Collaborative hackery • 22 June 2008 • The SnowBlog
Just in case any of you didn't realise what a nerd I am, let me correct your misconception. I'm currently reading a book about how Microsoft's previous game console, the Xbox, was hacked in the early part of this decade. Games consoles have to be set up so that you can't just make a copy of a game rather than buying your own, for obvious reasons. In fact, most of the revenue comes from selling the games rather than the console. And if the console needs to be running validation checks then you obviously have to make it secure from hackers, otherwise they might just turn off the piece of code that does the checking. What's interesting is to look at the struggle going on between the hacker community and the Microsoft engineers. You might think that the professionals, with their engineering degrees, big budgets and well-equipped labs would have the upper hand, but the internet seems to have done something rather impressive to all sorts of communities, hackers included. In theory, the internet is one big community. Anyone can talk to anyone else - send them an e-mail, post a comment for others to read, set up a blog visible to all-comers. After all the physical wires underlying the web connect everyone to everyone else. But in practice there are lots of much smaller, virtual communities. I say 'virtual' because I'm thinking about the conversations taking place and not the physical network carrying them. When you look at conversations, interactions and relationships online, the single community breaks down into cliques, some of them quite insular. The community hacking the Xbox was operating at a very high skill level, far beyond what most people could (or would want to) follow. To give you one example, not only did they need to understand all the signal and bus timings of the chips on the Xbox motherboard, they also needed to understand the mathematical foibles of the cryptography used to secure its data. Much of it is PhD level expertise or beyond.
One hack involved discovering that the algorithm used to secure part of the Xbox's code was something called TEA - and then understanding the significance of that. To make sure no one tampered with important parts of the Xbox system, Microsoft used TEA to compute a magic number for the start-up program. The magic number was like a miniature snapshot of the program's contents. If you modified the start-up program that modification would show up when the system worked out the new TEA number: if the software had changed, the number would change, and the box would refuse to run your modified program. So you couldn't take control of the console just by writing your own programs and substituting them for the official ones.
Except that the hackers researched the TEA algorithm, which hadn't been written by Microsoft, but simply borrowed by them. They found out that TEA had a weakness. Almost any change you could make to the program would alter the TEA number, but there was an exception. If you made a change in exactly the right place, by exactly the right amount, the TEA number came out the same. Then it was just a matter of finding a single line of the program that could be altered in this way so that it did something useful. One hacker discovered an instruction that told the program to jump to a new routine. He was able to alter the location the instruction tried to jump to so that it was now jumping to a point completely outside the startup program, to an area of memory that anyone could modify. The hacker could place his own programs in that location and the console would run them.
The point of telling you all this? Well, often the movie stereotype of the hacker is a solitary teenager or twenties slacker in his mother's basement. But the group that hacked the Xbox were a community, spread all over the world, cooperating and collaborating at a very advanced level. They weren't a criminal gang - in fact many of them were very careful to make sure they did nothing illegal - they were a cadre of software and hardware experts that formed spontaneously around a shared challenge. In a very real sense, I doubt whether a hand-picked team of highly-paid Microsoft engineers could exceed the capabilities of such a group, because it was better motivated and in some ways better matched to the task in hand - because it wasn't 'just a job' for any of the hackers - none of them had been assigned to the project. The only hackers on the team were there because they were on the trail of a problem that matched their talents and captured their imaginations.
The internet increasingly allows people to seek out the two or three - or maybe fifty or sixty - people on the planet who are on exactly the same wavelength as them. The book, Hacking the Xbox, was written by the first guy to devise a way of taking control of the console to run his own code. He was an electronics student at MIT at the time. Microsoft responded to his discoveries by making some changes to the Xbox motherboard. And then the next hack was completed by a Brit, in his late thirties, who'd previously worked as a hardware designer. The next breakthrough came from another student, this term living in Munchen in Germany. But none of these people was working alone. They were all drawing on the advice and freely offered knowledge of the others in the group. And none of the key individuals was interested in pirating games. They were interested in the challenge, and in honing their diagnostic and security skills. In fact some of them thought they were doing a noble thing. Microsoft had based the Xbox on the guts of a PC, and then they'd sold it for considerably less than the components cost, aiming to make their money back by selling games. If you could hack the Xbox to run your own programs - instead of playing games - you could turn a games console into a PC, with the cost heavily subsidised by a giant corporation not known for its philanthropy.
I like to imagine that in the future companies will work in the same way as hacking communities or open-source programming teams. Instead of bored office-workers clock-watching and whinging, a few more of us might be able to find challenges that really appeal to our personalities, capabilities and self-image. Geography can't always be relied upon to provide you with the right individuals to spark your creativity or complement your skills. Hopefully the internet can do better.