Once upon a time, Sony Computer Entertainment planned a new handheld device for gaming, music, and movies. Sony’s powerful new "PSP" (PlayStation Portable) is based on the MIPS R4000 CPU, with elaborate graphics capabilities, a gorgeous color LCD display, USB and WiFi interfaces, and a special "UMD" read-only optical disc system.
Sony’s engineers didn’t shortcut on security. They employed elaborate copy protection and anti-piracy systems, including a digitally signed software authentication environment and hardware-based AES encryption, all aimed at preventing the use of unofficial or pirated materials. In theory, only Sony could "sign" software so that it would run on the PSP.
Despite these efforts, cracks appeared almost immediately in the PSP’s armor, spread via the Internet like wildfire, and triggered an amazing and continuing global PSP hacking effort.
It was quickly discovered that the early PSP units, released only in Japan, contained a firmware flaw allowing the running of specially manipulated "unsigned" code. Immediately, "homebrew" PSP applications (that is, not authorized by Sony) appeared, along with work on GNU-based compiler toolchains for development.
By the time the PSP was released in the U.S. several months later, the flawed version 1.0 PSP firmware had been replaced with version 1.5, and the execution hole appeared to have been closed.
The next fissure arrived quickly. U.S. PSP fans discovered that a Web browser included in a popular PSP game for update purposes, designed to access only a particular update site, could be manipulated to reach arbitrary sites via Internet DNS tricks. The browser also allowed access to local system files on the PSP itself, including files on the UMD game discs. While many of these files were encrypted, enough information was found to speed development efforts aimed at cracking the 1.5 firmware for unsigned executions.
It wasn’t long before that work bore fruit. A group in Spain first presented a way to launch homebrew applications on the widely available 1.5 firmware units via the rapid swapping of memory sticks—impractical and possibly dangerous to the hardware, but it worked. A few days later, a technique that eliminated the physical swapping was released by the same group, and of course spread nearly instantly via the Net.
You can already recognize a familiar pattern from the early days of crypto systems. It wasn’t even necessary to try cracking the actual encryption itself (in this case a formidable task, to say the least), because implementation flaws provided other backdoors into the system.
Ironically, by trying to maintain tight control over what could run on the PSP, Sony may have damaged its own best interests. People hacking the PSP fell mostly into two categories—those who wanted to run homebrew applications, and those who wished to run pirated PSP games (or games from other platforms, some pirated and some not, via emulators).
Homebrew application developers are a particularly creative and tenacious lot. Apart from all sorts of their newly developed tools and homemade games, even Windows 95 and versions of Linux have preliminarily been run on the PSP via an x86 emulator. Unfortunately for Sony, the same hacking necessary to allow homebrew applications opened the door for developments allowing the launching of increasing numbers of pirated official PSP games—presumably a worst-case scenario from Sony’s standpoint.
If Sony had encouraged—or at least officially permitted—the running of homebrew applications on the PSP from the beginning, it’s possible that the efforts leading to piracy might have been significantly slowed.
The PSP "arms race" continues. Sony has released new 2.0 series firmware (with attractive features, such as an integral Web browser) that is now standard on newer PSP shipments, and has once again closed the known execution holes. Newer official PSP games will attempt to require updating to at least this firmware version. But this creates another irony: people with 1.5 firmware units who want to keep using PSP homebrew applications won’t be able to legitimately run those new games even if they want to, and may well be drawn to pirated versions as a result.
Whether the newer PSP firmware releases will be cracked without resorting to hardware modifications is unclear. But with a globally dispersed cadre of PSP hackers hard at work, and the Internet providing immediate coordination and distribution of their efforts, betting against another crack may not be the best game in town.