, then you can use a NAND/NOR writer (let’s call it a ‘modchip’) that could just replace your current firmware with a modified one (from the latest version of course), thus bypassing the new security checks they’ve made to prevent installing newer modified firmware.

So once that’s been done, there’s no chance of re-re-securing the PS3?

No, I don’t think so, that’s what had been discussed by the fail0verflow team during their presentation by in December 2010. And that is the exact reason why they have just filed the FCC for their newer PS3 model. Other than lv0, since the 3.60 update, they added a lv0.2 file which contains a ‘digital signature’ of the lv0 file that the PS3 must check to ensure that lv0 wasn’t modified.

This new CECH300X PS3 model will be the first one to actually do that verification, that is their only solution for securing the PS3, but all older models are vulnerable forever.

They messed up in such proportions that it’s impossible to go back now without a newer hardware revision. That’s why the fail0verflow team said that it was an “epic fail”.

What do you think of the fact that Sony provides DRM measures?

I think they are free to do so, it is their right, and I don’t mind a non-abusive DRM, but like I said before, “One’s freedom stops where someone else’s freedom starts”, and a perfect example of that is Sony BGM’s rootkit scandal where in order to protect themselves, they decided to infringe on everyone’s freedom, security and privacy.

And worst is when they were forced to remove it, the tool that they released to remove the rootkit, silently installed a different one, without even removing the initial rootkit.

I have an issue with that kind of DRM that Sony might produce. Many people prefer pirating a game on PC rather than being forced into a ridiculous DRM scheme. They are hurting themselves more than they think.. like I said, it’s all about balance. And look at the music industry now.. I’m not sure, correct me if I’m wrong, but I believe Apple used to DRM everything and people got fed up with that, then the whole “DRM-Free music” stuff started and that’s when iTunes really took off.. treat your customers well and you will more than survive, you will prosper.

So what are you doing at the moment in the PS3 homebrew scene?

I’m not really into homebrew, I prefer writing the low level libraries rather than something with a user interface. But I wanted to kick-start the homebrew initiative, so I had a bit of fun writing the SGT Puzzles Collection and porting Free Heroes 2, then I decided to stop. But since then, Scogger HD was released and I know at least 2 other homebrew games that are being developed now and which will be added the Humble Homebrew Collection as soon as they are ready.

Since then, I’ve had a lot of work at my job, so I decided to relax and took some time off from the PS3 development, but I should soon get back to it.

My plan for now would be to get a jailbreak solution for 3.66 firmwares and up. One that wouldn’t require any hardware modifications and one that wouldn’t even require any modification of the original firmware. But it will take a lot of time to finish, and I can’t guarantee I’ll ever have the motivation to finish it.

Hopefully, by finding the solution to jailbreak and access homebrew on an unmodified firmware, this will also prevent the possibility of piracy.

That would be ideal, piracy is the biggest problem with MFW – but it would still mean that games would be played on the PS3 that didn’t give Sony a cut. The PS3’s R&D and reduced price were a result of hoping to make money off of that cut. Do you think that cutting out the middleman that is Sony, they may not invest so heavily in the PS4, or sell it for a loss?

I don’t think they will invest so much and I don’t think they will sell it at a loss, I believe they learned their lesson with the PS3, it is not a good business model. But that has nothing to do with cutting out the middleman. Also, most (if not all) homebrew games are free, so they’re not losing money because a few thousand people are playing a game that was distributed freely by its authors. On the contrary, they’d be saving bandwidth since they’re not the ones offering these free games 🙂

If I was new to gaming, and interested in the homebrew scene, would you tell me to buy a PS3 and jailbreak it (assuming that it can be done), or simply use a computer?

I believe that this question is equivalent to “I’m interested in playing games, do you suggest a PS3 or a computer?”. It depends on what you want. If you want to be on your couch with a controller in your hand, and switch easily to listening to music, streaming movies, etc… then the PS3 is for you…

If you prefer gaming while you’re sitting in a chair in front of a (usually, relatively) smaller screen with a mouse and keyboard, then I’d say the PC is for you.

A homebrew game is the same as a professionally made game, the quality may (or may not) differ, the only difference is that it was developed by someone ‘at home’ rather than by someone ‘in his office’.

Like I said in another interview, if you run an application on your iPhone and the application or game launches without showing you a splash screen with a company logo/name, then that is a homebrew application that you are running. Not all applications on the iPhone/Android that are good necessarily have this company logo at startup.

But currently, the PS3 homebrew scene is very young (and unfortunately a bit striving since Sony managed to scare off pretty much every potential developer) and we are building our own SDK from scratch, so no one has to rely on a leaked and copyrighted SDK and it takes time for the community to grow.

What would Sony have to do to make you buy the PS Vita?

They need to stop their current lawsuit against Alexander Egorenkov (who only brought back Linux to the PS3 and write Linux drivers, he hasn’t even looked at GameOS), they need to give a proper and sincere apology on their blog about their removal of OtherOS support, and give us a way for legitimately running homebrew applications on the PS3, whether it is by bringing back OtherOS support, or by creating something similar to the Xbox Live Indie Games.