Exclusive: Interview #2 with PS3 hacker Youness Alaoui (KaKaRoToKS)


When MyCE last interviewed VoIP researcher and hacker Youness Alaoui, plenty was going on in the scene: George “GeoHot” Hotz was engaged in a bitter legal battle with Sony, PS3 firmware cracks seemed to hit as quickly as the firmware itself and outrage aimed at hackers over rampant online cheating peppered gaming forums. Much has changed in the months since, and much has stayed the same.

We reached out once again to Alaoui to get his thoughts on new hacking group LulzSec, the Sony v. GeoHot settlement, DRM and his new “Humble Homebrew Collection” initiative.


Exclusive: Interview #2 with PS3 hacker Youness Alaoui (KaKaRoToKS)

When you spoke to us in March, you said: “The one effect I’m looking forward to from the Geohot lawsuit is that I believe it will bring attention to the hacking community from the lawmakers in the U.S. and that jailbreaking a game console will be made legal — just like what happened with the iPhone.” Eventually, Sony v. Hotz was settled out of court with Hotz agreeing to never tinker with another Sony product again. No court decision was reached. The DMCA still doesn’t make an exception for jailbreaking gaming consoles as it does smartphones. How do you feel about Hotz’s choice? Are there any other ways game console jailbreaking could be legalized, or was the Hotz case the last best chance?

First of all, like countless others I wasn’t happy about Hotz’s choice to settle. But in the end, it’s his life and it’s his choice. I went into an outburst of anger when I found out about the settlement, but I know quite well that if I was in a similar situation I may have done the same thing. For a single person to go in an all-out war against a big corporation such as Sony is no easy task. It is not only about the legal price tag, but it’s also an extremely personally-consuming task that requires a lot of effort and affects moral and your stress levels. So even if I’m sad or mad about his decision, I respect it.


With regards to the jailbreaking of game consoles being legalized, it’s an entirely different situation. The mobile devices (iPhone) jailbreaking was made an exemption to the DMCA even though there were no lawsuits simply for the fact that the jailbreaking happened and the lawmakers saw it as a situation that needed to be addressed. Whatever the outcome of the Sony vs. GeoHot lawsuit (and even with the settlement), the lawmakers will still most probably have that subject in their agenda for the next time they have to add exemptions to the DMCA. There were no new exemptions of course, but only because those are made every three years, so we now have to wait until 2012 or 2013 for the next batch of exemptions to be drafted. It’s as simple as that; there’s no speeding up the legal process. I still have hope that it will be in our favor, because this is the exact same situation as for the iPhone, and like the Copyright Office said: “While a copyright owner might try to restrict the programs that can be run on a particular operating system, copyright law is not the vehicle for imposition of such restrictions.” And this is the same with the PS3. It’s not a matter of copyright, but rather it’s a matter of a restrictive business model. The copyright law is not the vehicle for that.

Recently, you wrote a lengthy, passionate blog post which attempted to clarify some misconceptions and misinformation held by gamers in particular that hackers are by default criminals/pirates/thieves/etc. Your massive PS3 game collection and fairly understanding stance on DRM is some evidence to the contrary. Do you think the preconception boils down to there being no law on the books that states plainly that hacking/jailbreaking consoles is perfectly legal? Or do you believe those who assert that “hackers should rot in prison for life” are beyond reason? As you’ve noted, hackers and cheaters, though not necessarily one and the same, are often lumped together.

I think those preconceptions are caused by two things: 1) a propaganda effort by the big companies to sway public opinion in their favor by using specific terms whenever they can in order to fuel those misconceptions, and 2) a general lack of understanding of the programming/hacking concepts by the mass population which makes those issues hardly known. That’s what I tried to tackle with my blog post.

For nearly two months the hacking group “LulzSec” has run roughshod on the internet, targeting numerous video game-related companies and websites not too long after the PSN debacle. Considering the arguably negative public opinion of hackers following the PSN cyber attack, what was the first thing that went through your mind when you heard about what LulzSec was doing? Were you worried that the group would only inflame already heated anger towards hackers? That they were basically solidifying anti-hacker dogma?

I don’t agree with LulzSec. They are just out having fun and looking for “lulz,” but when you are fighting for your rights it does give you a bad reputation. It’s like having a peaceful protest in the street and a few people start breaking shop windows. It does look bad for the reputation of the peaceful protest, but it doesn’t mean everyone should be blamed for the actions of a few.

You’ve said you aren’t necessarily against DRM “as long as it’s reasonable.” What is “reasonable DRM” to you?

Any DRM that doesn’t violate my basic rights. If I buy a game for single player and I can’t play it if my internet connection drops, that’s violating my right to use something I paid for. If the DRM is to prevent me to use hardware that I own any way I want, that’s also abusive. In the case of the PS3, I own the hardware and not the software, but [Sony’s] system prevents me from replacing the software if I want to. What if I don’t agree to the license agreement anymore? I have the right not to use it, but I also have the right to the hardware that I own.

I believe reasonable DRM would be something that requires the CD to be in the tray when you want to play the game, or one that prevents you from playing online if it detects a pirated copy. There are many other examples, but the basic requirement for “reasonable DRM” is one that doesn’t infringe on my freedom and basic rights.

The world got its first glimpse of Nintendo’s next console the Wii U in June. Some believe that both Sony and Microsoft will unveil their next gaming systems soon. From a hacker’s perspective, what steps do you foresee the three manufacturers taking to prevent (or at least stall) people from tinkering, cheating, etc.? Nintendo has stated that 3DS hardware can be remotely bricked via firmware updates if it’s used to play illegal/pirated software. Do you think something like that should be the norm moving forward?

To remotely brick a console is a bad way forward. It is the equivalent of a remote, unauthorized hacking of a secure computer, and I bet they can be sued for that using the Computer Abuse and Fraud Act. That is an example of an unreasonable DRM scheme because it harms you and violates your right to your hardware. If this is the future of protections, then I bet the world would fight against it.

I think the best protection against piracy that a console can have is to be friendly to your customers; give them more freedom and they will be loyal in return. The world has a way of balancing itself out. The more you try to oppress the users, the more they will rebel. Give us a fully open system with anti-piracy DRM on it, and I’m sure it will be protected. Look at the PS3 for example. [Sony] gave us Linux support (even if it was limited), and the end result was that it wasn’t hacked until they removed Linux support from it.

Have you spoken recently with Alexander Egorenkov (AKA graf_chokolo)?

No, I haven’t. He kind of disappeared after all the legal troubles he’s had. I can only hope that he’s doing OK and still fighting for his rights.

What have you been working on (both professionally and strictly at a hobbyist level) recently?

Professionally, I’m a VoIP expert and maintainer of a NAT-traversal library (libnice). Recently, I’ve been working on the VoIP capabilities of the Nokia N9 and I wrote a small network emulation app that uses the Linux kernel’s netem queue discipline in order to emulate packet loss, reordering, bandwidth limits, etc. It’s useful for testing adaptive bitrate on varying bandwidth connections for VoIP. I should soon blog about it. The other things I’ve been working on professionally are under NDA so I can’t discuss it until the products/features are released.

As a hobbyist, I haven’t done much lately; I’ve been too busy with work. I started working on a PPC to C conversion plug-in for IDA which could generate compilable C code from any PPC function. The generated C code is to be a simple 1-1 translation of each instruction, but this should be very useful for reverse engineers since you could test an algorithm right away and slowly refactor the code into a more readable format while continually testing their changes (with a predefined input expecting a known output), as well as compiling it into x86 binaries that IDA could de-compile into proper C code with detection of the known if/else/for/do/while algorithms.

Tell us a little bit about your new venture, The Humble Homebrew Collection, and what you hope to accomplish with it.

I initially started the Humble Homebrew Collection because I didn’t see any quality homebrew out there. I only saw backup managers, FTP servers and emulators, and I wanted a real game. So I worked on making SGT Puzzles for the PS3. The HHC was launched in order to promote and distribute SGT Puzzles. I later added Free Heroes 2 to it, and now Scogger HD from Scognito. I know of two other good homebrew games being developed/ported to the PS3 that I plan on adding there, too. The HHC grew into more than I initially planned. It is now viewed by some people as the central repository for homebrew games, and that’s where I want to lead it. I did it in order to promote homebrew and to encourage other developers to start working on homebrew games. I also wanted to make it send a clear message to Sony, so I made its central point focused on petitioning Sony for our rights.

I know that the petition will not convince Sony. I was actually hoping to see a lot more involvement from the community, but not enough people have signed the petition for it to be significant. But even if we had millions of signatures, I never hoped for the petition in itself to convince Sony. I do believe that, even as it is, it is one piece of the puzzle. With the petition as well as other efforts, I believe we will be able to make Sony do the right thing.

I’m hoping to see a public SDK and a way to publish homebrew games on PSN. But if we can just convince them to bring back OtherOS support, then I’d be satisfied by the end result.

Let’s say a company like Sony, Microsoft or Nintendo approached you with a job offer: ‘Help us build the best security system possible for our next game machine.’ Would you accept? If not, why?

I wouldn’t accept it. First of all, I already have an awesome job that I love and I wouldn’t trade it for any other. Secondly, I’m not a security expert. While my name is known as one of the “scene hackers,” I don’t believe that I’ve done anything exceptional in terms of hacking. Like many others in the scene, I have merely used other’s tricks and solutions, enhanced them and made them more easily available to the masses. I suck at hardware; I’m a software engineer, and I do software mostly. While I do like challenges and finding solutions to things others couldn’t fix, I still don’t consider myself a security expert as I don’t have a lot of knowledge in that area.

Other than that, I wouldn’t accept a job offer from Sony because, considering all they’ve done recently, I have come to hate them and would never want to work for them. I’ve always hated Microsoft because of their stance on open source. While I do use and like Windows and am not an OSS purist, I still wouldn’t want to work for Microsoft. As for Nintendo, I don’t have any issues with them specifically, although I don’t like their consoles so far. I would still prefer working on open source technologies (like I do at my current job) rather than work on DRM solutions, especially considering that most of the DRM systems that are being invented right now are trying to rob us of our freedom.

If you had to give one piece of advice to someone who wanted to break into the hacking scene, what would it be?

I would suggest they only try if they have the passion for it. If you want to get into the hacking scene for selfish reasons (fame, money or whatever), then please don’t. When you have the passion for programming and hacking, then you should know what to do on your own: hack and hack and never rest. Find a purpose and try to achieve it by any means necessary. Use google as much as you can (it’s your friend), and try to find the solutions for whatever challenge you took. Avoid asking questions, because when you can find an answer on your own it’s a lot more rewarding.