> This is the first time in history that game consoles have lasted this long without being cracked to enable piracy.
> In this talk, we will discuss how we achieved this for the Xbox One.
While Xbox' technical security measures are very interesting, I dare to say that most effective measure was allowing to install homebrew apps by end users[0]. The only use for cracking Xbox One would be to enable piracy and exploit creators are almost universally against that.
Also, PS4 has been jailbroken up to firmware 5.07 (patched in March 2018), and it is known that exploits for newer firmwares exist but are not (yet?) publicly available.
I remember that. It seems like there were some restrictions that held back performance in OtherOS mode, though. It was too bad that they didn't keep it up.
Piracy is not always piracy, you are allowed to circumvent copy protection for use of items you already own, but under the DMCA and according to common sense. This is probably going to become more important as time goes on.
Along that, also Microsoft's commitment to dual-releasing xbox games for Windoes games too. That is an easier venue for cracking so crackers dont bother with xbox.
I can't help but feel this is a little "Boring Dystopia": he's demonstrating "Hey, here's how we keep people fiddling with the thing that they own, because it's bad for business".
There's plenty of opportunities to buy open hardware. The benefit of a closed platform is that it enables selling the hardware at a loss (money is made on games) and it prevents cheating that is rampant on the PC.
The hardware could support a physical interlock, like Chromebooks and developer mode, that causes the machine to be unable to make attestations that it's running in its default trusted mode. It's not as if trusted execution systems are required by some law of physics to also exclude owner control complete. Just make the mode switch between owner-control and manufacturer-control one that assures that untrusted state can't be maintained when the mode switches back to manufacturer-controlled.
re: the business model - Put a price on flipping that mode switch. That solves the business model problem too.
Cheating does happen on PC. I've seen it maybe twice in the last 15 years. Wouldn't call that rampant.
Losing at a video game does not mean your opponent is a cheater. This might sound dismissive but the number of times I was called a cheater when barely managing to win has me convinced that people just don't like losing.
> Cheating does happen on PC. I've seen it maybe twice in the last 15 years. Wouldn't call that rampant.
I think I can safely say that every competitive online game with a sizeable player base has a cheating problem. How bad that problem is varies - my impression is that Overwatch is pretty good (I've never noticed cheaters, only heard reports), whereas Rainbow 6 Siege is much worse - I have noticed cheaters several times and have had MMR awarded due to matches lost to people later banned for cheating.
Played R6 for the first six or so months after it released, whenever I could get my friends to join in. Can't say I ever saw a cheater there. Never played Overwatch, didn't interest me.
I'm told that Dark Souls is the perfect storm of peer-to-peer and trusting clients, but I've only seen videos of cheaters, never in-person. And I've created many characters purely for invasions and summoning.
Amusingly enough, one of the two times I referenced above was actually in Minecraft of all places. We started noticing one player getting resources far faster than everyone else, faster than was reasonable for even a very good/lucky player. I mean multiple nether stars in the span of half an hour, that kind of thing. I think they were filling up books and that somehow let them duplicate items.
I dunno, I don't think I've ever seen or ever will see cheating as bad as I used to see again on the diablo 2 open battlenet servers. That shit was the wild west. There was no game any more it was only cheating and even if you used the basic hacking tools and made yourself some godly equipment it still wasn't good enough to defeat the people with the ridiculously hacked ultra game crashing godly equipment.
I'm told cheaters run rampant in Dark Souls. Never seen one, and that's one of my favorite games of all time. I've lost invasions many a time, and people have used advanced magic, endgame weapons, all that on me.
Doesn't mean they cheated, new game plus is a thing, and the summoning levels (and now weapon matchmaking) are easily gamed to allow you to invade people less well-equipped than you are.
I've seen videos of actual cheaters, who hit you with a homing soulmass and it breaks all your equipped weapons and armor. Or they never run out of stamina. Or whatever. But I've never seen one in person, and I've wasted far too much of my life on that game.
Again, I'd have more sympathy if I hadn't been called a cheater myself so many times for shooting the other dude before they shot me.
I don't think most people know how to evaluate who is cheating and who is not, and it's taken as fact that cheaters are rampant so claims of cheating are believed by default.
I'm definitely not saying that cheats don't exist, or that people don't use them. I'm saying the community at large appears to have jumped on the problem as a way to save face. "Oh he beat me, but it's only because he's wallhacking!"
To be clear, I am not calling all the god-like players I get owned by hackers.
However, I am calling the god-like players who own me hackers, when I watch their kill-cam jump rapidly to each persons head with absolutely precision shot for shot. It gets into an area of response time where the human feedback loop takes longer than the response-and-inputs being delivered.
I've got like 800 hours in TF2, and I've seen noticeable cheaters maybe 3 times.
Getting accused of being a cheater is actually more common. One time some guy spent 10 minutes frantically trying to convince everyone that I was aimbotting...on Pyro. I wasn't even doing that well.
I mean, human beings are incapable of pressing W and Mouse1 simultaneously, you'd have to have used an aimbot to play Pyro well.
That's exactly what I'm talking about though. The fact that cheats exist is used to save face when people are losing (or even not winning by a large enough margin) in a video game.
It's okay to lose in a video game. I do it all the time. There's no shame, you don't have to make excuses, it's a game.
Fair point. I have noticed very little cheating in VAC-secured (Valve Anti-Cheat) games. Most of the times it is something like Call of Duty, PUBG, or even Fortnite (but less so than PUBG by a huge magnitude).
Valve Anti-Cheat (VAC) is probably one of the best anti-cheat technologies out there given the size of the user-base and the time it has been deployed.
He even brings this up in the talk, mentioning Dreamcast.
How it died early on, because of piracy - developers didn't want to produce games for dreamcast - so no one bought console because no one made games for it.
Its a vicious cycle that cannot be stopped otherwise.
The Dreamcast did have a short life, and was subject to simple piracy. However, there may not be a causal relationship there.
Sega had a tricky financial situation and consumer trust issues because of their last 1.5 platforms (Saturn and 32X). EA did not support the platform because Sega wouldn't give them an exclusive license for sports games. The Playstation 2 had an unbelievably huge hype train before release. The cord for the controller came out of the wrong side. The economy was getting weird.
If piracy was a big issue, I think Sega would have sold more hardware, and the software sales would have been low, but Wikipedia says the hardware sales were low, and the software sold 8-1 with consoles.
Sega with the previous generation consoles burn consumer and developers alike.
People were reluctant to buy the Dreamcast, PS2 hyper machine was also making exaggerated claims about the PS2 when magazines interviewed random people at EB Games and baggage the all said the would wait for the PS2.
Someone did an in depth analysis of the Dreamcast sales as related to piracy. If piracy was such an issue then sales of the console itself should have increased because people were buying the console and not game but this was not the case. Console sales never increased.
People who claim the Dreamcast die due to piracy simply do not know SEGA's history
I didn't quite understand how Dreamcast died. Recent studies and company show that piracy isn't that much of an issue. The real added value is the confidence you can have that the player can't cheat - which is good for online competitive games.
The Dreamcast was killed because of the PS2, according to Wikipedia (but I'm not knowledgeable about the issue).
There's plenty of counter points to that, Nintendo hardware is generally busted wide open pretty early. There's a very active Switch homebrew community right now and even very advanced emulators already capable of running commercial titles. It seems that it did not affect in any way the console commercially.
youtube-dl -f bestvideo[ext=mp4]+bestaudio[ext=m4a] -o "XBox One Story by Tony Chen.mp4" https://www.youtube.com/watch?v=U7VwtOrwceo
start "" "XBox One Story by Tony Chen.mp4"
Just a friendly reminder to everyone, don't copy and paste commands into the terminal. There could be invisible characters that can execute unwanted operations.
fish shell gets around this nicely it appears; no commands are run until you explicitly hit enter (so you see the nefarious extra hidden commands before they're ran), even with the newline chars it seems to understand you're pasting a block
Actually automatically it selects it wrong. If formal quality parameter is the same it chooses by bitrate, so it very often and in this case too goes for AAC audio and VP9 video, which happens just because of the properties of the codecs.
I call all those posh sounding "platform security" types being much like "antivirus" makers, trying to sell a non-solution for a problem to technical illiterates.
What they claim sounds impressive to CEOs and such, but everybody in the industry knows that anybody with straight hands can probe a chip, and somebody with ion beam equipment can do pretty much anything he wants with it.
For example, chips from credit cards, said to be "physically impossible" to tamper with, are known to be copied by somebody in Eastern Europe.
If somebody becomes a victim of credit card cloning, proving the bank that it was not you who withdrew money on other side of the globe becomes nearly impossible without going to a court.
In the real world, security is not an absolute. Nothing is perfectly secure. What is important is the resources required to break the security - what that bar needs to be depends on your product and your business goals.
In the video he specifically talks about an economic threshold - it must cost more than 10 games ($600) to mod a console. Above that price it's not worth it, so direct chip beam attacks aren't relevant to their threat model. That is the direct 'resource requirement' as a result of their business goal - prevent piracy.
I agree with your general point but computers are weird.
Attacks and exploits can have scaling properties much like other software.
We can do something expensive (say $200k attack cost) to break the platform and sell 10k $100 mod chips.
The defender's threat model can't discount expensive attacks; the constraint is that an expensive one-off attack must not enable a cheap bypass. This is hard!
> In this talk, we will discuss how we achieved this for the Xbox One.
While Xbox' technical security measures are very interesting, I dare to say that most effective measure was allowing to install homebrew apps by end users[0]. The only use for cracking Xbox One would be to enable piracy and exploit creators are almost universally against that.
Also, PS4 has been jailbroken up to firmware 5.07 (patched in March 2018), and it is known that exploits for newer firmwares exist but are not (yet?) publicly available.