An anonymous reader writes "A user at the Nintendo-Scene forums just posted a lengthy post about his discovery that the Wii savegame files are signed and encrypted with NIST B 233 bit elliptic curve cryptography. Could this be the first step for a Wii softmod the homebrew community have waited for? From the post: 'It appears a Wii savegame file ends with a certificate chain. The certificates contains a public keypair (the one that is being "certified") and a signature (another number pair) from the signing entity. The number pairs are stored as a compound 60 bit data (first 30 bytes for the first number, and the next 30 bytes for the second). Hence, the first and middle byte is always 00 or 01 for keys, and 00 for signatures. One can check that the keys are indeed NIST B 233 keys using openssls EC_KEY_check_key function (code forthcoming).'"
Clearly, the people who make our video games are far more competent than those protecting those other things like votes, money, identity, etc.
Actually, it makes a sort of perverse sense. It's pretty easy to write bog-standard business applications that do CRUD (in both the database & other sense), but it's not so easy to program a game that has to run at acceptable frame rates.
Because if someone steals from your bank account, that is a crime, and there is a mechanism to punish them.
If, however, someone cheats with a gamesave, there is no official mechanism to deal with them, and so people would have to turn to vigilante justice to track down and deal with cheaters. That would be bad. Very bad. First, it would start out with roving gangs of gamers, seeking out and punishing the transgressors. Some might see them as heroes, but it would not last. Disagreements would arise over what is cheating, and what is acceptable modding.
This would finally lead to civil war, as the gaming world splits into two (or more!) factions fighting it out. As the gaming world goes, so goes civilization itself, and the new dark ages would be upon us.
Until the government gets off its ass and outlaws fiddling with gamesaves, all we have standing between us and the apocalypse are the game companies, and their gamesave cryptography.
That this likely means the exact opposite. Elliptic Curve Cryptography [wikipedia.org] is relatively difficult to crack (not unlike RSA). More to the point, it's also not liable to factorization attacks like RSA is. Furthermore, the best crack of elliptic curve technology is of a 109-bit key, and still took 3,600 [certicom.com] or 15,000 [certicom.com] computer-years (whether it's a binary or prime field case, respectively).
Nintendo's not stupid. They've used RSA encryption to keep the average hacker out of DS-wireless homebrew, and this is most likely a mandated response to the Splinter Cell hack that allowed soft modding on the Xbox. It won't stop hacking through security holes in the internet protocols (a-la PSO+BBA), but they're certainly making efforts to prevent corrupted data from opening up softmod paths.
by Anonymous Coward
on Sunday September 16 2007, @03:12AM (#20623379)
I'm not sure what you're getting at when you say ECC isn't liable to factorization attacks. Its certainly more difficult to compute discrete logs in an elliptic curve group than it is to factor an RSA modulus. That's why it takes a 2048 bit RSA key to have roughly the same security strength as a 233 bit ECC key.
But, particularly because of the recent confusion regarding ECC's resistance to quantum computing (that is, that it has none), I want to make sure people realize ECC isn't any stronger than RSA. Sure, you get shorter keys and faster computations with ECC versus RSA, but for all practical purposes if/when RSA falls, ECC will go down with it. Factorization algorithms usually lead to discrete log algorithms, and vice versa. That's certainly the case with Shor's algorithm, which probably should have been made clear when the quantum computing article was posted.
Yes, but they don't have to break it, they just have to find the public key. It must be stored somewhere on the wii, so it can do the encryption of the saves. They were able to find the keys for blu-ray and hd-dvd, so why not here?
It is still liable to disassembly attack.
If elliptic curve used is sect233r1, as poster assume, that could be useful information for disassembly. If wii use OpenSSL that fact could be even more useful.
(Assuming that this discovery allows people to write new, arbitrary yet signed data into a save file on a SD card that the Wii will recognize as a "valid" save)
The next step will be to search for an exploit in the console or in a game that allows execution of that data. The final step is to figure out how to get that newly loaded code to do something useful. I know this has been done before, but I'm under the impression that the exploit (in a 007 game) was found by chance. After that lucky break, the code-something-useful part came very fast.
Is there any way to search for such an exploit other than brute force testing of games? Are there things to look for that normal players might see, or do you have to just try to execute code over and over and over in various situations, hoping to find a hole? In short, how can I, a non-programmer, help?
I have hundreds of SNES and NES carts. I would love to be able to run those games on the Wii without having to buy them a second time or wait for N to trickle them out. Now if I can just hack together some Wii wireless SNES and NES pads, I'll be in heaven.
I know I made a big assumption* in the parent post, but I wanted to ask the question about the second step, if we ever get there. It's just too bad that there isn't some way to compromise to allow a Wii "sandbox" to play around and develop in without allowing full fledged piracy. Maybe a modified (i.e. slightly crippled to prevent full piracy) Wii dev-kit open to all for a reasonable cost?
Just throwing the idea out there
*I know getting past the encryption will be no easy task, and may not be feasible at all
I have a compilation DVD that runs on a modded gamecube or wii, it includes an emulator and a whole heap of NES/SNES (and sega consoles) rom files... I believe there's an xbox version of this DVD too. You could use that, and if you really feel bad about piracy just play the games where you also posess the physical cart.
Regarding the part about the wireless SNES controller:
Have you seen Nintendo's "Classic controller" that they offer (primarily for the virtual console games)? It looks a little odd, but after you start using it, you'll realize that it's really an SNES controller with some analog sticks thrown on at the bottom (and two extra "shoulder" buttons). Also, it plugs into the wii-remote, so I consider it semi-wireless.
Anyways, definately my favourite controller ever, so you should give it a try, if you haven't ye
...where the police are looking for a violent killer, and then their surveillance locates him, and they all breathe a sigh of relief, as they assume that's the hard part done - all they have to do now is arrest him.
I can't help thinking that there's a wee bit more work to do than just find out what encryption method is being used.
Then again, maybe your average slashdotter thinks that 'breaking encryption' is as easy as 'guessing the algorithm used':-).
True, if the encryption/signing is implemented correctly, there's little hope that it'll be cracked anytime soon. But there's another avenue for attack. Given that a wii-game is capable of creating, verifying and signing its own savefiles, this means that the encryption-keys are also stored either in the wii-console or in the game-software.
So, it's just a matter of extracting them.
Once you know *both* the method of encryption and signing, *AND* are in posession of the relevant keys, the rest really is a walk
. OTOH, there are a lot of Wii owners with an interest in finding it, so it might not be infeasible to imagine a distributed computing project with many thousands of nodes cranking away for a year.
I don't want to worry you, but there's a possibility that cryptographers have thought of that.
the Xbox uses a 2048-bit encryption key - and that will be really hard to crack, even if it is theoretically possible to derive the private key from the public key. Via New Scientist: "Brian Gladman, an independent cryptography expert based in the UK, says the length of the key means there is an incredibly slim chance of finding it via brute force computing. According to RSA company, it would take a million Pentium 500MHz computers 100 billion years to run through all the possible solutions of a 1640-bit key. A 2048 bit key would be exponentially harder to crack.
it would seem this way on the surface. but the potential for online games on the wii[see mario strikers charged or big brain academy wii degree for early efforts] means cheats for extra gold coins or whatever could have a negative affect on me. personally I am not interested in hacking my saves and would like to know people I am playing against online are not cheating, so this is something I would request. in my mind as a regular player [I own a wii console four full controllers 2 classic controllers and about 13 games, that makes me a big buyer for them compared to most] I feel that they have done me a service by trying to keep online gaming fair and I've not had anything I wanted to do on my wii hindered by this. just something to keep in mind.
for reference I am a linux user and took time out of writing a shell script for a solaris machine at work to write this response. normally your mentality is how I think but this time it doesn't stand up to a little critical thinking from the perspective of a fairly heavily vested party. [I don't know anyone who has spent more towards wii, games, and controllers than I have. though I am sure some/.er will outrank me here]
Modding save games has very little to do with online play... Typically for an online game, your "save game" will be stored on the server so you can't edit it anyway. Editing single player save games would have no effect on online play... To prevent cheating with online games, you want to prevent modification of the game data itself, and modification of the network traffic. However this all gives a false sense of security, because people will still always find a way to cheat.
Only for Online-only play. Say a player collects rewards while playing offline, and the developers want to enable him to take them online. One example that springs to mind is the online Pokémon trading in Pearl/Diamond, where many Pokémon are cheated, which kind of kills the point of it all.
Yet another case of a company treating customers like criminals.
What? Are you an idiot? How in hell does this treat customers like criminals?
Perhaps you don't understand why most/.ers think the RIAA treat their customers like criminals. The RIAA use DRM to restrict users such that their Fair Use rights are impeded. Further, they explain their actions away by claiming to thwart piracy. Further, they sue their customers with no initial proof that the defendant did anything illegal, and instead abuse the courts and demand to invade their property in order to then determine any wrongdoing. And further, they do all this solely for their own profit and not for the profit of the licensed musicians.
Nintendo does none of this. They encrypt savefiles. So what? This does not impede on your right to do anything. You can play any given game on as many Wiis as you wish. Nintendo is also not suing people to force hackers to halt breaking their savefile encryption. Game developers generally don't want players artificially advancing within games. Perhaps there are statistics stored within the savefile used online. Whatever's in the savefile is up to the game devs, and Nintendo is simply hiding that.
In other words, Nintendo is completely within their rights to encrypt savefiles. In turn, AFAIK, you are completely within your rights to attempt to break that encryption. And in turn again, Nintendo is completely within their rights to push out any updates to change or otherwise enforce their encryption. It's really that simple.
I think they absolutely love us. the kind of money they are making on those of us who play their games is more than enough to get us past the "no kissing on the lips" rule. I am by no means a nintendo fanboy, I haven't even played video games consistently for almost 7 years. I am speaking their praises because they built a system that is cool enough to play to get me back in to gaming. I know there are some crazy nintendo is always right people but don't discredit everyone who sings the wii's praises. and y
Wrong. The DMCA and co. are about copy-prevention systems, and this is not the case. And I would be very sceptical whether a developer has any copyrights to a save file at all.
No, I think there is a much more mundane reason. In the past some of the consoles were broken with manipulated save games, the games didn't properly check the data and so opened a hole. I would guess Nintendo didn't want to take that chance and so added an API which sits between the game and the saved data. As the saved data could be verified for being originally written by the game before the game would even get a chance to have a look at it, it means it is much harder to attack code not written by Nintendo to be exploited.
Disclaimer: I have never seen the API of a game console, this is only a wild guess.
I don't really see a good argument for anyone to modify saved games. There is zero benefit to the end user, unlike DRM on music. If the encryption disallowed use of the saved game, that would be problematic, but if it disallows mods of the saved game, that makes sense. Think modding your saved game to make you a level 10 player, not very nice if this game has to go online.
I don't really see a good argument for anyone to modify saved games. There is zero benefit to the end user
False. I want to move a "zipper shirt" from my character in Animal Crossing for Nintendo GameCube to my character in Animal Crossing: Wild World for Nintendo DS. From GameCube to GameCube, I can use the "Hear code" and "Say code" inside Tom Nook's store to move the item. From DS to DS, I can use the online features. But unfortunately, the "Hear Code" functionality was cut from the DS version, so I have to write a program that hacks the DS version's saved game to insert the item into the player's inventory.
It is signing all the data with a certificate. Proper crypto, not DIY snakeoil ala most DRM schemes out there. The only way to break it is to get to the device key.
If they have done is right the key is per device and hardware protected by a crypto module. From there on breaking this at the crypto level is absolutely impossible.
The consequences are actually the opposite to what the clueless editor posted:
1. No chance for homebrew unless someone steals a cert from somewhere and even then Nintendo can simply revoke it using their online service or in a service pack.
2. All communication from the console to a server and back can be signed with strong crypto so no online game cheating.
As far as the elliptic curve cipher choice, this is a common choice for devices with very limited CPU or memory resources. That is what these ciphers are designed for.
All I can say: Applause Nintendo, applause, well done.
And why exactly would it be impossible to get the key if it's stored in hardware then? It might be impossible without a modchip, and it might be impossible with some kind of other software exploit to get to the hardware, but it's most definitely 'impossible' at all. The xbox 360 uses a similar encryption/signing mechanism (per-box key stored in the CPU, signed and encrypted kernel and savegames), and people have already found ways to get to it. Either through an exploitable kernel that enables booting linux
It depends how well the system is designed and how pervasive is the PKI thoughout it. While it may be possible to introduce a MIM (man in the middle) via an exploit or via a timing attack on boot it may end up being prohibitively difficult. For example, on a well designed system you cannot get the key, because it never leaves the hardware. As a result you have to intercept all requests to the crypto hardware and all replies. Depending on the implementation this may actually be quite hard. It may be useless
The Wii Programming Guidelines (or Lot Check docs -- don't have the info at home but at work) dictate a maximum number of saving k/sec so as not to wear out the flash memory.
'Hacking' save games is just one of the possible uses for this.
The most worrying one for Nintendo is that it allows people to write their own code, sign that, fool the console into thinking it's a save game and then look for some program on the Wii which is happy to execute a block of code within a saved game. This can then be used to modify some properties of the console, usually nothing particularly drastic but I'm sure Nintendo don't want to take the risk.
No, the most worrying for Nintendo is successful emulators that can run on non-Nintendo hardware. By locking down the savefiles, they retain control over savefiles, and over the ability of emulators to successfully save at all.
In terms of bricking consoles, Nintendo's a little bit nicer about it. They'll still brick it, but they'll warn you first "hey, if your console is modded, this update's going to brick it, so you might want to abort now".
By the way, with some games refusing to run without updating, this becomes one of those scenarios where if your console is modded, you have to get games illegally to make them work (assuming pirates have found a way to eliminate the code that forces the update).
There is a way to remove updates, it's a small program called Wii Brick Blocker that patches isos. It is rather ironic that Nintendo essentially force people into piracy with their updates...
Ironic? Only if you've modded your Wii. I've always considered a console in the realm of "no user servicable parts inside." Course, it's not like Nintendo plans to worry about every possible modding configuration available. Rather, they have a set piece of hardware and a set piece of software. Thus, designers know exactly what they have to code for.
Unlike Windows which you can get to install on damn near anything within reason.
I figure modders should get a second, control Wii if you will, that they can fall back on for games.
As much as I'm for tinkering, it's not like Nintendo's really promoting openess on their systems. Why should the modding community expect it? I feel the same way about the XBox and PS3 (although the PS3 not as much; Sony promoted the Linux part quite a bit).
Guess I'm just old fashioned in some ways. I like my consoles too much to tinker with em.
I've been tinkering since the NES days, so it's an old habit now!:)
I do actually have a second control Wii, I mainly use it for VC games, but if Nintendo ever get any decent online going I will be able to use it for that as well.
the Xbox has been my media center for about 4 years. I bought it the day it was easily moddable/hackable. It now plays the anime and movies from my server and also plays my dvds along with the games and imports. I really like the option to pay imports. I do speak and understand english, so there really is no reason I should wait 1-2 years for a game. Or movie...
After maybe 2.5 years the dvd reader died and I couldn't read discs anymore. I bought a replacement dvd player for the xbox and installed it myself, voiding my already dead warranty.
Morale of the story :
1 / I used my xbox in a "creative" way, exceeding by much what MS previewed/allowed me to do with it. I had fun with it, and I didn't have to build or buy a pre-made media center.
2 / When it got broken I just had to buy a small, cheap part. not a full xbox, as a "no user servicable parts inside" box concept would have made me.
Episode 2, the WII
Take story from ep.1, make hardware standard pc stuff as in xbox, rinse, repeat.
Guess I, too, am just old fashioned in some ways. I'm too cheap to have every piece of kit I want, so I like to tinker with consoles to give them all the bells and whistles I cannot afford otherwise...
The point isn't that you can make and use your own gasoline, and by extension, the point with modified consoles is not that you can physically open up the case and install the modification. The issue at hand is the conflict between two points of view: that of the hack-minded consumer, who believes that he/she is entitled to do anything he/she pleases to a product that he/she owns, and that of the product manufacturer, who believes that it is entitled to stop hack-minded consumers from using their product in a non-approved manner.
Can you modify your game console - that is, are you physically capable of altering its hardware? Sure! You can make it run imported games, homebrew games, Linux, anything you please. Heck, you can turn it into a motion-sensitive coffeepot if you want. However, the console manufacturer never sold you a motion-sensitive coffeepot, and they are under no obligation to support it if that's what you build out of it. To continue the car analogy, this would be like converting your new gasoline-powered vehicle to run on biodiesel, and then complaining to the dealer when it won't run on gasoline anymore. You're completely within your rights to do that, but the carmaker is also within its rights to make you support it yourself by taking away your warranty.
AFAIK there is no deliberate bricking, but rather the update process and/or the newly updated system code can fail due to the presence of mods. Nintendo warns the user of this because they don't want an uproar about them sabotaging consoles if an update kills machines with a relatively common mod chip installed.
Actually no, I do not pirate games. I've been importing video games from the US and Japan since the days of the NES. I said it was ironic because if someone like myself had modded the system for imports and then bricked it, Nintendo would in theory have left them no choice but to pirate games or buy another Wii. Thankfully I have not bricked mine and can run imports without any problems. It simply seems odd to me that Nintendo would do something that would encourage piracy.
Next time try not to automatically assume modding = piracy, because it does not, no matter how much the hardware manufacturers like to say it does. If I could buy a mod chip that enables imports but not pirated games I gladly would. The constant erroneous association of modding with piracy by clueless people such as yourself has become extremely tiresome.
Elliptic Curve? (Score:5, Funny)
Re: (Score:2)
WTF? (Score:5, Interesting)
Re:WTF? (Score:5, Funny)
Parent
Re: (Score:3, Funny)
Re:WTF? (Score:5, Insightful)
Parent
Re: (Score:2, Interesting)
You may not like the answer, but... (Score:5, Interesting)
Actually, it makes a sort of perverse sense. It's pretty easy to write bog-standard business applications that do CRUD (in both the database & other sense), but it's not so easy to program a game that has to run at acceptable frame rates.
Parent
Re:WTF? (Score:5, Funny)
If, however, someone cheats with a gamesave, there is no official mechanism to deal with them, and so people would have to turn to vigilante justice to track down and deal with cheaters. That would be bad. Very bad. First, it would start out with roving gangs of gamers, seeking out and punishing the transgressors. Some might see them as heroes, but it would not last. Disagreements would arise over what is cheating, and what is acceptable modding.
This would finally lead to civil war, as the gaming world splits into two (or more!) factions fighting it out. As the gaming world goes, so goes civilization itself, and the new dark ages would be upon us.
Until the government gets off its ass and outlaws fiddling with gamesaves, all we have standing between us and the apocalypse are the game companies, and their gamesave cryptography.
Parent
It seems to me... (Score:5, Informative)
That this likely means the exact opposite. Elliptic Curve Cryptography [wikipedia.org] is relatively difficult to crack (not unlike RSA). More to the point, it's also not liable to factorization attacks like RSA is. Furthermore, the best crack of elliptic curve technology is of a 109-bit key, and still took 3,600 [certicom.com] or 15,000 [certicom.com] computer-years (whether it's a binary or prime field case, respectively).
Nintendo's not stupid. They've used RSA encryption to keep the average hacker out of DS-wireless homebrew, and this is most likely a mandated response to the Splinter Cell hack that allowed soft modding on the Xbox. It won't stop hacking through security holes in the internet protocols (a-la PSO+BBA), but they're certainly making efforts to prevent corrupted data from opening up softmod paths.
Re:It seems to me... (Score:5, Informative)
But, particularly because of the recent confusion regarding ECC's resistance to quantum computing (that is, that it has none), I want to make sure people realize ECC isn't any stronger than RSA. Sure, you get shorter keys and faster computations with ECC versus RSA, but for all practical purposes if/when RSA falls, ECC will go down with it. Factorization algorithms usually lead to discrete log algorithms, and vice versa. That's certainly the case with Shor's algorithm, which probably should have been made clear when the quantum computing article was posted.
Parent
Re: (Score:2, Insightful)
While it is not liable to factorization attacks (Score:2)
Great, now about the next step. (Score:4, Insightful)
The next step will be to search for an exploit in the console or in a game that allows execution of that data. The final step is to figure out how to get that newly loaded code to do something useful. I know this has been done before, but I'm under the impression that the exploit (in a 007 game) was found by chance. After that lucky break, the code-something-useful part came very fast.
Is there any way to search for such an exploit other than brute force testing of games? Are there things to look for that normal players might see, or do you have to just try to execute code over and over and over in various situations, hoping to find a hole? In short, how can I, a non-programmer, help?
I have hundreds of SNES and NES carts. I would love to be able to run those games on the Wii without having to buy them a second time or wait for N to trickle them out. Now if I can just hack together some Wii wireless SNES and NES pads, I'll be in heaven.
PS (Score:2)
It's just too bad that there isn't some way to compromise to allow a Wii "sandbox" to play around and develop in without allowing full fledged piracy. Maybe a modified (i.e. slightly crippled to prevent full piracy) Wii dev-kit open to all for a reasonable cost?
Just throwing the idea out there
*I know getting past the encryption will be no easy task, and may not be feasible at all
Re: (Score:2)
Re: (Score:3, Interesting)
Have you seen Nintendo's "Classic controller" that they offer (primarily for the virtual console games)? It looks a little odd, but after you start using it, you'll realize that it's really an SNES controller with some analog sticks thrown on at the bottom (and two extra "shoulder" buttons). Also, it plugs into the wii-remote, so I consider it semi-wireless.
Anyways, definately my favourite controller ever, so you should give it a try, if you haven't ye
what will we do with out it! (Score:2, Funny)
It's just like Demolition Man... (Score:3, Insightful)
...where the police are looking for a violent killer, and then their surveillance locates him, and they all breathe a sigh of relief, as they assume that's the hard part done - all they have to do now is arrest him.
I can't help thinking that there's a wee bit more work to do than just find out what encryption method is being used.
Then again, maybe your average slashdotter thinks that 'breaking encryption' is as easy as 'guessing the algorithm used' :-).
Re: (Score:3, Insightful)
But there's another avenue for attack. Given that a wii-game is capable of creating, verifying and signing its own savefiles, this means that the encryption-keys are also stored either in the wii-console or in the game-software.
So, it's just a matter of extracting them.
Once you know *both* the method of encryption and signing, *AND* are in posession of the relevant keys, the rest really is a walk
Re:It's just like Demolition Man... (Score:4, Informative)
I don't want to worry you, but there's a possibility that cryptographers have thought of that.
For example: [purselipsquarejaw.org]
Parent
Something here is not right... (Score:2)
The number pairs are stored as a compound 60 bit data (first 30 bytes for the first number, and the next 30 bytes for the second).
Interesting that they can store 60 bytes of data in 60 bits! I think someone made a typo...
Re: (Score:3, Insightful)
Re:More important than homebrew potential (Score:5, Insightful)
for reference I am a linux user and took time out of writing a shell script for a solaris machine at work to write this response. normally your mentality is how I think but this time it doesn't stand up to a little critical thinking from the perspective of a fairly heavily vested party. [I don't know anyone who has spent more towards wii, games, and controllers than I have. though I am sure some
Parent
Re: (Score:2)
Re:More important than homebrew potential (Score:5, Funny)
Parent
Re: (Score:3)
Editing single player save games would have no effect on online play...
To prevent cheating with online games, you want to prevent modification of the game data itself, and modification of the network traffic. However this all gives a false sense of security, because people will still always find a way to cheat.
Re: (Score:2)
One example that springs to mind is the online Pokémon trading in Pearl/Diamond, where many Pokémon are cheated, which kind of kills the point of it all.
Mod parent troll (Score:5, Insightful)
Perhaps you don't understand why most
Nintendo does none of this. They encrypt savefiles. So what? This does not impede on your right to do anything. You can play any given game on as many Wiis as you wish. Nintendo is also not suing people to force hackers to halt breaking their savefile encryption. Game developers generally don't want players artificially advancing within games. Perhaps there are statistics stored within the savefile used online. Whatever's in the savefile is up to the game devs, and Nintendo is simply hiding that.
In other words, Nintendo is completely within their rights to encrypt savefiles. In turn, AFAIK, you are completely within your rights to attempt to break that encryption. And in turn again, Nintendo is completely within their rights to push out any updates to change or otherwise enforce their encryption. It's really that simple.
Parent
Re: (Score:2)
Re: (Score:3, Interesting)
Re: (Score:3, Informative)
Re:More important than homebrew potential (Score:5, Insightful)
No, I think there is a much more mundane reason. In the past some of the consoles were broken with manipulated save games, the games didn't properly check the data and so opened a hole. I would guess Nintendo didn't want to take that chance and so added an API which sits between the game and the saved data. As the saved data could be verified for being originally written by the game before the game would even get a chance to have a look at it, it means it is much harder to attack code not written by Nintendo to be exploited.
Disclaimer: I have never seen the API of a game console, this is only a wild guess.
Parent
Re: (Score:2)
Some save mods arguably aren't cheating (Score:4, Funny)
Parent
Re:Uhh (Score:5, Insightful)
This means that Nintendo has a clue.
It is signing all the data with a certificate. Proper crypto, not DIY snakeoil ala most DRM schemes out there. The only way to break it is to get to the device key.
If they have done is right the key is per device and hardware protected by a crypto module. From there on breaking this at the crypto level is absolutely impossible.
The consequences are actually the opposite to what the clueless editor posted:
1. No chance for homebrew unless someone steals a cert from somewhere and even then Nintendo can simply revoke it using their online service or in a service pack.
2. All communication from the console to a server and back can be signed with strong crypto so no online game cheating.
As far as the elliptic curve cipher choice, this is a common choice for devices with very limited CPU or memory resources. That is what these ciphers are designed for.
All I can say: Applause Nintendo, applause, well done.
Parent
Re: (Score:3, Insightful)
Re: (Score:2)
For example, on a well designed system you cannot get the key, because it never leaves the hardware. As a result you have to intercept all requests to the crypto hardware and all replies. Depending on the implementation this may actually be quite hard. It may be useless
Re:Uhh (Score:4, Insightful)
Parent
Re: (Score:3, Interesting)
The Wii Programming Guidelines (or Lot Check docs -- don't have the info at home but at work) dictate a maximum number of saving k/sec so as not to wear out the flash memory.
Re: (Score:2, Informative)
Re: (Score:3, Interesting)
Re:Uhh (Score:5, Interesting)
By the way, with some games refusing to run without updating, this becomes one of those scenarios where if your console is modded, you have to get games illegally to make them work (assuming pirates have found a way to eliminate the code that forces the update).
Parent
Re: (Score:3, Insightful)
Re:Uhh (Score:5, Insightful)
Unlike Windows which you can get to install on damn near anything within reason.
I figure modders should get a second, control Wii if you will, that they can fall back on for games.
As much as I'm for tinkering, it's not like Nintendo's really promoting openess on their systems. Why should the modding community expect it? I feel the same way about the XBox and PS3 (although the PS3 not as much; Sony promoted the Linux part quite a bit).
Guess I'm just old fashioned in some ways. I like my consoles too much to tinker with em.
Parent
Re: (Score:2)
I do actually have a second control Wii, I mainly use it for VC games, but if Nintendo ever get any decent online going I will be able to use it for that as well.
"no user servicable parts inside" (Score:5, Interesting)
the Xbox has been my media center for about 4 years. I bought it the day it was easily moddable/hackable. It now plays the anime and movies from my server and also plays my dvds along with the games and imports. I really like the option to pay imports. I do speak and understand english, so there really is no reason I should wait 1-2 years for a game. Or movie...
After maybe 2.5 years the dvd reader died and I couldn't read discs anymore. I bought a replacement dvd player for the xbox and installed it myself, voiding my already dead warranty.
Morale of the story :
1 / I used my xbox in a "creative" way, exceeding by much what MS previewed/allowed me to do with it. I had fun with it, and I didn't have to build or buy a pre-made media center.
2 / When it got broken I just had to buy a small, cheap part. not a full xbox, as a "no user servicable parts inside" box concept would have made me.
Episode 2, the WII
Take story from ep.1, make hardware standard pc stuff as in xbox, rinse, repeat.
Guess I, too, am just old fashioned in some ways. I'm too cheap to have every piece of kit I want, so I like to tinker with consoles to give them all the bells and whistles I cannot afford otherwise...
Parent
Re:Uhh (Score:4, Insightful)
Can you modify your game console - that is, are you physically capable of altering its hardware? Sure! You can make it run imported games, homebrew games, Linux, anything you please. Heck, you can turn it into a motion-sensitive coffeepot if you want. However, the console manufacturer never sold you a motion-sensitive coffeepot, and they are under no obligation to support it if that's what you build out of it. To continue the car analogy, this would be like converting your new gasoline-powered vehicle to run on biodiesel, and then complaining to the dealer when it won't run on gasoline anymore. You're completely within your rights to do that, but the carmaker is also within its rights to make you support it yourself by taking away your warranty.
Parent
Re: (Score:3, Insightful)
Re:Uhh (Score:5, Insightful)
Next time try not to automatically assume modding = piracy, because it does not, no matter how much the hardware manufacturers like to say it does. If I could buy a mod chip that enables imports but not pirated games I gladly would. The constant erroneous association of modding with piracy by clueless people such as yourself has become extremely tiresome.
Parent