Hacker News new | past | comments | ask | show | jobs | submit login

A recent leak shows that Nintendo has "stalked" various console hackers with private investigators, trying to coerce them into settling on an NDA.

I thought this was very interesting - is this kind of behaviour/planning common in other industries as well, or is this a consequence of Nintendo's/Japanese company culture?

Marcan(popular console hacker, often seen on HN as well) recently tweeted about his experience, apparently noting that the company seems to have changed their ways in recent years: https://twitter.com/marcan42/status/1341330839993339905




>or is this a consequence of Nintendo's/Japanese company culture?

Now this makes me wonder, because Sony went after George Hotz with guns blazing for his 'OtherOS' efforts on PS3 until he settled the lawsuit on the condition to 'never hack Sony products'!

At the same time, Sony has been very welcoming about aftermarket OS efforts on their Android smartphones, they had their official AOSP portal, Jolla support etc.

I guess, the bottomline is would it affect the business?


Your timeline is a little mixed up, and I think fixing it will clear up what happened:

- Sony shipped the PS3 with "Other OS" functionality that provided limited hardware support to a guest Linux OS.

- Sony removed that "Other OS" feature without providing a reason why. At that point, the main system's protection was still in place.

- Hotz, after seeing the spotlight on Sony for removing "Other OS", was able to breach the main system's protection without any hardware modification.

- Sony went after Hotz for breaching their OS.

The bottom line was business -- providing full hardware support of "Other OS" would let you distribute Linux games without Sony's blessing (and cut of revenues or developer kits), which ultimately wouldn't be as successful without the absolutely massive marketing and deal-making abilities of one of these platform holders. On the other hand, breaking the main system OS allowed things like pirated games and unsigned code (game hacks) to run on the system, which is hugely problematic for a console that had most of its security on the client machines. The big PSN hack in 2011 followed shortly after Hotz broke the system, and while I've never seen it 100% confirmed, there were rumors at the time that the hack revealed enough of a vector inside the network that the hackers were basically unstoppable.


I dont remember it going like that all. I explicitly remember OtherOs being removed because of this hack.

http://self.gutenberg.org/articles/george_hotz#cite_note-12

Lets go to World Heritage Encyclopedia.

> January 22, 2010, he announced that he had successfully hacked the machine by enabling himself read and write access to the machine's system memory and having hypervisor level access to the machine's processor

> On January 26, 2010, Hotz released the exploit to the public. It was done on the original firmware (OFW) 3.15, then using his codes he made it into a 3.15 CFW, or Custom Firmware. It requires the OtherOS function of the machine, and consists of a Linux kernel module and gaining control of the machine's hypervisor via bus glitching

> On March 28, 2010, Sony responded by announcing their intention to release a PlayStation 3 firmware update that would remove the OtherOS feature from all models,[17] a feature that was already absent on the newer Slim revisions of the machine.

Why lie about something trivially verifiable?


> a feature that was already absent on the newer Slim revisions of the machine.

Sounds like it was clear what Sony was doing.


The entire reason for Other OS was so it would be taxed differently in the EU, which taxes computers less than game consoles. Once the BOM was low enough (and they transitioned to the slim), the difference wasn't important and they nixed Other OS. Geohotz' hack was merely a further impetus to get rid of it on the early "phat" versions.


That is NOT the claim. The claim was that OtherOS was removed from the fat PS3s. How else would Sony have undertaken a lawsuit about OtherOS being removed as an advertised feature from the Fats?


I’m not entirely sure to the validity of that (re: hacking). Unsure of how much I can fully diverge, it started in a dev system and moved laterally so it is possible some endpoint was found that enabled it.


That's not the timeline.

The timeline is:

- Sony released the PS3 Fat with OtherOS

- Nobody cared to hack the PS3 because it had Linux. There was an air of mythos about the security being top notch, but nobody skilled tried. Linux was restricted to not having 3D accel, and there was a short-lived Linux side exploit that granted you that capability, but Sony patched it as expected.

- Sony released the PS3 slim without OtherOS. They claimed they didn't have the resources/interest in developing Linux for it (this was later proven to be bullshit, the patches required were trivial).

- Some folks started staring a bit more seriously at PS3 security at this point.

- geohot developed a hilariously unreliable physical RAM glitching attack to escalate from OtherOS to the hypervisor on the Fat (note: this does not grant access to the secure SPE where all the crypto/DRM is done). I guess he was aiming for the slim, but this was his first target.

- Sony got scared and illegally pulled OtherOS on the Fat in an update, violating consumer protection law (they got sued for this and lost)

- Everyone started looking into PS3 security at this point.

- "Someone" (I have my suspicions) developed and sold a USB dongle which exploited GameOS to gain access at that level, and which included code directly and solely intended for game piracy in its payload. This only broke GameOS security (not hypervisor nor secure element), but Sony's actually-terrible system design meant that was enough to pirate games.

- I and others reverse engineered that and I wrote a Linux loader (AsbestOS) that could be used with clone exploit devices, and worked on both the PS3 Fat and Slim. These payloads didn't include any piracy-related code, just a Linux loader. This is Linux running in GameOS mode, which gives you 3D access (though no drivers were ever written...) and required some kernel patches due to VM configuration differences. I worked on those patches and they are now upstream.

- Research continued, and I and others at fail0verflow eventually discovered that Sony had completely borked their crypto and we could calculate their private signing keys. Due to a technicality, doing that calculation required having access to the symmetric crypto key beforehand, which meant that for any given secureboot chain level, you first needed a (one-off) exploit at that level to dump the AES key, then you could calculate the ECDSA signing key.

- We gave a talk detailing both an exploit at a certain level and the crypto flaw, without disclosing any keys.

- A week or two later geohot used an exploit he had stashed at the metldr level (that's the second highest level, after the bootldr cold boot code) and our method to calculate and publish the keys for that level on his blog. Initially without crediting us (this is a common geohot theme) until I asked him to. metldr cannot be updated, so this is close to a complete hack (Sony found a cute platform recovery trick later, wrapping things with bootldr, until finally someone exploited that and it was all over)

- Sony sued geohot and me and a bunch of others. They probably thought we were cooperating or something. That was a stressful few months.

- geohot settled with them and promised to never hack their stuff again, and they dropped the other defendants (myself included) from the lawsuit, but not before causing personal and legal trouble to some of us.


The moral of the story seems to be to only publish such research anonymously?


I use to be in the console scene in the late 90's. I had homebrew n64 & psx dev kits, and there were leaks of libraries, docs for both consoles. Perhaps because PSX was new, they were more tolerating back then, as a matter of fact, some of the ideas and tools from the scene made it into their toolkit and a few of the console hackers ended up working for Sony. Strangely, I recall never been too concerned about Sony but terrified about Nintendo to not discuss what I had with strangers on IRC. So Nintendo has always been mean. Hell, if you hacked and made your own cart without going through them, they would sue you back then. If anything threatened Sony, it was once emulators started working and catching up, but by then I had left the scene.


How did you get devkits in the 90s? Had a friend at SGI?


No, I had homebrew dev kits. I had Doctor V64 for the N64 https://en.wikipedia.org/wiki/Doctor_V64

For PSX, I used Ezoray which was flashed over a gameshark. and had a chipped PSX. https://en.wikipedia.org/wiki/GameShark#PlayStation_GameShar...

Manuals where PDF that was shared in private circles. Both consoles were MIPS, so built with gnu cross compilers. All we really had was the gcc compilers & libraries. All other tools were custom built.


Console and phone take were probably very separated on the org chart. That matters a lot in huge companies although it looks mental from the outside.


"A recent leak shows that Nintendo has "stalked" various console hackers with private investigators, trying to coerce them into settling on an NDA."

I know nothing else about this, this has almost zero intersection with my current interests, and I have no prior interests in this area.

But boy-howdy am I tempted to perform, or pay to have performed, a minimal level of reverse engineering or independent development of (Nintendo platform) just to see if they'll attempt this.

Never mind the infinite free publicity for me, rsync.net, 0x.co, etc. ... the comedy factor alone of their PIs vs. our two mile long private road would be worth the legal fees.

I'm struggling to find a reason not to do this...

EDIT: my ranch is adjacent to, and surrounded by, Skywalker Ranch ... imagine Nintendo stooges wandering into/through that ... so many lulz.


further along it says that the people largely responsible have retired, so you might not get any worthwhile reaction.


Engaging PIs to contact reverse engineers/"hackers" is a reasonably common approach in the gaming industry, not just regarding hardware, but also software modifications/cheating/some forms of modding.


I used to write and sell cheat software for PC games (I work in anti-cheat now). I’ve never experienced this soft of behavior, nor have any of the many contacts I have in the space. I suspect this only occurs in litigious companies (Blizzard and Nintendo both immediately pop in my mind). Typically, hackers get scooped up by games companies and switch to anti-cheat, at least in my observations.

Edit: I do know it’s fairly common for companies to have “dox” on hackers. Actually making use of that information, like hiring a PI, is quite an escalation.


I believe this approach came from NOA (the USA branch) and specifically the Anti-Piracy team led by Jodi Daugherty. It seems things shifted to a different organization after that, and she is now retired.


I’ve seen similar stories about eastern european companies employing the same tactics against people who reverse engineer their products.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: