

New PlayStation 3 Hack May Be One That Sony Can’t Stop - derpenxyne
http://kotaku.com/5954675/new-playstation-3-hack-may-be-one-that-sony-cant-stop

======
9999
I think Sony overestimates the amount of piracy that this will enable. I
softmodded my Wii long ago (in order to unlock the region to play Japanese and
European games on a U.S. Wii). Ever since it's been an incredible pain in the
butt to keep it updated to the latest modded firmware revisions in order to
play legitimate games. Almost every time I buy a new game I have to dig
through an incredibly dense array of sketchy forum posts and file sharing
sites to find the newly patched custom firmware.

If a person were looking to play a game on its release day (legitimate or
pirated), they would find the process so time consuming and annoying that I
doubt more than 1% of Wii owners would bother with it. I would guess the same
pattern would repeat for hacked PS3s. Of course, even a 1% loss in sales would
be a pretty big blow for Sony and the other developers, but it's debatable
whether or not that population would have paid for a pirated game in the first
place.

Does anyone know if Nintendo ever announced how much they've lost in sales to
piracy on the Wii? Has Sony ever released estimates on how much they might
lose to piracy?

~~~
hkmurakami
A realization I had when I first started working was just _how cheap_ video
games are compared to virtually any other form of entertainment.

Movie ticket = $10 / 2 hours = $5/hour

Amusement park = $30 / 5 hours = $6/hour

Dining out = $20 / 2 hours = $10/hour

Video game = $50 / 20 hours = $2.5/hour

I don't own any of the latest generation video game consoles, but if I did,
I'd certainly be buying a bunch of them via download for their sheer economy
in giving me entertainment value.

~~~
ineedtosleep
Comparing those things on a cost/hour basis is ridiculous. They are not
comparable on that scale since it doesn't account for the quality of amusement
you're getting.

That aside, where are you getting those arbitrary hours? 20 hours on a video
game is extremely rare these days, especially if you're not one that goes for
the torturous achievements or sports/multiplayer FPS.

Most (high budget, modern) games will run you about 8-10 hours. If my estimate
is accurate whatsoever, that would run the cost/hour down to $5.00 -
$6.25/hour -- the same 'value' as a movie ticket and amusement park.

~~~
w1ntermute
> 20 hours on a video game is extremely rare these days, especially if you're
> not one that goes for the torturous achievements or sports/multiplayer FPS.

What are you talking about? One recently released critically acclaimed game
was _The Elder Scrolls V: Skyrim_ , which players have averaged 75 hours of
time on[0]. Even at $60, that's $0.8/hour.

And don't forget that unlike food or movie tickets, the price of a game goes
down _drastically_ over time. If you're willing to play older games, you can
get them for almost nothing.

With Steam, I got _L.A. Noire_ , a game released in May 2011 to pretty good
reviews (83/100 on Metacritic for the PC version), for just $7.50 in July of
this year. I've already played it for 43 hours (and still haven't finished it)
- just $0.17/hour.

0: [http://www.gamespot.com/news/skyrim-pc-players-
average-75-ho...](http://www.gamespot.com/news/skyrim-pc-players-
average-75-hours-of-playtime-6350045)

~~~
shazow
I was one of those people who spent ridiculous number of hours in Skyrim, but
that's a rare and far-between luxury. For every one great game like Skyrim, I
pay for a dozen mediocre games that I play for maybe an hour or two.

The amount of time you need to commit to make it worthwhile is exactly the
problem and introduces a high risk factor. If I see a mediocre movie, that's
only 2 hours of value gone.

~~~
w1ntermute
> For every one great game like Skyrim, I pay for a dozen mediocre games that
> I play for maybe an hour or two.

You're clearly doing something wrong then. I'm not a particularly big gamer,
but by spending a minute or two online looking at review scores before buying
a game, I've almost always been happy with my purchases.

> The amount of time you need to commit to make it worthwhile is exactly the
> problem and introduces a high risk factor.

I think this is less of a problem these days because you can get a pretty good
idea of the quality of a game from online reviews, certainly better than
newspaper-based movie reviews that people have relied on for the last half
century (not that you can't find movie reviews online now as well).

~~~
shazow
Is it possible that I am using reviews and turns out I have specific things I
enjoy or don't enjoy which isn't identical to everyone else?

For example, let's look at some of the highest rated games of all time list
and see which ones I've bought and didn't feel I got my money's worth (just
looking at the first page of metacritic top all time):

PS3: Assassin's Creed, Rock Band 2 (enjoyed Rock Band 1), Dragon Age: Origins,
Call of Duty 4: Modern Warfare,

PC: Bioshock, Diablo 3 (big fan of Diablo 1), StarCraft 2 (big fan of
StarCraft 1), Civilization IV.

Of course there are plenty of games where I _did_ get more than my money's
worth: Minecraft, Fallout 3, everything by Valve, GTA, WarCraft 3, Diablo,
Elder's Scrolls, Baldur's Gate, etc etc. I'd say in any given year, there's
probably at least as many games I've bought that were meh and just didn't grab
me as there are ones that were amazing. That reminds me, I should probably
send another donation to the Dwarf Fortress brothers.

It's not all about reviews, and not all games have demos on launch day (or
even weeks later). Fact is, games are high-commitment (hours) and
comparatively high-cost.

------
chairmankaga
The kotaku story is following in the steps of the older stories and is
somewhat inaccurate.

This was a much more interesting read by one of fail0verflows devs Marcan.

[http://wololo.net/2012/10/25/clarifying-the-confusion-on-
the...](http://wololo.net/2012/10/25/clarifying-the-confusion-on-the-
ps3-development/)

~~~
derpenxyne
I grant that - essentially:

Q: So the PS3 is utterly and completely broken? A: To an extant yes, debatable
but unlike the 3.55 hack we have mostly everything needed. Sony will never be
able to re-secure existing consoles.

------
durpleDrank
As someone who bought his PS3 only for the bluray player and the ability to
have linux on his tv in one little box, and after doing hours of research to
verify it was a legit feature (only to have it stripped less then a year
later) I find it impossible to empathize with sony.

~~~
csense
A thousand times, this. I bought an original-model PS3 when the slims first
started to come out, specifically because I wanted to put Linux on it.

It's like if you were to buy a new car, and you really like the sound system
it has, and you wouldn't have bought it if not for the sound system. And then
a year later you take it in for service, and they say, "Sorry, we have to take
your sound system out and smash the jacks with a sledgehammer so you can never
put another sound system in your car. If you don't agree to this, that's your
right. But if you want to keep the sound system, you'll never be able to get
any repairs or an oil change from us ever again -- and since all the parts are
proprietary and the oil change valve is locked with our encryption key, you
won't be able to DIY your maintenance or get it from a third party repair shop
either."

Then again, this is the same company that put rootkits on audio CD's.

~~~
djhworld
I still have the original box for my PS3, it has "Linux support" and
screenshots plastered all over it.

Makes me weep a bit

------
pmichaud
I have a PS3 because it's dead simple to buy a game, pop it in, and just play
it without worrying about anything else. I would never use this, it defeats
the purpose of the ps3 for me. I'd rather just spend $20 on a game.

~~~
wlesieutre
Are there many games worth playing that sell for $20? Going rate on new
releases is more like $60.

~~~
derpenxyne
Jeez, what new games do you know that sell for $20?

~~~
teamonkey
FTL! Launched on Steam at about $10

------
jpablo
He says that all future firmware updates can be decrypted, since every PS3
must be able to upgrade to any future version, but can't Sony just put an
intermediate update that changes the keys and is the only one that older
consoles can update too, and then after having that one update you are allowed
to the newer updates encrypted/signed with newer keys?

~~~
chairmankaga
"Q: Can Sony “fix” this like they did for the 3.55 exploit?

A: No. With 3.55 the keys metldr used to verify its dependent modules were
recovered. So Sony simply stopped using the now-insecure metldr and started
using bootldr (which was still secure) to load.. Sony doesn’t have any more
secure modules like bootldr left so like I said in my original post they have
no options and cant fix anything; without getting too technical, we now have
the keys to every “common” hardware module that is able to decrypt Sony-signed
modules. The only thing left are the modules that use per-console keys, which
are useless for booting common firmware (which must be decryptable by every
PS3)"

[http://wololo.net/2012/10/25/clarifying-the-confusion-on-
the...](http://wololo.net/2012/10/25/clarifying-the-confusion-on-the-
ps3-development/)

------
sturadnidge
From the article:

> a 2006 launch PS3 can still update directly to the latest software

A few other tech companies could take a leaf out of that book. Look at the
state of the iPad 1 for example...

~~~
WiseWeasel
So you're saying Apple should stick with the same set of hardware capabilities
for six years?

------
Karunamon
Serves them right. SCEA earned their place on my "do not ever buy" list after
the Geohot fiasco - everyone knew their system was insecure and it was just a
matter of time before someone else picked up where he left off.

You lose. Good day sir.

------
cyber
There has been a lot of comments on the piracy aspect, but I think the cheats
are just as important, if not more so.

With the assumption that the vast majority of players don't want to jump
through the hoops to deal with keeping updated on "liberated" firmware
versions, the piracy threat is contained to a small population, not likely to
damage the bottom line.

However, the risk to online play is greater with cheat enabled clients. A
single cheat client can cause great havoc within a game instance. Even if the
individual device can be banned, another actor can take it's place. Legitimate
clients will get frustrated quickly on a prolonged attack. And _that_ is where
the real damage is.

------
guylhem
Correct me if I'm wrong, but after reading the article apparently it's all
fine and dandy if you have a cracked PS3, but if you have a useless PS3 with
the latest official firmware and want to put it to a better use (XMBC, linux,
whatever) there's nothing for you.

So :

\- this is good for those who cracked their ps3

\- this is a non event for those who did stick to the rules and would like to
do with their ps3 what sony said they were no longer allowed to do (running
linux)

~~~
chuppo
> but if you have a useless PS3 with the latest official firmware and want to
> put it to a better use (XMBC, linux, whatever) there's nothing for you.

I dont think thats correct. With these keys you can sign whatever you like and
have it run on the PS3.

------
JCordeiro
This is bad news for PlayStation fans :( The easier it is for people to pirate
games, the more people who will pirate. The more people who pirate games, the
less moneys the developers make. This is how studios get shutdown. Sony's
closed at least 3 first-party studios just this year.

------
chucknelson
Is this really a big deal? Average consumer X, the majority of customers, does
not know or care about any of this. They will buy games they want (or parent X
will buy them) and that will be that.

~~~
derpenxyne
By that logic huge security vulnerabilities in games, software and operating
systems also aren't a big deal as people don't know about them or don't care
about them.

~~~
chucknelson
I guess just the way the announcement was written made it seem like the event
of the century or something. Guess it all depends on the audience...

------
leoh
Am I missing something? The next firmware may be vulnerable, but what about
the one after?

~~~
nitrogen
I'm not familiar with the PS3's architecture, but it seems that any firmware
update that includes new keys will... have to include the new keys. Since the
update includes the new keys, and the old keys decrypt the update, the old
keys can be used to obtain the new keys. Corrections welcome.

------
unkoman
Too bad the PS3 doesn't have any games.

