Slashdot Mirror

← Back to Stories (view on slashdot.org)

Wii Uses Elliptic Curve Cryptography For Saves

Posted by Zonk on from the advanced-tech dept.

An anonymous reader writes "A user at the Nintendo-Scene forums just posted a lengthy post about his discovery that the Wii savegame files are signed and encrypted with NIST B 233 bit elliptic curve cryptography. Could this be the first step for a Wii softmod the homebrew community have waited for? From the post: 'It appears a Wii savegame file ends with a certificate chain. The certificates contains a public keypair (the one that is being "certified") and a signature (another number pair) from the signing entity. The number pairs are stored as a compound 60 bit data (first 30 bytes for the first number, and the next 30 bytes for the second). Hence, the first and middle byte is always 00 or 01 for keys, and 00 for signatures. One can check that the keys are indeed NIST B 233 keys using openssls EC_KEY_check_key function (code forthcoming).'"

18 of 183 comments (clear)

  1. Elliptic Curve? by underpenguin · · Score: 5, Funny

    Well, I'll just dig out my uplink disk....I think I have an elliptic code breaker in there somewhere

  2. WTF? by Anonymous Coward · · Score: 5, Interesting

    Why is it that we live in a world where our console gamesaves are protected more aggressively than our bank accounts and our identities combined?

    1. Re:WTF? by __aaclcg7560 · · Score: 4, Funny

      Without encrypted gamesaves, the global economy will collapse and basement gamers will be out on the streets panhandling for money.

    2. Re:WTF? by Yvanhoe · · Score: 4, Insightful

      Or our votes....

      --
      The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
    3. Re:WTF? by harlows_monkeys · · Score: 4, Funny
      Because if someone steals from your bank account, that is a crime, and there is a mechanism to punish them.

      If, however, someone cheats with a gamesave, there is no official mechanism to deal with them, and so people would have to turn to vigilante justice to track down and deal with cheaters. That would be bad. Very bad. First, it would start out with roving gangs of gamers, seeking out and punishing the transgressors. Some might see them as heroes, but it would not last. Disagreements would arise over what is cheating, and what is acceptable modding.

      This would finally lead to civil war, as the gaming world splits into two (or more!) factions fighting it out. As the gaming world goes, so goes civilization itself, and the new dark ages would be upon us.

      Until the government gets off its ass and outlaws fiddling with gamesaves, all we have standing between us and the apocalypse are the game companies, and their gamesave cryptography.

  3. It seems to me... by PipianJ · · Score: 5, Informative

    That this likely means the exact opposite. Elliptic Curve Cryptography is relatively difficult to crack (not unlike RSA). More to the point, it's also not liable to factorization attacks like RSA is. Furthermore, the best crack of elliptic curve technology is of a 109-bit key, and still took 3,600 or 15,000 computer-years (whether it's a binary or prime field case, respectively).

    Nintendo's not stupid. They've used RSA encryption to keep the average hacker out of DS-wireless homebrew, and this is most likely a mandated response to the Splinter Cell hack that allowed soft modding on the Xbox. It won't stop hacking through security holes in the internet protocols (a-la PSO+BBA), but they're certainly making efforts to prevent corrupted data from opening up softmod paths.

    1. Re:It seems to me... by Anonymous Coward · · Score: 5, Informative

      I'm not sure what you're getting at when you say ECC isn't liable to factorization attacks. Its certainly more difficult to compute discrete logs in an elliptic curve group than it is to factor an RSA modulus. That's why it takes a 2048 bit RSA key to have roughly the same security strength as a 233 bit ECC key.

      But, particularly because of the recent confusion regarding ECC's resistance to quantum computing (that is, that it has none), I want to make sure people realize ECC isn't any stronger than RSA. Sure, you get shorter keys and faster computations with ECC versus RSA, but for all practical purposes if/when RSA falls, ECC will go down with it. Factorization algorithms usually lead to discrete log algorithms, and vice versa. That's certainly the case with Shor's algorithm, which probably should have been made clear when the quantum computing article was posted.

  4. Re:More important than homebrew potential by farkus888 · · Score: 5, Insightful

    it would seem this way on the surface. but the potential for online games on the wii[see mario strikers charged or big brain academy wii degree for early efforts] means cheats for extra gold coins or whatever could have a negative affect on me. personally I am not interested in hacking my saves and would like to know people I am playing against online are not cheating, so this is something I would request. in my mind as a regular player [I own a wii console four full controllers 2 classic controllers and about 13 games, that makes me a big buyer for them compared to most] I feel that they have done me a service by trying to keep online gaming fair and I've not had anything I wanted to do on my wii hindered by this. just something to keep in mind.

    for reference I am a linux user and took time out of writing a shell script for a solaris machine at work to write this response. normally your mentality is how I think but this time it doesn't stand up to a little critical thinking from the perspective of a fairly heavily vested party. [I don't know anyone who has spent more towards wii, games, and controllers than I have. though I am sure some /.er will outrank me here]

    --
    thats right, I rarely use capitals. deal with it. but don't mistake my laziness for stupidity
  5. Mod parent troll by VirusEqualsVeryYes · · Score: 4, Insightful

    Yet another case of a company treating customers like criminals.
    What? Are you an idiot? How in hell does this treat customers like criminals?

    Perhaps you don't understand why most /.ers think the RIAA treat their customers like criminals. The RIAA use DRM to restrict users such that their Fair Use rights are impeded. Further, they explain their actions away by claiming to thwart piracy. Further, they sue their customers with no initial proof that the defendant did anything illegal, and instead abuse the courts and demand to invade their property in order to then determine any wrongdoing. And further, they do all this solely for their own profit and not for the profit of the licensed musicians.

    Nintendo does none of this. They encrypt savefiles. So what? This does not impede on your right to do anything. You can play any given game on as many Wiis as you wish. Nintendo is also not suing people to force hackers to halt breaking their savefile encryption. Game developers generally don't want players artificially advancing within games. Perhaps there are statistics stored within the savefile used online. Whatever's in the savefile is up to the game devs, and Nintendo is simply hiding that.

    In other words, Nintendo is completely within their rights to encrypt savefiles. In turn, AFAIK, you are completely within your rights to attempt to break that encryption. And in turn again, Nintendo is completely within their rights to push out any updates to change or otherwise enforce their encryption. It's really that simple.
  6. Re:More important than homebrew potential by Josef+Meixner · · Score: 5, Insightful

    No, I think there is a much more mundane reason. In the past some of the consoles were broken with manipulated save games, the games didn't properly check the data and so opened a hole. I would guess Nintendo didn't want to take that chance and so added an API which sits between the game and the saved data. As the saved data could be verified for being originally written by the game before the game would even get a chance to have a look at it, it means it is much harder to attack code not written by Nintendo to be exploited.

    Disclaimer: I have never seen the API of a game console, this is only a wild guess.

  7. Re:Uhh by Headcase88 · · Score: 4, Interesting

    In terms of bricking consoles, Nintendo's a little bit nicer about it. They'll still brick it, but they'll warn you first "hey, if your console is modded, this update's going to brick it, so you might want to abort now".

    By the way, with some games refusing to run without updating, this becomes one of those scenarios where if your console is modded, you have to get games illegally to make them work (assuming pirates have found a way to eliminate the code that forces the update).

    --
    "When the atomic bomb goes off there's devastation...but when the atomic bong goes off there's celebraaaaation!"
  8. Re:Uhh by Volante3192 · · Score: 4, Insightful

    Ironic? Only if you've modded your Wii. I've always considered a console in the realm of "no user servicable parts inside." Course, it's not like Nintendo plans to worry about every possible modding configuration available. Rather, they have a set piece of hardware and a set piece of software. Thus, designers know exactly what they have to code for.

    Unlike Windows which you can get to install on damn near anything within reason.

    I figure modders should get a second, control Wii if you will, that they can fall back on for games.

    As much as I'm for tinkering, it's not like Nintendo's really promoting openess on their systems. Why should the modding community expect it? I feel the same way about the XBox and PS3 (although the PS3 not as much; Sony promoted the Linux part quite a bit).

    Guess I'm just old fashioned in some ways. I like my consoles too much to tinker with em.

  9. Re:Uhh by arivanov · · Score: 5, Insightful

    No.

    This means that Nintendo has a clue.

    It is signing all the data with a certificate. Proper crypto, not DIY snakeoil ala most DRM schemes out there. The only way to break it is to get to the device key.

    If they have done is right the key is per device and hardware protected by a crypto module. From there on breaking this at the crypto level is absolutely impossible.

    The consequences are actually the opposite to what the clueless editor posted:

    1. No chance for homebrew unless someone steals a cert from somewhere and even then Nintendo can simply revoke it using their online service or in a service pack.

    2. All communication from the console to a server and back can be signed with strong crypto so no online game cheating.

    As far as the elliptic curve cipher choice, this is a common choice for devices with very limited CPU or memory resources. That is what these ciphers are designed for.

    All I can say: Applause Nintendo, applause, well done.

    --
    Baker's Law: Misery no longer loves company. Nowadays it insists on it
    http://www.sigsegv.cx/
  10. Re:More important than homebrew potential by farkus888 · · Score: 5, Funny

    no its not, why the fuck haven't you bought the fourth nunchuck yet?

    --
    thats right, I rarely use capitals. deal with it. but don't mistake my laziness for stupidity
  11. Re:Uhh by PhotoBoy · · Score: 4, Insightful

    Actually no, I do not pirate games. I've been importing video games from the US and Japan since the days of the NES. I said it was ironic because if someone like myself had modded the system for imports and then bricked it, Nintendo would in theory have left them no choice but to pirate games or buy another Wii. Thankfully I have not bricked mine and can run imports without any problems. It simply seems odd to me that Nintendo would do something that would encourage piracy.

    Next time try not to automatically assume modding = piracy, because it does not, no matter how much the hardware manufacturers like to say it does. If I could buy a mod chip that enables imports but not pirated games I gladly would. The constant erroneous association of modding with piracy by clueless people such as yourself has become extremely tiresome.

  12. "no user servicable parts inside" by da5idnetlimit.com · · Score: 5, Interesting

    I happen to have a modded Xbox and a modded Wii

    the Xbox has been my media center for about 4 years. I bought it the day it was easily moddable/hackable. It now plays the anime and movies from my server and also plays my dvds along with the games and imports. I really like the option to pay imports. I do speak and understand english, so there really is no reason I should wait 1-2 years for a game. Or movie...

    After maybe 2.5 years the dvd reader died and I couldn't read discs anymore. I bought a replacement dvd player for the xbox and installed it myself, voiding my already dead warranty.

    Morale of the story :

    1 / I used my xbox in a "creative" way, exceeding by much what MS previewed/allowed me to do with it. I had fun with it, and I didn't have to build or buy a pre-made media center.

    2 / When it got broken I just had to buy a small, cheap part. not a full xbox, as a "no user servicable parts inside" box concept would have made me.

    Episode 2, the WII

    Take story from ep.1, make hardware standard pc stuff as in xbox, rinse, repeat.

    Guess I, too, am just old fashioned in some ways. I'm too cheap to have every piece of kit I want, so I like to tinker with consoles to give them all the bells and whistles I cannot afford otherwise...

    --
    It takes 40+ muscles to frown, but only four to extend your arm and bitchslap the motherfucker
  13. Re:Uhh by AgentPaper · · Score: 4, Insightful
    The point isn't that you can make and use your own gasoline, and by extension, the point with modified consoles is not that you can physically open up the case and install the modification. The issue at hand is the conflict between two points of view: that of the hack-minded consumer, who believes that he/she is entitled to do anything he/she pleases to a product that he/she owns, and that of the product manufacturer, who believes that it is entitled to stop hack-minded consumers from using their product in a non-approved manner.

    Can you modify your game console - that is, are you physically capable of altering its hardware? Sure! You can make it run imported games, homebrew games, Linux, anything you please. Heck, you can turn it into a motion-sensitive coffeepot if you want. However, the console manufacturer never sold you a motion-sensitive coffeepot, and they are under no obligation to support it if that's what you build out of it. To continue the car analogy, this would be like converting your new gasoline-powered vehicle to run on biodiesel, and then complaining to the dealer when it won't run on gasoline anymore. You're completely within your rights to do that, but the carmaker is also within its rights to make you support it yourself by taking away your warranty.

    --
    First rule of trauma: Bleeding always stops.
  14. You may not like the answer, but... by Xenographic · · Score: 4, Interesting

    Clearly, the people who make our video games are far more competent than those protecting those other things like votes, money, identity, etc.

    Actually, it makes a sort of perverse sense. It's pretty easy to write bog-standard business applications that do CRUD (in both the database & other sense), but it's not so easy to program a game that has to run at acceptable frame rates.