Variations On A Theme: Sony Versus The Hackers

This blog post references my design feature, 'Variations on a theme: Handheld game systems proliferate, touting varied features and price tags' in the January 19, 2006 issue of EDN.

The PSP’s use of widely available, user-alterable Memory Stick Duo media, along with its performance potential and diverse set of hardware features, has made it a tempting target for programmers interested in altering and enhancing its functions. Hackers quickly discovered that they could, with the initial Japan-only Version 1.0 firmware, run unsigned—that is, unencrypted—software from a Memory Stick Duo module. They circumvented the follow-on Version 1.5 firmware through a bug in the PSP’s file-access process that also enabled users to run 'homebrew' software. A still image viewer buffer-overflow bug also compromised Version 2 firmware. This hack provided access to only 64 KBytes’ worth of user memory. However, it was sufficient to enable users to downgrade their firmware to Version 1.5 and to run many homebrew programs with Version 2 firmware.

Sony has reacted to the firmware exploits in several ways. First, it has quickly released firmware upgrades and, using the added features, tempted PSP owners to upgrade their units. As of late December 2005, no one had conclusively hacked firmware revisions 1.51, 1.52, and 2.01 and above, although early reports of a possible buffer-overflow-based exploit of Version 2.5 firmware hit the Internet in mid-November, followed by early-December additional rumors of hacks to versions 2.01, 2.5, and 2.6 firmware. Also, the console’s latest games require version 2.01 or higher firmware to run, and they bundle the firmware update on the UMD. The hacking community has responded to this challenge by developing software that enables a version 1.5-based PSP to fool the game into thinking the console is running a newer firmware revision.

Is Sony discouraging homebrew application development and, if so, why and to what degree? I suspect that the company’s concerns have little to do with the homebrew programs per se. The enthusiast-developed software, in fact, significantly broadens the platform’s abilities beyond what Sony and its authorized partners have to date been able to do, and it may, as a result, boost near-term hardware sales (its availability may dampen future software sales, however). Some homebrew offerings directly compile to PSP code, while others run through an intermediary software layer, such as the Lua Player. They include:

• Network-based utilities, such as VNC, FTP, telnet, Usenet, e-mail, instant messaging, web browsers, and more encompassing RSS implementations;
• PIM synchronization and display of contact, calendar, and task-list data;
• Expanded-format audio, image, and video playback, and alternative user-interface schemes;
• Emulation of legacy computers, operating systems, and game consoles; and
• Clever and compelling new game concepts.

Sony’s biggest fear, I suspect, is that someone will figure out how to rip a UMD program or movie image and then run it from a Memory Stick Duo. Such files, posted to popular P2P sites, would have a rapid and dramatic negative impact on Sony and third-party developers’ revenues. The PSP, like all other game consoles, follows the 'razor-and-razorblade' model; while Sony may sell the console at a loss, it earns profits on subsequent software and media sales. Sony’s also likely concerned that legacy console emulation enables users to play file-based ROM images of games still covered by copyrights.

The Nintendo DS has, in contrast, has not received strong attention from the hacker community. Although the presence of homebrew software for the DS shows that it is possible to exploit the system’s DRM, practically speaking, these measures are less compelling because the DS uses proprietary, read-only add-in memory cartridges. Adapters that enable the use of conventional memory modules such as CompactFlash cards do exist, but they’re expensive and not easily obtainable. And, although enthusiasts have figured out how to download programs to the DS from a PC over the console’s wireless link, such programs disappear from system RAM as soon as a user powers off the unit.