Piracy Offense and Defense: A Brief History of Sony Game Console Cracking

  Recently, SpecterDev, Chendochap and Znullptr, the three technical “great gods”, jointly cracked the 9.00 system of PS4, and claimed that the USB read vulnerability used in the cracking process existed in the whole system of 1.00-9.00, which means that theoretically the system version number PS4 hosts below 9.00 can use this vulnerability to complete the crack.
  Interestingly, Chendochap claimed on its Github that this latest vulnerability was discovered after the team compared the difference between the 9.03 system firmware released by Sony in early December 2021 and 9.00. It can be said that Sony’s own negligence allowed hackers to discover the vulnerability. .
  Although the 9.03 firmware blocks the vulnerability, it has only been two weeks since the firmware was released. This means that any PS4 user who has not upgraded the system within two weeks can use this vulnerability to complete the crack, which is undoubtedly a huge blow to Sony.

Sony’s miniaturized PS1 console “PS one” released in 2000

Memory card for PS1 save game

  When the disc slot of the PS1 host is open, put the genuine disc first to pass the verification, and then replace the pirated disc at the right time to enter the game.

  Fortunately, the PS4 has entered the end of its life cycle, and although the USB vulnerability this time also exists in the latest console PS5, it may be due to the better anti-cracking measures of the PS5, and the current PS5 is seriously out of stock, and it is difficult to find a machine. , the hacker claimed that there is no way to use this vulnerability to complete the crack.
  The console is cracked, which means that any game and custom firmware can be installed and run. Today, the three major game console manufacturers (Sony, Microsoft, Nintendo) basically adopt the model of “selling consoles at a loss and making money by selling games”. Once the system is broken, it means that players can play the latest masterpieces that cost three to five hundred yuan for free, and game sales and company revenue will be more or less affected.
  So, what is the cracking situation of Sony’s previous consoles? What stories have happened during Sony’s battle with hackers? Let’s start with the original console PS1 and count the cracking history of Sony’s game consoles.
“Flying disc” Dafa physics crack

  PS1 is a home video game console released by Sony at the end of 1994. The full name is PlayStation. It was the first test of Sony, a traditional home appliance giant, in the game field.
  It is worth mentioning that the PS1 project originated from a business cooperation between Nintendo and Sony: At that time, Nintendo was preparing to launch a version with a CD drive for its upcoming new console, the SNES (Super Nintendo), taking advantage of the large storage space of CDs. , which brought new possibilities to the game console market with cassettes as the main carrier at that time.
  But Nintendo later announced a partnership with Sony’s rival Philips, which then fell apart. But at that time, the development of PlayStation had reached a very mature level, and Sony simply developed a game console by itself, and PlayStation was born and achieved great success.
  Different from the previous game consoles, PlayStation canceled the design of the cassette, and used a CD-ROM with a larger capacity, a lower price, but a slightly slower reading speed as the storage medium, bringing a movie-level picture completely different from the cassette game. with magnificent sound effects.
  And because the industry was still in the early stage of exploring how to prevent the CD from being cracked, the PS1 adopted an anti-cracking mechanism similar to that of the movie CD at that time, that is, in the process of suppressing the genuine CD, the inside of the CD was added. The verification area containing the area code in the previous circle – this area can only be produced by pressing, and cannot be copied by programming.
  When running the game, the host will first detect this area of ​​the disc, so as to prevent cracking and running cross-regional games. However, this method was quickly cracked by various hackers through the expansion terminal interface that comes with the host computer. At the same time, cheat cassettes that are externally connected to the expansion terminal and can modify the game content are also all the rage.
  Sony later canceled the expansion terminal interface on the new model, and the hackers directly soldered a chip that can bypass the CD verification on the main board of the machine, and also completed the crack. Even among players, there is a widely circulated “Flying Disc” method: when the disc slot of the PS1 console is open, put the genuine disc first to pass the verification, and then seize the opportunity to replace the pirated disc to enter the game. It can be seen that the anti-cracking method of PS1 is relatively primitive, which has been improved on its next-generation PS2.
Direct-reading chips promote the formation of rental stores

  Time came to 2000, PS1 achieved a huge success with cumulative sales of 100 million units, ending Nintendo’s dominance in the game console industry at that time, and making the game industry and Sony realize that the combination of 3D games and optical disc carriers is powerful. strength. So, Sony put more powerful graphics on the PS2 and built in a DVD player, making it a true home entertainment center.
  PS2 caught up with the tide of DVD popularization, and with its powerful performance and excellent development ecology, it has become a generation of legends, eclipsing the DC, NGC, and XBOX consoles of the same period. Among them, DC has become the last generation of Sega game consoles. , and the PS2 still occupies the first throne of game console sales with a cumulative sales of 157 million units.
  At the same time, with the lessons learned from the PS1, the verification of the disc on the PS2 is also stricter, and the “Flying Disc” method is no longer applicable. However, no matter how strict the disc verification is, it can also be bypassed by soldering the direct-reading chip on the main board of the machine. Although there have been various cracking methods such as memory cards and Swap Magic discs in the long life of PS2 for more than ten years, the direct-reading chip is undoubtedly the most widely used method.

  At that time, 99% of the PS2s that could be seen on the market in mainland China were parallel imports that were reassembled from smuggled parts. Often, the direct-reading chip had been soldered when the machine was assembled, and only 5 yuan a piece of pirated disc was needed. to play. This also laid the foundation for the widespread popularity of this console in the mainland. The 5 yuan an hour PS2 “rental shop” that can be seen everywhere on the street has gradually replaced the arcade hall, and even became the prototype of the Internet cafe in the future.
The president verified the crack with his own eyes

  In 2004, Sony decided to launch a “portable” game console, intending to challenge Nintendo’s handheld empire. And this host is the PSP well known to Chinese players. Although the PSP has never been officially released in mainland China, it may be the most well-known game console among Chinese people.
  The PSP is so successful, of course, thanks to the exquisite pictures brought by its powerful processing performance, but in the era when smartphones have not yet appeared, the characteristics of being able to play movies and music at the same time make it a real portable entertainment terminal. , which may be the real reason for its huge success.




  The PSP cracking process is very complicated. First of all, the PSP can be called the first machine to introduce the concept of “operating system” into the game console industry: it uses Sony’s self-developed operating system that is completely different from previous consoles, making hackers completely ignorant of the PSP system. File mechanism; and its game storage medium UMD disc uses “brutal” 128-bit AES encryption technology, so that hackers can only “look at the disk and sigh.”
  But the turnaround came half a year later, when Sony released version 1.5 of the system. In the offline upgrade package of the system, the hackers figured out the details of the PSP file system, and then successfully opened the door to PSP cracking. Dark-Alex, liquidzigong, GEN and other domestic and foreign cracking masters, from the original genuine boot disk, to the self-made system, magic battery, “egg map”, until the final Infinity perfect crack, in the course of ten years, and Sony played It has to come and go.
  Kazuo Hirai, the then president of Sony Entertainment, even came to the game console store in Zhongguancun, Beijing, in order to understand why the PSP without the National Bank was able to sell well in the Chinese market. It can be seen that the crack has a great impact on the PSP. And the successor model PSV of the generation of magic PSP, in the wave of smart phones, is unknown, although it has been cracked one after another, I am afraid that it will never be able to reproduce the grand occasion of the peak period of the PSP.
  Back on the home console side. The PS3 came into being in 2006 after 6 years of service on the PS2. Maybe it’s because the halo of the PS2 is too dazzling, or maybe it’s the “father of PS” Ken Kutaragi’s stubborn pursuit of self-developed hardware. Sony adopted a very radical processor solution on the PS3, using a CELL jointly developed with IBM to process server as the host CPU.

  The direct-reading chip widely used in the PS2 era is unable to do anything with Blu-ray discs.

  This architecture still looks very avant-garde today, and when the performance is fully released, it is even more powerful than some CPUs on the market today. But the so-called “success is also Xiao He, failure is also Xiao He”, the “monster”-like architecture of the CELL processor is too difficult for game developers to understand, and programmers even need to debug for months to display the first picture on the screen. .
  At the same time, the high development cost of the processor and the built-in Blu-ray drive have also brought the host a much higher price than its competitors. For various reasons, the PS3 has poured cold water on Sony’s head, with a cumulative sales of only 87 million units, which is basically the same as that of rival Microsoft’s Xbox 360 console.
  But the Blu-ray disc used by the PS3 also gives hackers nowhere to start. The direct-reading chip widely used in the PS2 era is unable to do anything with Blu-ray discs. Until the end of 2010, 4 years after the release of the console, Sony officials leaked the encryption key of the PS3 game due to negligence. A month later, a hacker group produced a USB “dongle” and used the genuine key to intervene in the verification steps of the console. , complete the cracking. But it didn’t take long for Sony to launch a system update to block this loophole, and the PS3 cracking under the new system was in trouble again.
  After this, there have been soft breaking, E3, hard breaking and other means, all of which are based on the 3.55 system leaked by the key. Among them, the chip that needs to be welded for hard breaking is much larger than the direct reading chip of PS2, which is not only more difficult to weld, but also very poor in stability. To this day, the perfect crack of PS3 has still not been achieved, which can be said to be one of the most difficult hosts to crack.
Officially blocked, cracked down

  Although it is very difficult to crack the PS3, the high price, too little game lineup and too high cost made many players in this period switch to the Microsoft Xbox camp, and the “three-point world” pattern of Sony, Microsoft and Nintendo also formed during this period.
  On the PS4 console released at the end of 2013, Sony learned the lessons of the previous generation console and adopted the mainstream x86 platform provided by AMD, which greatly reduced the difficulty of game development and lowered the price, which is lower than the competitor Xbox ONE. 100 dollars.
  These measures have brought Sony back to the king position in the game console industry, with cumulative sales exceeding 100 million, more than double the sales of Xbox ONE. At the same time, Sony also launched a reward program for console vulnerabilities. After many hackers found vulnerabilities in consoles, they directly submitted them to Sony in exchange for bonuses. This also allowed PS4 to have a cracking method based on a browser cache overflow vulnerability until 2018, and it was limited to older versions of the host.
  Although version 5.05, 6.72, 7.55 and other versions have been cracked successively, PS4 has official distribution rights in mainland China; under the attack of Sony’s legal department, many PS4 cracking forums and websites have been closed. Moreover, in recent years, the genuine awareness of players in mainland China has also been continuously enhanced. The era of the “5 yuan party” of PS2 and PSP has probably gone forever.