Breaking the console: a brief history of video game security
5 hours ago
- #cryptography
- #hardware-hacking
- #console-security
- Video game console security has evolved from early systems with no protection, like the Atari 2600, to modern cryptographic and hardware-based defenses.
- Nintendo introduced hardware lockout chips with the NES (10NES), using security through obscurity, which was later reverse-engineered and bypassed through methods like fault injection.
- Transition to optical media (e.g., PlayStation) led to modchips and disc authentication bypasses, but lacked cryptographic verification of code, allowing execution of any software after disc checks.
- Cryptographic code signing emerged with consoles like the original Xbox, establishing a chain of trust, yet vulnerabilities like buffer overflows in save files (softmods) provided attack vectors.
- Seventh-generation consoles (PS3, Xbox 360, Wii) used asymmetric cryptography but faced implementation flaws, such as Sony's constant nonce in ECDSA leading to private key recovery.
- Modern consoles (e.g., Nintendo Switch, PS4) feature advanced mitigations like secure boot, but hardware vulnerabilities (e.g., fusée gelée) and software exploits (e.g., WebKit) still enable unauthorized code execution.
- Key lessons include that security requires defense in depth and design, technical measures alone are insufficient, and service lock-ins (e.g., PSN access) help deter jailbreaking by adding user costs.