#97074 - tepples - Mon Aug 07, 2006 8:59 pm
This topic claimed that a poster's acquaintance had access to Nintendo's private signing key for DS Download Play, and it asked whether it would be a good idea for this acquaintance to leak the trade secret. The topic was locked for good reason.
But it's not even known whether it would have had any effect. Here are some ways I can think of that Nintendo can give out official development kits while preventing trade secret leaks from causing any damage: - Developer DS does not verify DS Download Play signature, much like the FlashMe firmware hack. This way, the retail DS key pair remains in the vault at Nintendo.
- Different key pairs for developer and retail DS systems. I seem to remember that Xbox does this.
- Option 2, with a unique key pair for each licensee.
Any other ideas on this topic?
_________________
-- Where is he?
-- Who?
-- You know, the human.
-- I think he moved to Tilwick.
#97088 - Nushio - Mon Aug 07, 2006 9:37 pm
I guess #1.
IMO, only publishers, not developers, have access to the private key.
Its the people who print the cartridges in mass the ones that really need it anyways.
As for the developers? They have huge Nitro boxes and other stuff anyways.
IIRC, Mario & Luigi PiT was developed using 2 GBAs, a SNES pad and a link cable.
If they really needed a private key to send over the air, they would most probably purchase developer ds that are flashed so that they dont do the RSA check.
Edit: All I said was based on presumption, guesses, and are in no way valid, official or even right.
#97106 - Turambar - Tue Aug 08, 2006 12:08 am
| Nushio wrote: |
IMO, only publishers, not developers, have access to the private key.
Its the people who print the cartridges in mass the ones that really need it anyways. |
Do they really need it? I don't actually know how it works, but wouldn't it be posible that the publisher sends the game to nintendo, who encripts it and sends it back to the publisher? You don't need the key to mass produce cartridges, you only need an encripted copy. Of course, this method would mean that every game has to have Nintendo's approval, but doesn't this already happen?
#97108 - Nushio - Tue Aug 08, 2006 12:44 am
| Turambar wrote: |
Do they really need it? I don't actually know how it works, but wouldn't it be posible that the publisher sends the game to nintendo, who encripts it and sends it back to the publisher?
You don't need the key to mass produce cartridges, you only need an encripted copy. Of course, this method would mean that every game has to have Nintendo's approval, but doesn't this already happen? |
Thats entirely true, you dont need the key to mass produce cartridges. I dont know if Nintendo has to personally sign/encrypt all published games. Its possible, yes.
This leaves us with several questions though...
Do developers have a key? Even if unique and unuseful on mass-produced NDS (Rather than Dev DSs).
Can we talk about it? Isnt this piracy-related, since we shouldn't use any "official documentation"?
Will Clark Kent save Batman in time and still have the date with Lois Lane?
Tune in to find out on the next episode of...
DsDev!
Edit: Pwnd .
Last edited by Nushio on Tue Aug 08, 2006 2:03 pm; edited 2 times in total
#97129 - Magitek - Tue Aug 08, 2006 3:30 am
Just my 2 cents, but I dont think that every licensee has their own unique key, because then otherwise newer DSes would have to have some way of updating its firmware to accept keys of newer developers. It would be a futureproof nightmare.
I think it's ok to talk about it, as long as nobody in here pulls out a copy of official dev guides or something. My question is that if somebody ever accidentally stumbles onto the key, can it be released, or will that person have to keep their mouth shut?
P.S. And I hope that Superman doesnt have a date with Louis Lane, unless Superman changed orientation since the comic books and movies, heh.
#97138 - tepples - Tue Aug 08, 2006 4:34 am
| Turambar wrote: |
| I don't actually know how it works, but wouldn't it be posible that the publisher sends the game to nintendo, who encripts it and sends it back to the publisher? |
That would get slow if you are developing a program on DS Download Play and have to send every single build to Nintendo to get it signed.
| Nushio wrote: |
| Can we talk about it? Isnt this piracy-related, since we should use any "official documentation"? |
We're talking about what's plausible, not what's the case.
| Magitek wrote: |
| Just my 2 cents, but I dont think that every licensee has their own unique key, because then otherwise newer DSes would have to have some way of updating its firmware to accept keys of newer developers. It would be a futureproof nightmare. |
As I see it, you'd have the retail Nintendo DS (retail), the "Nintendo" custom DS (for internal use by Nintendo), the "Konami" custom DS (for internal use by Konami), the "Capcom" custom DS (for internal use by Capcom), etc. Each would contain DS Download Play firmware that responds only to its unique private signing key. The final build accepted by Nintendo would get re-signed with the retail key.
| Magitek wrote: |
| P.S. And I hope that Superman doesnt have a date with Louis Lane, unless Superman changed orientation since the comic books and movies, heh. |
Superman is already a dick; why can't he be gay too?
_________________
-- Where is he?
-- Who?
-- You know, the human.
-- I think he moved to Tilwick.
#97152 - Lynx - Tue Aug 08, 2006 6:20 am
Do we know for sure that every developer (or development house) has the private key? And if they do, I would expect that not the whole development team would have access to it.. I'm sure if the key did make it out to the internet, someone (if not many) would be in deep crap over it. I'm sure something as critical as that would have many tracking methods.
_________________
NDS Homebrew Roms & Reviews
#97158 - wintermute - Tue Aug 08, 2006 6:39 am
It's extremely unlikely that anyone outside Nintendo has the private key. There's an application circulating which loads and executes the first download play broadcast it finds - I'd imagine that's what developers use for testing purposes. You still need another boot method to use it so it's not really that useful for homebrewers.
_________________
devkitPro - professional toolchains at amateur prices
devkitPro IRC support
Personal Blog
#97173 - Lick - Tue Aug 08, 2006 10:47 am
@ tepples -
| Nushio wrote: |
| If they really needed a private key to send over the air, they would most probably purchase developer ds that are flashed so that they dont do the RSA check. |
I think developers just use developing firmware, ala flashme.
_________________
http://licklick.wordpress.com
#97220 - Turambar - Tue Aug 08, 2006 6:45 pm
| tepples wrote: |
| Turambar wrote: | | I don't actually know how it works, but wouldn't it be posible that the publisher sends the game to nintendo, who encripts it and sends it back to the publisher? |
That would get slow if you are developing a program on DS Download Play and have to send every single build to Nintendo to get it signed.
|
Of course, that is not what I meant. During development, they could use your Option 1 or 2, and only when they are done they'll send it to Nintendo to get it signed.
#97254 - HyperHacker - Tue Aug 08, 2006 9:44 pm
I've seen the official devkit. It has a tool to sign the files, but you need a signature file or some such from Nintendo. So I doubt the dev units verify signatures.
(Interesting side note: there's a Download Play app that doesn't verify signatures as well, but it's not signed. :-p)
_________________
I'm a PSP hacker now, but I still <3 DS.
#97258 - Magitek - Tue Aug 08, 2006 9:53 pm
So then that means that Nintendo probably has 1 private key that it obfuscates and shares with developers. So devs dont know the private key per se, but they have a file given by Nintendo that contains it and when in use with another program it allows them to sign it.
I was reading an article posted in one of the GBA forums of this site and it talked about how games are sent to Nintendo for a final "lot check" where they make sure that the program behaves in a Nintendo approved quality. Perhaps with DS games they are sent there and are keyed with the correct private key ready for the publisher to use to start production.
So in other words, the devs most likely dont know nor care about what Nintendo's private key is. So now the question is, if someone were ever able to theoretically calculate or guess (yes, I know the odds of it are next to none), could we then take it and sign our own homebrew?
#97260 - Dan2552 - Tue Aug 08, 2006 10:03 pm
| Magitek wrote: |
| if someone were ever able to theoretically calculate or guess (yes, I know the odds of it are next to none), could we then take it and sign our own homebrew? |
Probably, why not?
#97476 - caitsith2 - Thu Aug 10, 2006 2:15 am
| Magitek wrote: |
So then that means that Nintendo probably has 1 private key that it obfuscates and shares with developers. So devs dont know the private key per se, but they have a file given by Nintendo that contains it and when in use with another program it allows them to sign it.
I was reading an article posted in one of the GBA forums of this site and it talked about how games are sent to Nintendo for a final "lot check" where they make sure that the program behaves in a Nintendo approved quality. Perhaps with DS games they are sent there and are keyed with the correct private key ready for the publisher to use to start production.
So in other words, the devs most likely dont know nor care about what Nintendo's private key is. So now the question is, if someone were ever able to theoretically calculate or guess (yes, I know the odds of it are next to none), could we then take it and sign our own homebrew? |
Unfortunately no. I too have seen the official dev kit. The developers upload their complete binary to a nintendo (likely password protected) server. THe server generates the signature file with the retail private key. The signature file is then available for download by the developers. A seperate program is then used to attach the signature to the binary they uploaded a copy of.
If you remember looking at the files of DS download Station vol 1, there was such a signature file present, along with the already signed client. The data contained in the signature file, is exactly the same as the signature data in the ds download play client.
In other words, no developer has any direct access whatsoever to nintendo's private key, other than possibly nintendo themselves.
As stated though, nintendo has provided a client for allowing the developers to test their DS download play code on retail systems. (they have to flash this client to an official DS flash card to use it.) Alternatively, any developers following the homebrew scene could flash a number of retail systems with flashme, and use the DS download play function as normal then.
#97487 - Magitek - Thu Aug 10, 2006 3:32 am
| caitsith2 wrote: |
As stated though, nintendo has provided a client for allowing the developers to test their DS download play code on retail systems. |
So are you saying that even if we ever somehow got the private key, we still could not sign our own homebrew?
#97494 - wintermute - Thu Aug 10, 2006 4:08 am
| Magitek wrote: |
| caitsith2 wrote: |
As stated though, nintendo has provided a client for allowing the developers to test their DS download play code on retail systems. |
So are you saying that even if we ever somehow got the private key, we still could not sign our own homebrew? |
No, he's saying that no-one outside Nintendo has access to the private key. The chances of obtaining said key through industrial espionage are low to the point of it's never gonna happen.
_________________
devkitPro - professional toolchains at amateur prices
devkitPro IRC support
Personal Blog
#97505 - ssj4android - Thu Aug 10, 2006 5:09 am
And what if someone tried to upload FlashMe to Nintendo's server? ;)
#97506 - tepples - Thu Aug 10, 2006 5:11 am
It is believed that Nintendo develops all ARM7 binaries. It is likely that Nintendo's server refuses to sign unknown ARM7 binaries.
_________________
-- Where is he?
-- Who?
-- You know, the human.
-- I think he moved to Tilwick.
#97507 - ssj4android - Thu Aug 10, 2006 5:15 am
And FlashMe needs to use a custom ARM7 binary?
Of course, it would never happen if the developer was sane. I'm sure the signed files contain some way to trace it back to the developer, who would certainly be sued.
#97515 - caitsith2 - Thu Aug 10, 2006 6:18 am
Thats probably what the extra bytes are for.
Here is the format of the .sgn file. (reversed completely from the only such file I have.)
| Code: |
Offset Num Bytes Description
0x0000 4 Signature start (0x61, 0x63, 0x01, 0x00)
0x0004 128 Signature data
0x0084 4 Extra data
0x0088 12 NDS header Title
0x0094 4 NDS header Game Code
0x0098 2 NDS header binary revision
0x0099 1 End of signature data file. (0x00)
|
Those 4 extra bytes is likely how nintendo will be able to trace which developer uploaded the flashme binary, if any does, and releases that signed flashme binary.
All attachsign.exe does, is simply compare the header data of the signature file with the header data of the binary, and if it matches, then attaches the signature to the end of the binary.
#97522 - Magitek - Thu Aug 10, 2006 8:39 am
Well, I guess its a good thing that the download play has not been cracked because although it would make homebrew dev a lot more interesting not to mention easier, it does provide a dark avenue for more malicious users to provide malware under the disguise as a download station or multiplayer game.
Should the Download play be broken by some other means and this malware problem ever occur, do you think this would be something that would warrant a recall by Nintendo? Especially with the Wii coming up as something planned to increase connectivity between consoles and users?
#97566 - knight0fdragon - Thu Aug 10, 2006 2:37 pm
recall... I doubt it, more likely another security upgrade with the newer models, return for free for those still under warrenty, and like an $80 repair for those not under warrenty lol
_________________
http://www.myspace.com/knight0fdragonds
MK DS FC: Dragon 330772 075464
AC WW FC: Anthony SamsClub 1933-3433-9458
MPFH: Dragon 0215 4231 1206
#97574 - darkfader - Thu Aug 10, 2006 3:48 pm
Publishers are not going to risk being detected by asking to sign some random program. The only way is that a developer makes a backdoor in some WMB game.
#97909 - Lynx - Sat Aug 12, 2006 8:57 am
Replace 'makes a backdoor' with 'writes poor code that can be exploited'.. more likely..
_________________
NDS Homebrew Roms & Reviews
#98357 - HyperHacker - Mon Aug 14, 2006 9:43 pm
| tepples wrote: |
| It is believed that Nintendo develops all ARM7 binaries. It is likely that Nintendo's server refuses to sign unknown ARM7 binaries. |
I'm sure a simple NDS launcher or similar could be made using the ARM7 binary taken from a commercial game... but you'd still have to get the password to upload your binary to the server, and it'd probably be quite illegal. :-p
Has Sega made any WMB games? They seem to know nothing about security.
_________________
I'm a PSP hacker now, but I still <3 DS.
#98497 - Nushio - Tue Aug 15, 2006 5:16 pm
| HyperHacker wrote: |
| tepples wrote: | | It is believed that Nintendo develops all ARM7 binaries. It is likely that Nintendo's server refuses to sign unknown ARM7 binaries. |
I'm sure a simple NDS launcher or similar could be made using the ARM7 binary taken from a commercial game... but you'd still have to get the password to upload your binary to the server, and it'd probably be quite illegal. :-p
Has Sega made any WMB games? They seem to know nothing about security. |
Would Sonic Rush count? It comes with a demo that has a 2 stage loader, which could be exploited.
I think Mighty Max has already started investigation on how to exploit this.