Wii Uses Elliptic Curve Cryptography For Saves

An anonymous reader writes "A user at the Nintendo-Scene forums just posted a lengthy post about his discovery that the Wii savegame files are signed and encrypted with NIST B 233 bit elliptic curve cryptography. Could this be the first step for a Wii softmod the homebrew community have waited for? From the post: 'It appears a Wii savegame file ends with a certificate chain. The certificates contains a public keypair (the one that is being "certified") and a signature (another number pair) from the signing entity. The number pairs are stored as a compound 60 bit data (first 30 bytes for the first number, and the next 30 bytes for the second). Hence, the first and middle byte is always 00 or 01 for keys, and 00 for signatures. One can check that the keys are indeed NIST B 233 keys using openssls EC_KEY_check_key function (code forthcoming).'"

Elliptic Curve?

[underpenguin]

Well, I'll just dig out my uplink disk....I think I have an elliptic code breaker in there somewhere

WTF?

Why is it that we live in a world where our console gamesaves are protected more aggressively than our bank accounts and our identities combined?

It seems to me...

[PipianJ]

That this likely means the exact opposite. Elliptic Curve Cryptography is relatively difficult to crack (not unlike RSA). More to the point, it's also not liable to factorization attacks like RSA is. Furthermore, the best crack of elliptic curve technology is of a 109-bit key, and still took 3,600 or 15,000 computer-years (whether it's a binary or prime field case, respectively).

Nintendo's not stupid. They've used RSA encryption to keep the average hacker out of DS-wireless homebrew, and this is most likely a mandated response to the Splinter Cell hack that allowed soft modding on the Xbox. It won't stop hacking through security holes in the internet protocols (a-la PSO+BBA), but they're certainly making efforts to prevent corrupted data from opening up softmod paths.

Re:It seems to me...

I'm not sure what you're getting at when you say ECC isn't liable to factorization attacks. Its certainly more difficult to compute discrete logs in an elliptic curve group than it is to factor an RSA modulus. That's why it takes a 2048 bit RSA key to have roughly the same security strength as a 233 bit ECC key.

But, particularly because of the recent confusion regarding ECC's resistance to quantum computing (that is, that it has none), I want to make sure people realize ECC isn't any stronger than RSA. Sure, you get shorter keys and faster computations with ECC versus RSA, but for all practical purposes if/when RSA falls, ECC will go down with it. Factorization algorithms usually lead to discrete log algorithms, and vice versa. That's certainly the case with Shor's algorithm, which probably should have been made clear when the quantum computing article was posted.

Re:More important than homebrew potential

[farkus888]

it would seem this way on the surface. but the potential for online games on the wii[see mario strikers charged or big brain academy wii degree for early efforts] means cheats for extra gold coins or whatever could have a negative affect on me. personally I am not interested in hacking my saves and would like to know people I am playing against online are not cheating, so this is something I would request. in my mind as a regular player [I own a wii console four full controllers 2 classic controllers and about 13 games, that makes me a big buyer for them compared to most] I feel that they have done me a service by trying to keep online gaming fair and I've not had anything I wanted to do on my wii hindered by this. just something to keep in mind.

for reference I am a linux user and took time out of writing a shell script for a solaris machine at work to write this response. normally your mentality is how I think but this time it doesn't stand up to a little critical thinking from the perspective of a fairly heavily vested party. [I don't know anyone who has spent more towards wii, games, and controllers than I have. though I am sure some /.er will outrank me here]

Re:More important than homebrew potential

[Josef+Meixner]

No, I think there is a much more mundane reason. In the past some of the consoles were broken with manipulated save games, the games didn't properly check the data and so opened a hole. I would guess Nintendo didn't want to take that chance and so added an API which sits between the game and the saved data. As the saved data could be verified for being originally written by the game before the game would even get a chance to have a look at it, it means it is much harder to attack code not written by Nintendo to be exploited.

Disclaimer: I have never seen the API of a game console, this is only a wild guess.

Re:Uhh

[arivanov]

No.

This means that Nintendo has a clue.

It is signing all the data with a certificate. Proper crypto, not DIY snakeoil ala most DRM schemes out there. The only way to break it is to get to the device key.

If they have done is right the key is per device and hardware protected by a crypto module. From there on breaking this at the crypto level is absolutely impossible.

The consequences are actually the opposite to what the clueless editor posted:

1. No chance for homebrew unless someone steals a cert from somewhere and even then Nintendo can simply revoke it using their online service or in a service pack.

2. All communication from the console to a server and back can be signed with strong crypto so no online game cheating.

As far as the elliptic curve cipher choice, this is a common choice for devices with very limited CPU or memory resources. That is what these ciphers are designed for.

All I can say: Applause Nintendo, applause, well done.

Re:More important than homebrew potential

[farkus888]

no its not, why the fuck haven't you bought the fourth nunchuck yet?

"no user servicable parts inside"

[da5idnetlimit.com]

I happen to have a modded Xbox and a modded Wii

the Xbox has been my media center for about 4 years. I bought it the day it was easily moddable/hackable. It now plays the anime and movies from my server and also plays my dvds along with the games and imports. I really like the option to pay imports. I do speak and understand english, so there really is no reason I should wait 1-2 years for a game. Or movie...

After maybe 2.5 years the dvd reader died and I couldn't read discs anymore. I bought a replacement dvd player for the xbox and installed it myself, voiding my already dead warranty.

Morale of the story :

1 / I used my xbox in a "creative" way, exceeding by much what MS previewed/allowed me to do with it. I had fun with it, and I didn't have to build or buy a pre-made media center.

2 / When it got broken I just had to buy a small, cheap part. not a full xbox, as a "no user servicable parts inside" box concept would have made me.

Episode 2, the WII

Take story from ep.1, make hardware standard pc stuff as in xbox, rinse, repeat.

Guess I, too, am just old fashioned in some ways. I'm too cheap to have every piece of kit I want, so I like to tinker with consoles to give them all the bells and whistles I cannot afford otherwise...