Consoles need managed code, or sandboxes

May 27, 2008

Was just reading how industrious hackers have managed to run arbitrary code on unmodified Wiis by abusing a flaw in save games for Legend of Zelda: Twilight Princess. Presumably this works by attacking some inadequately guarded buffer in the game’s code, by carefully constructing a “save game” on a computer. Back with the PS2 there was a similarly famous exploit where the PS2 OS itself would read certain sections of the memory card when PS1 games were inserted (presumably to get information about the title to display), and people found a way to crack this to run arbitrary code on the ps2. When are the console manufacturers going to learn that any interaction with any user modifiable section of memory (e.g. a memory card), needs to be heavily sanboxed or managed? I have no idea if the Xbox or Xbox360 have fallen to this kind of exploit in the past, or may in the future. Hopefully the Xbox engineers have been a bit more wary…

These consoles are in a strange position where their bread and butter is being able to sell games to recoup the money they have lost on the console sales, so they have to be really cautious of piracy. In theory they are in a much better position than the PC market, because they run some sort of trusted platform where only titles that they have authorized can be run on the system. In practice, however, they need to make sure that each and every title does not create a critical flaw in this armor. Because once one of these titles goes out, the doors are wide open.

The Xbox and the PS3 are in a better position here, as they can force updates to a title when it is loaded, which the user has to install if they want to continue using the online services of the console (actually they may not force the game update, yet, but you can bet they will as soon as there is a title that creates an exploit on either system). And they can actively combat known exploits by serving fixes in OS updates that are required to install to play the latest titles.

All of this helps, but doesn’t really attack the fundamental problem that the game authors are using languages that are easy to attack, and the console manufacturers are not providing an adequate sandbox around user modifiable sections of memory.

I find XNA to be very interesting in terms of a more managed environment for game development. And the community support is very promising (although may present even more problems if there are flaws in the XNA sandbox). But I’m guessing that a managed code solution won’t yet appeal to most of the console game creators yet, as they are very concerned about squeezing every ounce of performance out of these machines.