New ROM Anti-Piracy Software

cory1492 · May 13, 2009

Ah nevermind, they are retarded if they think they are going to secure a game ROM via dumpable code. The only other thing I think they could be hinting at is a per cart rather than per title seed method, which would still require the seed data to be passed in the clear.

Deleted User · May 13, 2009

CockroachMan said:
Why are they announcing this? It's pretty stupid! They should just put the protection there without telling anyone

'
I think it's a publicity act. It's like Nintendo is saying: "Calm down devs, at least we're trying to fight it."

faceless said:

QUOTE(DjoeN @ May 13 2009, 03:35 PM) Ah, back to Flashcards we used to love and paid to much

1 rom each flash, making the card as much as original as the original,

You know, those GB/GBC/GBA kist, where you could write 1 rom to, put it in and play as original, you could even use AR with it and other add-on hardware.
(ok, there where multigame loaders for those cards

)

Anyway, this is a move we all saw comming, the market got to mainstream, it is not a market anymore for the ones who really wanted such hardware, the most poor kid can buy now a kit and have money left to buy a dsi along his ds.

cheap=mainstream=kill for flashcards/backup devices.

Anyway, it's just gonna take longer now and, i can already see the huge amount of topics asking, when the rom will be patched, this game does not work, where is the patch for this etc... LOL, think it's wise to already make some new rulez regarding new topics over this

I will not let my sleep for it, really don't care that much, aslong as the leave homebrew out of it

Click to expand...

indeed, back in the day, you bought one kit and stuck with it.

i still have my old GBC/NGPC kits in a box in storage, along with my old win98 PC.

nowadays, everyone has like 3 or 4 different DS flashcarts since they're so cheap.

i agree, as long as they don't do things like kill the flashcard firmware or erase the entire microsd card, i'm ok!

Same here, they still work like a charm. Back then the backup devices were quite expensive and not as mainstream and cheap like nowadays. Honestly, I was kind of waiting for something like this to happen. Maybe it will lead to some competition amongst release groups and like someone else already said, some more intros and stuff like that.

wchill · May 13, 2009

Wait, so this is PER CART?
Crap, this is worse than I thought.

acky · May 14, 2009

I'm no expert on hacking the DS, but from a programmer's perspective, wouldn't it be possible to include some sort of random element in the patching process (by way of random junk code, etc) to mask the patching algorithm at every launch?

dewback · May 14, 2009

this is just a company to try and get revenue from the big N.
to quote AC/DC
You put it up, we'll tear it down.

this has been the model for all software and might bring in more hackers in to the table because they want to be know for jail braking the games.

sadak5 · May 14, 2009

wchill said:
Wait, so this is PER CART?
Crap, this is worse than I thought.

I don't think this could be PER cart, maybe Per patching routine

wchill · May 14, 2009

acky said:
I'm no expert on hacking the DS, but from a programmer's perspective, wouldn't it be possible to include some sort of random element in the patching process (by way of random junk code, etc) to mask the patching algorithm at every launch?

No, the way this is supposed to work (I think) is that it'll generate a seed out of the game code. If the code is patched, then the seed will change, and the security will be activated and kill the game.

FAST6191 · May 14, 2009

My thoughts. Apologies if I am less than coherent as I just woke up. I will probably add to and/or edit this as I go along.
I will spare the philosophical debate and the legal issues (law on the internet?) and instead go in for the science, I will make no other mention of the R4 no longer being updated in any meaningful way.
A note on subtle effects, the history of this piracy game has a few examples of things like save corruption/more enemies/impossible bosses. I say it is not worth worrying about, they have already said it is to be unilateral (or near unilateral) and such effects tend to rely upon them being "hidden".
I am not sure if R4 specifically means the cart or it is being used as "genericized trademark" as it appears to be a hybrid of the two.

Flash cart methods.
DS "roms" work as follows
Upon booting the DS various checks (which have long been bypassed and were part of the problem with the DSi) occur.
The game then loads the ARM7 binary (which may initially be compressed) and the ARM9 binary into the ram of the cart: this is the 4 meg limit (4 megabytes is quite large though) of things you may have heard about.
Now in homebrew we can easily load extra stuff thanks to DLDI or the precursors* but DS roms do not quite have this luxury so they use an older computing technique called overlays which allow the binary to do more things by sacrificing a portion of the ram which can be used for various things (the overlays then come and go as necessary). Not all games use overlays but they are there.
They game then runs and overlays may come and go and the other files hackers concern themselves with are also loaded/parsed at will.
*it is not quite how it works or at least there is a risk of misunderstanding how it works: the basic binary (with the 4 meg limit) is still there in the DS (why earlier DS homebrew sometimes poses problems) but we do not have to pack it all into the rom.

Flash carts. I will focus on DS slot carts for now.
They work as roms do (although they will invariably load their menu first), the main issue with flash carts is saving; DS games can use a whole range of save types and as they are hardware specific your flash cart maker has two ways of working around this.

1) Save type emulation aka savelists. The original EZ5 and EZ5 nye and a handful of others (that are not R4s) can use this (note the EZ5 only does this on older loaders of which only EZ5 and EZ5nye are compatible, you run a serious risk of bricking your EZ5+ or EZ5i by using them), they work by having a piece of highly customisable hardware (generally a Field Programmable Gate Array: FPGA) which is able to emulate the hardware down to a signals level.
This is why such carts can usually play newly released games where other carts can not. Saving is largely handled by the ARM7 binary though which as we know is largely the same between commercial roms (the eponymous "ARM7 fix", homebrew can and does use it for all sorts of wonderful things), while I expect them to know this it does present an interesting point.
If what I have read is to be believed the DSi carts have a renewed interest in such a method ("savelists" that is).
Most notably for hackers is that NO$GBA is able to do this and when this emulator is also the primary ASM level hacking tool on the DS....

2) Patching to match a given save type. On most DS slot carts this will occur transparently when the rom is read from the card, GBA slot carts tend to do this with PC side software as they tend to do a bit more patching for other things (like reading from the GBA slot).

It is perhaps folly to focus on saving though as there are also things like download play fixes, soft reset, savestates/text readers, cheats, DMA/similar and straight up fixes to consider: it is not exactly the same but look back to the late GBA slot/slot2 era devices like the supercard and m3 and the various options people tried to get games working properly (which did indeed fix the game on a regular basis). For this I will say it is not really any different to hack if you are the sort of person looking to hack this protection.

Some analysis of the statements and discussion of possible methods. I will include some methods that no sane company would think have a hope just for the fun of it.

"It turns each game into its own security system". aka "game specific".
To my mind this merely means at compile time it scans the soon to be binary and injects itself at various points which indeed have proven somewhat effective although usually only in conjunction with other methods.
Ironically tools already exist to do this on a compiled binary and your cheat system likely does a similar thing although they are a bit simpler.
A note, from what they appear to be saying Nintendo are to be licensing the "fix" and integrating it into the SDK (which developers then use and will likely use the current version for each build).
This could prove interesting for cross region games (the binary usually changes between regions but in ways that matter little to a good hacker trying to tackle this protection) so while I leak (of the SDK or even better the game source code: both of which has happened and in many cases inside the actual roms and have led to several advances like the reverse engineering of the SDAT format) may be good for "us" this presents an interesting avenue, this was also exploited a little bit in the early days of the ARM7 patch.
Better yet a "v2/v1.1" version of which there have been a few could be even more interesting although seen as the code will likely be running at boot time or close to it and the actual core of the game binary (changes are usually to language/font/file/similar code and are simple enough to "ignore"). Know that such techniques have proven double useful in the past, especially in the PC world: many games use "out of region", "alternatives" (drive2drive), updates or "demo" patches and it also provides a good point to analyse the protection from and discover weaknesses/signatures. I would also be interested in the "download play" for similar reasons.
While they could delay things to possibly shake this up a bit it would be hugely counterproductive or even impossible.

"at its most basic level detects the form of patching that the R4 cards use to play ROMS"
I am considering calling advertising rhetoric on this one but not because it is infeasible (it is not) but because upon hearing it my mind jumps straight to "dummy sectors" or patch detection, for those new to this the idea can be twofold with the first idea/possibility being that the methods the R4 uses to patch/detect which areas need patching can be fooled and the second. Better yet such things tend to only work on the more powerful systems and when you have the option of some level of abstraction (as mentioned with have hacker grade emulation and near total knowledge of the hardware)
As noted above the target could be less obvious things like download play fixes, all I can say is it may then be interesting to see what happens on older firmwares (especially for cards that received fairly radical updates).
Binary hashing/signing (patch detections): leaving aside technical problems (it is slow, especially on the DS hardware) the fact we own the hardware completely (we have emulation of it eve, can read the software completely and there are no real hardware level provisions (either firmware or physical hardware) that can reasonably be used.
Low level detection of the targeted areas could be employed and the game then set to "nuke" the binary in ram; with what has been said this looks like what will happen. Were I to try it I would set the game to load the relevant routine when later in the game, on or near boot is too easily detected although later in the game is not all that hard (the DS has a tiny memory and we have emulation: dumping the ram and scanning changes is trivial). Sure you could stack checks (check the checks) but this wastes precious resources (on PC this is fine but the DS lacks these for such "frivolous" uses) and is trivial to work around (a fundamental technique in ASM hacking is called tracing, the primary process is to halt on write/read or similar and then working backwards from there until you get your target, sometimes this takes several tries (iterations) as things get altered or extracted*).

*the two main uses are to find where something is found in the rom or find out how a custom routine (often compression or some other routine that manipulates/reads data) which if I am not mistaken is exactly what is called for.

Hardware detections: a crude technique is used for the likes of the Square games that need patching to run if I am not mistaken. This is a case of "if they could they would" and clearly they can not.

"add so much security"
Multiple methods or multiple points of entry. My guess is it will be used in varying degrees between roms, nothing new about this and certainly being a moving target is a good idea.

"automated tools"
Sounds to me a bit like they are thinking of cart level patching methods, while not especially suited we already have countermeasures in place for such things: many of you use cheats for such a thing and as the entire binary is in the ram..... (it could be overlays too but that is not all that difficult/different to work around) and many carts already have provisions (the likes of the resetsp.bin file on the EZ5 and I believe similar things for AKAIO, supercard DSone and the cycloDS).

"I can't tell you why that is, though"
In security circles this is known as security by obscurity and while it is not a sure fire indication of weakness it is widely panned as it usually means weakness. To me it suggests an inherent weakness. Coupled with the above points (regions and updates) it does not look good for them.

""R4 cards are quite poorly understood""
I am going to either call marketing BS (discouraging those from either trying themselves) or say they are not all that good at this reverse engineering gig or even basic internet searching (hint: what you have read thus far coupled with a basic programming or hacking guide (both exist) is enough to start reverse engineering and with a decent electrical engineer/programmer you could have the theory down in a short space of time).

"“What we’re really trying to do is make hackers take on a long, slow, manual job,”"
Leaving aside the legions of hackers out there (ever wondered how the Chinese can get a half decent translation of a big RPG out within the week) they appear to completely misunderstand the motivation of most hackers.

In summary: ooh a challenge. At worst (for "us") it will get makers to consolidate their hardware (which hopefully also means loaders).

gamerjr · May 14, 2009

About time Nintendo did something about piracy that is hard to stop. I'm sorry, I use it too but i am a huge fan of nintendo. I dont own the cart my brother does and i just steal it sometimes. I'm kinda proud of Nintendo for stepping up.

jhoff80 · May 14, 2009

sadak5 said:
I was thinking the same. If the anti piracy code will be on really good games, then you will must buy only the anti piracy injected

Except uh, some of us buy all the games we play, and have a flash cart to not need to carry 25 or however many different games around in order to be able to switch between games.

Honestly, if I'm not able to do that on new games, I just won't buy OR pirate them, no big loss. There's not any game out there that I need to play badly enough that it's worth the inconvenience and worth being treated as a criminal for.

da_head · May 14, 2009

leave the r4 alone FOR FUCKS SAKE

solarsaturn9 · May 14, 2009

I'm pretty sure that one could write a program to find the location of this patch disabling signature in any ROM seeing as how the signature would not change, just it's location....

A-Z · May 14, 2009

well if this is war then can sum1 send me like tutorial link on how 2 code and hack into this kinda shit? (btw never dun this b4! excitin g stuff!)

Deleted User · May 14, 2009

FAST6191 said:
An awful lot of text.

Thanks for comprehensively elaborating the subject.

Scorpin200 · May 14, 2009

I wonder how many hours this will last.

p.s Nintendo concentrate on making better games in stead of wasting time with this shit.

stanleyopar2000 · May 14, 2009

I bet Nintendo's plants are watching us right along with this thread lol

my source at nintendo at school said that

http://www.gbatemp.net is on the "watched" list.....

no kidding.

Noobix · May 14, 2009

It's the end of the World!!!

Nah just kidding.

(Apologies to anyone suffering from swine flu etc.

)

December is still a long way off, so it's a bit too early to start betting on who is going to crack the "protection" first.

xxRAG3 · May 14, 2009

I always laugh when i see these 'lets hate R4 together' kind of news posts. They must really be ignorant not to look at other brands, because im pretty sure R4 isn't a hell of a lot popular than other brands.

Assuming this also deals with M3

mkoo · May 14, 2009

stanleyopar2000 said:
I bet Nintendo's plants are watching us right along with this thread lol

my source at nintendo at school said that

http://www.gbatemp.net is on the "watched" list.....

no kidding.

If Nintendo watches any web site I'm sure GBATemp is in that list.

Oh And is there a flash card that runs 100% clean rom?

Dwight · May 14, 2009

I am actually glad about this. This is probably one of the most hipocritical posts ever, since I'm a huge pirate, but I actually do miss when the DS scene (and GBA for that matter) was more expensive and required more knowledge than just "drag n' drop". I first got really into piracy when the Wii came out, and Nintendo went much more casual. Their sales were booming and even though this is no excuse, I felt like piracy was okay since Nintendo was doing so well. Now with flashcarts are turning incredibly mainstream, Nintendo's target market (nongamers) are starting to get into them, and that is going to hurt Nintendo badly.

So I guess that you could say that I'm having mixed feelings about this. Whatever happens happens I guess.

New ROM Anti-Piracy Software

Well-Known Member

Deleted User

Guest

Resident chillxpert

Well-Known Member

Well-Known Member

Well-Known Member

Resident chillxpert

Techromancer

Well-Known Member

Well-Known Member

A dying dream..

solarsaturn9

Guest

Active Member

Deleted User

Guest

Iceman

RIP Yuzu. "It is always morally correct..."

Well-Known Member

Well-Known Member

Well-Known Member

Gawb. Gawb Bluth.

Similar threads

Popular threads in this forum