kids

How the Sony PlayStation Was Hacked

Playgrounds were the comment sections of their day. Every weekday from exactly 1:17 PM until 1:43 PM there were swings to be swung, rumors to be spread, and debates to be settled by whomever was the loudest (some things never change). Allegiances were formed and battle lines were drawn based solely on what video game console you supported. It was this playground system that perpetuated the urban myths of the time.

For PlayStation fans there was the myth that you could save Aerith from her fate in Final Fantasy VII if you just cast the right spell, or the secret code in Tomb Raider that would let you see all of Lara Croft. There was the myth that no one could possibly copy a PlayStation game because all the bottoms of the discs were black. Even the very existence of the first PlayStation, the Super Nintendo PlayStation prototype, was an urban legend. The difference was that last one turned out to be true.

Let’s jump in and take a look at the cat and mouse game between modchip makers looking to defeat the original PlayStation’s copy protection, and Sony’s efforts to protect their castle.

Gimme Gimme Anime Fighting Games

Sony’s PlayStation was the introduction to games on CD-ROM for many of those playground kids. The format proved to be cheaper on average for both developers and gamers alike, and it had the added benefit of coming in durable, plastic jewel cases. The confluence of the two circumstances led to the increased demand for importing Japan-only titles, but since the PlayStation was region locked from both a hardware and software perspective there was a need or an intermediary device.

PlayStation 1 Gold Finger Cheat DeviceGold Finger game enhancer cheat device for PlayStation.

There were a number of these intermediary devices, colloquially called game enhancers, that allowed users to cheat codes not accessible by in-game menus as well as boot games from other regions. Early production run models of the PlayStation contained parallel I/O ports so game enhancers like the Gold Finger attached directly via the parallel port with no further modifications being necessary to play the latest anime fighting game import.

Later revisions of the PlayStation would remove the parallel port and force import players to adapt, and adapt they did. Probing around the PlayStation’s internals became the only way to circumvent Sony’s region locking, and in the process hackers discovered the secret to allowing import games to boot. Region specific license key data appeared both on software and hardware memory. The two keys had to match in order for discs to boot. Subsequently all region license keys were dumped and flashed onto PIC8 microcontrollers and some of the first PlayStation modchips hit the internet. Now anyone with a properly installed modchip inside their console could play games like Asuka 120% Burning Fest into the midnight hours.

Do The Wobble Groove

Lasers were in, EPROMs were out. Cartridges just weren’t going to cut it any longer in videogames, because all those full motion video cutscenes needed to be stored somewhere. By adopting a standardized format in CD-ROM Sony could not employ the use of the physical region locking mechanisms found on cartridge-based systems. However, they did have control over the disc’s table of contents (TOC).

Along with the region specific license key data, Sony pressed a special pit into the TOC of every disc. This pit, or “the wobble groove” as it would become known, was virtually impossible for consumer grade CD writers to replicate. A CD writer laser would need to be programmed to physically move in three dimensions in order to burn the wobble groove into a CD-R. So the patented pressing process achieved both copy protection and region encoding simultaneously.

https://hackadaycom.files.wordpress.com/2018/11/ps1-reading-disc-with-startup-sound.mp3

A side effect of intertwining the copy protection with the region encoding meant that those users with modchips in their consoles could circumvent both processes at once. CD-based consoles prior to the release of the PlayStation, like the Sega CD and PC Engine CD, did not contain copy protection pressed into the discs. The exorbitant price of a CD writer at the time of release of those consoles was enough to deter any potential pirates. However, thanks to economies of scale in production and the march of time the expectation that duplication technology would be out of reach of PlayStation users could not stand for Sony.

Sony became wise to the modchip scene, and was able to author “anti-mod technology” into the code of popular titles like Grind Session and Dino Crisis 2. Early versions of modchips were always on, and that made them vulnerable to security checks after booting up a copied disc. To counter these extra security checks, PIC12 microcontrollers containing all the license key data were soldered onto the PlayStation lid switch contacts. With that alteration, modchips would only be engaged during boot up and would deactivate outside of that sequence, and thus the “stealth modchip”.

Undetectable modchips were essentially game over for the PlayStation. Their introduction late in the PlayStation’s life cycle meant that only the most dedicated of players were going to install one. Modchips may have been able to defeat the wobble groove and even satiate the need for a little more Dragonball Z in world, but they wouldn’t be able to defeat the PlayStation’s biggest urban myths. Those simply hung around.

Sony did their part to keep a modicum of mystique about the PlayStation’s black bottom discs though. They helped perpetuate the whole “copy-proof black disc” myth in the PlayStation Underground Volume 3 video below:

Read more: hackaday.com

Leave a Reply

Your email address will not be published. Required fields are marked *