Why I love Michael Steil
Michael is a lovely German man who knows a *fucking shit load* about computers. Most notably, Michael’s educated me on two topics:
- Security implementations and flaws on modern game consoles
- The Commodore 64 and the 6502 microprocessor
To say that Michael is something of a god in both of the above areas is pretty much accurate, as he’s adroit in delivering concise information intelligently and with a dash of Germanic humour. However, it’s clear that the latter is much more a labour of love than the former, where he’s a great spokesperson for an entire scene more than a ferocious instigator for exposing the shortcomings of corporate responsibility.
Michael is most publically active at the legendary Chaos Computer Congress, a convention for hackers (of both the MIT tradition and the modern meaning) that’s been running in Germany since 1984, itself an offshoot of the Chaos Computer Club, a hacker community that’s been around since 1981 (and which famously transferred and replaced a sizeable sum of Deutschmarks to raise awareness about security weaknesses in the fledgling digital banking industry). This year’s C3 (as it’s known) is more infamous for the astonishing PS3 Epic Fail talk, where the shortcomings of the PS3’s security implementation were laid bare, though not utterly torn open – it was GeoHot who did that by releasing the fundamental PS3 security key, presumably to steal some kudos back from the Fail0verflow team. ANYWAY, let’s just say that each year, C3 is a real highlight for me. Not only does Michael always deploy at least one amazing lecture, but lots of other people do to. One stunner was this lecture from 2008:
http://www.youtube.com/watch?v=Pp4TPQVbxCQ
Which explained how to reverse-engineer chips from the transistors up. Deep shit – and a process that lead to the cracking of the MiFare RFID chip found in Oyster cards. Not at all related to games, but well worth a watch. Note that there’s also a fantastic presentation about the Wii’s security from the 2009 C3 floating around the streaming sites too, as presented by two dudes that would go on be sued to fuck for being in Fail0verflow and doing a similar hatchet job in the interest of corporate responsibility.
BUT BACK TO THE LOVELY MICHAEL STEIL:
It’s no secret that I’m still very much in love with the Commodore 64, so Michael’s a real kindred spirit in that regard. His ‘Ultimate Commodore 64 Talk’ (with a presentation in 256 slides, no less) is a landmark lecture in retrocomputing, being as complete an overview of the machine and its capabilities as anyone could hope for in a decently-sized lecture format. In it, Michael intimately details the machine’s hardware and covers the best of the C64’s best-kept visual secrets, including arcane techniques such as raster-interrupt sprite multiplexing (tricking the C64’s video chip into displaying more than 8 sprites per frame by making it think each line it draws is a frame, rather than the whole screen, meaning you can fill the screen with sprites if you’re jiggly enough with code timing) and the deeper art of exploiting peculiarities in RAM addressing that allow you to paint more colours on-screen than the hardware spec initially allows. Sadly, his plea at the end for others to step up to his stellar standard and produce similar lectures for other hardware seems to have fallen on deaf ears, though no doubt this is more down to Michael’s singularly impressive debut for the concept than it is to a lack of enthusiasm.
Check it out here: http://www.youtube.com/watch?v=ZsRRCnque2E
I learnt more in that lecture than I did in 25+ years of C64 use, magazine reading and Internet searches. Michael followed up the Ultimate Commodore 64 Talk with an even geekier, yet more compelling, lecture about the MOS 6502, touching on a variety of topics within the context of reverse-engineering one of the most popular 8-bit processors of all time (and, obviously, the heart of the Apple 1 and II, the C64, Nintendo NES etc).
AVEC: http://www.youtube.com/watch?v=reIYvmuWHhk
Starting with the chip’s original design and manufacture and leading through to modern marvels such as the virtual, every-fucking-transistor-and-gate-modelled Java version available at visual6502.org, Michael lovingly peels back the mystery of the 6502’s inner workings while deploying some seriously neat trivia. For example; the 6502 was designed by hand, on paper. No computers were used. None! The etching stencils were cut *by hand, with scalpels* from a sheet of acetate (or something) and then shrunk photographically. Astonishing when you think about it, non? Deeper still, Michael fearlessly unravels the raw logic of the 6502 and sheds light on a particularly geek-cool aspect of the C64’s processor – that it could process completely undocumented opcodes.
Being a cunt, I should probably explain that opcodes are essentially the series of noughts and ones that make a CPU perform tasks. These translate to three-letter mnemonics, which form the basic language of assembly, the most fundamental programming language there is. Now to the chip, these are essentially just sequences that lead to sequences. Obviously, you could feed any sequence of data to the chip and, in most cases, manufacturers make sure that ‘illegal’ codes (as in opcodes not explicitly designed for the chip) result in an empty instruction or something worse, like a hang or program termination. Not the C64’s 6510 variant of the 6502 – it’ll take on anything and give it a go, resulting in a select few ultra-leet secret opcodes that essentially perform two normal opcodes for the CPU cycle price of one (and which have been reputedly used in games – Wizball being one that springs to mind). To be fair, contemporary processors to the 6502 like the Spectrum’s Z80 and the venerable Intel 8086 also have this capability, but no-one’s bothered to do a lecture where they’re explained.
Michael manages to explain both how the 6502’s decoder works and why the illegal opcodes work the way they do, and in such a manner that even I could understand it. This is something I never really expected to be able to comprehend - CPUs have always been a kind of Maxwell’s Demon to me, being mystical things that work on magic and mindfuck, but Michael had the articulation and clarity of explanation to reveal the inner workings in a way that didn’t make my brain fall over. Another stellar achievement and a serious upping of my geekcrush on the dude resulted. The notion that you could prod three ASCII letters into a piece of silicon and get a new capability still charms me immensely, and I’m all the better for knowing how such trickery works.
I now want to touch on Michael’s other line of public presentation – console security. Michael is a huge advocate for Linux and open systems and he maintains that console security is bound inextricably to the openness of the platform. I’d say that’s very likely to be true in the modern paradigm, and the hacking of the PS3 bears testament to this in a roundabout way. While the coals of the PS3’s fall have been raked over far too many times already, I think it’s still valuable to point out that even a restricted Linux implementation held back the floodgates for far, far longer than the closed nature of the 360 and Wii and that if Sony had been amenable to allowing full Cell and RSX access from Linux, the machine would still be happily secure (despite the point that in actuality, it was never really secure in the first place). Michael’s delivered some amazing lectures in the past, describing the security and shortfalls therein for the Gamecube, the Xbox and the Xbox 360.
Xbox and 360 are here: http://www.youtube.com/watch?v=uxjpmc8ZIxM
It’s awesome to see the inner workings of modern machines revealed in much the same manner as Michael uncovered the mysteries of the 6502 and while open OS implementations are all well and good, I personally think public discussion of security shortfalls benefits consumers just as much. We take security on trust, with no real way of gauging precisely how secure a system actually is. It’s these geeky Linux dudes that show us how and however much rage, both corporate and consumer, they get, their work remains noble and morally good in my view. Why? Because they want to share. The bad guys wouldn’t – and no-one would know until all connected PS3s or Wiis suddenly bricked themselves and our stored credit card details were decrypted on botnets (in a blatant worst-case scenario). And thank fuck Michael’s one of the good guys.
PS: Michael also runs a blog, here: http://www.pagetable.com/
21