Schneier on Security
A blog covering security and security technology.
« Election Recounts |
| Iraqi Election Security »
January 29, 2005
PS2 Cheat Codes Hacked
From Adam Fields weblog:
Some guy tore apart his PS2 controller, connected it to the parallel port on his computer, and wrote a script to press a large number of button combinations. He used it to figure out all of the cheat codes for GTA San Andreas (including some not released by Rockstar, apparently).
This is a great example of a "class break" in systems security -- the creation of a tool means that this same technique can be easily used on all games, and game developers can no longer rely (if they did before) on the codes being secret because it's hard to try them all.
Posted on January 29, 2005 at 8:00 AM
• 14 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
I don't think the game developers do rely on cheat codes to be secret. They want them to be known to users who choose to take the time to discover the codes either by experiment, talking to other users, or reading publications, because that implies that the game is being used, talked about, and publicized. Implementing cheat codes is in general a positive decision; if the developers didn't want cheat codes to be available to users, they would not implement them in the first place rather than implementing them and trying to keep them secret. To the extent the cheat codes may be needed for debugging, they would conditional-compile them and turn off the option in the final build that gets published.
I totally agree. Not only are cheats meant to be discovered, but they are designed to be toggled off for online play (to enable fairness). So this fellow with his parallel port connection has really just accelerated a well-known process. I hardly think we can call that a break. I suppose the real value to this is for the extremely impatient or those who, simply put, just want to feel like they are cheating. That will obviously interest some people, but I know there are far more that still prefer to play games as designed. They are games, after all. Now, if he had found a way to plug in a controller and break something you are not supposed to, like DRM, that would be news.
On the other hand, I'm sure someone's profitting from giving various magazines or publications exclusive info about cheat codes. Just something to think about.
Instead of showing on digit hacked at a time they should show this sort of stuff in movies. Bored teenage hacker hacking his controller port.
At least it would be more realistic than hacking a nuclear weapons code one digit at a time. Makes no sense whatsoever....
Actually, just the "documentation" of this stuff is new (meaning logs of what keys were pressed). Back in C-64 (Commodore home computer which was very popular in Europe in the 80s) times, we modified joysticks with small (analog) circuitry that "fuzzed" or sequenced controller movements in rapid succession, which made games automagically execute the "finishing move" of the player character or enable hidden levels and such. Basically these mods were the direct successor of "autofire", a circuit which repeatedly pushed the fire button with adjustable frequency and pulse width.
In the 80s there were no spare computers or even spare parallel ports, so that might be the main point that such developments weren't made during this time. It's good to see that folks still hack on that stuff, though.
Sure - cheat codes aren't high security, but there is at least an unspoken assumption that they're "extra" somehow. They're left in the game to give you something to discover, to add extra capabilities to the game after you've finished it, and to add to the value of the cheat guides. Call them pseudo-secrets.
Still, I find that it's work to explain security concepts to most people, and every analogy helps. I thought this was a pretty good real-world illustration.
Heh, I think it's awesome! I can't wait to get home and try some of these out. The "Mega Punch" sounds hilarious!! "Punches send people flying into the next block. One hit kills. Watch out, _peds have it too_!"
I think it's a pretty ingenious way of finding them, too. I know some people do actually sit there and manually try hundreds of combinations to find new ones, but this is actually a clever way of doing it.
i think the easiest way to do it is replacing device driver. another interesting way is simulation of USB connected keyboard.
You are exactly right, examples and analogies help clarify. In this case, I do not see that you can clearly say the cheat system "failed", since cheats are meant to be discovered. Did something go wrong? Quite the contrary, I do not see a class break as much as an enhancement of a known procedure through research and testing. The assembly line was not a "class break", nor was adding a person with a whistle to the start of the assembly line to accelerate the pace.
Hmm, wonder if our Bradley's or Super Stallions have any cheat codes...
I disagree with the posters who argue this is not a violation of security policy; game magazine publishers absolutely rely on the secretness of cheat codes to help sell their magazines and compendium books. These materials can represent ~75%-100% the cost of the original game.
The PS2 hacker in question could make a ton of money, and incidentally attract a DMCA suit and prosecution, by selling his invention.
You know something? I think that cheats are an important part of everyday gaming. Cheats add an extra level of depth to game play, whether its making the game tougher or easier, and I personally believe that if a guy can hack his game to find more cheats than we were previously given, then let him. He takes the risk of law penalties and/or ruing his game.
I noticed something. No matter what your stand point is, everyone believes that cheats are an important part of any game. I think cheats are awesome but thay can go a little to far. If theres a cheat that magically lets you beat the game without actually doing something, then thats just the lazy way out. if your gonna cheat at least play the game and attempt to beat it fairly. Honestly, whats the point of paying hard earned money for a game that your just gonna enter a cheat then its over and the games unappealing. Cheats are there for two reasons to help or make the game better. Great example: In Gta San andreas, the cheats could help but you still had to actually play to get the satisfaction of beating it. There were cheats that made the game funner but had no relevance to the story or missions at all, like the blow up all cars cheat(L2,R2,L1,R1,Sqare,triangle,circle,triangle,L2,L1) which is personally my favorite cheat.
All in all, I believe that cheats can improve a game but what good is a game if you can beat it without playing it?
Can u please tell us an easier way to code break ps2 codes with numbers and letters in them!
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.