Slashdot Mirror

← Back to Stories (view on slashdot.org)

Wii Uses Elliptic Curve Cryptography For Saves

Posted by Zonk on from the advanced-tech dept.

An anonymous reader writes "A user at the Nintendo-Scene forums just posted a lengthy post about his discovery that the Wii savegame files are signed and encrypted with NIST B 233 bit elliptic curve cryptography. Could this be the first step for a Wii softmod the homebrew community have waited for? From the post: 'It appears a Wii savegame file ends with a certificate chain. The certificates contains a public keypair (the one that is being "certified") and a signature (another number pair) from the signing entity. The number pairs are stored as a compound 60 bit data (first 30 bytes for the first number, and the next 30 bytes for the second). Hence, the first and middle byte is always 00 or 01 for keys, and 00 for signatures. One can check that the keys are indeed NIST B 233 keys using openssls EC_KEY_check_key function (code forthcoming).'"

6 of 183 comments (clear)

  1. It seems to me... by PipianJ · · Score: 5, Informative

    That this likely means the exact opposite. Elliptic Curve Cryptography is relatively difficult to crack (not unlike RSA). More to the point, it's also not liable to factorization attacks like RSA is. Furthermore, the best crack of elliptic curve technology is of a 109-bit key, and still took 3,600 or 15,000 computer-years (whether it's a binary or prime field case, respectively).

    Nintendo's not stupid. They've used RSA encryption to keep the average hacker out of DS-wireless homebrew, and this is most likely a mandated response to the Splinter Cell hack that allowed soft modding on the Xbox. It won't stop hacking through security holes in the internet protocols (a-la PSO+BBA), but they're certainly making efforts to prevent corrupted data from opening up softmod paths.

    1. Re:It seems to me... by Anonymous Coward · · Score: 5, Informative

      I'm not sure what you're getting at when you say ECC isn't liable to factorization attacks. Its certainly more difficult to compute discrete logs in an elliptic curve group than it is to factor an RSA modulus. That's why it takes a 2048 bit RSA key to have roughly the same security strength as a 233 bit ECC key.

      But, particularly because of the recent confusion regarding ECC's resistance to quantum computing (that is, that it has none), I want to make sure people realize ECC isn't any stronger than RSA. Sure, you get shorter keys and faster computations with ECC versus RSA, but for all practical purposes if/when RSA falls, ECC will go down with it. Factorization algorithms usually lead to discrete log algorithms, and vice versa. That's certainly the case with Shor's algorithm, which probably should have been made clear when the quantum computing article was posted.

  2. Re:Uhh by pringlis · · Score: 2, Informative

    'Hacking' save games is just one of the possible uses for this. The most worrying one for Nintendo is that it allows people to write their own code, sign that, fool the console into thinking it's a save game and then look for some program on the Wii which is happy to execute a block of code within a saved game. This can then be used to modify some properties of the console, usually nothing particularly drastic but I'm sure Nintendo don't want to take the risk.

  3. Re:Mod parent troll by LordVader717 · · Score: 2, Informative

    Wrong. The DMCA and co. are about copy-prevention systems, and this is not the case. And I would be very sceptical whether a developer has any copyrights to a save file at all.

  4. Re:Uhh by billcopc · · Score: 2, Informative

    The modding community "expects it" because you own the goddamned hardware, it should be yours to tinker in whichever way you like.

    When you buy a car, does the dealership forcefully prevent you from using "unapproved" gasoline ? Do they tell you which bumper stickers you're allowed to stick, and where ? Do they come and smash your car with a crowbar if you disobey ?

    --
    -Billco, Fnarg.com
  5. Re:It's just like Demolition Man... by Tim+Browse · · Score: 3, Informative

    . OTOH, there are a lot of Wii owners with an interest in finding it, so it might not be infeasible to imagine a distributed computing project with many thousands of nodes cranking away for a year.

    I don't want to worry you, but there's a possibility that cryptographers have thought of that.

    For example:

    the Xbox uses a 2048-bit encryption key - and that will be really hard to crack, even if it is theoretically possible to derive the private key from the public key. Via New Scientist: "Brian Gladman, an independent cryptography expert based in the UK, says the length of the key means there is an incredibly slim chance of finding it via brute force computing. According to RSA company, it would take a million Pentium 500MHz computers 100 billion years to run through all the possible solutions of a 1640-bit key. A 2048 bit key would be exponentially harder to crack.