Why Did Sony Do Away With PS2 Swap-Checking Security in OSD?

I've seen comments from insiders that the thing was indeed designed to blow if writable media is used. Also the same person commented about retail units being capable of running writable media if unlocked through the diagnosis port. Dude who worked at the assembly plant in Japan mentioned they used CDRs and DVDRs burnt with diagnosis software to test the units. (10K series)

It's feasible considering that the mechacon acknowledge and receive commands through a LVTTL RS232C port which can be accessed at test pads on the motherboard.

Funny enough, TEST units don't seem to have any issues with writable media, besides normal wear/tear from writable media needing stronger laser feedback for being read. The TEST unit I have here had it's laser diodes exhausted when I received it. The tracking and focusing coils were perfectly fine and obviously the unit was well used with discs considering it was used as test play unit at EA.

 

I wouldn't be surprised if there was an unlock diag command. PSX has it as well, after all.

Regarding the Mechacon lockup error: That certainly was unintentional and the crude fix in "V13" consoles hints at that as well.
It's possible to detect the media type by judging the signal but it would never be reliable in the field. So even if there was a trap built in, this is not it.
It could be that they built a trap and then didn't enable it, which would be a wise move, all things considered.

 

It'd be awesome if like the PS1 there was a way through software to disable the disc security. It would make a nice addition to FreeMCBoot.

 

Regardless of it being intentional or not, the case with mechacon crashes has to do with bad error correction data being read from the media, causing the mechacon to crash. Things hooked onto the mechacon bus can also cause problems (ahem modchips).

It can be caused by media degradation or by writers with poorly written firmware. It's obvious that optical drives (due to the possibility of media deterioration or scratches make data difficult to read) should not be vulnerable to that kind of problem.

I suspect the fact of it burning down is likely part of an attempt of sabotage if modchips are installed. They hadstuff done intentionally on the 50k series (GH-023 and GH-026) where they added resistors with "intentionally weak physical conditions" to address lines which are susceptible to melt and short down if there's over-current on the IOP CPU bus pins. That was the cause of the black screen and golden disc syndromes.

And that's exactly what nocash discovered on the PS1 mechacon firmware a while ago (was it 2013?). And it's what rama just mentioned above by "PSX" (even though the true PSX is a PS2 actually lol)

Edit: @MottZilla Re-reading what you said I noticed you meant PS2 while running PS1. Right?

 

Yeah, there's nothing weird about that. There's a whole, five page, thread about that on this very same site.
Huge and well known companies like Phillips have been busted on and proven to participate in "planned obsolescence". That was as early as 1924.
"Planned obsolescence" is where a product dies off, prematurely, after a certain period of time, forcing you to buy a new one. (apple, anyone?)
This is the exact same thing only this time it's actually morally defensible, as Sony were attempting to protect themselves, and others, of copyright infringement.

 

Detecting modchips by their behavior would be a much safer method than going by the quality of the media

 

One does not exclude the other

 

Unfortunately (for them) the plan backfired and they got hit with a class action.

 

Was it a matter of fact or was it just an opinion from them?

There was no such command in the tools that we have access to. So I guess that it was for some other test that we don't have the ability to initiate?

IMO, it isn't. It's planned obsolesce if it was deliberately designed to only work for a period of time before you have to replace it. But if this theory of deliberate "sabotage" is real, then the console was supposed to work like normal until you actually mod it to use burned discs. As it must only happen when the consumer mods the console to use burned discs, the console cannot simply have a poorer design. Otherwise, it might fail even when burned discs aren't used.

They did that for the PlayStation and it had a certain degree of success.
Their DNAS authentication was also able to pick up (older) modchips too, so it was done. But as hackers don't stop once they're stopped once, newer modchips were made.

Anyway, they do have MagicGate and a lot of pretty nasty stuff in HDD DNAS that weren't cracked until recent years (only due to the PS3 getting cracked). So if they really wanted to secure the system, I am sure that they could.

 

I didn't say anything about poor design. What I meant was that a few models were deliberately designed to go bust when certain conditions were met.
And that there's nothing spooky or "conspiracy theory" about it at all.

If they really wanted they still couldn't have made it safe enough and it still would've been hacked. One way or the other, whether that's software exploits or hard mods.

 

The plan was make the consoles break after modded. So owners would get pissed and try to get a refund from the mod installer. And be discouraged from using copies afterwards (not before giving money to SONY for another PS2 unit...)

So PS2 sales were actually hiked with sales which meant to replace units which got destroyed by modding. In Japan for example if you peel the seal off from a SONY game unit, it's no longer eligible for service, even paid service out of warranty.

 

As it happens under certain conditions, it isn't something that can be simply done with a poorer design (like how Phillips achieved plannes obsolescence). According to the Wikipedia article that you linked to, when Phillips did it, the bulbs still worked. Just that it didn't work as well as the technology could have probably allowed.
This is different because you (the manufacturer) need to be stupid to think that it is a good idea. How many companies have actually done such a thing?

But if are trying to say that there exists companies that have attempted to hinder the design of their products for one reason or another, then yes... this is similar.

The point, which is what smf pointed out, is that there wasn't (and still isn't) certain proof that they really did such a thing.
But yet everyone is like "oh yes they did", even though it seems downright impractical. That's the thing that we want to point out.

Yes, there is no proof that they didn't either, but it is wrong to say that they certainly did. I wouldn't say that it is certainly impossible for them to have chosen such an impractical method to counter potential piracy, but it seems more likely to be an mistake rather than a choice because they did have other methods to combat piracy.

There is no way to secure hardware that can be manipulated through modding, but modchips aren't totally invisible either because they do have to manipulate the ROM to bypass checks in software as well. That's why DNAS could be made to detect modchips.

Not to mention that the SCPH-50000 (the model which most infamously had the burning coils problem) was advertised to support burned discs. If this was an actual anti-piracy method that stayed on with the SCPH-50000, it would make even less sense to advertise a feature that makes the console break down even more.

However, this would have made slightly more sense as a measure employed on earlier consoles that don't support burned discs. Early DEX units also had different MECHACON and DVP firmware, plus their optical blocks were somehow labelled (i.e. "KHS-400B for DEX") differently. So if this was an actual anti-piracy implementation, then that could perhaps explain why DEX and TOOL units aren't affected.

These are the reasons why I don't see why they needed to stoop so low, to resort to a method that could potentially affect honest customers as well.

If it is was a software thing, maybe. But the MagicGate implementation is within the hardware and it remained uncracked until 2011 (about 6 months before the PS2 was discontinued). And it only happened because the PS2 emulator within the PS3 was decrypted and studied.
Cryptography doesn't totally prevent hacking. It only makes things very difficult and hence infeasible for someone to attack the payload.

 

Does it just "seem" impractical, in your personal opinion, or do you have ceratin proof that it is? The proof burden goes both ways, my friend.

If there's a will there's a way.

It makes perfect sense, it makes the pirates learn the hard way that "piracy is wrong".

It wouldn't be the first time, it's Sony we're talking about, not Jesus.

I'm not talking about specifics like magicgate. I'm talking about booting unlicensed code on the console. This happened way before 2011.

No, you're wrong. They worked very well. The "conspiracy" was that light bulbs made by Phillips (and others) were not allowed to last more than 1000 hours. So they would die off and people would have to buy new ones.

I do believe it was booby trapped on purpose. It's my opinion and you're free to disagree. I don't find your arguments compelling enough for me to change it.

 

@americandad: And what is your background? What makes you a specialist on the topic? Bring in your evidence and please go into technical details, as that is what we're talking about.

 

The proof burden goes both ways, my friend. I've already linked to a five page thread about this on this very same site, I'm happy to link to it again.

 

I meant a way on the PS2 to disable protection for PS2 games, as you can do so on the PS1 with the secret nocash discovered. That would be pretty cool to see. It would be interesting if there was a way to do it for PS1 titles running on the PS2 but that's not as big as you can do that on the original.

Obviously there is FreeMCBoot + ESR and the DVD Video patching of games to allow a bypass of the security. But not needing ESR or patching the discs is certainly better. Particularly if you want to run CD-ROM based games without trying to convert them to DVD.

 

IMO, it might be possible for at least the Dragon MECHACON boards (SCPH-50000 and later) because it appears that all of them share the same MECHACON model and firmware, so the region configuration is likely in software...
We found a service menu that allows the MagicGate region to be changed, but that seemed to only apply to uninitialized/blank (no CFC ID) devices.

But it doesn't mean that it (MagicGate region) was ever intended to be changeable. Or if it would have affected the disc region. Or if it was even ever possible to change that.

 

A software region change would be awesome, if it also affected the PSX region check.

 

PS1 region check is done by the mechacon, assisted by the DSP (DSP decodes SCEx serial stream received from optical pickup hardware at it's pin 1). Mechacon has a set of address/data lines it can use to communicate with the DSP. It also receive commands from the PS2 side/send replies through the registers array on the DSP chip. Modchip do tap the data bus between the mechacon and DSP.

So, changing region affect everything including PS1 discs region.