Exclusive interview with PS3 hacker Youness Alaoui (KaKaRoTo)

Most people following video game console manufacturer Sony's ongoing cross-continental legal struggle with hackers have become familiar with a few names: George Hotz, graf_chokolo and the hacker collective fail0verflow. All three are currently being sued by Sony for working on its PlayStation 3 console. But there's another hacker who so far has avoided a knock on the door from Sony.

Youness Alaoui, known more commonly by his hacker alias KaKaRoTo, spoke with MyCE via email over the weekend and shared his thoughts on the future of game console security, what it feels like when a legal motion with your name on it is filed and that mysterious cracked 3.60 firmware video that made the rounds last week.

ADVERTISEMENT

What are your thoughts on the recent PS3 3.60 firmware cracking video that was uploaded and removed over the course of a day last week? Many dubbed it fake and said it was a debug PS3, but when we chatted with the guy who uploaded it he defended it as real and said it was a retail unit.

I've seen the videos, and I also talked to the people who did it. Whether it's fake or not, I cannot tell as I have not been authorized by the authors to divulge what they did. All I can say is that they said they would never release it, so whether it's fake or not has no importance, since in the end no one will have access to it.

ADVERTISEMENT

However, as I've said to a few people on Twitter, the hack that was used on 3.55 and lower was unique and Sony fixed it. So, that's finished and we can't use that method anymore, but it doesn't mean that there are no other methods to jailbreak. A solution for 3.60+ will be available soon, so no worries -- people just need to be patient.

Most people associate "hacking" with "piracy." You admit to taking steps to lock out piracy. Is that getting lost in the shuffle here? People assume "hacking" automatically means "pirating." It seems like piracy is often a "necessary evil" that comes along with the process but then overtakes any other points.

There are four words that people keep confusing: "hacker," "cracker," "pirate" and "cheater." But it's not the same thing at all.

A hacker is basically someone who "innovates and finds solutions to a problem." A cracker is someone who uses his skills to steal, scam or harm others. A pirate is someone who just steals copyrighted works without paying for it. And a cheater is someone who uses other's skills in order to cheat in games and thinks he's awesome for clicking on a button.

ADVERTISEMENT
Yes, people unfortunately associate a hacker with a pirate, but it's not the case at all. In my case for example, I've never pirated a PS3 game. I have bought over 150 games for my PS3 in the last 3 years, and I don't think any of the hackers in the scene want piracy to happen. We all just want to find challenges and bring back the freedom that we are meant to have on our machines.

Piracy isn't a "necessary evil." It's not necessary at all. The only reason piracy happened on the ps3 is because Sony were arrogant and they thought no one could get inside the PS3. But once you install a homebrew application, it has full access to everything. There is no protection inside the PS3 to prevent piracy. The only protection they have is to prevent you from installing a "non-authorized" application. If they secured the PS3 internally, piracy would probably never have happened because no one skilled enough to hack the PS3 would spend time on it!

We take steps to avoid piracy, but in the end, there's always someone who will implement "backups support", which is legitimate in many countries but unfortunately used for piracy too.

What has been the public's reaction to your recent work on cracking the PS3's firmware? Is it equal amounts scorn and appreciation? Are you getting hate mail from fanboys?

I do get/see hate mail, but it's quite minimal. There was a huge reaction of appreciation and happiness. Recently though I'm seeing a lot of "stupidity" and "annoyance" : people asking everyday about a 3.60 CFW even though I've said 1,000 times that I'm not working on that.

Do you think GeoHot/FailOverflow's PS3 jailbreaking will have an industry-wide impact come the next round of game consoles? If so, how? Any predictions on how Sony might try to block hacking in the future?

Yes, I think it will. For one, I think that the industry will try harder to make the consoles more secure. Sony will probably try to hire a real security expert, because as we've seen from Fail0verflow's analysis the PS3 was not secure at all. It almost looks like they hired 5-year-olds to build their security! The Cell processor's architecture is secure however, since IBM designed it, but in terms of implementation of security by Sony, they completely failed.

Honestly, the only reason the PS3 wasn't hacked earlier is because it supported Linux from the start. Because of how arrogant Sony was - boasting about their unbreakable security - a lot of hackers abandoned it even before trying.

The one effect I'm looking forward to from the Geohot lawsuit is that I believe it will bring attention to the hacking community from the lawmakers in the U.S. and that jailbreaking a game console will be made legal -- just like what happened with the iPhone.

Do you believe it's futile at this point for Sony to combat the hacking?

Yes, it's futile. Their code is full of bugs, and they can't fix it fast enough. We have full access to the machines and we will keep creating solutions to whatever they come up with. However, it is understandable that they want to protect their investment and they will of course continue to fight.

I think the only solution for them to close this whole issue is if they bring back Linux support with full hardware access and add a new protection against piracy inside the PS3 so even if a homebrew application is installed it wouldn't be allowed to do piracy. Then, they will have secured their system, because we'd have no more reason to try to hack it and all the hackers would simply stop.

Considering their reaction to the scene (suing geohot, grafchokolo and others, sending threats to every hacker and trying to enforce the message 'if you touch your own property, we'll make your life hell'), they got a lot of people pissed at their scare tactics. I think some people will try to get revenge anyways, so maybe it's too late for them.

We already saw one hacker who was offered a job by SCEA (Ed: Android hacker Koushik Dutta) and refused it because of their reaction to the community, and a lot of people are now boycotting Sony. They are already getting payback thanks to their poor community skills. Of course they'll just blame the loss of sales on piracy, but they should really think of the fact that most of their losses will not be because of piracy but a reaction to their tactics.

How did you feel when your  name was listed in a legal motion by Sony for a Twitter subpoena?

Well, I must say it wasn't a happy feeling. I was quite pissed at Sony for trying to get information on me knowing quite well that they already know all there is to know.

All information about me - my name, email address, where I live and what my job is - are well known already, so I saw no point in them doing that. And considering that all my tweets are public, it makes no sense.

What pissed me off the most was about the Paypal subpoena, because that contains more personal information: credit card information, bank accounts, addresses, etc. But not for me; it was about getting that information from anyone I have had contact with through Paypal. I use Paypal for personal transactions, with friends and family, and having that kind of information sent to Sony simply because they want to screw with us is completely unacceptable. It violates my basic privacy rights as well as the rights of many unrelated people.

Seeing that got me a bit scared of course, but I'd say that mostly it got me very angry. I was thankful to see the judge quash their subpoena. I do not agree to my personal information, as well as the personal information of my friends, to be made available to a corporation like Sony.

Would the allure of hacking games consoles disappear if, as you predict, hacking them becomes legal under the DMCA? Or do you believe that would lead to more interest in hacking them?

I don't think it would change anything. On the contrary, it might give the opportunity to those who are scared of Sony to actually step up and provide their help.

I don't think anyone is hacking the games consoles because it's supposedly illegal under the DMCA. It's not about going against the system, or revolting. It's more about freedom and about tinkering with our property-- learning and gaining knowledge.

No posts to display