Half-Byte Loader: the PSP homebrew tool that's hacking Vita?
Eurogamer tracks down its maker.
PSP games MotorStorm: Arctic Edge, Everybody's Tennis and Super Collapse were all temporarily removed from the PlayStation Store because they were vulnerable to an exploit that allowed a homebrew-enabling program called Half-Byte Loader to run on Vita.
Intrigued, Eurogamer tracked down Half-Byte Loader's French author Erwan - also known as Wololo - to find out more.
What's Sony's problem - the threat of piracy?
"This has never been Sony's argument," Erwan answered. "They actually never made any official statement about Half-Byte Loader.
"The argument that Half-Byte Loader enables piracy usually comes from gamers who are not correctly informed, as HBL does not enable piracy.
"I believe Sony fights against Half-Byte Loader mostly to keep their image - it would be bad for them to 'give up' against hackers in the very first months of the Vita, they have to show to their partners (especially video game editors) that the platform is secure, and that they plan to keep it this way for as long as possible."
Erwan stressed that "it is not possible to run pirated PSP or Vita games with HBL, not only for ethical reasons, but because it is not technically possible".
The PSP has a security model that uses two layers: a restricted user mode and unrestricted kernel mode. Half-Byte Loader runs in the restricted mode.
"Loading pirated PSP games from user mode is, if not impossible, extremely difficult, and would require advanced knowledge of the PSP system," explained Erwan. "So advanced that whoever would want to do that would have better luck trying to find more advanced exploits on the console than programming all the code required to load a pirated PSP game through HBL. "
"I believe Sony fights against Half Byte Loader mostly to keep their image - it would be bad for them to 'give up' against hackers in the very first months of the Vita."
Erwan aka Wololo
Many hackers have tried and "failed" to run pirated games using Half-Byte Loader on PSP, Erwan revealed. On Vita, "this is even more impossible", as the PSP emulator runs in an even more restricted mode.
Half-Byte Loader allows homebrewed applications and games to run, as well as emulators. Getting it working involves finding a vulnerable game, and that takes "lots of time and some luck". Then, Erwan makes a special kind of saved game and tests it to see if it crashes the console. "It can take hours, weeks or months because many games need to be tested," he told us.
Luckily, he gets help from the community surrounding his Wololo.net blog. "I am now aware of about a dozen games with an undisclosed vulnerability, in the PSP library," he whispered, and some were discovered by "unknown" or "novice" hackers.
With a vulnerable game found, Erwan can then test unsigned code. "This is usually done by running a small piece of code that displays a message or an animation on the screen, called a 'hello world'," he explained. For anyone with "a bit" of experience, this takes less than an hour, apparently.
The final step is porting Half-Byte Loader to the game, which can take anywhere between five and 30 hours. This wild fluctuation is born of different games using different functions of the SDK, or "different pieces of the PSP", if you like. Therefore, even if a game can run "hello world", it still may never run Half-Byte Loader - not if "critical" pieces/functions are absent.
Sony had a torrid time with hackers in 2011 - first with George "Geohot" Hotz, then with hacker collective Anonymous and the PSN Hack.
Given that, you can understand Sony's stern stance on piracy or technology closely related to it. But Erwan isn't worried about the legal repercussions, about being the next Geohot in Sony's crosshairs.
"I have never been contacted by Sony in the past four years since I started my blog," he told us.
"My work is not illegal (at least not in my country, France). In particular, we are not bypassing any DRM, and are not giving people any possibility to do so.
"[The PSP had] several critical flaws in the early models, which allowed hackers to know a lot about it very quickly."
Erwan
"What Geohot did with the PS3 was give people the keys to the system. Eventually, this could have led to massive piracy, and the loss of all security on the PS3. In a court, it could have been fairly easy for Sony to prove that this was impacting their business significantly (in a negative way). HBL, on the other hand, does not significantly endanger Sony's business on the PSP or the Vita.
"As I said above, it's a matter of image," he added. "Even though HBL is quite harmless, they have to show a 'zero tolerance' policy in order to get some trust from game editors. I am also thinking that they are extremely worried that even a harmless hack could lead to something bigger, so they probably want to shut it down as soon as possible, in a 'better safe than sorry' type of policy. Which is perfectly understandable, by the way."
The PSP, Erwan said, had "several critical flaws in the early models, which allowed hackers to know a lot about it very quickly". Breaking into later models like the PSPgo relied upon that early-doors knowledge.
"The Vita does not seem to have these obvious mistakes," he told us. "In addition, Sony went a bit paranoid on the Vita, and limited lots of the things one can do with the device. This is extremely visible whenever you have to copy some files to and from the Vita, as you have to connect your vita to a computer running a specific driver (CMA) with lots of constraints (internet connection required while you copy files, etc.).
"But I think there is something more," he added, "which is not directly related to the security: consoles like the PS3 and the Vita rely heavily on PSN connectivity. A Vita that cannot connect to the PlayStation Store, or that cannot use services such as online gaming, etc., is practically useless.
"This was not the case on the PSP."
Now, when Sony patches a vulnerability - as with the MotorStorm: Arctic Edge, as with Everybody's Tennis, as with Super Collapse - everyone has to update their Vita firmware if they want to use the online features.
"In this, Vita is very similar to PS3: it is possible to pirate games or run homebrews on the PS3, but it's not a mainstream activity because it requires people to give up features of the new firmwares," declared Erwan.
"The PSP did not have this problem, as connectivity to the PlayStation Network was not really a core feature of the device."
"The PSP homebrew scene has probably been one of the most active console homebrew scenes ever."
Erwan
It wasn't uncommon for people to keep their PSP devices using an old firmware version that allowed homebrew - a word that buzzed around the PSP's head like bluebottle. But how active is the homebrew scene?
"The PSP homebrew scene has probably been one of the most active console homebrew scenes ever," reckoned Erwan. "It's been very strong since the start, in 2005, and kept being extremely strong until maybe mid-2011.
One homebrew competition in 2011 had "more than 100 entries", Erwan told me - "I am not sure any other console ever got that."
But on Vita it's "another story". It's just "a few people", and Erwan and gang "are still lacking the proper tools to really talk about a 'Vita scene'". It's just a few PSP homebrews running in the PSP emulator.
But hold on, hold on. Sony has released the open beta of the PlayStation Suite SDK [Software Development Kit], which effectively allows - legalises, if you like - homebrew. You can use it to create games and applications for Vita and other PlayStation Suite-certified devices, like Sony's tablets.
"Yes, I know about this," answered Erwan, "and I've seen many comments from people who assume that we should stop hacking now that this is available. Some of these comments were extremely harsh and if possible I'd like to reply to this.
"First of all, this is extremely new," he pointed out. "The official SDK was made available less than two weeks ago. Before that, there were rumours about this SDK but nothing verifiable. In particular, it was still not sure whether the PS Vita would be compatible any time soon with this system.
"Actually, there was a closed beta that started in December, but it did not have PS Vita support. I registered but my entry never made it - that's for the people who assume I didn't even try it.
"Bottom line is, until two weeks ago, hacking the PS Vita was still the only way to run homebrews on the device."
Erwan
"Bottom line is, until two weeks ago, hacking the PS Vita was still the only way to run homebrews on the device."
Nevertheless, Erwan made the revelation to Eurogamer that, "I am not sure I personally will continue hacking the Vita now that an official SDK is out there."
"After all," he added. "I might as well use my knowledge to try and go with the official route for once."
But the PlayStation Suite SDK isn't flawless, he was quick to add - "some of its limitations are simply not compatible with the spirit of homebrews".
"First of all, once the beta is over, it will be necessary to sign a contract with Sony to keep developing and distribute games created with this SDK," he highlighted. "In order to distribute them, the apps/games will be reviewed by Sony who will be able to reject games they do not like. It is clear that emulators will never make it to this system.
"Second, they are putting lots of restrictions on this system, one of them is that it will not be allowed to distribute games for free. I know lots of people who are actually shocked by this, as strange as it might sound.
"They also have a clause on open source (not allowing it), which basically means lots of existing applications will never make it to the PS Vita," he concluded. "One of them is my own video game, Wagic, which is open source."