Advent Calendar 07: Technical Lockout

By Circe -

Greetings, and welcome to Advent Calendar 2022! This year we're being self-indulgent and rambling about video games.

As usual, the Advent Calendar is also a pledge drive. Subscribe to my writing Patreon here by December 15th for at least $5/mo and get an e-card for Ratmas; subscribe for $20/mo (and drop me a mailing address) and you'll get a real paper one!

I hope you're all having a happy winter holiday season. Let the nerd rambling commence!

I mentioned in yesterday's notes on copy protection that my father likely had all the stuff he needed to copy the PRG and CHR ROMs on your average game cartridge out in our garage. While true, it would not necessarily have gotten him a playable "backup" of a game. Oh, there are consoles it absolutely would have worked on -- the Sega Master System, had we ever bothered to buy one, would have been just fine even if he stuck a naked circuit board with a burned EEPROM on it into the cartridge slot. The SMS, like early Atari consoles, based its security around the idea that only the most determined souls would have the equipment they needed to pirate a mass-produced ROM cart -- i.e., Chinese counterfeiters and incurable  engineering nerds like my father.

Not all manufacturers were willing to put their faith in apathy. Nintendo for one implemented an authentication chip on their consoles. The "10NES" chip used a call and response format, where a 10NES chip in the machine would query the cart, and would not start the game unless the it got the proper response. (The failure mode was to reset the NES, which is actually what causes the 'flashing screen' problem when the cart or connector contacts are dirty -- the 10NES chips can't talk to each other, and the console thinks you're playing an unauthorized game.) Nintendo designed the 10NES and was the only manufacturer. You thought the "Nintendo Seal of Quality" was an advertising gimmick? What it actually meant was that every publisher was required to submit their game to Papa Ninty for approval, and Nintendo took charge of making all the cartridges. You could only release so many games a year, and your print run was whatever Nintendo said it would be. 

You might think that would really tick off a lot of people, and your thought is correct. Atari's Tengen subsidiary was so pissed they engaged in some not-so-legal shenanigans to get a hold of the 10NES schematics, so they could make their own. Atari got a pretty hard smackdown in court, but it did highlight the main problem with hardware-based solutions: Once it's cracked, it stays cracked. You can put out new models of the console with new firmware revisions, but the original models are vulnerable forever. 

This doesn't mean the hardware/firmware lockdown didn't do its job -- it took hackers twenty years to properly crack the security on the Sega Saturn -- but even if the security itself lasted the production life of the console, eventually someone, somewhere made their effort moot by figuring out how to circumvent the hardware lockout instead. It works well enough that every major maker of consoles has used some variation of a software bootstrap process for the games checking in with the hardware/firmware security routine ever since.

When you mention defeating this stuff, most people's first thought is 'haha, now I can download my games!' But at least these days, most of the cracking work is done by groups who are, on the whole, prtty solidly opposed to piracy. They want to use the hardware to run 'homebrew' -- that is, their own programs, usually games. An equally important goal is investigating how the hardware works, as most of the technical ins and outs of a console are only shared with developers, and kept under wraps with an NDA. Security on the Wii was dismantled by the efforts of a group calling themselves Team Twiizers (who, as the name suggests, used a pair of ordinary drugstore tweezers to short a pair of points on the Wii mainboard and get it to spew out a lot of internal info on boot) and the late Ben Bushing's obsessive effort to figure out how the factory got system software onto the Wii in the first place.

The third thought is that everyone is sick to death of region locking, the practice of dividing the world into marketing 'regions' and then making sure that only games from your region will play on your console. This started with DVDs, and it made a bit more sense there. The regions boundaries used by the DVD consortium corresponded roughly with the different television broadcast standards of the world. It made more sense for your Region 1 player to refuse to play a Region 2 disc when the R2 picture wouldn't display correctly on your TV anyway. Now? Flat panel screens all work pretty much the same, so there is no practical reason that you shouldn't be able to play American Blu-Rays on an Australian TV, other than the publisher thinks they'll make more money that way. Sony, Nintendo, and Microsoft all seem to have given up on this for games, thankfully -- the last major machine that was region-locked was the 3DS, and I finally caved and switched to running Luma on mine so I could play Japanese games.

As the previous links reflect, explanations of this kind of security tend to be hyper-technical and probably not of much interest to you if you aren't curious about system architecture, but here's a good layman explanation of how the original Playstation implemented hardware security, and how it could have been a lot better.

Comments

Post a Comment

Popular posts from this blog

By Circe -
About a week ago, I crewed a show at the studio theater for a non-profit outfit up from New York. The guys who run it are friends of our executive artistic director, and they come up two or three times a year. I like them; I dealt with them a bunch when I was at the box office, because when you're the most experienced person they have around they hand you all of the EAD's friends, and I have an unofficial standing request to work their shows even when I'm not the only crew who is both in town and not drowning in finals. One of the guys, as it turns out, is laid up with an injury right now, so the other one had to fly solo, on top of performing in the show. I ran into him coming down the stairs as I was going up, and as soon as he saw me he just lit up like, oh, it's you!  How are you are you working are you going to be my box office again! I told him I'd swapped over to doing tech and he asked if I was disappointed that I didn't get to dress up anymore. I
Read more

The mystery of "Himmmm"

By Circe -
[Note: This entry has been edited from its original publication. See here for explanation.] The gossip blogs are alight today with the breaking news that some dude who leaves a lot of comments at a site called Crazy Days And Nights  under the screen name "Himmmm" is "really" Robert Downey, Jr. Nobody has any proof, of course, and there has been no comment from RDJ -- possibly because the story is too new, possibly because it's true and he'd rather not have to lie, possibly because it's not true and he thinks it's too funny for words. Normally, I just laugh at these things, because really, who the fuck cares beyond the entertainment value? But one of the more interesting things about "Himmmm" is that he seems to have made it a point to go after people who have done Really Bad Things. He's most famous for popping in and letting other commenters play 20 Questions about who's being talked about in the most recent blind item, and  c
Read more

Fun things to feed rats

By Circe -
Whole fruit.  I used to give our first set of rats a whole clementine orange and let them argue over it. Eventually one of them figured out the best way to take possession of it was to get there first, open his mouth as wide as he could, gator-style, sink his teeth into the peel, and then just let go of the cage bars. He landed with an almighty WHOMPH in the bedding on the bottom of the cage, with an orange fully half as big as he was in his mouth. It took them a day or so, but eventually I could reach into the cage and fish out a perfectly clean orange peel, intact but for one hole, just about the size of a rat face. The guys I have now think that eviscerating a whole banana is loads of fun. Uncooked pasta.  I feed them dried rotini and elbows and stuff on a regular basis, just so they have something they can nibble on to keep their teeth worn down, but the entertainment value of pasta varies directly with its length. Comedy is feeding an eight-inch rat a ten-inch piece of uncooked
Read more