The malicious code hackers put in their software
With the recent controversy surrounding Total_Noob’s latest release, we’ve seen our share of comments on both sides of the argument.
For those of you who just joined us, TN’s latest Custom Firmware for the PS Vita (or, for the PS1 emulation within the Vita) contained some code designed to crash if run by one specific person (The Z). That these two people have a grudge to solve is less the concern, than a piece of software used by thousands of people, and containing malicious code.
Although the code is designed to target one specific person, it could have a bug (raise your hand if you never had a bug in your code… yeah, that’s what I thought) and impact many more users. In general, as a software developer, you don’t want to put code in there that doesn’t add value to your product, which is why an intentionally malicious code like this ranges on the same level as DRM in my opinion: evil.
But let’s move past this, as this is not the topic today, or rather it’s just one aspect of it: the whole controversy led some people to comment and say things such as “the scene was better before, when malicious code wasn’t put in our homebrew”.
The truth is, as far as I can remember, such things have happened in homebrews, custom firmwares, etc… for as long as there were hackers.
A long time ago, in a galaxy not so far away…
The first example I can think of was a PSP Custom firmware released by Dark Alex, at the time known as M33, back in 2007. Dark Alex was being tired of a certain website replacing the credits in his custome firmware (they would add their website’s name as part of the contributors to the project somewhere in the code). To counteract this, he added some code that would brick the PSP if the Custom Firmware binary had been modified.
Of course, the results were terrible: in those days, there was no way to fix a “bricked” PSP, and that’s potentially thousands of users who lost an easy $200 when trying to install the version of the CFW they had downloaded from the website.
Who’s to blame in that kind of scenario? Clearly, the impacted users didn’t care about the feud between the hacker and the website, they had just lost their device. Such an action clearly benefited nobody: Dark Alex didn’t take his revenge on the owners of the site, but on their unsuspecting users.
It’s worth noting that ultimately, Dark Alex released an unbricker for this.
And it keeps going!
More recently, and on a different device (the 3DS) the Gateway team had some malicious code running in their firmware. The code would detect clones of their piracy device, and trigger a brick in that scenario. To add insult to injury, they later offered to fix the device, for a fee if they could prove you had been using one of their competitors’ products. By doing so, they were half admitting that their bricking code could have bugs, and impact their very own clients.
We ran a full article on this specific event, that you can find here: Nintendo 3DS hack: Gateway team intentionally bricks users’ 3DS, blames competitors for their “shady” practice
It will happen again
These are two prime examples I have witnessed in my 8 years on the scene, andd I’m sure there are many others. The recent Total_Noob controversy just bumped the total by one, but it was definitely not the first time this happened, the scene wasn’t all rainbows and flowers before that. It doesn’t make this any more right, though.
Are you aware of other cases where malicious code was intentionally introduced in console hacks? Share them in the comments section!