Amazon Kindle gets its first premium app: Scrabble

It's still a long way from a full-fledged app store, but the Amazon Kindle has just taken one step in that direction with its very first premium app: Electronic Arts' Scrabble. That's available right now for $4.99, and it'll work on both the second and third generation Kindle, and both Kindle DX models. It also looks like it's already off to a strong start in terms of sales -- it's currently sitting at number four on the Kindle bestseller list, right behind two Stieg Larsson novels and the latest Oprah book club pick. Amazon Kindle gets its first premium app: Scrabble originally appeared on Engadget on Fri, 24 Sep 2010 16:27:00 EDT. Please see our terms for use of feeds.Permalink   |  Amazon  | Email this | Comments

PS Samurai: A USB mod chip for the PS3

It's real. Almost four years after its launch, the PlayStation 3's much vaunted security has finally been completely and unequivocally compromised. Within weeks, or even days, PS3 users ready to pay an exorbitant premium have the option of copying just about every one games they own - and any they don't - onto hard disk, and absolutely nothing stops them from spreading them over the internet. Now you ask, how does Sony fight back? Can new firmware updates prevent the platform holder one step ahead of the hackers?

As sample "PS Samurai" hardware circulates around shops and modship suppliers around the world, further details emerge, giving us some understanding of the way the system works. From that we can extrapolate the size of the task facing Sony mainly because it embarks on what must surely be the biggest damage limitation exercise in its recent history. This attack on PlayStation security contains both software and hardware. A USB dongle is connected to the PS3, and pressing the eject button on the console while it cold-boots causes the code on the stick to override the console's typical launch procedure. According to views of the XMB noticed in the now numerous YouTube videos, the dongle appears to inject elements from debug PS3 firmware onto the retail unit. The possibility to install PKG files, available only on development and test units, now works on the retail machine. From here, the primary tool to "backing up" application is added onto the device.

While you may not be familiar with a PKG file before, the chances are that you've installed lots of them on your Playstation 3. Almost every kind of program you download from PSN is within the PKG container. Once downloaded, the PS3 decompresses the comprehensive data and installs it onto your PS3. On development and test/reviewer units, so-called "unsigned code" is routinely distributed on disc, via download or on USB flash drives in PKG format. The only difference between this and a regular PSN download is that the code isn't encrypted, permitting easier distribution of unfinished or review copy games (only Sony's mastering labs can encrypt, or "sign" code). Because the Install PKG option now appears on a retail unit gives us a substantial indication as to how the new "Jailbreak" works as it's almost certainly not present in the regular firmware. It suggests that aspects of the bespoke system updates used on the debug PS3s are being injected into the memory of the retail unit. But exactly how?

There are 2 potential explanations here. First of all, whoever is behind this is extremely clever and has isolated an exploit that allows for the injection of code over the USB port. More likely would be that the USB-based tools Sony uses to test and recover PS3s with corrupt firmware have been leaked and reverse-engineered for more nefarious ends. PlayStation 3s locked into "factory service mode" have already been popping up every once in a while for a long time, and the PC-side software that runs the USB dongle was leaked not long ago.

Now it would appear that the hardware has also been "liberated" from Sony's repair and test labs. This may sound somewhat implausible, but in a world where PS3 Slim photos circulate months prior to the launch and final units appear in a Philippines marketplace, anything is possible. Besides, the exact same thing happened with the tools utilized to service the PSP just prior to the PSP-2000 launch in September 2007. In terms of the make-up of the dongle itself, pictures posted online of the internals show a simple USB device - what seems like an innocuous 48-pin microcontroller chip on the tiny PCB and not much else. It's quite astonishing to think that the makers are requesting a colossal $130 for such a tiny piece of tech, and it's almost certain to be reverse-engineered, ripped off and duplicated by the Chinese mass-suppliers within days of showing up in the market.

The software side of PS Samurai is publicly available to download, installs onto a debug PS3 and throws up few surprises. It's quite a basic tool that rips off almost every file on a game disc onto the internal HDD or else onto a Usb stick or hard drive. It does appear that a few of the encryption Sony uses on the files is stripped away (hashes on encrypted files change drastically), however the executable still won't work without the USB dongle in place. When picking a game to run, the machine drops back to the XMB. From now on, we can only speculate but it's reasonable to assume that the chip then diverts all major disc functions to the device where the game-rip lies. As a considerate vehicle for piracy then, all bases are covered, but is this really a "jailbreak" in the form recently sanctioned by US courts? The mere existence of the backup manager - supposedly coded with tools stolen from Sony - would suggest otherwise, and in case the USB dongle is indeed cloned from the platform holder's own recovery tools, any pretence of legality is surely a joke.

The presence of the PKG installation option does indeed mean that the likes of emulators and media players could be ported and installed on to the PS3. However, at the moment it's most likely the case that Sony's own dev tools would be needed to make any kind of useful application, adding to the legality quagmire. All told, it's a nightmare scenario for Sony - but you can be fairly sure that its response will likely be swift. We can easily fully expect a mandatory firmware update to emerge from its engineering labs within days of the firm dissecting the hack, doubtless making this useless. Damage limitation would be the key, and exactly like the OtherOS removal that Geohot's exploit brought about, Sony might be planning to minimise the physical number of consoles available capable of running the hack by effectively upgrading them out of contention.

If it turns out the memory patch theory does work, the swiftness of the response shouldn't be an issue for Sony's engineers. Changing the make-up of the modules affected could well be child's play for the platform holder and it also would most likely necessitate a higher effort for the hackers to reverse-engineer the new code and re-patch it. Additionally, over the longer term, there is nothing to avoid Sony from introducing brand new types of encryption and execution in the process that future games boot.

However, the properties of the USB dongle itself may well be much harder to defend against. Assuming that the device itself comes from Sony's own servicing tools, this could demand a complete, brand-new revision of motherboard to successfully defeat. The whole purpose of the dongle is to restore corrupt firmware - the chances are that it has to function on a hardware level that cannot be touched by the updater. We've seen it before on Sony kit - the so-called "Pandora" battery for PSP that flips it into service mode operates about the same principle, and was just defeated by the platform holder when it revised the handheld's motherboard. Nothing could possibly be done to protect the existing devices.

Unless Sony is capable of rewriting the standard low-level code within the PS3's BIOS, there's little it can do to defeat the USB vector of attack - it's all about preventing the injected code from working. Moving forward we can expect the usual cat and mouse game between hackers and platform holder to unfold, and it's not beyond the realms of possibility that in the foreseeable future, Sony will be able to detect people that use the tool and rightfully ban them from accessing PSN, just like the measures Microsoft is constantly on the undertake annually against gamers who flash their DVD drives running copied software.

The complexness of Sony's security systems suggests that it should be able to keep one step ahead, there is however nothing to stop people utilizing the hack to prevent firmware upgrades from going down. Indeed, the chip is believed to protect the console from executing system updates. This of course precludes PSN access, and in the fullness of time this approach will stop newer PS3 games from running as they will be reliant on software elements found only inside the newer firmware. Bearing in mind that PS Samurai is retailing for well over $130, there's quite a strong possibility that this may be the most expensive and short-lived hack ever made, and factoring in the simplicity of the hardware, the very high price seems almost reminiscent of a smash-and-grab raid on users intent on piracy regardless of the price. The manufacturers of PS Samurai are charging so high price because the time frame with references to exclusivity and also the longevity of the hack itself is potentially really small.

That said, the actual properties of this USB stick and how future-proof it is remain unknown. With mass-production of PS Samurai now in motion, and the first retail devices apparently set to ship before the month comes to an end, Sony's engineers are doubtless gearing up for the battle coming.

As spotted on: Gameindustries