Over the last few years, many new games consoles were introduced in the market ranging from the PS3, to the xbox 360, to the Wii, to the PSP. They all use advanced security features to prevent game copy and firmware hacking. Currently most of these device security schemes are broken. This post aims at providing a comphrensive overview of the current situation.
I will review the security of the 6 latest consoles in this posts:
- The Nintendo DS lite
- The Nintendo Wii
- The Microsoft Xbox 360
- The Sony PSP
- The Sony PS3
Nintendo
Nintendo Company Limited, a Japanese multinational corporation founded on September 23, 1889 [1] in Kyoto, Japan by Fusajiro Yamauchi to produce handmade hanafuda cards. Nintendo has the distinction of historically being both the oldest intact company in the video game console market and one of the largest and best-known console manufacturers, as well as being the dominant entity in the handheld console market.
The DS
The Nintendo DS Lite (sometimes abbreviated DSLite) is a dual-screen handheld game console developed and manufactured by Nintendo. It is a slimmer, brighter, and more lightweight redesign of the Nintendo DS, designed to be aesthetically sleeker while taking styling cues from the Game Boy Advance SP, and to appeal to broader commercial audiences. It was announced on January 26, 2006, more than a month before its first launch in Japan on March 2, 2006 due to overwhelming demand for the original model. As of December 31, 2007, sales of the DS Lite have reached 45.97 million units worldwide.
The DS security was made by the RSA company. It is considered as fully broken because it is possible to play backuped games and install a linux on it. The linux project for the DS is named dslinux. The code signature protection is bypassed by using a hardware device called a linker such as the one below. This linker can be viewed as a bridge between the DS ans the rom.
The WII
Nintendo’s Wii was released in North America on November 19, 2006, and in Japan on December 2, 2006, Australia on December 7, 2006, and in Europe on December 8, 2006. It is bundled with Wii Sports in all regions except for Japan. The Wii retails for approximately $250. Unlike the other systems of this generation, the Wii does not have an internal hard drive, but instead uses 512 MB of internal Flash memory and includes support for removable SD card storage. It also has a maximum graphics output of 480p, making it the only seventh generation console not utilizing High Definition.
The Wii security is considered as fully broken. It is possible to launch a backuped game, use homebrew and install a Linux. Currently the code signature security is bypassed by adding a modchip which is fairly easy to install. However, the situation will probably evolve as a bug in the Zelda seems exploitable. A modchip cost around 25$. The most famous is the wiikey (pictured below)
Microsoft
Microsoft entered the multi-billion-dollar game console market dominated by Sony and Nintendo in late 2001 [50], with the release of the Xbox. The company develops and publishes its own video games for this console, with the help of its Microsoft Game Studios subsidiary, in addition to third-party Xbox video game publishers such as Electronic Arts and Activision, who pay a license fee to publish games for the system.
Xbox
Microsoft’s Xbox was the company’s first video game console. The first console to employ a hard drive right out of the box to save games, the Xbox blurred the line between PC and console gaming, as it had similar hardware specifications to a low-end desktop computer at the time of its release.
According to the book Smartbomb, by Heather Chaplin and Aaron Ruby, the remarkable success of the upstart Sony playstation worried Microsoft in late 1990s. The growing video game market seemed to threaten the PC market which Microsoft had dominated and relied upon for most of its revenues. Additionally, a venture into the gaming console market would diversify Microsoft’s product line, which up to that time had been heavily concentrated on software.
According to Dean Takahashi’s book, Opening the Xbox, the Xbox was originally to be named “DirectX-box”, to show the extensive use of DirectX within the console’s technology. “Xbox” was the final name decided by marketing, but the console still retains some hints towards DirectX, most notably the “X”-shaped logo, which DirectX is famous for, along with the “X” shape on the top of the system.
The Xbox BIOS was dumped a few months after release, and hacked, so it would skip digital signature checks and media flags, allowing unsigned code, Xbox games backups, etc., to be run. The modification can be done with a chip or by using a game save exploit : using select official game releases to load game saves that exploit buffer overflows in the save game handling.
Today the Xbox remains a popular device because thanks to the Xbox Media Center projet the Xbox can be turned into an advanced media center with a very nice gui.
Xbox 360
Microsoft’s Xbox 360 was released on November 22, 2005. A HD-DVD drive is available as an accessory. The Xbox 360 was the first console with the ability to use wireless controllers out of the box. The Xbox Live service is the hallmark of the system, and the console can connect to the service via the Internet through a built-in ethernet port or a wireless accessory.
The microsoft nextgen console have a pretty thought security. Launching backuped game is possible by modifying the DVD firmware. The DVD security was broken soon after the release of the Xbox 360. Howerver the Xbox 360 has been totally broken only a few month ago. Being able to install an alternative OS requiers the use of a complex timing attack. The first chips that will allow to boot a custom code is not yet available on the market. Infectus team plans to release it soon.
Note that even if backuped game can be used on the Xbox360, Microsoft is still able to detect it through the Live system. Numerous users reports to have been banned because of illegal use.
Sony
Sony Corporation is a Japanese multinational conglomerate corporation and one of the world’s largest media conglomerates with revenue of $70.303 billion (as of 2007) based in Minato, Tokyo.
In 1994 Sony launched the PlayStation (later PS one). This successful console was succeeded by the PlayStation 2 in 2000, itself succeeded by the PlayStation 3 in 2006. The PlayStation brand was extended to the portable games market in 2005 by the PlayStation Portable.
The PSP
The PlayStation Portable (officially abbreviated PSP) is a handheld game console released and manufactured by Sony Computer Entertainment. Its development was first announced during E3 2003, and it was officially unveiled on May 11, 2004 at a Sony press conference before E3 2004. The system was released in Japan on December 12, 2004, North America on March 24, 2005 and in the PAL region on September 1, 2005. It is the first handheld video game system to use an optical disc format (Universal Media Disc). Although Sony tried to push the UMD format for movies, major studios stopped supporting the format in the Spring of 2006. A new slimmer and lighter version of the PSP, appropriately titled Slim and Lite, was announced released in 2007.
The security of the PSP is considered as broken as it is possible to play backuped game and run homebrew. This is possible by using a modified firmware. As sony releases new firmware, the underground community create a modified firmware based on them. The last custom firmware is currently the 3.90 M33.
The Playstation 3
Sony’s PlayStation 3 was released, in Japan on November 11, 2006, in North America on November 17, 2006 and in Europe on March 23, 2007. All PlayStation 3s come with a hard drive and are ready to play Blu-ray Disc and games out of the box. The Playstation 3 was the first video game console to support HDMI out of the box, utilizing full 1080p. Controllers connect to the console through Bluetooth (up to 7) and have tilt-sensing capabilitie
Currently the PS3 security is undefeated. Many rumors are floating in the network, however most of them are pure fake. Even the “hello world” video is a fake. Currently the most credible one is the ability to launch a backuped game from the harddrive. The iso has to be patched. The only piece of software available currently is the NAND extractor (0.4).
Summary
Bypass method
Each console security have been bypass differently as visible in the following table.
| Console | Backup Game | Hombrew | Bypass technique | Price | Note |
| DS | Yes | Yes | Hardware | 30$ | Use of a linker that is inserted instead of a real cardridge |
| Wii | Yes | Yes | Hardware | 35$ | Use of a modchip. Software technique underway |
| Xbox | Yes | Yes | Hardware/Software | 31$ (modchip) | Use a savegame exploit or modchip |
| Xbox 360 | Yes | No | Software/Hardware | 50$ estimated (modchip) | Software for backup game. Hardware for homebrew (not yet available) |
| PSP | Yes | Yes | Hardware/Software | 25$ battery 20-70$ memory stick | Need a pandora battery to switch to a custom firmware |
| PS3 | No | No | N/A | N/A | Rumors of a backup game successful launch |
The Xbox 360 security is currently the security that resisted the most (over 3 years). The Wii was breaken early. For the PS3 well the bet are open. Finally the PSP hack history is probably the most interesseting of all because many techniques were used until a “definitive” method was found (the pandora battery).
Backup Support
Beside the bypass method, an other key distinction between console is the storage media used for backup game.
| Console | Game size | Backup support | Reusable | Multiple game | Price | Note |
| DS lite | 64-256MO | Cardrige / memory card | Yes | Yes | 20$ (1GB) - 100$ (4GB) | New linker uses standard removable memorycard such as microsd |
| Wii | 4.7 or 7.9 GO | DVD / DVD DL 9 GO | No | No | 0.3$ / 2$ | Most of the game fit in a standard dvd. However some need to be put on a Dual layer DVD |
| Xbox | HDD / DVD | 500Mo - 4.7Go (2Go average) | Yes / No | Yes / No | Builtin / 0.3$ | Game can be put in the HDD or on a DVD |
| Xbox 360 | DVD +R DL (8Go) | 7.9 | No | No | 2.5$ | game has to be on a DVD and every backup is 7.7GO |
| PSP | Memory stick Pro | 200mo - 1.8GO | Yes | Yes | 20$-100$ | Game must be launched from the memory stick. There is no writable UMD available. 1.8Go is the UMD DL limit. |
| PS3 | HDD ? | 25 GO | NA | NA | NA | ! Theoretical data ! Current iso are around 4.7 GO |
Conclusion
Every console has its own protection scheme and bypass method. It is interesseting to see that nextgen consoles take longer to break than previous generation. The level of the hacker are also pretty impressive. For example the timing attack used against the Xbox 360 is very advanced and has required a treadmous effort.
Latest Comments