VHBL for Motorstorm: how the release really happened, and why it happened that way
Many people have doubted my plans for the release of VHBL, and I’ve received a good share of insults when VHBL was not available exactly on February 22nd for public consumption. As a matter of fact, the release of VHBL had started on February 21st, but some people didn’t see what was happening…
When Teck4 announced he had a running hello world on the PSP Emulator of the Vita back in December, I quickly contacted him (thanks to the help of mamosuke) in order to offer my help porting HBL to this exploit. Quickly, it was obvious to all of us that as soon as the exploit would be made public, Sony would at least remove the game from the store, and possibly patch it before putting it back. Previous history with the mercury exploit showed us that when they have access to the exploit, Sony was extremely fast to remove the game from their store (approx. 1h between the release of the Mercury exploit files and the game being removed from the store). In addition to that, the possible spying through the CMA and the crash log on the vita made it dangerous to even share/run our work in progress.
Therefore came the question: how to make such an exploit useful to as many people as possible without Sony removing the vector of the attack super fast? Publicly announcing the exploit and giving away the files at the same time was a no go, we knew (or thought we knew) from experience with the Mercury exploit that sony would react quickly. In addition, assuming Sony monitors the sales of their games, revealing the game to thousands of people at once might have triggered alarms on their end, giving away the name of the game.
Our conclusion, and the release plan, therefore became the following: Give away the name of the game to people we trust, in a progressive way so that a “good amount of people” could buy the game on a daily basis without going above any threshold that might be in place for the monitoring systems. I of course don’t know this threshold (or if it ever exists), but went with a random number: let’s give away the name of the game to about 1000 people every day.
Of course, these people have to be people we trust with the secret, but where would one find thousands of people they trust? I decided to go with our /talk community. This was a bet, of course, but starting on February 21st, every day, 1000 additional people were made aware of the exploit. Of course, I started with the people I trust the most, and ended with the people I trust the less. I won’t give the exact algorithm, but I’m sure you can figure out the basics by yourself. (People who have been in the community a long time ago got the information before recent members, etc…). I will refine that algorithm if I ever do such a “ninja release” again.
This release plan was almost explained in “clear” on the vhbl page (the content of that page has changed since then), which was asking people to check their /talk account on a regular basis. And it seems lots of people understood the message, as we got a massive amount of subscriptions starting on February 22. As a matter of fact, most people who registered around that date got the information 1 day before it was really made public. By February the 29th, potentially 6000 people were aware of the name of the game, and were refraining from insulting the 3-4 guys who were still blindly complaining on my blog that I kept delaying the release to boost my ego or because it was actually a hoax…
That settled the announce for about 6000 people, which I think is a good number. Of course, in these 6000 people, not all of them own a vita, or had money to buy the game, or actually connected to their /talk account in time. But at least I had done my best to guarantee that the people who have been in the community with us for a while were the ones in the best position to get access to the hack, and hopefully hundreds of them got the game long before its name was made public. This was a win-win situation, as I managed to get the hack to people who matter “the most” to me (that’s of course an average, I’m sure some people have been reading this blog for months now, never created an account on /talk, and are pissed to read that… this is nothing personal, I had to make such a choice at some point), while being quite sure that our oldest members, who had been with us since the early hbl days, would probably know better than to leak (and that more or less worked fine).
There still was the problem that even if these people would not leak intentionally, the crash log system of the Vita made it possible for people to unintentionally leak the name of the game. I’m sure if Sony started seeing hundreds of crashes in the same game, they would start looking closely into it. Again, I am not sure these crash logs are actually sent to Sony, but out of precaution the actual HBL files were only sent in advance to a handful of people, while most people would have to wait for the actual release.
Announcing secretly this exploit to thousands of people was already a good move IMO given the circumstances and how easily Sony could remove the game from under our feet. But then came the next challenge: how to get as many “other” people (people who are not registered on /talk) to know about the game, and give them enough time to grab the game? Well this one was quite impossible, but I made a bet: if Sony didn’t have any actual exploit to patch, any kind of proof that there was indeed a hack, they would probably not remove the game from the store. It turns out I was dead wrong on this one, which was (that and the fact that the game was not available in the US) the only real bump in that release. To be honest, anybody who managed to get the game while not having seen the info on their /talk account before is someone I consider as an extremely “lucky bonus”. Of course, I would have preferred if Sony hadn’t pulled the game out of the store, but I’m still happy with the way things turned out.
One thing I think I could have done much better is to announce the name of the game on the weekend, when Sony’s offices probably have less people monitoring all the stuff. That was my initial plan, but I stupidly changed my mind for several reasons, the main one being the cancellation of the PSN maintenance.
So tell me, would you have handled this release any better, had you been in my position? Does it now make sense why it took “so long” to announce the name of the game, or do people who insulted me on my blog still think I was trying to boost my ego? (seriously guys, that was really painful to read, given the efforts I was putting into making sure as many people as possible would get the exploit… after all, keep in mind that personally I could decide to keep the HBL port for myself, or for just a handful of hackers and friends… instead I came up with a plan to get as many people as possible to get access to the hack). In retrospect, I hope my posts from the past few weeks now make much more sense.
I don’t think my idea was perfect, but I still think it was pretty good given the many obstacles in our way, but I’m interested to get more ideas… I don’t think we can really beat Sony when an exploit involves a content hosted on their servers, but surely there are ways to make lots of people know about those somewhat secretly (and if you have an idea to make such releases that you really think is brilliant but needs to be kept secret, feel free to send it privately to me by email)