#26060 - monkeywit - Mon Sep 06, 2004 1:28 am
I remember someone posting information on a debug DS (the took one home from motorola), it had the option to recieve a binary via wifi. I know the GBA had 256k of memory, how much does the DS have? I think that this is the only way we will be able to run code for a while...
I also remember it had AGB mode (where you could pick what screen you wanted it to show on). It also had a touch screen configuration utility. It had owner information that you could input with the stylus. The kid had pictures but he had to take them down after someone pointed out his dad could get in a ton of trouble.
The debug menu just a black background with white text. He said that when the system turned on little japanese kids laughed.
#26061 - tepples - Mon Sep 06, 2004 3:26 am
In GBA mode, the DS will probably have 256 KB of RAM. In DS mode, I'll conjecture that Nintendo learned from the MBV2 and F2A linkers, both of which can dump a commercial GBA Game Pak through the link port. Watch Nintendo put stronger challenge-response authentication into the DS multiboot protocol.
_________________
-- Where is he?
-- Who?
-- You know, the human.
-- I think he moved to Tilwick.
#26069 - ampz - Mon Sep 06, 2004 6:22 pm
They also probably learned from the GC to not leave any holes in their encryption.
So, the carts will most likely be encrypted (and hard to break).
The wifi multiboot will definitely be encrypted.
The BIOS will be either internal to the DS ASIC like in the GBA, or external and encrypted like the GC (but with no holes).
The only thing that cannot be encrypted is the main memory bus. However, the main memory bus operates at very high speeds, and is about 100 lines wide.
Unless N choose not to encrypt one of the three things above, or they leave some hole in the encryption, getting code to run on the DS will be very hard.
#26093 - SmileyDude - Tue Sep 07, 2004 7:05 pm
well, Nintendo hasn't really had much of a good track record with protecting it's handheld devices from "unauthorised" code. Take the protection scheme of the GBA -- checking for the presence of the Nintendo logo in the cart header. It is almost exactly the same as the protection scheme for the orginal GB. The only difference is that the logo was changed.
I can see where Nintendo might keep the protection scheme for the GB unchanged through the years -- you have backwards compatibility to worry about. But, not changing it on the GBA implies to me that there was another reason as to why it didn't change.
Of course, the long time Nintendo watchers will remember that the original NES had the lockout chip. Why Nintendo didn't do something similar with the GB is another mystery. Maybe they didn't want any more legal headaches at the time the GB was coming out.
My personal theory is that with the GB/GBC/GBA line, Nintendo actually wanted some level of homebrew activity. Otherwise, they simply would've done something like Atari did with the 7800. It took a damn long time for that scheme to be broken, and if I recall correctly, it was aided by someone finding original development kit floppies with the encryption program on it.
So, why would Nintendo want homebrew on the handhelds but not the consoles? Maybe in part because the handhelds are already a generation or two behind, or maybe because they don't feel threatened on the handheld side of things. Who knows? Maybe it was simply a mistake that they regret now.
Anyway, back to the DS -- if they do happen to implement encryption as a way to authenticate the game, that will only affect homebrew and un-authorised 3rd-party games. The pirates will simply copy the whole game, encryption and all. Here's hoping that Nintendo will stick with what's worked in the past for them, and we won't have any trouble getting code onto the DS.
_________________
dennis
#26094 - tepples - Tue Sep 07, 2004 7:09 pm
| SmileyDude wrote: |
| The pirates will simply copy the whole game, encryption and all. |
Not if the encryption involves a challenge and response.
_________________
-- Where is he?
-- Who?
-- You know, the human.
-- I think he moved to Tilwick.
#26096 - ampz - Tue Sep 07, 2004 8:09 pm
Well, it is not possible to enrypt the linearly adressed GBA carts without adding rather complicated hardware to both the GBA and the carts, and Nintendo are smart enough not to try something like that.
The DS carts however are block adressed. It is straightforward to encrypt thoose.
#26111 - SmileyDude - Wed Sep 08, 2004 1:47 am
It depends on what the encryption is used for -- if it's used for authentication of the code, then encrypting the header with a private key and using a public key for the authentication would be suitable enough.
If the goal is to protect the game from copying, that you are correct with a linear addressing scheme, the encryption would require hardware on both ends. With a block model, you wouldn't need for the data to be encrypted -- just some sort of secret handshake between the storage media and the system before the media would give up it's secrets. I suppose for extra security the data could be encrypted, and the key could be stored in ROM on the custom chip for the DS. This would be hard to near impossible to break currently since there would be no decrypted data to sniff.
If there is a secret handshake and the data isn't encrpyted coming out of the media, it stands to reason that at some point somebody will snoop the bus between the DS and the media to figure out what the handshake is. It might be impractical right now, but it's certainly not in the realm of impossibility.
I think the more promising possibility is the WiFI component of the DS -- which is what the original post was alluding to. Much easier to sniff that data. If it's compressed, there will still be the issue of trying to figure out what the public/private key pair is, but considering that we have a fairly good idea of what the data should look like (ARM instruction codes), it may be crackable.
Anyway, this is all speculation at this point. We'll see in a few months when the thing actually comes out :)
_________________
dennis
#26113 - SmileyDude - Wed Sep 08, 2004 1:50 am
| ampz wrote: |
| The BIOS will be either internal to the DS ASIC like in the GBA, or external and encrypted like the GC (but with no holes). |
Hasn't the BIOS for the GC been dumped? And of course, the GBA's BIOS has been dumped as well. About the only BIOS in a Nintendo product that hasn't been dumped is the original GB/GBC BIOS.
If the BIOS provides routines to the programmer, there is most likely going to be some way of exploiting bugs in that BIOS to dump it. Unless Nintendo has somehow mastered the art of writing bug free software.
_________________
dennis
#26122 - ampz - Wed Sep 08, 2004 11:13 am
| SmileyDude wrote: |
| I think the more promising possibility is the WiFI component of the DS -- which is what the original post was alluding to. Much easier to sniff that data. If it's compressed, there will still be the issue of trying to figure out what the public/private key pair is, but considering that we have a fairly good idea of what the data should look like (ARM instruction codes), it may be crackable. |
I don't think sniffing wifi data will be very easy. Remember: Proprietary Nintendo protocol. Not 802.11.
I think the wifi is also the interface likely to have the strongest encryption.
Why would it be easier to sniff wifi data than the cart bus? Sniffing the cart bus is pretty easy.
Oh, and ARM instruction codes will only be transmitted over wifi in case of a multiboot type of game. I have not yet seen such a game.
And even in the case of a multiboot, the bulk of the data will be graphics and audio. Not ARM instructions. Not that knowing that ARM instruction are transmitted would help very much... There are alot of valid ARM instructions.
| SmileyDude wrote: |
| ampz wrote: | | The BIOS will be either internal to the DS ASIC like in the GBA, or external and encrypted like the GC (but with no holes). |
Hasn't the BIOS for the GC been dumped? And of course, the GBA's BIOS has been dumped as well. About the only BIOS in a Nintendo product that hasn't been dumped is the original GB/GBC BIOS.
If the BIOS provides routines to the programmer, there is most likely going to be some way of exploiting bugs in that BIOS to dump it. Unless Nintendo has somehow mastered the art of writing bug free software. |
Yes, the GC BIOS was dumped, due to a security hole found in the hardware/encryption.
In order to dump the GBA BIOS you must first be able to run code on the GBA, and that's kind of the reason why we want BIOS-access on the DS in the first place. We don't primarily want to dump the DS BIOS. We want to replace it with our own code, as a way in into the system. Of course, dumping the BIOS might help crack any wifi or cart encryption unless it is in hardware.
#26130 - NoMis - Wed Sep 08, 2004 1:07 pm
| ampz wrote: |
| SmileyDude wrote: | | I think the more promising possibility is the WiFI component of the DS -- which is what the original post was alluding to. Much easier to sniff that data. If it's compressed, there will still be the issue of trying to figure out what the public/private key pair is, but considering that we have a fairly good idea of what the data should look like (ARM instruction codes), it may be crackable. |
I don't think sniffing wifi data will be very easy. Remember: Proprietary Nintendo protocol. Not 802.11.
I think the wifi is also the interface likely to have the strongest encryption.
Why would it be easier to sniff wifi data than the cart bus? Sniffing the cart bus is pretty easy.
Oh, and ARM instruction codes will only be transmitted over wifi in case of a multiboot type of game. I have not yet seen such a game.
And even in the case of a multiboot, the bulk of the data will be graphics and audio. Not ARM instructions. Not that knowing that ARM instruction are transmitted would help very much... There are alot of valid ARM instructions.
|
The thing that makes it easier is the way wifi works. It's all send out into the air and you can easily recive the signals.
WLAN's for example are pretty easy to hack. You just have to "listen" long enough to collect enought data to hack it.
NoMis
#26146 - keldon - Wed Sep 08, 2004 2:51 pm
In regards to Nintendo placing their graphic on each cartridge - I think it has little to do with STOPPING people from being able to produce a cart. It would have more to do with being able to take mass copyright infringers to court as the law still has not caught up with computer related crime.
#26150 - tepples - Wed Sep 08, 2004 4:29 pm
| keldon wrote: |
| In regards to Nintendo placing their graphic on each cartridge - I think it has little to do with STOPPING people from being able to produce a cart. |
In that case, it's pointless. Sega v. Accolade.
The only thing the header check is good for is verifying lack of dirt on the data bus.
_________________
-- Where is he?
-- Who?
-- You know, the human.
-- I think he moved to Tilwick.
#26151 - keldon - Wed Sep 08, 2004 4:54 pm
I meant if someone's mass producing pirate games then Nintendo can take them to court rather than the manufacturers who made them.
It also means that Nintendo do not have to buy the copyright, they already have it.
#26154 - ampz - Wed Sep 08, 2004 5:52 pm
| NoMis wrote: |
The thing that makes it easier is the way wifi works. It's all send out into the air and you can easily recive the signals.
WLAN's for example are pretty easy to hack. You just have to "listen" long enough to collect enought data to hack it.
NoMis |
As I said: Proprietary Nintendo protocol. Not 802.11 (WLAN).
Since we don't know the protocol, it will take some work to figure it out. There is a chance a standard WLAN adapter might not even pick up the transmissions.
In order to tap data from the cart bus you simply open up the DS and solder 16 wires to the cart connector. Hook up theese wires to a decent logic analyzer, or if you are on a budget: a PC connected FPGA, and dump the data to a file.
#26155 - ampz - Wed Sep 08, 2004 5:53 pm
| keldon wrote: |
| It also means that Nintendo do not have to buy the copyright, they already have it. |
Buy the copyright? From who?
#26161 - dagamer34 - Wed Sep 08, 2004 6:19 pm
| ampz wrote: |
| keldon wrote: | | It also means that Nintendo do not have to buy the copyright, they already have it. |
Buy the copyright? From who? |
Pay the U.S. Patent Office to reserve the copyright for Nintendo as a company so that they can sue any violators (or so I think...)
_________________
Little kids and Playstation 2's don't mix. :(
#26162 - ampz - Wed Sep 08, 2004 7:08 pm
You don't pay anyone for the copyright on your own material.
(There might be some exceptions I don't know in some countries)
#26164 - tepples - Wed Sep 08, 2004 7:33 pm
Patents are not copyrights. Patents cost money to get, as the patent office has to review your claims to make sure they don't read on prior art before issuing the patent. Copyrights cost money to register in some countries; registration prior to an alleged infringement typically buys the copyright owner additional rights in court.
_________________
-- Where is he?
-- Who?
-- You know, the human.
-- I think he moved to Tilwick.
#26179 - Abscissa - Wed Sep 08, 2004 10:54 pm
| tepples wrote: |
| as the patent office has to review your claims to make sure they don't read on prior art before issuing the patent. |
Not that they usually do that anyway ;)
#26624 - logotomie - Tue Sep 21, 2004 1:18 pm
| tepples wrote: |
| keldon wrote: | | In regards to Nintendo placing their graphic on each cartridge - I think it has little to do with STOPPING people from being able to produce a cart. |
In that case, it's pointless. Sega v. Accolade.
The only thing the header check is good for is verifying lack of dirt on the data bus. |
No, you are wrong. Sega vs. Accolade is exactly what they try to avoid by using the logo. For Sega vs. Accolade the court decided that reverse engineering code and using functionality is legal. But in order to create a working GBA cart you have to copy a work of art/copy a protected logo. This is definitely illegal.
#26636 - tepples - Tue Sep 21, 2004 6:17 pm
Part of Sega v. Accolade is that it's considered fair use to copy that magic cookie. One of the four main factors that a judge will use when distinguishing infringement from fair use is "the amount and substantiality of the portion used in relation to the copyrighted work as a whole." Given that the 156-byte magic cookie data makes up only about 0.004 percent of the first work that contained it (that is, Super Mario Advance), I can see how the question of fair use would swing strongly in the unlicensed game maker's favor.
_________________
-- Where is he?
-- Who?
-- You know, the human.
-- I think he moved to Tilwick.
#26643 - SmileyDude - Tue Sep 21, 2004 9:49 pm
Not only is the logo data a insignificant portion of the original work, I believe there is a provision in US Trademark law that states that if a trademark is used as a barrier to competition that the trademark can be revoked from the owner.
So, in this case, Nintendo is using their trademark to prevent others from competing in the market of making GameBoy Advance games. The only way, in Nintendo's view, to sell games for the GameBoy is to license their trademark from them.
This is different from the issue of using Nintendo's trademark in association with your own game. You can't run code on the GBA without using their trademark.
I wish I could find the specific reference in the law, but I really suck at looking at things like this :(
_________________
dennis
#26652 - ampz - Tue Sep 21, 2004 11:48 pm
In the Sega v. Accolade case, there were no copied logotype or anything.
The magic cookie consisted of only 4 bytes: "SEGA" encoded as a 32bit number. This does not constitute a "work of art", and it can even be easily argued that the 32bit number have nothing to do with the word SEGA since it is never displayed.
So the Sega v. Accolade case have little impact on the Nintendo header problem.
I think the main thing in the Sega v. Accolade case were that when you booted the game, it says something like "Developed with a licence from SEGA". This text was displayed by the BIOS.
I think we all know the situation perfectly.
Nintendo are on shaky legal grounds if they try to protect their platform against 3rd party developers using the header. But so are we if we try to release a game on our own.
But even if Nintendo are proven wrong in the end, they can still give you hell with several years in court, preventing you from selling your game(s) during the process, and causing you to go bankrupt.
The law is different in different countries. Perhaps nintendo loose in one country, there is nothing preventing them from trying again in another country.