It is the turn of PS3

Posted on August 27, 2010 by wunderbarb

For years Sony’s Playstation resisted to hackers. One potential explanation was that when authorizing homebrew applications to execute on PS, Sony removed as attacker the complete homebrew community (which is a large chunk of the reverse engineering community). This is not anymore true.

Since 19 august, the PSjailbreak is available. This USB stick allows to execute duplicate of games. It is a kind of R4 but for PS3. It works for PS3 and PS3 slim. The price is rather high (at least in France around 130€ or $160). Every reports claim that it works.

Sony already claimed that through their network PSN they can detect the presence of the JailBreak and then retaliate. I did not yet find a post that confirmed a counterstrike by Sony on PSN. The current version of PS3Jailbreak does not propose any upgrade feature, thus it may be a weakness.

The funny part of the story is that pirates may soon be pirated. The reverse engineering of the PSJailBreak already started. The hack is based on a standard PIC microcontroller PIC18F. It seems that the code has already been successfully dumped. Some sites are already proposing clones such as PS3stinger, PS3key, X3JailBreak… Clearly, the distributor foresaw this because the site clearly warns about imitators and created a logo for authorized dealers.

Once more, our law #1 “attackers will always find their way” was verified. It took just longer than for the other game consoles. Now, let’s wait the reaction of Sony.

A database of 44 millions game accounts!

Posted on May 30, 2010 by wunderbarb

Symantec has located a database server holding 44 million accounts of online gamers. The information in itself is already interesting. But more interestingly is the companion of the server. The database holds credentials, most probably collected by some malwares. But are these credentials still active? For that purpose, the hackers have created a dedicated Trojan that once installed receives a set of accounts to test. If it succeeds to log on one account, it correspondingly updates the database. Using a Trojan on a botnet has the following advantages:

go faster by using many concurrent computers
Bypass eventual limitations of failed login using the same IP address

You may say: “Game accounts! Who cares? It is not as if it was something serious such as bank account”. In that case, you’re clearly not a gamer. More seriously, I would suggest that you take a look at the site player auctions. Wov! You’re not dreaming. This is about real money. And not a few cents!

Once more, we see that hackers are more and more money driven, less visible and not looking for fame.

Thanks MM for the pointer.

Poke Walker: a brilliant idea against piracy

Posted on May 10, 2010 by wunderbarb

We are currently flooded in France with advertisement for the Poke Walker that is shipped with Nintendo’s Pokemon HeartGold and SilverSoul games. These are the latest sequels of game of the Pokemon family for Nintendo DS.

The Poke Walker is a small pedometer that can download a pokemon from a Nintendo DS. In other words, you carry your pokemon with you. You may say: “Nothing new, just take your DS with you.”. But the difference is that the more you walk with your poke walker, the more points your pokemon will gain. And of course, the poke walkers can communicate gaining some new points.

This is simply brilliant, for at least three reasons:

Against piracy; the poke walker is only delivered with the legit games. No way to purchase a poke walker without buying the actual game cartridge. When you know the pervasiveness of R4 (and likes), this is an extremely good answer.
It obliges your kids to walk, run, move… Good answer to people who complain that video games turn our kids in sedentary zombies
You have to communicate with other poker walkers; once more, a good answer to detractors against no life players
Business wise; a good illustration of the network effect.

This is an excellent answer to piracy. Unfortunately, it works only on this game.

I know that the news is somewhat out-of-date. It was launched in the US last summer. But my kids are not pokemon players :Happy:

Other country, other views

Posted on March 22, 2010 by wunderbarb

Last week, I reported that Nintendo succeeded to sue an Australian retailer of R4.

Unfortunately, for Nintendo, it is not always as straight forward for other countries. Recently, Nintendo experienced a reversal in France. In 2009, Nintendo prosecuted six French retailers among which Assentek. On 3rd December 2009, the Parisian Tribunal de Grande Instance (TGI) nonsuited Nintendo. Thus, this sets a legal precedent making legal the sales of linkers, such as R4.

On 9th December, both Nintendo and the state prosecutor appealed against this decision. Thus, we will have to wait for the final decision.

Assentek provides an interesting press review.

It is always surprising that two countries do not perceive piracy in the same way. One of the difficulties is that there is no harmonization of copyright and trademark laws.

Nintendo fights R4 piracy

Posted on March 17, 2010 by wunderbarb

There are many ways to fight piracy: Technical means where you try to design your system to be “unbreakable” or you update it to render current circumventing solutions inefficient. Or you may use the legal means where you sue the pirate.

In its fight against R4, Nintendo uses both methods. R4 cards (and R4i) are among the most popular cards for pirating Nintendo DS (and Nintendo DSi). This card is inserted in the cartridge in place of the legit game. You may download the games (so called ROMs) from the Internet, store them in a standard flash memory, and here you play. In other words, you can find on the Internet, about all (if not all :Sad: ) the published games and run them for free on your DS with the R4. The price of these cards being ridiculous, you may guess the huge success. I must confess, that at least in France, R4 is rather successful.

Nintendo has attempted (and is currently attempting) several ways to thwart R4. Unfortunately, not with great success.
But they are successfully on the legal battlefield. In February, Nintendo got GadgetGear, an Australian company, to pay A$620,000 (about 414K€ or 567K$) by way of damages. Since 2008, Nintendo pursued more than 800 actions against resellers. Fighting local resellers is a good strategy if this generates good frightening examples. With the easiness, to find local resellers on the Internet, it seems that Nintendo needs more successful trials to scare the resellers. Resellers are rather operating openly.

For more details, see the press release.

Game security is really a tough job.

UBISOFT re-torpedoed

Posted on March 15, 2010 by wunderbarb

The use of a new type of DRM for its new games “Silent Hunter 5” and “Assassin Creed II” raised a violent reaction against Ubisoft. The software was cracked in less than 24 hours.

But this time, the story did not stop there. Last week, Ubisoft was under a serious Denial Of Service (DOS) attack. Thus, the legitimate gamers were not able to play! These games require online connection for initial authentication but also to save the game! It seems that this weekend a new salvo of DOS was launched from Russia against Ubisoft’s servers. These DOS attacks make the hacked version more attractive (that’s the limit! :Sad: )

Furthermore, some players confirmed on forums that the hacked game was complete (which initially Ubisoft denied).

Lesson: When designing a DRM, we should check what occurs if some context environments fail (such as network connection. The impact should be minimal for the legit customer.

Ubisoft’s DRM torpedoed!

Posted on March 9, 2010 by wunderbarb

Ubisoft recently launched its new game “Silent Hunter 5”, a simulation of submarine. The game was protected with a new generation of DRM that required constant online connection to servers. Of course, if you are online, it is easier to fight piracy. As usually, in the game arena, this new DRM generated a huge fury (remember Spore).

Unfortunately, 24 hours after the launch, a cracked version appeared on the P2P networks (see TorrentFreak). The cracked version does not require online connection!

Quickly, Ubisoft denied that the game was cracked.

“You have probably seen rumors on the web that Assassin’s Creed II and Silent Hunter 5 have been cracked. Please know that this rumor is false and while a pirated version may seem to be complete at start up, any gamer who downloads and plays a cracked version will find that their version is not complete,”

Unfortunately, when scouting the forums, I never find any person complaining that the game was not working. Nevertheless, the crack requires to avoid any connection to Ubisoft servers.

Ubisoft was expecting to deploy the same DRM for Assassin Creed II. Some delay may be foreseen.

As a citizen, I see the need of DRM. As a security expert, I “build” DRM. Piracy is bad. As a gamer, I hate DRM that requires a permanent connection for a game that does not need interaction with other entities. I often play games in train or plane. Such a DRM requirement would be deterrent for me. One of the most important requirements for DRM is that DRM should be as transparent as possible for honest user.

Software protection is one of the most complex tasks.

The blog of content protection

A site managed by Eric Diehl

Category Archives: Game security