Ironically, criminal damage has its origins in the Frame-Breaking
Act of 1812, carrying the death penalty, and designed to stem the
rising tide of Luddites. Today companies like Nintendo, Microsoft and
Sony are the Luddites.
Because the damage is permanent, to "tangible property", and "without
lawful excuse" (and please don't knee-jerk to arguing "they can do
what they want because you agreed to it" - you didn't and they
can't), I'd think there's a very good case for criminal damage as
distinct action from any computer misuse recourse.
The argument needs to made, not on behalf of the users as a class
action, but on behalf of another stakeholder - the environment. Every
time a company makes and sells products that can be "bricked" they
contribute to e-waste (see [1][2] if this issue isn't yet on your
radar - it's something every hacker should be aware of).
I have faith that smart people in European politics genuinely get
this merging problem, and we have the courage, time and willingness to
bring new legislation or trade restrictions that would make it
impossible to sell such products in Europe. Even better I would like
to see Microsoft made to pay the cleanup costs.
Like if you want to sell illicit XBoxes, it's on you to ensure that the thing can't be rendered inoperable by a third-party software update, it's not the third-party's responsibility to account for your hardware when they do software updates.
Doing software updates that brick tampered hardware is harder to make a sarcastic argument about.
I have a condition that I cannot listen to media about things I know too much about.
For this reason, I cannot watch/listen to darknet diaries, or a host of other topics. The physical cringe of wanting to correct the record is unbearable, but from what I heard, they are very accurate and have done their research.
It's crazy to hear that story told back to me. I wasn't part of the core of it, but everything as intense as xbox-underground has a huge fringe. I was in that fringe. Listening to the background of all that stuff i was a part of is very cool. I remember the leaks, the return scams, the carding, and the circulation of password dumps. It was a crazy time.
That they built a working Xbox One (before it had even been announced) just by looking at the spec sheets etc. and buying the parts on Newegg is incredible.
I fondly remember flashing my DVD drive on my 360 when I was 15 to play Saints Row (I had an ITCH for a GTA like game). Back then I was scared shitless of possibly bricking it. Now looking back, I laugh because of how trivial the mod was. Pretty sure this was a major contributing factor to me eventually perusing tech in my career.
I have my bricked retail sitting on my desk, it's my second favorite paperweight.
After CON files were being resigned with 00000' keys, they tried and failed to maintain a "known bad" list of RSA private keypairs that were known to be resigning modified content.
after that patchwork hack failed, because of the spread of CON resigners, they gave up on that effort. You can still find blacklisted keypairs in the NAND, if you looked around.
but my retail was't exactly unmodified, so I was bending the definition of "retail", here...
but yes, they bricked retail consoles posing as xDev and pNET kits.
There are things called fuses on AVRs that cannot be changed by running code but can be set and unset multiple times by an external programmer. These are apparently different.
https://en.wikipedia.org/wiki/Efuse describes the mechanism of action: "eFuses can be made out of silicon or metal traces. In both cases, they work (blow) by electromigration, the phenomenon that electric flow causes the conductor material to move."
Aha, I was under the impression that it was simply and literally a question of passing too much current through a conducting trace internally, causing the internal resistance to overheat it, thus melting it. Perhaps that would be a method too unreliable or something. Perhaps I should read the wikipedia entry before speculating :).
You're not wrong, this was how fuses were originally implemented in their earliest forms in the early days of integrated circuits.
A common technique was using diodes. Zener diodes are normally used to suppress overvoltage, but they're only useful for transients, and easily destroyed by a sustained, constant overvoltage due to excessive power dissipation. This is a serious problem in surge protector designs. "If life gives you lemons, make lemonade". Since they fail as a short circuit, early chip designers exploited this property as a one-time programmable fuse for factory calibration.
Quote Troubleshooting Analog Circuits by Robert A. Pease.
> As mentioned earlier, a diode tends to fail by becoming a short circuit when overpowered, and zeners cannot absorb as much power as you would expect from short pulses. How dreadful; but, can IC designers serendipitously take advantage of this situation? Yes!
> The Vos of an op amp usually depends on the ratio of its first-stage load resistors. IC designers can connect several zeners across various small fractions of the load resistor. When they measure the Vos, they can decide which zener to short out - or zap - with a 5-ms, 0.3- to 1.8-A pulse. The zener quickly turns into a low-impedance (= 1 Ω short), so that part of the resistive network shorts out, and the Vos is improved.
> In its LM108, National Semiconductor first used zener zapping, although Precision Monolithics (Santa Clara, CA) wrote about zener zapping first and used it extensively later on. Although zener zapping is a useful technique, you have to be sure that nobody discharges a large electrostatic charge into any of the pins that are connected to the zener zaps. If you like to zap zeners for fun and profit, you probably know that they really do make a cute lightning flash in the dark when you zap them. Otherwise, be careful not to hit zeners hard, if you don’t want them to zap and short out.
> These zener zaps are also becoming popular in digital ICs under the name of “vertical fuses” or, more correctly, “anti-fuses.” If an IC designer uses platinum silicide instead of aluminum metallization for internal connections, the diode resists zapping.
Nowadays they are implemented as a write-only EEPROM or Flash memory (and can even be overwritten in some designs using a special programmer), but the name "fuse" is still used for historical reasons, and to reflect their software-irreversible nature.
Also, fun fact: since fuses are EEPROMs, they're vulnerable to potential data corruption just like any other EEPROMs. If a fuse bit ever "gets loose", it can brick many chips since their boot configurations are no longer correct. It's especially problematic for space applications. This is also used for chip cracking - you can remove the "program read-protection" bit in some microcontrollers by exposing the fuse portion of the decapped silicon die under UV light. BTW, if you ever see a computer that reports an "Intel Core i6" processor model, it's likely a corrupted fuse bit (yes, this was a real incident).
Correct. It's a pain in the bum. I might add that Fairphone has an official procedure to flash the original rom and re-lock the bootloader, I tried it with the FP3 at least and that worked on the first try.
I unintentionally blow the eFuse on the Qualcomm chips I'm developing for, all the time .. its very frustrating and surprisingly easy to do with their tools.
I'm ideologically opposed to using this feature 'productively', but it definitely makes it simpler (cheaper) for the company to maintain installed base versions...
Why and how does it make stuff easier for the company? Can't the company just... not support older versions of the software?
What's the difference in burden on the company between a user who just declines updates for years and a user who installs upgrades but then downgrades again? Surely the customer support response in all cases is "install the latest version"?
The cability provides for a lot more than blocking software downgrades e.g. setting the boot signing key and then locking it with an efuse so only matching signed images can be booted or the inverse, enable unsigned custom firmware but blow a fuse to mark the device has been allowed to run custom software (which may impact hardware DRM systems during boot).
> There are 256 bits in the set of ODM_RESERVED fuses, and there are 8 ODM_RESERVED. This allows for 32 fuses, or 32 future FW versions (provided they burn a fuse on every major release).
32? Is that it? So if Nintendo want to push more than 32 updates, they either need to not blow any more fuses, or stop using the fuses when they've all gone? Wouldn't they be totally useless then?
Not a console player, can someone explain why consumers want to downgrade their console(s)? I Googled a bit and it seems people would like to have more vulnerable to hack their devices, but why did they upgrade in the first place? Is it forced upgrade?
Nearly forced. once the console downloads the update, it will be applied automatically upon reboot.
The alternative is to never connect to WiFi, ever, and some do that.
Generally, consumers would want to downgrade because older versions have vulnerabilities that are fixed in newer versions. these vulnerabilities allow console owners to do what they want with their hardware, and gaming communities have shown Nintendo time and time again that if it is possible to use game hardware for game piracy, it will be widely used for that purpose.
Those of us who want a neat standardized hardware platform to hack on without pirating anything are in the noise floor for companies like Nintendo, so we have no representation among neither pirates nor the console manufacturer.
I've been out of "the scene" for many years now, but back in the day, I had a Flash Cart[0][1] so that I could have all (literally all...) the Nintendo DS games at hand. I was a naughty naughty pirate.
The flash cart also added some really neat features that were missing, such as: the ability to take screenshots, ability to save and restore a game at any point, ability to load cheats like infinite ammo and such.
Nintendo was/is at war with cart users and any update to a DS with a flash cart stood a good chance of either killing the flash cart or rendering it inoperable until a new firmware was released for the flash cart (which may never happen). There's a long and great history here. And if you want to know more, the GBATemp wiki[3] is a great starting point.
The Amazon kindle os does not allow downgrades, not sure if it’s using fuses or not.
In that case it isn’t about access to pirated content either—people want to be able to modify it for basic features the company has neglected to provide.
Not about a console, but sometimes manufacturers or developers change the UI of the system or valued apps.
Examples:
Sony removed Linux OtherOS from the Playstation 3 firmware because even though it didn't have a GPU driver, they were worried it could be leveraged to do whatever. There is no value in running Linux on a PS3 today, but there was once.
Apple notably between iOS 6 and 7 changed their design language from skeuomorphic to flat white "metro" style. If you don't like staring at a glaring white screen, too bad. But more importantly, when it comes to drivers, esp. graphics, they can introduce eyestrain if something isn't as good. Issues with sound, networking, etc. for all sorts of platforms. The Intel Management Engine which is inside your PC (AMD has a counterpart) is a another CPU and another OS that you're not allowed to shut off (or access). Sometimes firmware updates will come out preventing you from rolling back to a previous version that didn't have a bug with the hardware in this or that because of the precious Intel ME backdoor.
This also applies to routers with custom firmware. Sometimes models manufactured after a certain date will already contain the patches from the factory.
Typically a vulnerability is found on an older version of the software that can be used to attain kernel level access, and a very simple hack is needed in later versions to force an upgrade to an older version of the software.
To prevent the use of older versions of the software, later versions of the software will burn fuses as they surpass versions, preventing them from ever being used again on that device.
Thanks, yeah this is pretty much forced play. I guess it is also possible (technically) to modify the code of the game to remove the firmware requirement, if it is just a version check?
If you think burnable fuses to prevent downgrading is interesting, wait until you see the black magic that Apple cooked up to prevent iPhone downgrades.
No fuses there - just an incredibly complex mess of nonces, digitally signed tickets, and secret generator keys.
Apple internal iOS devices used by engineers are "dev-fused".
This hardware configuration opens up the device to some extent, allowing Apple engineers more latitude when developing software.
There have been articles saying that Apple lets some third party security people use these devices.
I can see how giving that access that might make sense, but I don't know if that article is true.
Dev-fused devices would also be very useful to Apple adversaries like NSO in developing hacks so I would actually expect Apple to continue to keep tight control over them.
Correct me if I'm wrong but those require an internet connection, right? I think Nintendo can't use online codesigning because (certain?) game carts have firmware upgrades that the game itself requires. Nintendo wants the user to be able to install those firmware upgrades offline, like if some kid plays a game for the first time on a road trip or plane ride.
Gads, don't get me started on SPI software upgrades on the Mac Book Pro. Serious cramp in the calvins. Forced non-down-gradable (sp?) OS because of that.
Could you expand on how this causes problems? As far as I'm aware, this has never prevented e.g. downgrading to an older version of macOS. (I assume I would know because I downgrade everything to OS X 10.9.)
Hackers eventually found a way to downgrade but you would not be able to connect to Xbox live. It did allow you to hack the Xbox and play pirated games and homebrew.
You could connect, you would just instantly be banned because the challenge/response pair didn't match, starting with the bright-white dashboard in Feb of '11.
the discovery of the RGH, reset glitch hack, aided in the reversing the early stages of the bootloader, allowing a small, incredibly talented, incredibly missed individuals to reverse the firmware/NAND challenges and correctly respond to the challenge.
You could connect to Xbox live if you had one of the undetectable modchips with a switch that allowed you to flop between regular and modded firmware. Even with modded firmware you could go on live for a while, even cheat at multiplayer games flying around and stuff until you got banned.
Well this might not be entirely true. Hackers found a way to downgrade the Xbox 360 after fuses were blown but you would not be able to use online functions with your home brew or pirated games unless they developed a dual kernel boot and used a normal kernel and no home brew to go back online. https://www.engadget.com/2007-08-25-efuse-successfully-blown...
Nintendo is probably still feeling burned by the NDS.
It was a fantastic console, and fairly open. It had two ARM CPUs (one per screen), and there was a terrific homebrew scene. Some of my first embedded C programs were for the NDS lite. It had ebook readers, paint programs, a toy Linux port, the whole 9 yards.
But, that openness also made it open to piracy. The way you loaded code onto the system was through "flashcarts". They were shaped like game cartridges, but they had a microSD slot on the top and an internal MCU which often ran a firmware that could load game ROMs from the filesystem, and even add features like cheats and save-states.
The widespread availability of those devices dramatically shrank the market for NDS games. Developers were dropping off the platform well before the 3DS came out, and Nintendo started to pay much more attention to DRM.
It was sort of a sad situation. The ability to write your own software for a handheld game console was amazing in the 2000s, but that openness ended up suffocating the platform.
> The widespread availability of those devices dramatically shrank the market for NDS games. Developers were dropping off the platform well before the 3DS came out, and Nintendo started to pay much more attention to DRM.
Do you have a source for this? All the data I've seen shows piracy really doesn't impact content creators in a meaningful way.
... the study concluded that there was no evidence that piracy affects copyrighted sales, and in the case of video games, might actually help them. [1]
Curious why you think this applies to the NDS but not in general.
> The widespread availability of those devices dramatically shrank the market for NDS games.
Nintendo sold just shy of a billion software titles for the DS, far more than the Gameboy and Gameboy Advance combined. So when you say "dramatically shrank"… compared to what?!
The dev was operating at that homebrew level, developing his own IP, but he was unhappy with anything less than the "peace of mind" that came with being given the official tools and access to the platform afforded an established developer. Ironically, he was concerned about piracy of his game, yet it was the openness to piracy that allowed him to even develop it for that platform in the first place.
Why does it need to physically modify the hardware via melting fuse when that fuse is read by enclave / boot loader code itself? If trusted code is trusted then couldn’t it store its state securely without melting fuses?
I must be missing something, either the bootloader execution is trusted and should be able to store state securely, Secure Enclave style, or it’s not and melting things doesn’t solve the problem as compromise of the code means the fuses can be ignored..
Old updates are considered trusted since they were signed by the manufacturer. The state of (a least an approximation of) the current verision is stored using efuses as state.
If you had a secure enclave that had long term storage it it, but prevented decrementing the version would be equivalent, but efuses are much simpler of a construction.
ah right so they do this to avoid having a proper secure enclave, like a very focused secure storage capability related to what the efuses are logically related to. Makes sense, I guess i just assumed they would have a secure enclave like phones etc as consoles are one of the original 'trusted computing' devices that people buy and obviously to avoid piracy etc having it work properly is important but also hardware BOM is a consideration too.
I guess the secure enclave having storage introduces another attack too, wiping/corrupting/replacing that storage somehow, thus efuses, simpler and more straightforward.
Million dollar question. Anyone know about the inner workings of the various Switch modchips that allow homebrew on newer consoles with RCM exploit patched?
Last I heard, it was doing some power glitching to bypass/nop-out some signature check or some such. There aren't much details in the public, but a very similar hack is publicly documented for the vita: https://arxiv.org/pdf/1903.08102.pdf .
Honestly a car is one of the items where I could see a safety aspect outweighing... y'know... compared to a game console.
Not saying cars should be locked down like this, I really don't know and my first 'hacker' instinct is to say it should be free-as-in-freedom, but the argument has an extra dimension to it when compared to the Nintendo Switch.
Related to Mercedes saying they take responsibility if their self driving car crashes. It's certainly arguable if you don't take the upgrade they can stop taking responsibility at some point.
Remote attestation isn't inherently evil. Remote attestation can protect your privacy too. You can run code on a public cloud, with remote attestation proving that the cloud provider cannot read the memory of your VM, even if they use a malicious hypervisor.
(That's of course assuming in your threat model you trust the hardware maker but not the cloud provider. The sentiment in this thread is clearly don't trust the hardware maker.)
As per the article there are 32 fuses, meaning they can support 32 ‘irreversible’ firmware updates. There have already been 13. What happens when update #33 is needed? Or are they banking on the switch being superseded by that point?
Permanently altering the physical state of your device doesn't mean causing destruction from a legal perspective. I wonder if an owner can sue companies that do this.
How is this considered legal? I get the cat and mouse chase between devs and the reverse engineering communities, but this seems to cross the line into physical destruction of property, at least at face value.
Just need California to pass referendum making it illegal for software to modify customer hardware without explicit consent from customer and allowing customer to opt out without penalizing customer with reduced functionality from original purchase.
To me, blowing a fuse in hardware that you've sold sounds like at least unauthorized computer access and/or malicious destruction of property. I'm saddened and surprised to learn there's substantial precedence for this.
If I were authorizing something like that (I'd rather quit my job, but if), I'd be terrified of the repurcussions – for one, what if the device was sold in a region that has consumer protections? The fact that they're casually planning and committing such a careless act speaks volumes to the weakness of consumer protections, I guess.
Even that tenuous face value falls apart as soon as you consider that the person who clicks through the UI isn't necessarily the legal owner of the device.
This is doubtful in my opinion, but Nintendo would certainly like us to believe that. I think that Nintendo does this for profiteering purposes, and also because they are irrationally restrictive of unintended usage of their hardware/software/artwork.
Technically pretty interesting, but I'd never buy something like this. Had enough of encrypted BIOSes that you can only downgrade using a hardware programmer, and Samsung's Kox protection (actually also eFuse) which fortunately only blocks their proprietary garbage from being used ever again. I pay to own not get owned.
I hear what you're saying, and I philosophically have similar feelings, but I purchased my Switch to play games I purchased for said Switch. The Switch does exactly what I want it to do, and this technical limitation doesn't impact that.
Could Nintendo do something in a future OS update that I really dislike and will make me change my tune? Possibly.
But they've also built enough trust that I'll take that risk.
Obviously you are free to make purchasing decisions for your own reasons, but I don't fully understand the hardline stance in this context.
I'd never buy a general-purpose computing device that did this, but that's because I buy general-purpose computing devices to do whatever I want.
I bought the Switch to play Breath of the Wild and arguably some of the best games I've played since I started playing games in the early 90s, and don't regret that.
Games are art: if you disagree, consider that cinema is also art, and that the crassness of Michael Bay-style Hollywood films doesn't invalidate arthouse, the same way that this year's Call of Battlefield doesn't invalidate Papers Please or Monument Valley.
And if games are art, and art defines our culture, then consigning titles to the memory-hole in the name of profitability is immoral, so Nintendo's corporate stance is philistinian.
Respecting copyright is important (the software industry, our livelihoods, is built on copyright - and copyleft - after-all), copyrights aren't indefinite because it would be immoral to deny society creative-works because they're being held-hostage by rightsholders for a licensing ransom. And Nintendo isn't a solo-creator, who might have personal reasons for wanting to retract and un-license their work: their adoption of the Disney Vault strategy is entirely soulless and without merit.
I can't argue that Nintendo should be in any way be compelled build and maintain ports of old games for modern hardware, or even official emulators: doing-so is very expensive, but I do think that Nintendo should be legally restrained from continuing with their usual bully-tactics against people involved in game-preservation.
^ For better and absolutely for worse, I don't think Nintendo has ever made large user-facing changes to one of their consoles via a software update. The Wii never got an account system, and the Switch still hasn't gotten a web browser.
The one product that kind of evolved a bit was the 3DS, which gained (poor) support for custom themes and services like Miiverse. However, the UI remained basically the same since day 1.
I do appreciate the ability to buy a product for a specific experience, rather than rely on a company's future whims.
Nintendo blocks downgrades so that it's harder to use an exploit to run unlicensed software and pirated games. The former reason is inherently user-hostile, but it doesn't bother me nearly as much on a game console as on a general purpose device like the iPhone.
Precisely, I just don't buy closed down stuff unless I absolutely have no other choice.
I don't care how good the games are, they're ultimately entertainment, which is at the very bottom of the list when it comes to spending. I did pay for MMOs that turned into garbage after a while, which only reinforced this "hardline" stance, I guess.
Hell, I've hacked my ISPs ONT, the piece of shit wouldn't let me set it to bridged mode or even change the Wifi name/password. Couldn't care less that it's against the terms. There's things that people must compromise on all the time when it comes to personal freedoms - in this case, I'm not going to even if it's illegal.
They'll march me off to war if need be, but God forbid if I upset some company's marketing plan or bottom line.
I don't know really how to argue this here, but there is no such thing as a switch. It's a general purpose computer, implemented on a very specific set of hardware, restricted in its use by software whose only purpose is to maintain the illusion that a switch is a thing.
I'm also one of the people who ultimately decided not to buy a switch (despite wanting to) because of nintendo's aggressive and misguided notion of ownership. There are other options that doesn't involve me betraying my principles and financially rewarding those who trample on my rights.
Too bad Nintendo produces some of the most popular game franchises like Pokemon or Zelda, and the only way to play them is to buy their hardware. I used to resist buying a Switch, but Breath of the Wild was such an amazing game that I had to get a Switch myself. And to be honest, other consoles are locked down in the same manner. Probably the most open "console" one could get right now is an x86 PC.
I used to worry more about DRM, at least when it came to books.
These days, it is all about convenience. And the realization that I'm not going to live forever, and how many more times am I really going to read this particular book. Because that's what it is all about. There is some (not large) risk I will loose access to my Amazon account, or Google, or whatever. But for most books, if I get a couple reads out of them, that's practically all the value to be extracted for me.
Because of DRM, there is some small chance that I will loose access to a book that is truly a classic, one that deserves to be read repeatedly. In that case, it is OK to just buy it again in some other format, and give the author a little more money (yes, I know not all of the book's sale price goes to the author in most cases).
Some of my most favorite works I have purchased multiple times, and I don't regret it.
It is the same for games. If you want an exemplary open-world experience, you get a Switch, and buy Breath of the Wild. You then experience it (over months or however long you want to play it) and then it is over. There will probably be something else that will capture your attention next year anyway.
If, ten years from now, you really want to play BotW again, and you don't have a Switch, I'm sure buying a used one would work fine. Or else get the current-gen console, and buy the heavily discounted version on that.
I agree. I think Nintendo makes fantastic games but I don't like the idea of consoles. They'll repeatedly port their own games to newer and newer console but won't release the games for any general purpose platform. I don't want a pile of electronic waste growing under my TV to play my favourite games spread over hardware generations, I want to just have one computer that I can use as a computer and playing games.
>> Each software version expects a different number of fuses to be blown — if more than is expected, it fails to boot
That branch in the code could be interfered with. Over writing it with NOOP instructions might not be easily possible due to verification of code signing but there’s other techniques like power glitching.
I went to a 3rd party repair guy to get my PS4 slim repaired. He started talking about efuses and how if the companies detect anomalies in their firmware they blow the fuses so they have to take it back to main company to get it fixed. Its quite strange to see the topic a day after at the top of hackernews.
Does this mean the upgraded Switch can never be upgraded again? If the upgrade fuses are blown this would imply no further upgrades are possible. If Nintendo can bypass the fuses others might be able to also and hence downgrade their systems.
There is one thing about video-game piracy that I never understood. Back when I was a kid, there was a lot of piracy for Playstation 1 games. In my home country you could buy any game for the price of a Big Mac. It didn't matter that the game CDs contained copy-protection, the CDs you could buy also had them and were indistinguishable from the original CDs.
Then PS2 came (or was it PS3?) and all the pirate CDs/DVDs simply disappeared. I never understood what made game media piracy nonviable with newer consoles. Why can't the pirates simply copy every single bit of the newer game media as they did before?. I think the WII had some piracy CDs easily available but you also had to mod your console somehow. I'd be happy to have an answer from any of the hackers here :).
Edit: I'm not talking about "home piracy" where you copy your CD in your PC using cloning software, I'm talking about industrial one, you could buy these games in real stores that also sold other stuff brought from China.
Are you sure that the PlayStations you had weren't modchipped? The PSX had physical copy protection (the "wobble groove") that was relatively easy to circumvent (you could manually switch a genuine game for a pirated game once it had passed the check). Modchips made it even easier by just dummying out the wobble groove check. Later games started using Sony's LibCrypt and various checksumming maneuvers to detect pirated copies, but that was all defeatable.
The PS2 used a lot of the same tricks, it was just better at it. But once consoles started having internet connections, they could start doing checks that way as well, and ban people using modded consoles.
You absolutely can mod modern systems to play pirated games. The tradeoff is that you can never use online services. That's why people don't do it as much anymore.
First generation copy-protection efforts were lackluster.
Case in point: I ordered three DVD box sets from eBay, new and sealed, a few weeks ago. All three were counterfeit, and all three were from different sellers. Very convincing counterfeits all of them - but the single-layer discs (because pirates struggle with the more common dual-layer) and lack of copy protection on studio releases (because pirates can't recreate it) were the giveaways - along with some sloppy data layer cutting edges.
Compare this to, say, Blu-ray. It has also been cracked - but counterfeit Blu-rays are far, far more rare and easily detected. Why? The DRM is stronger, sure - but Blu-rays are also entire Java programs and much harder to replicate or rip than a DVD menu. Many Blu-ray Discs have Cinavia, which embeds invisible data inside the video and audio streams informing the player that the disc should have copy protection. Cinavia can't be removed without massive distortions to the video and audio, and pirates can't create their own copy-protected discs - thus, any attempt to make (even press) an unprotected disc with a protected video stream will fail. And finally, rather than DVD which has the recordable and pressed discs with a similar color, Blu-ray uses almost transparent discs for pressed ones, but dark black for burnables, making spotting fakes visually easy.
Where am I going with this? My point is that DVD used only one real form of protection, and it was weak and broken less than a year after release. Blu-ray uses up to, I believe, five different methods all assuming the others have fallen. And that's for a system that doesn't get software updates and came out 15 years ago, unlike a video game console.
> Why can't the pirates simply copy every single bit of the newer game media as they did before?
Ah! So actually, they implemented a really (technically) cool DRM that is totally sideband to the bits of data on the media. It relied on tracking servo feedback that most (all?) cd burners ignored.
Though, this pertains to ps1, I'm sure they did something similar and perhaps harder to spoof for ps2.
You would love the history of cat and mouse with the Xbox 360! When Microsoft lost another round they came out with the brilliant idea of making the games larger then commercially available dvds had space for. The next round hackers truncated the games so they could burn to standard disc as most games had a lot of padded data it didn’t need and this worked well for a while. Then the ban hammer dropped and a bunch of people playing truncated games got banned. So the next thing the hackers did was so cool. They found a way to burn more data to a standard DVD. DVDs were 7.5gb too small for xbox games which were now made to almost 8gb if I remember correctly. Hackers developed a custom software for certain DVD burners, the one I used was a lite-on drive but they supported a few different ones, and you would flash the firmware of the DVD burner and it allowed you to write to the very edge of the DVD. Typically DVD burners don’t allow you to write to this area because it can sometimes be prone to errors. Hackers didn’t care though they even came out with a program that would scan your disc after and verify it was clean with no errors so it was essentially a clone. Of course you still needed a flasher DVD drive in your Xbox but Microsoft wasn’t able to detect that they were detecting discs. It was such a cool cat and mouse game in the end I stopped with the burnt discs and went for the reset glitch hack which allowed me to play all the games from an external HDD but of course not online with microsoft. Though you still could connect to other servers and do things like album cover downloads and play with other hackers xboxs. Good memories.
> Along with the region specific license key data, Sony pressed a special pit into the TOC of every disc. This pit, or “the wobble groove” as it would become known, was virtually impossible for consumer grade CD writers to replicate. A CD writer laser would need to be programmed to physically move in three dimensions in order to burn the wobble groove into a CD-R. So the patented pressing process achieved both copy protection and region encoding simultaneously.
A nice game of and mouse with the modchippers described as well.
I remember all sorts of bootleg media prior to the PS2 release, and what I suspect happened is that there were large crackdowns with FBI investigations and raids on bootleggers. They went after homeless people selling bootleg VHS and DVDs on the street, too. I haven't seen much counterfeit media since then.
Modern DRM uses cryptography and remote attestation, but that wasn't around in the PS2 era.
They didn't disappear, they moved online. You modify your own console, download the cracked games and burn your own physical media. Selling actual discs became less profitable (fewer buyers) and riskier (stronger enforcement).
Also selling physical (or digital) copies was rarely done by the crackers themselves (that's actually looked down upon in the community), mostly by third parties who usually had better Internet access/knowledge. When everyone started having unlimited ADSL/etc, their small business dwindled quickly.
Not sure where you grew up, but PS2 piracy was rampant and easily accessible. It probably had more to do with local copyright laws than anything technical.
As far as anti-piracy measures go, the PS3 is where Sony upped their game AFAIK.
There's a really good presentation, by a Microsoft Platform Security Engineer, detailing the lengths they went through to ensure only properly signed executables run on the Xbox One and really answers your question. One of the tools they developed, HVCI, was later incorporated into Windows Hyper-V.
VMware actually filed and was granted a patent for the same technique, years earlier, though to my knowledge they never used it for anything (not even for counter offensive purposes against MSFT :).
Today's 1st party game media has a number of unique properties that are difficult to replicate with your average at-home CD burner. I remember a lot of xbox 360 games had check codes etched into the platic inner ring of the disc, for example.
A number of patches and mods came out to attempt to disable these checks, including mods for the Wii as you mentioned.
PS1 (or PSX) had a technique for copy protection that depended on physical characteristics of the cd, something that was not copied when you made a backup. Still the mechanism was simple enough that you could bypass this check with a modchip, or even with a technique called disk swapping, in which you could swap an original disk at the right time with a pirated one and bypass the check.
PS2 also required a modchip, AFAIK, there was not any technique to get around it.
On the next generations of consoles, ps3 and ps4 were software modded, so you could run copies, but they were loaded from the machine’s hard drive, so no cd copies were necessary.
There’s a modern way to play burnt dvds with no swap on a ps2. It pretends to be a video DVD (so no wobble groove check) and uses a buffer overflow in the DVD menu code handling to boot the game.
Is it possible that people in your country simply got enough DVD burners that selling DVDs on the street was no longer profitable? Or street enforcement stepped up? I think that's what happened to Taiwan, at least.
Edit: People pointed out that PS2 discs had burned sectors that most consumer burners can't replicate. But I don't think that's really a complete answer as to why street vendors went away, considering Swap Magic[0] made disc-based piracy viable again in a few years.
I can remember people brazenly advertising console "chipping" in my local newspaper in the UK. I don't know why it stopped when we went from PS1 to PS2 (or Xbox).
From what my memory recalls, the PS2 era was when Sony started going after companies which made not just modchips, but any kind of device which let gamers use their consoles in ways they did not like. Think: Adapters which let you use PS2 controllers on an Xbox and vice versa.
Lik-Sang was (again as I recall) the primary target of all this, and was eventually forced to shut down. They were definitely the single best place to buy console modding and other weird and crazy accessories from Asia.
After the first volley, Sony and the rest started going after the smaller players, the local console modders, the ROM hosting sites, eventually even the hackers who discovered vulnerabilities themselves. 2002 was when they came for Lik-Sang and it had an immediate chilling effect, and they shut down as of 2006.
By the way - chipping services still operate, but they have a lot of ways of flying not under the radar exactly, but operating in ways which make it not worth it for Sony, Nintendo from going after them. Doing their manufacturing in China (of course), sales from various parts of eastern Europe, and the direct modding services being super-small time modders operating off local sites like OfferUp, Craigslist, or sometimes even eBay. It's overwhelmingly previous generation consoles they offer services for.
There was also a period when you could very easily (I guess you still can) buy "homebrew" cartridges for the DS, like the R4. Piracy was rampant. I have no idea what the scene is like now, but certainly GB/GBC/GBA/NDS files had no copy protection and were easily distributed online. To make things worse for Nintendo, a big SD card could hold a huge catalogue of games. Since it required zero modding, kids started to ask their parents to get them carts for Christmas and you can still buy them on Amazon. At some point there was a lot of scaremongering that the carts were illegal and that you'd get arrested for owning/buying one. There was a big crackdown and a bunch of countries banned them and fined/jailed distributors, but I don't it ever impacted serious pirates (who could just order them from somewhere like DX).
This is going off old memories so don’t take it for 100 gospel, but it’s my recollection of my youth when the consoles were in their life cycles.
PS1 chipping was/is very easy, decent sized pins/pads, depending on the chip it’s almost 8 solder points on the board (other chips had less solder points, it depended on the board revision and if you had a stealth chip or not). Any kid with a crappy soldering iron could install them. The code for the chips also got quickly “leaked” along with the methods the chips used so you could easily find chip code online and program your own chips using cheap microcontrollers. So basically there was very little cost (both in skill and cost) to get started chipping PS1s. So you had a very high success rate chipping them and a decent profit from each console (but as anyone who was so inclined could chip the console, it did lower the cost you could charge per mod. Me and my friend used to mod PS1s at school during our lunch break in the schools technology lab using the schools irons, solder and wire, me and my friend went half’s on a parallel chip programmer, so our overheads would be low, chipping PS1 was basically my first soldering adventures, that’s how low the skill bar was to solder these things in)
Once installed you just slapped a disc in the drive and played the game. (The early chips soon got “detectable” so game devs started putting copy detection in their games, but later chips started becoming “stealth” so would be much harder to detect and would play un-modifyed rips without issue, crackers would also bypass the copy detection in games so they would play on the old chips).
PS2 chipping started off slow, in the early days you would have to push button combinations to put the chip into the right mode for the game you were trying to play (PS1/PS2 CD/PS2 DVD), so the chips were not as user friendly as on the PS1. The chips would also need much better soldering skills to install as you needed to solder wires to some fine pitch ICs on the board. The chips were also more expensive as they required something a bit more “beefy” than the cheap microcontrollers used on the PS1.
So in the PS2 world (esp during the early days) the cost of installing the chips was much higher and they were not as user friendly. So imo the market wasn’t as large as it was for the PS1. (Plus I had started working and had some cash from my PS1 days tucked away, so I just got into the habit of purchasing my PS2 games.
That’s just what I remember, but its 1am, I’ve had a couple of beers, and this was all 20plus years ago so I may not be remembering everything 100% correctly.
Side note: Iirc, chipping an Xbox 1 was much easier than the PS2, and the Xbox 360 “just” involved replacing the firmware on the DVD drive for the console to enable backups so with the right tools (a PC, a ~£15 sata card and a screw driver, a bit later in the console lifecycle you also needed a serial port but a cheap USB serial converter would work, I used to use a cheap Nokia USB data cable with the end cut off and a sewing needle soldered to the RX line) you could flash all the 360s you could get your hands on (there was a decent amount of mail in work on the forums of private torrent trackers, people would open their 360, mail off their drive for £4~ first class recorded (in the UK), and get it back a few days later flashed.
I agree with the idea of full ownership, but I also know it wasn't all that long ago that the user stuck on an old version of IE was the bane of most developers, and that many security vulnerabilities come from software that was patched years ago.
Users weren't running IE6 for years and years because they upgraded to something newer, and decided to go back. The solution to this problem didn't come from making upgrades a purely one-way process.
Device makers have become quite opinionated about how their things are used, and they are in a position to enforce their opinions. I don't know what exactly the right balance is, because there are genuine interests to be balanced... but when a piece of hardware is designed explicitly to allow the manufacturer to remove the device's ability to run the exact same software that it used to, we should meet any claim that this is primarily for the user's advantage with great skepticism. We should also take seriously the possibility that tilting the balance of power in this way creates issues at least as bad as the ones we are hoping to resolve.
It's like a city so fearful of petty criminals, it allows the police the ability to do as they please. And the police are directly hired by the rich people in town.
Not too long ago I was still supporting old versions of IE because employees for large chain we built software for would not allow them to upgrade their computers
Why? Like I get why as a purchaser of things I would want to be able to downgrade, but under what premise is it desirable that the government should mandate how companies design and sell products?
This makes far more sense to me if the pitch is that companies must include clear terms for consumers about how they’ll handle software / what the hardware will allow the user to do in terms of software downgrades. That has precedent as an extension of truthful advertising / consumer protection.
But if a company says “we’re selling the Widget 9000, it updates it’s firmware automatically and irreversibly”, I don’t see a coherent reason for the government to say “no, you can’t sell that”. If people don’t want to pay for gear that behaves in that way, they’re free to not buy it.
> but under what premise is it desirable that the government should mandate how companies design and sell products?
The Government already does this and with great success, the ban on lead additives in paint would be one example. By that point, it's harmful effects were already known as early as 1786 (efforts to ban lead paint began around 1921) before it's ban in 1976 (US).
Perhaps the free market just needed more time?
Without government intervention, somehow I suspect we would still see lead paint continue to be bought and sold. I cannot imagine the unthinkable number of individuals that were fucked over through no fault of their own (learning disabilities, poor health, shortened lifespan) because we chose to continue to allow lead paint to be sold on the market.
> I don’t see a coherent reason for the government to say “no, you can’t sell that”.
What about the environment? By artificially reducing the lifespan of these devices, you're sending them to an early grave only to be unnecessarily replaced by a new device because the corporate overlords demand it.
It's unnecessary churn and I'm not sure that we should demand that future generations carry the burden of our poor choices simply because we would prefer to wait until the free market fixes this mess (which may never happen). How long will that take? 10 years? More?
> under what premise is it desirable that the government should mandate how companies design and sell products?
The premise that benefits individuals and society.
The government already mandates how companies design and sell products. This isn't a radical concept. The reason cars get safer and cleaner every year is due to government regulation. The reason that instant coffee cannot be more than 50% bugs and twigs is government regulation.
> If people don’t want to pay for gear that behaves in that way, they’re free to not buy it.
Or we could just regulate it and then this consumer-hostile issue wouldn't exist.
> I get why as a purchaser of things I would want to <...>
That's actually all you need to say. Anything else is pro-corporate bullshit that you've been spoonfed until you regurgitate it.
The rebuttal to the rest of your comment is "just try and buy a TV that isn't actively hostile to the user". But that's a side conversation, the fundamental reality is that companies are legal fiction that don't have rights. They are allowed certain privileges we grant them, and we should not grant them the ability to screw over people that don't understand what the term firmware means.
Virtually everything you own that was sold in the US had a wide variety of terms set by the US government on your behalf on how it was constructed, advertised, and sold. The question was never if the government should set terms it is what terms.
You are also somehow envisioning the government as a separate entity having no relationship to the people as a whole that instead of literally already setting the entire ground rules in which our society exists somehow needs a very high bar to justify any interference whatsoever.
The government is all of us and the only justification it requires is the people's interests. 99.999% of people aren't chicken farmers so if they demand cleaner chicken farms so the chicken they eat are less likely to give them the shits then cleaner farms it is and those who who don't like it can situate their farms somewhere else.
99.999% of people aren't Nintendo executives so if the people are smart enough to demand hardware they actually own then Nintendo is free to exit the entire US market.
The problem is when an upgrade limits or removes features from the time of first purchase - it's akin to changing the terms of an agreement after signing it.
Steam Deck has a very similar form factor and is way more open to hacking. It seems like the free market is working. Why should the people who develop products at Nintendo have to design around some politician’s law?
I'm waiting for my Steam Deck. That said, the Deck is a drop in the ocean.
> Why should the people who develop products at Nintendo have to design around some politician’s law?
Sorry, but it must be we live in different planets. Japan has laws tailor made for the commercial interests of their gaming and media industry. Are IP protection and copyright also politician's law?
I'm all against absurd legislation and bureaucracy and I'm glad creators get paid but analyse your sentence:
"Why should the people who develop products at Nintendo have to design around some politician’s law?"
Do you notice that you are equating People=Private Company and Consumer Protection=Politician? I could understand if you are the owner of a company trying to work around some legislative moat, otherwise, it's pure brainwashing.
I will partially disagree with this. Irreparable hardware/software changes like this should absolutely be banned, however, I disagree that we should dictate speech, with speech in this case being how the software was written. An analogy would be telling people they can't protest vs. shooting them when they try to.
But the core issue here is the company restricting users from running their own software so the analogy would be more that a company would not be allowed to tell their hitment to shoot protesters even though that is technically speech.
reading through the replies to this, perhaps it should instead be that if you create a method to prevent downgrades you must also provide documentation on how that prevention method works in great enough detail that it can be circumvented.
Were they to document a way for you to disable the fuse check, then the user could disable the fuse check and do their own downgrades, or if writing this kind of technical documentation is too laborious then they can just provide themselves a downgrade service and just point to that in the documentation.
Even if such a law was enforced, there is a workaround: rent the consoles instead of selling them. That way, you don't legally own the console/phone/car you're playing with and they still can do whatever they want. Leasing is common for expensive items, down to cars, sometimes phones, it can be used for consoles, too. https://en.wikipedia.org/wiki/Lease
Such a workaround only works with weak enough consumer protections. If it quaks like a duck the law can choose to treat it like a duck even if you insist that its actually a goose.
I have a Tesla, and I was stupid enough to upgrade to v11 without reading up first. The UI is so broken that I now literally have hate attacks while driving the car. Oh, and the update somehow broke a window controller unit, which had to be physically replaced.
So: yes. I’d gladly go back to v10 if I could. I actually offered money to do so, but - unsurprisingly - I got refused.
The reason it’s not that easy is that platform holders have contractual obligations with content providers about their content being secure. These obligations are an incentive to content production.
Actually its exactly that easy. The platform holders cannot offer something to content providers that is outside the boundaries of the law nor use a court to compel them to break the law.
Making it the law is about the only thing that would work because incentives are otherwise inherently misaligned.
Companies can only get away with this crap because consumers are so still so darn ignorant. I think most people won't accept a car that prevents you from changing your own oil or replacing your own wiper fluid, so it always boggles my mind that so many are still buying computers that lock users out of the firmware and boot process.
A Switch is just a toy anyways. Buy a different toy.
The reason why games on Switch can "just work" is that the OS provides the DRM. Otherwise, we would see rootkits, spyware, or always-online requirements like the DRM hell that we see with Windows games.
It's a trade-off, and I believe there is space for both kinds of devices. I want an unlocked Linux PC and a DRM-monopolized-by-Nintendo Switch so that I can do tinkering, when I want it, but also enjoy games without much technical fuss.
>The reason why games on Switch can "just work" is that the OS provides the DRM. >Otherwise, we would see rootkits, spyware, or always-online requirements like the DRM hell that we see with Windows games.
None of this would be an issue if the companies just released the server-side tools and let people host and moderate their own instances of games. This is basically how the Fediverse works and it's great. People who want to be nasty go into their little corner and everyone else in another.
Only problem is this would mean customers actually get to own the stuff they buy. Companies would rather you be the product.
What? I get all my games on Windows DRM free from the likes of Gog and Itch.io. If there is a game I want to play that has DRM I get a nice clean pirate copy.
Not all consumers are ignorant, but 99% of switch's consumers don't even care.
I bought the toy because I enjoy Zelda and Mario. I've bought every Nintendo console since the NES and will likely continue to do so because of the enjoyment I get back from it. I'm not interested in modding or downgrading or whatever.
If you are not looking for a toy to enjoy Nintendo only games with then get a Steam Deck or whatever else and mod to your hearts content.
> I think most people won't accept a car that prevents you from changing your own oil or replacing your own wiper fluid, so it always boggles my mind that so many are still buying computers that lock users out of the firmware and boot process.
There are countless variations of this in cars. Changing a fuel pump or ignition control module or sometimes even disconnecting a battery activates 'anti theft' features in many cars and companies frequently use the DMCA to prevent repair and maintenance without $10k/year software licenses.
I recently had to change the transmission in a '13 Juke. The battery was disconnected, and now three months later I still cannot use the radio. We have the placard with the unlock code, but the radio does not unlock.
Had the dealer done the repair, I could probably fight with them to get the radio fixed. But with the independent shop that did the repair, whom I feel did nothing wrong, I do not want to pressure to repair the "collateral damage" that really isn't their fault.
Consumers but game consoles to play games made for the consoles, and as long as they can play, why should they care about firmwares and bootloaders? In fact, I know plenty of Linux kernel recompiling geeks with custom built PCs who buy locked down game consoles because sometimes, they just want to play video games, and game consoles are really good at making it hassle free.
And the fact that they are locked down is not a bad thing. It actually made Nintendo's success. While other manufacturers had to deal with a flood of poor quality titles, Nintendo was able to set quality standards. As for the evil DRM, game publisher sometimes don't want to release games on open platforms (like PC) because of piracy.
Your car analogy doesn't hold, you don't need to change oil and wiper fluid in your consoles, consoles are essentially no maintenance and that's another good thing about them. And in fact, the most likely maintenance operation you may have to do on the Switch is changing the battery, and it is a relatively easy operation. I don't know how long my Switch will last, but consoles tend to last a really long time for consumer electronics.
Game consoles may be computers under the hood, and with hacks, you may turn them into a general purpose machines (and I have done it, it is fun). But really, they are accessories to the games. You are not "darn ignorant" because you buy a console for its intended purpose. Yes it is a toy, literally, you find it it toy stores, but why should you buy a different toy just because it may not do more than advertised?
These fuses are inside the CPU itself. They are programmed in a sense much like the firmware itself is.
These fuses have always been around in microcontrollers. They are used to configure various aspects of the microcontroller operations, like startup sequences, whether or not the contents of the chip can be read out, is their voltage monitoring (brownout detection) enabled, is there a watchdog timer enabled which could reset the chip automatically if needed, etc.
It is common that fuses like this can only be set to progressively stricter settings. And the only way to reset the fuses is to erase the entire chip, firmware and all. It sounds like these fuses in the Nvidia dont even allow this.
This is an interesting idea, but quoting Stalin, isn't the really important thing the program that counts the burnt fuses? Maybe that's also exploitable
Anyway, the article also says that an exploit is already available to bypass that
out of curiosity, what was the original Stalin quote? I'm guessing something like "the important political position is the one that assigns positions to others" or something like that? I would google, but unclear what to search for.
One of Apple's defenses against EU regulators wanting them to allow side-loading is downright whataboutism as they point to games-consoles as similarly locked-down, single-marketplace platforms that extract the same 30% cut of sales revenue from developers. And there are plenty of non-game titles on the Xbox and PlayStation stores (Netflix, alternative web-browsers[1], even a Google Stadia client... sort-of [2]), so I'm surprised you're applying double-standards to games-consoles when they're almost identical in nature to Apple's walled-garden.
eFuses get physically melted by software.
Microsoft bricked thousands of illicit China-developer xbox360 kits one spring morning, in the winter of 2010.
they also have bricked retail xbox360 consoles of nefarious (teenage) actors. cannot go into more detail on that one. maybe after a few more years.
Ironically, criminal damage has its origins in the Frame-Breaking Act of 1812, carrying the death penalty, and designed to stem the rising tide of Luddites. Today companies like Nintendo, Microsoft and Sony are the Luddites.
Because the damage is permanent, to "tangible property", and "without lawful excuse" (and please don't knee-jerk to arguing "they can do what they want because you agreed to it" - you didn't and they can't), I'd think there's a very good case for criminal damage as distinct action from any computer misuse recourse.
The argument needs to made, not on behalf of the users as a class action, but on behalf of another stakeholder - the environment. Every time a company makes and sells products that can be "bricked" they contribute to e-waste (see [1][2] if this issue isn't yet on your radar - it's something every hacker should be aware of).
I have faith that smart people in European politics genuinely get this merging problem, and we have the courage, time and willingness to bring new legislation or trade restrictions that would make it impossible to sell such products in Europe. Even better I would like to see Microsoft made to pay the cleanup costs.
[1] https://digitalvegan.net/digital-vegan-print-sample.pdf (ch 17 Wasteland)
[2] https://www.fathom.pro/blog/2020/09/world-wide-waste-an-inte...
Shouldn't the scammers pay the cleanup charges?
Like if you want to sell illicit XBoxes, it's on you to ensure that the thing can't be rendered inoperable by a third-party software update, it's not the third-party's responsibility to account for your hardware when they do software updates.
Doing software updates that brick tampered hardware is harder to make a sarcastic argument about.
18 replies →
> they also have bricked retail xbox360 consoles of nefarious (teenage) actors
I believe these two podcast episodes cover that in depth.
https://darknetdiaries.com/episode/45/
https://darknetdiaries.com/episode/46/
I have a condition that I cannot listen to media about things I know too much about.
For this reason, I cannot watch/listen to darknet diaries, or a host of other topics. The physical cringe of wanting to correct the record is unbearable, but from what I heard, they are very accurate and have done their research.
RIP anthony
38 replies →
It's crazy to hear that story told back to me. I wasn't part of the core of it, but everything as intense as xbox-underground has a huge fringe. I was in that fringe. Listening to the background of all that stuff i was a part of is very cool. I remember the leaks, the return scams, the carding, and the circulation of password dumps. It was a crazy time.
Thanks for sharing.
That they built a working Xbox One (before it had even been announced) just by looking at the spec sheets etc. and buying the parts on Newegg is incredible.
1 reply →
Sorry I modified the dvd firmware when I was a teenager. It was really important to me to get level 50 in Halo 2. Hope you can understand lol.
It's okay. I had a 50 in every H3 playlist, and my own cease and desist letter from a few different AAA companies.
We've all been there...
1 reply →
I fondly remember flashing my DVD drive on my 360 when I was 15 to play Saints Row (I had an ITCH for a GTA like game). Back then I was scared shitless of possibly bricking it. Now looking back, I laugh because of how trivial the mod was. Pretty sure this was a major contributing factor to me eventually perusing tech in my career.
2 replies →
>they also have bricked retail xbox360 consoles of nefarious (teenage) actors.
I was in the "xbox underground" group and later worked at Microsoft. they never bricked retails, lol.
I have my bricked retail sitting on my desk, it's my second favorite paperweight.
After CON files were being resigned with 00000' keys, they tried and failed to maintain a "known bad" list of RSA private keypairs that were known to be resigning modified content.
after that patchwork hack failed, because of the spread of CON resigners, they gave up on that effort. You can still find blacklisted keypairs in the NAND, if you looked around.
but my retail was't exactly unmodified, so I was bending the definition of "retail", here...
but yes, they bricked retail consoles posing as xDev and pNET kits.
dont blame them. we were bad kids.
I am confused as to whether it happened in spring or winter.
Cool story bruh
chill eric
There are things called fuses on AVRs that cannot be changed by running code but can be set and unset multiple times by an external programmer. These are apparently different.
https://en.wikipedia.org/wiki/Efuse describes the mechanism of action: "eFuses can be made out of silicon or metal traces. In both cases, they work (blow) by electromigration, the phenomenon that electric flow causes the conductor material to move."
Aha, I was under the impression that it was simply and literally a question of passing too much current through a conducting trace internally, causing the internal resistance to overheat it, thus melting it. Perhaps that would be a method too unreliable or something. Perhaps I should read the wikipedia entry before speculating :).
You're not wrong, this was how fuses were originally implemented in their earliest forms in the early days of integrated circuits.
A common technique was using diodes. Zener diodes are normally used to suppress overvoltage, but they're only useful for transients, and easily destroyed by a sustained, constant overvoltage due to excessive power dissipation. This is a serious problem in surge protector designs. "If life gives you lemons, make lemonade". Since they fail as a short circuit, early chip designers exploited this property as a one-time programmable fuse for factory calibration.
Quote Troubleshooting Analog Circuits by Robert A. Pease.
> As mentioned earlier, a diode tends to fail by becoming a short circuit when overpowered, and zeners cannot absorb as much power as you would expect from short pulses. How dreadful; but, can IC designers serendipitously take advantage of this situation? Yes!
> The Vos of an op amp usually depends on the ratio of its first-stage load resistors. IC designers can connect several zeners across various small fractions of the load resistor. When they measure the Vos, they can decide which zener to short out - or zap - with a 5-ms, 0.3- to 1.8-A pulse. The zener quickly turns into a low-impedance (= 1 Ω short), so that part of the resistive network shorts out, and the Vos is improved.
> In its LM108, National Semiconductor first used zener zapping, although Precision Monolithics (Santa Clara, CA) wrote about zener zapping first and used it extensively later on. Although zener zapping is a useful technique, you have to be sure that nobody discharges a large electrostatic charge into any of the pins that are connected to the zener zaps. If you like to zap zeners for fun and profit, you probably know that they really do make a cute lightning flash in the dark when you zap them. Otherwise, be careful not to hit zeners hard, if you don’t want them to zap and short out.
> These zener zaps are also becoming popular in digital ICs under the name of “vertical fuses” or, more correctly, “anti-fuses.” If an IC designer uses platinum silicide instead of aluminum metallization for internal connections, the diode resists zapping.
Nowadays they are implemented as a write-only EEPROM or Flash memory (and can even be overwritten in some designs using a special programmer), but the name "fuse" is still used for historical reasons, and to reflect their software-irreversible nature.
Also, fun fact: since fuses are EEPROMs, they're vulnerable to potential data corruption just like any other EEPROMs. If a fuse bit ever "gets loose", it can brick many chips since their boot configurations are no longer correct. It's especially problematic for space applications. This is also used for chip cracking - you can remove the "program read-protection" bit in some microcontrollers by exposing the fuse portion of the decapped silicon die under UV light. BTW, if you ever see a computer that reports an "Intel Core i6" processor model, it's likely a corrupted fuse bit (yes, this was a real incident).
1 reply →
There are a bunch of ways to make efuses.
Modern ones are typically flash memory that simply doesn't have the circuitry for erasure.
4 replies →
I think Samsung used these for Knox?
Correct. It's a pain in the bum. I might add that Fairphone has an official procedure to flash the original rom and re-lock the bootloader, I tried it with the FP3 at least and that worked on the first try.
They're pretty common in TPM-like things
AVR fuses are regular non volatile memory, just specifically for configuration purposes
I unintentionally blow the eFuse on the Qualcomm chips I'm developing for, all the time .. its very frustrating and surprisingly easy to do with their tools.
I'm ideologically opposed to using this feature 'productively', but it definitely makes it simpler (cheaper) for the company to maintain installed base versions...
Why and how does it make stuff easier for the company? Can't the company just... not support older versions of the software?
What's the difference in burden on the company between a user who just declines updates for years and a user who installs upgrades but then downgrades again? Surely the customer support response in all cases is "install the latest version"?
The cability provides for a lot more than blocking software downgrades e.g. setting the boot signing key and then locking it with an efuse so only matching signed images can be booted or the inverse, enable unsigned custom firmware but blow a fuse to mark the device has been allowed to run custom software (which may impact hardware DRM systems during boot).
5 replies →
> There are 256 bits in the set of ODM_RESERVED fuses, and there are 8 ODM_RESERVED. This allows for 32 fuses, or 32 future FW versions (provided they burn a fuse on every major release).
32? Is that it? So if Nintendo want to push more than 32 updates, they either need to not blow any more fuses, or stop using the fuses when they've all gone? Wouldn't they be totally useless then?
As far as I can read the chart, they only burn fuses in major updates, e.g., 9.x->10.x, but not x.7 -> x.8
So they must have some guidelines for what kind of features are worth burning a fuse.
But yeah, 32 sounds low. Let's just hope number 32 has an easy exploit :)
And hopefully that is not currently a piece of tribal knowledge that gets lost over time
It would be pretty tough to find 32 unique exploits!
Remember, Ninty doesn’t need to burn one for each update, just for the ones they consider important enough.
Precisely, if 1 exploit downgrade block every 6 months for 16 years isn't effective enough then there is no number of fuses that are effective enough.
The Wii had 4 major versions over the lifetime of the product, and the Wii U had 5. So I think 32 is pretty generous.
Not a console player, can someone explain why consumers want to downgrade their console(s)? I Googled a bit and it seems people would like to have more vulnerable to hack their devices, but why did they upgrade in the first place? Is it forced upgrade?
Nearly forced. once the console downloads the update, it will be applied automatically upon reboot.
The alternative is to never connect to WiFi, ever, and some do that.
Generally, consumers would want to downgrade because older versions have vulnerabilities that are fixed in newer versions. these vulnerabilities allow console owners to do what they want with their hardware, and gaming communities have shown Nintendo time and time again that if it is possible to use game hardware for game piracy, it will be widely used for that purpose.
Those of us who want a neat standardized hardware platform to hack on without pirating anything are in the noise floor for companies like Nintendo, so we have no representation among neither pirates nor the console manufacturer.
I've been out of "the scene" for many years now, but back in the day, I had a Flash Cart[0][1] so that I could have all (literally all...) the Nintendo DS games at hand. I was a naughty naughty pirate.
The flash cart also added some really neat features that were missing, such as: the ability to take screenshots, ability to save and restore a game at any point, ability to load cheats like infinite ammo and such.
Nintendo was/is at war with cart users and any update to a DS with a flash cart stood a good chance of either killing the flash cart or rendering it inoperable until a new firmware was released for the flash cart (which may never happen). There's a long and great history here. And if you want to know more, the GBATemp wiki[3] is a great starting point.
[0] https://en.wikipedia.org/wiki/Flash_cartridge [1] https://wiki.gbatemp.net/wiki/3DS_Flashcart_Comparison [3] https://wiki.gbatemp.net/wiki/Category:Nintendo_DS
This is partly why I'm really excited about the Steam Deck - it's in the same form factor and is running a Linux distro that you're free to modify.
1 reply →
Switch does not forcefully upgrade on reboot, but you might be required to have at least firmware version x to run game y.
11 replies →
The Amazon kindle os does not allow downgrades, not sure if it’s using fuses or not.
In that case it isn’t about access to pirated content either—people want to be able to modify it for basic features the company has neglected to provide.
Ah I see, thanks. Looks like Nintendo is pretty serious about this (by suing a lot of hobbyists and blowing fuses like this).
2 replies →
Not about a console, but sometimes manufacturers or developers change the UI of the system or valued apps.
Examples:
Sony removed Linux OtherOS from the Playstation 3 firmware because even though it didn't have a GPU driver, they were worried it could be leveraged to do whatever. There is no value in running Linux on a PS3 today, but there was once.
Apple notably between iOS 6 and 7 changed their design language from skeuomorphic to flat white "metro" style. If you don't like staring at a glaring white screen, too bad. But more importantly, when it comes to drivers, esp. graphics, they can introduce eyestrain if something isn't as good. Issues with sound, networking, etc. for all sorts of platforms. The Intel Management Engine which is inside your PC (AMD has a counterpart) is a another CPU and another OS that you're not allowed to shut off (or access). Sometimes firmware updates will come out preventing you from rolling back to a previous version that didn't have a bug with the hardware in this or that because of the precious Intel ME backdoor.
> There is no value in running Linux on a PS3 today, but there was once.
The most famous example from my point of view:
https://www.win.tue.nl/hashclash/rogue-ca/
1 reply →
> why consumers want to downgrade their console(s)? I Googled a bit and it seems people would like to have more vulnerable to hack their devices
Or to get back the features you had originally paid for but got removed, like Linux OS installs on PS3s.
You don’t control initial version you get when you buy it (either new or second handed).
Often you also first use stock before you learn about/want to start hacking it.
Thanks, yeah with hardware there is a lot of complexity. I guess if someone owns a Switch with original firmware, it might be sold with a premium?
1 reply →
> why did they upgrade in the first place?
New games and game updates often require Switch system updates. Two examples:
Animal Crossing DLC requires a system update.
Rocket League seasons usually require a game update.
Thanks, yeah this is pretty much forced upgrade, either upgrade and play, or don't play at all.
1 reply →
This also applies to routers with custom firmware. Sometimes models manufactured after a certain date will already contain the patches from the factory.
Typically a vulnerability is found on an older version of the software that can be used to attain kernel level access, and a very simple hack is needed in later versions to force an upgrade to an older version of the software.
To prevent the use of older versions of the software, later versions of the software will burn fuses as they surpass versions, preventing them from ever being used again on that device.
I upgrade because the new game I want to play won't play if I don't. Also the on console store will refuse to work.
Games on cards have a minimum firmware version. The firmware won't let you launch them without updating first.
Thanks, yeah this is pretty much forced play. I guess it is also possible (technically) to modify the code of the game to remove the firmware requirement, if it is just a version check?
1 reply →
If you think burnable fuses to prevent downgrading is interesting, wait until you see the black magic that Apple cooked up to prevent iPhone downgrades.
No fuses there - just an incredibly complex mess of nonces, digitally signed tickets, and secret generator keys.
iPhone.. famously home to burnable fuses[0][1] (although in principal they're for security/unique device identification)
[0]: https://www.theiphonewiki.com/wiki/Security_Fusings [1]: https://www.theiphonewiki.com/wiki/ECID
Apple internal iOS devices used by engineers are "dev-fused". This hardware configuration opens up the device to some extent, allowing Apple engineers more latitude when developing software.
There have been articles saying that Apple lets some third party security people use these devices.
E.G. https://macdailynews.com/2019/08/06/apple-hands-hackers-secr...
I can see how giving that access that might make sense, but I don't know if that article is true.
Dev-fused devices would also be very useful to Apple adversaries like NSO in developing hacks so I would actually expect Apple to continue to keep tight control over them.
2 replies →
Correct me if I'm wrong but those require an internet connection, right? I think Nintendo can't use online codesigning because (certain?) game carts have firmware upgrades that the game itself requires. Nintendo wants the user to be able to install those firmware upgrades offline, like if some kid plays a game for the first time on a road trip or plane ride.
Gads, don't get me started on SPI software upgrades on the Mac Book Pro. Serious cramp in the calvins. Forced non-down-gradable (sp?) OS because of that.
Could you expand on how this causes problems? As far as I'm aware, this has never prevented e.g. downgrading to an older version of macOS. (I assume I would know because I downgrade everything to OS X 10.9.)
2 replies →
The Xbox 360 Xenon chips also had efuses to prevent downgrades.
Hackers eventually found a way to downgrade but you would not be able to connect to Xbox live. It did allow you to hack the Xbox and play pirated games and homebrew.
You could connect, you would just instantly be banned because the challenge/response pair didn't match, starting with the bright-white dashboard in Feb of '11.
the discovery of the RGH, reset glitch hack, aided in the reversing the early stages of the bootloader, allowing a small, incredibly talented, incredibly missed individuals to reverse the firmware/NAND challenges and correctly respond to the challenge.
7 replies →
You could connect to Xbox live if you had one of the undetectable modchips with a switch that allowed you to flop between regular and modded firmware. Even with modded firmware you could go on live for a while, even cheat at multiplayer games flying around and stuff until you got banned.
5 replies →
Well this might not be entirely true. Hackers found a way to downgrade the Xbox 360 after fuses were blown but you would not be able to use online functions with your home brew or pirated games unless they developed a dual kernel boot and used a normal kernel and no home brew to go back online. https://www.engadget.com/2007-08-25-efuse-successfully-blown...
It was possible, just incredibly difficult, to correctly respond to the challenges requested, and stay online, undetected, indefinitely.
This is why emulators are so great. Companies want you to rent everything and convince you that you're happy to do so.
Nintendo is probably still feeling burned by the NDS.
It was a fantastic console, and fairly open. It had two ARM CPUs (one per screen), and there was a terrific homebrew scene. Some of my first embedded C programs were for the NDS lite. It had ebook readers, paint programs, a toy Linux port, the whole 9 yards.
But, that openness also made it open to piracy. The way you loaded code onto the system was through "flashcarts". They were shaped like game cartridges, but they had a microSD slot on the top and an internal MCU which often ran a firmware that could load game ROMs from the filesystem, and even add features like cheats and save-states.
The widespread availability of those devices dramatically shrank the market for NDS games. Developers were dropping off the platform well before the 3DS came out, and Nintendo started to pay much more attention to DRM.
It was sort of a sad situation. The ability to write your own software for a handheld game console was amazing in the 2000s, but that openness ended up suffocating the platform.
> The widespread availability of those devices dramatically shrank the market for NDS games. Developers were dropping off the platform well before the 3DS came out, and Nintendo started to pay much more attention to DRM.
Do you have a source for this? All the data I've seen shows piracy really doesn't impact content creators in a meaningful way.
Curious why you think this applies to the NDS but not in general.
[1] https://www.engadget.com/2017-09-22-eu-suppressed-study-pira...
21 replies →
> The widespread availability of those devices dramatically shrank the market for NDS games.
Nintendo sold just shy of a billion software titles for the DS, far more than the Gameboy and Gameboy Advance combined. So when you say "dramatically shrank"… compared to what?!
They've been burned since the NES. The piracy cat and mouse game is as old as consoles.
3 replies →
That reminds me, I recently watched a video on "Bob's Game".
https://en.wikipedia.org/wiki/Bob%27s_Game
The dev was operating at that homebrew level, developing his own IP, but he was unhappy with anything less than the "peace of mind" that came with being given the official tools and access to the platform afforded an established developer. Ironically, he was concerned about piracy of his game, yet it was the openness to piracy that allowed him to even develop it for that platform in the first place.
Huh, I remember the NDS having a huge library, was Nintendo really having trouble getting people to develop for it?
I bought the switch fully expecting such devices to be available within a year or two … how naive of me.
They should adjust the business model to address market demand. Be a platform, not (just) a console.
Works great for Apple and Play!
6 replies →
Why does it need to physically modify the hardware via melting fuse when that fuse is read by enclave / boot loader code itself? If trusted code is trusted then couldn’t it store its state securely without melting fuses?
I must be missing something, either the bootloader execution is trusted and should be able to store state securely, Secure Enclave style, or it’s not and melting things doesn’t solve the problem as compromise of the code means the fuses can be ignored..
Old updates are considered trusted since they were signed by the manufacturer. The state of (a least an approximation of) the current verision is stored using efuses as state.
If you had a secure enclave that had long term storage it it, but prevented decrementing the version would be equivalent, but efuses are much simpler of a construction.
ah right so they do this to avoid having a proper secure enclave, like a very focused secure storage capability related to what the efuses are logically related to. Makes sense, I guess i just assumed they would have a secure enclave like phones etc as consoles are one of the original 'trusted computing' devices that people buy and obviously to avoid piracy etc having it work properly is important but also hardware BOM is a consideration too.
I guess the secure enclave having storage introduces another attack too, wiping/corrupting/replacing that storage somehow, thus efuses, simpler and more straightforward.
2 replies →
Million dollar question. Anyone know about the inner workings of the various Switch modchips that allow homebrew on newer consoles with RCM exploit patched?
Last I heard, it was doing some power glitching to bypass/nop-out some signature check or some such. There aren't much details in the public, but a very similar hack is publicly documented for the vita: https://arxiv.org/pdf/1903.08102.pdf .
To be more specific: they use voltage glitching during the BOOT0 signature check.
Coming soon to a car near you.
Honestly a car is one of the items where I could see a safety aspect outweighing... y'know... compared to a game console.
Not saying cars should be locked down like this, I really don't know and my first 'hacker' instinct is to say it should be free-as-in-freedom, but the argument has an extra dimension to it when compared to the Nintendo Switch.
Related to Mercedes saying they take responsibility if their self driving car crashes. It's certainly arguable if you don't take the upgrade they can stop taking responsibility at some point.
Remote attestation is the enemy of our freedom.
Remote attestation isn't inherently evil. Remote attestation can protect your privacy too. You can run code on a public cloud, with remote attestation proving that the cloud provider cannot read the memory of your VM, even if they use a malicious hypervisor.
(That's of course assuming in your threat model you trust the hardware maker but not the cloud provider. The sentiment in this thread is clearly don't trust the hardware maker.)
6 replies →
Already here. Teslas cannot be downgraded, even by a service center.
What part, the Linux OS ? if so, I'd like you to cite your resources as I had assisted this in an older Telsa.
5 replies →
i believe the 3 and y have eFuses as well
As per the article there are 32 fuses, meaning they can support 32 ‘irreversible’ firmware updates. There have already been 13. What happens when update #33 is needed? Or are they banking on the switch being superseded by that point?
13 fuses in 5 years. I don’t think the current Switch hardware is going to be supported for more than 10 years.
Permanently altering the physical state of your device doesn't mean causing destruction from a legal perspective. I wonder if an owner can sue companies that do this.
How is this considered legal? I get the cat and mouse chase between devs and the reverse engineering communities, but this seems to cross the line into physical destruction of property, at least at face value.
Just need California to pass referendum making it illegal for software to modify customer hardware without explicit consent from customer and allowing customer to opt out without penalizing customer with reduced functionality from original purchase.
...because you agreed to the terms when operating the software.
To me, blowing a fuse in hardware that you've sold sounds like at least unauthorized computer access and/or malicious destruction of property. I'm saddened and surprised to learn there's substantial precedence for this.
If I were authorizing something like that (I'd rather quit my job, but if), I'd be terrified of the repurcussions – for one, what if the device was sold in a region that has consumer protections? The fact that they're casually planning and committing such a careless act speaks volumes to the weakness of consumer protections, I guess.
18 replies →
Even that tenuous face value falls apart as soon as you consider that the person who clicks through the UI isn't necessarily the legal owner of the device.
1 reply →
You can "agree" to any number of terms that they could put in there that aren't going to hold up to any legal scrutiny.
2 replies →
right because all terms are legally enforceable...
Simply the fact that the device is intended to be used afterwards is enough to disqualify it as criminal destruction.
If we didn’t have profit protection measures like this everything would be much more expensive and that’s not a better alternative for most consumers.
This is doubtful in my opinion, but Nintendo would certainly like us to believe that. I think that Nintendo does this for profiteering purposes, and also because they are irrationally restrictive of unintended usage of their hardware/software/artwork.
1 reply →
Well that's a whole other debate, but I'd like to know the legality now.
9 replies →
How is this a profit protection measure? And how does it prevent the Switch from being more expensive?
1 reply →
any source for that claim?
Not my downvote but I believe when you do the math the equation goes like this:
(reduction in functionality) + (fewer options) + (loss of user control) + (handicapped operation) + (hardware underutilization) = higher prices for everyone
This is not including things like (planned obsolescence) which are intended to make things more expensive without raising the sales price.
1 reply →
Technically pretty interesting, but I'd never buy something like this. Had enough of encrypted BIOSes that you can only downgrade using a hardware programmer, and Samsung's Kox protection (actually also eFuse) which fortunately only blocks their proprietary garbage from being used ever again. I pay to own not get owned.
> I'd never buy something like this
You'd never buy a Switch because of this?
I hear what you're saying, and I philosophically have similar feelings, but I purchased my Switch to play games I purchased for said Switch. The Switch does exactly what I want it to do, and this technical limitation doesn't impact that.
Could Nintendo do something in a future OS update that I really dislike and will make me change my tune? Possibly.
But they've also built enough trust that I'll take that risk.
Obviously you are free to make purchasing decisions for your own reasons, but I don't fully understand the hardline stance in this context.
I'd never buy a general-purpose computing device that did this, but that's because I buy general-purpose computing devices to do whatever I want.
I bought the Switch to play Breath of the Wild and arguably some of the best games I've played since I started playing games in the early 90s, and don't regret that.
> But they've also built enough trust that I'll take that risk.
And subsequently extracted the most value they could get from that trust and goodwill: https://www.inverse.com/gaming/nintendo-eshop-closure-3ds-wi...
Games are art: if you disagree, consider that cinema is also art, and that the crassness of Michael Bay-style Hollywood films doesn't invalidate arthouse, the same way that this year's Call of Battlefield doesn't invalidate Papers Please or Monument Valley.
And if games are art, and art defines our culture, then consigning titles to the memory-hole in the name of profitability is immoral, so Nintendo's corporate stance is philistinian.
Respecting copyright is important (the software industry, our livelihoods, is built on copyright - and copyleft - after-all), copyrights aren't indefinite because it would be immoral to deny society creative-works because they're being held-hostage by rightsholders for a licensing ransom. And Nintendo isn't a solo-creator, who might have personal reasons for wanting to retract and un-license their work: their adoption of the Disney Vault strategy is entirely soulless and without merit.
I can't argue that Nintendo should be in any way be compelled build and maintain ports of old games for modern hardware, or even official emulators: doing-so is very expensive, but I do think that Nintendo should be legally restrained from continuing with their usual bully-tactics against people involved in game-preservation.
2 replies →
^ For better and absolutely for worse, I don't think Nintendo has ever made large user-facing changes to one of their consoles via a software update. The Wii never got an account system, and the Switch still hasn't gotten a web browser.
The one product that kind of evolved a bit was the 3DS, which gained (poor) support for custom themes and services like Miiverse. However, the UI remained basically the same since day 1.
I do appreciate the ability to buy a product for a specific experience, rather than rely on a company's future whims.
Nintendo blocks downgrades so that it's harder to use an exploit to run unlicensed software and pirated games. The former reason is inherently user-hostile, but it doesn't bother me nearly as much on a game console as on a general purpose device like the iPhone.
2 replies →
Precisely, I just don't buy closed down stuff unless I absolutely have no other choice.
I don't care how good the games are, they're ultimately entertainment, which is at the very bottom of the list when it comes to spending. I did pay for MMOs that turned into garbage after a while, which only reinforced this "hardline" stance, I guess.
Hell, I've hacked my ISPs ONT, the piece of shit wouldn't let me set it to bridged mode or even change the Wifi name/password. Couldn't care less that it's against the terms. There's things that people must compromise on all the time when it comes to personal freedoms - in this case, I'm not going to even if it's illegal.
They'll march me off to war if need be, but God forbid if I upset some company's marketing plan or bottom line.
1 reply →
I don't know really how to argue this here, but there is no such thing as a switch. It's a general purpose computer, implemented on a very specific set of hardware, restricted in its use by software whose only purpose is to maintain the illusion that a switch is a thing.
12 replies →
I'm also one of the people who ultimately decided not to buy a switch (despite wanting to) because of nintendo's aggressive and misguided notion of ownership. There are other options that doesn't involve me betraying my principles and financially rewarding those who trample on my rights.
Now that the steam deck is out, I'm glad I did.
Too bad Nintendo produces some of the most popular game franchises like Pokemon or Zelda, and the only way to play them is to buy their hardware. I used to resist buying a Switch, but Breath of the Wild was such an amazing game that I had to get a Switch myself. And to be honest, other consoles are locked down in the same manner. Probably the most open "console" one could get right now is an x86 PC.
Yuzu is a Switch emulator for computers https://github.com/yuzu-emu/yuzu
Skyline is a Switch emulator for android https://github.com/skyline-emu/skyline
Both still require an actual console for actually making backups of your games.
1 reply →
> Probably the most open "console" one could get right now is an x86 PC.
Yes, and it's called the Steam Deck. It will be interesting to see how it affects the console industry over the coming years.
I agree.
I used to worry more about DRM, at least when it came to books.
These days, it is all about convenience. And the realization that I'm not going to live forever, and how many more times am I really going to read this particular book. Because that's what it is all about. There is some (not large) risk I will loose access to my Amazon account, or Google, or whatever. But for most books, if I get a couple reads out of them, that's practically all the value to be extracted for me.
Because of DRM, there is some small chance that I will loose access to a book that is truly a classic, one that deserves to be read repeatedly. In that case, it is OK to just buy it again in some other format, and give the author a little more money (yes, I know not all of the book's sale price goes to the author in most cases).
Some of my most favorite works I have purchased multiple times, and I don't regret it.
It is the same for games. If you want an exemplary open-world experience, you get a Switch, and buy Breath of the Wild. You then experience it (over months or however long you want to play it) and then it is over. There will probably be something else that will capture your attention next year anyway.
If, ten years from now, you really want to play BotW again, and you don't have a Switch, I'm sure buying a used one would work fine. Or else get the current-gen console, and buy the heavily discounted version on that.
3 replies →
I agree. I think Nintendo makes fantastic games but I don't like the idea of consoles. They'll repeatedly port their own games to newer and newer console but won't release the games for any general purpose platform. I don't want a pile of electronic waste growing under my TV to play my favourite games spread over hardware generations, I want to just have one computer that I can use as a computer and playing games.
>> Each software version expects a different number of fuses to be blown — if more than is expected, it fails to boot
That branch in the code could be interfered with. Over writing it with NOOP instructions might not be easily possible due to verification of code signing but there’s other techniques like power glitching.
If it were that simple then downgrading hardware would be a breeze
>> simple
I don’t think anyone has ever referred to the process of power glitching a chip as “simple”.
I went to a 3rd party repair guy to get my PS4 slim repaired. He started talking about efuses and how if the companies detect anomalies in their firmware they blow the fuses so they have to take it back to main company to get it fixed. Its quite strange to see the topic a day after at the top of hackernews.
What was wrong with the PS4?
Does this mean the upgraded Switch can never be upgraded again? If the upgrade fuses are blown this would imply no further upgrades are possible. If Nintendo can bypass the fuses others might be able to also and hence downgrade their systems.
Does this breach any right to repair laws?
Qualcomm did the same thing on their phones back in the days (known as QFUSE). Not sure about right now.
Very cool idea to accomplish what they wanted!
A lot of android devices do this actually.
There is one thing about video-game piracy that I never understood. Back when I was a kid, there was a lot of piracy for Playstation 1 games. In my home country you could buy any game for the price of a Big Mac. It didn't matter that the game CDs contained copy-protection, the CDs you could buy also had them and were indistinguishable from the original CDs.
Then PS2 came (or was it PS3?) and all the pirate CDs/DVDs simply disappeared. I never understood what made game media piracy nonviable with newer consoles. Why can't the pirates simply copy every single bit of the newer game media as they did before?. I think the WII had some piracy CDs easily available but you also had to mod your console somehow. I'd be happy to have an answer from any of the hackers here :).
Edit: I'm not talking about "home piracy" where you copy your CD in your PC using cloning software, I'm talking about industrial one, you could buy these games in real stores that also sold other stuff brought from China.
Are you sure that the PlayStations you had weren't modchipped? The PSX had physical copy protection (the "wobble groove") that was relatively easy to circumvent (you could manually switch a genuine game for a pirated game once it had passed the check). Modchips made it even easier by just dummying out the wobble groove check. Later games started using Sony's LibCrypt and various checksumming maneuvers to detect pirated copies, but that was all defeatable.
The PS2 used a lot of the same tricks, it was just better at it. But once consoles started having internet connections, they could start doing checks that way as well, and ban people using modded consoles.
You absolutely can mod modern systems to play pirated games. The tradeoff is that you can never use online services. That's why people don't do it as much anymore.
First generation copy-protection efforts were lackluster.
Case in point: I ordered three DVD box sets from eBay, new and sealed, a few weeks ago. All three were counterfeit, and all three were from different sellers. Very convincing counterfeits all of them - but the single-layer discs (because pirates struggle with the more common dual-layer) and lack of copy protection on studio releases (because pirates can't recreate it) were the giveaways - along with some sloppy data layer cutting edges.
Compare this to, say, Blu-ray. It has also been cracked - but counterfeit Blu-rays are far, far more rare and easily detected. Why? The DRM is stronger, sure - but Blu-rays are also entire Java programs and much harder to replicate or rip than a DVD menu. Many Blu-ray Discs have Cinavia, which embeds invisible data inside the video and audio streams informing the player that the disc should have copy protection. Cinavia can't be removed without massive distortions to the video and audio, and pirates can't create their own copy-protected discs - thus, any attempt to make (even press) an unprotected disc with a protected video stream will fail. And finally, rather than DVD which has the recordable and pressed discs with a similar color, Blu-ray uses almost transparent discs for pressed ones, but dark black for burnables, making spotting fakes visually easy.
Where am I going with this? My point is that DVD used only one real form of protection, and it was weak and broken less than a year after release. Blu-ray uses up to, I believe, five different methods all assuming the others have fallen. And that's for a system that doesn't get software updates and came out 15 years ago, unlike a video game console.
DRM in breadth and in depth.
DVD CSS could be cracked for every movie in just 20 minutes of MPlayer+libdvdcss. Then, the key was cached.
> Why can't the pirates simply copy every single bit of the newer game media as they did before?
Ah! So actually, they implemented a really (technically) cool DRM that is totally sideband to the bits of data on the media. It relied on tracking servo feedback that most (all?) cd burners ignored.
Though, this pertains to ps1, I'm sure they did something similar and perhaps harder to spoof for ps2.
https://hackaday.com/2018/11/05/how-the-sony-playstation-was...
You would love the history of cat and mouse with the Xbox 360! When Microsoft lost another round they came out with the brilliant idea of making the games larger then commercially available dvds had space for. The next round hackers truncated the games so they could burn to standard disc as most games had a lot of padded data it didn’t need and this worked well for a while. Then the ban hammer dropped and a bunch of people playing truncated games got banned. So the next thing the hackers did was so cool. They found a way to burn more data to a standard DVD. DVDs were 7.5gb too small for xbox games which were now made to almost 8gb if I remember correctly. Hackers developed a custom software for certain DVD burners, the one I used was a lite-on drive but they supported a few different ones, and you would flash the firmware of the DVD burner and it allowed you to write to the very edge of the DVD. Typically DVD burners don’t allow you to write to this area because it can sometimes be prone to errors. Hackers didn’t care though they even came out with a program that would scan your disc after and verify it was clean with no errors so it was essentially a clone. Of course you still needed a flasher DVD drive in your Xbox but Microsoft wasn’t able to detect that they were detecting discs. It was such a cool cat and mouse game in the end I stopped with the burnt discs and went for the reset glitch hack which allowed me to play all the games from an external HDD but of course not online with microsoft. Though you still could connect to other servers and do things like album cover downloads and play with other hackers xboxs. Good memories.
1 reply →
Oh so interesting!
> Along with the region specific license key data, Sony pressed a special pit into the TOC of every disc. This pit, or “the wobble groove” as it would become known, was virtually impossible for consumer grade CD writers to replicate. A CD writer laser would need to be programmed to physically move in three dimensions in order to burn the wobble groove into a CD-R. So the patented pressing process achieved both copy protection and region encoding simultaneously.
A nice game of and mouse with the modchippers described as well.
4 replies →
I remember all sorts of bootleg media prior to the PS2 release, and what I suspect happened is that there were large crackdowns with FBI investigations and raids on bootleggers. They went after homeless people selling bootleg VHS and DVDs on the street, too. I haven't seen much counterfeit media since then.
Modern DRM uses cryptography and remote attestation, but that wasn't around in the PS2 era.
How does that work? Is every legitimate CD different, with some unique key? Otherwise why can't pirate versions use the same key?
1 reply →
They didn't disappear, they moved online. You modify your own console, download the cracked games and burn your own physical media. Selling actual discs became less profitable (fewer buyers) and riskier (stronger enforcement).
Also selling physical (or digital) copies was rarely done by the crackers themselves (that's actually looked down upon in the community), mostly by third parties who usually had better Internet access/knowledge. When everyone started having unlimited ADSL/etc, their small business dwindled quickly.
Not sure where you grew up, but PS2 piracy was rampant and easily accessible. It probably had more to do with local copyright laws than anything technical.
As far as anti-piracy measures go, the PS3 is where Sony upped their game AFAIK.
There's a really good presentation, by a Microsoft Platform Security Engineer, detailing the lengths they went through to ensure only properly signed executables run on the Xbox One and really answers your question. One of the tools they developed, HVCI, was later incorporated into Windows Hyper-V.
https://www.youtube.com/watch?v=U7VwtOrwceo
VMware actually filed and was granted a patent for the same technique, years earlier, though to my knowledge they never used it for anything (not even for counter offensive purposes against MSFT :).
https://patents.google.com/patent/US7984304B1/en
1 reply →
Today's 1st party game media has a number of unique properties that are difficult to replicate with your average at-home CD burner. I remember a lot of xbox 360 games had check codes etched into the platic inner ring of the disc, for example.
A number of patches and mods came out to attempt to disable these checks, including mods for the Wii as you mentioned.
PS1 (or PSX) had a technique for copy protection that depended on physical characteristics of the cd, something that was not copied when you made a backup. Still the mechanism was simple enough that you could bypass this check with a modchip, or even with a technique called disk swapping, in which you could swap an original disk at the right time with a pirated one and bypass the check. PS2 also required a modchip, AFAIK, there was not any technique to get around it.
On the next generations of consoles, ps3 and ps4 were software modded, so you could run copies, but they were loaded from the machine’s hard drive, so no cd copies were necessary.
There’s a modern way to play burnt dvds with no swap on a ps2. It pretends to be a video DVD (so no wobble groove check) and uses a buffer overflow in the DVD menu code handling to boot the game.
On PS2, there were certain games that could be exploited to allow a software mod to load.
Is it possible that people in your country simply got enough DVD burners that selling DVDs on the street was no longer profitable? Or street enforcement stepped up? I think that's what happened to Taiwan, at least.
Edit: People pointed out that PS2 discs had burned sectors that most consumer burners can't replicate. But I don't think that's really a complete answer as to why street vendors went away, considering Swap Magic[0] made disc-based piracy viable again in a few years.
[0] https://en.wikipedia.org/wiki/Swap_Magic
I can remember people brazenly advertising console "chipping" in my local newspaper in the UK. I don't know why it stopped when we went from PS1 to PS2 (or Xbox).
From what my memory recalls, the PS2 era was when Sony started going after companies which made not just modchips, but any kind of device which let gamers use their consoles in ways they did not like. Think: Adapters which let you use PS2 controllers on an Xbox and vice versa.
Lik-Sang was (again as I recall) the primary target of all this, and was eventually forced to shut down. They were definitely the single best place to buy console modding and other weird and crazy accessories from Asia.
After the first volley, Sony and the rest started going after the smaller players, the local console modders, the ROM hosting sites, eventually even the hackers who discovered vulnerabilities themselves. 2002 was when they came for Lik-Sang and it had an immediate chilling effect, and they shut down as of 2006.
https://en.wikipedia.org/wiki/Lik_Sang
By the way - chipping services still operate, but they have a lot of ways of flying not under the radar exactly, but operating in ways which make it not worth it for Sony, Nintendo from going after them. Doing their manufacturing in China (of course), sales from various parts of eastern Europe, and the direct modding services being super-small time modders operating off local sites like OfferUp, Craigslist, or sometimes even eBay. It's overwhelmingly previous generation consoles they offer services for.
There was also a period when you could very easily (I guess you still can) buy "homebrew" cartridges for the DS, like the R4. Piracy was rampant. I have no idea what the scene is like now, but certainly GB/GBC/GBA/NDS files had no copy protection and were easily distributed online. To make things worse for Nintendo, a big SD card could hold a huge catalogue of games. Since it required zero modding, kids started to ask their parents to get them carts for Christmas and you can still buy them on Amazon. At some point there was a lot of scaremongering that the carts were illegal and that you'd get arrested for owning/buying one. There was a big crackdown and a bunch of countries banned them and fined/jailed distributors, but I don't it ever impacted serious pirates (who could just order them from somewhere like DX).
Things like this I reckon:
https://en.wikipedia.org/wiki/Operation_Tangled_Web
This is going off old memories so don’t take it for 100 gospel, but it’s my recollection of my youth when the consoles were in their life cycles.
PS1 chipping was/is very easy, decent sized pins/pads, depending on the chip it’s almost 8 solder points on the board (other chips had less solder points, it depended on the board revision and if you had a stealth chip or not). Any kid with a crappy soldering iron could install them. The code for the chips also got quickly “leaked” along with the methods the chips used so you could easily find chip code online and program your own chips using cheap microcontrollers. So basically there was very little cost (both in skill and cost) to get started chipping PS1s. So you had a very high success rate chipping them and a decent profit from each console (but as anyone who was so inclined could chip the console, it did lower the cost you could charge per mod. Me and my friend used to mod PS1s at school during our lunch break in the schools technology lab using the schools irons, solder and wire, me and my friend went half’s on a parallel chip programmer, so our overheads would be low, chipping PS1 was basically my first soldering adventures, that’s how low the skill bar was to solder these things in)
Once installed you just slapped a disc in the drive and played the game. (The early chips soon got “detectable” so game devs started putting copy detection in their games, but later chips started becoming “stealth” so would be much harder to detect and would play un-modifyed rips without issue, crackers would also bypass the copy detection in games so they would play on the old chips).
PS2 chipping started off slow, in the early days you would have to push button combinations to put the chip into the right mode for the game you were trying to play (PS1/PS2 CD/PS2 DVD), so the chips were not as user friendly as on the PS1. The chips would also need much better soldering skills to install as you needed to solder wires to some fine pitch ICs on the board. The chips were also more expensive as they required something a bit more “beefy” than the cheap microcontrollers used on the PS1.
So in the PS2 world (esp during the early days) the cost of installing the chips was much higher and they were not as user friendly. So imo the market wasn’t as large as it was for the PS1. (Plus I had started working and had some cash from my PS1 days tucked away, so I just got into the habit of purchasing my PS2 games.
That’s just what I remember, but its 1am, I’ve had a couple of beers, and this was all 20plus years ago so I may not be remembering everything 100% correctly.
Side note: Iirc, chipping an Xbox 1 was much easier than the PS2, and the Xbox 360 “just” involved replacing the firmware on the DVD drive for the console to enable backups so with the right tools (a PC, a ~£15 sata card and a screw driver, a bit later in the console lifecycle you also needed a serial port but a cheap USB serial converter would work, I used to use a cheap Nokia USB data cable with the end cut off and a sewing needle soldered to the RX line) you could flash all the 360s you could get your hands on (there was a decent amount of mail in work on the forums of private torrent trackers, people would open their 360, mail off their drive for £4~ first class recorded (in the UK), and get it back a few days later flashed.
There are lots of great deep dives into piracy protection for various game consoles on YouTube. I highly suggest taking a look. It’s very interesting.
I believe we need new laws declaring that consumers can run whatever versions of software they want on devices they OWN.
This applies to iPhones, Gaming consoles, and Teslas too.
Companies must allow downgrades, and consumers must be able to permanently disable update prompts.
I agree with the idea of full ownership, but I also know it wasn't all that long ago that the user stuck on an old version of IE was the bane of most developers, and that many security vulnerabilities come from software that was patched years ago.
Users weren't running IE6 for years and years because they upgraded to something newer, and decided to go back. The solution to this problem didn't come from making upgrades a purely one-way process.
Device makers have become quite opinionated about how their things are used, and they are in a position to enforce their opinions. I don't know what exactly the right balance is, because there are genuine interests to be balanced... but when a piece of hardware is designed explicitly to allow the manufacturer to remove the device's ability to run the exact same software that it used to, we should meet any claim that this is primarily for the user's advantage with great skepticism. We should also take seriously the possibility that tilting the balance of power in this way creates issues at least as bad as the ones we are hoping to resolve.
It's like a city so fearful of petty criminals, it allows the police the ability to do as they please. And the police are directly hired by the rich people in town.
1 reply →
OK then ban them from connecting to your active web services. But don't prevent their PC from booting.
That's funny. At this very moment I have a Windows VM open just so I can use Internet Explorer + Java8u65 to access the ILO on an HP server.
1 reply →
Not too long ago I was still supporting old versions of IE because employees for large chain we built software for would not allow them to upgrade their computers
3 replies →
Why? Like I get why as a purchaser of things I would want to be able to downgrade, but under what premise is it desirable that the government should mandate how companies design and sell products?
This makes far more sense to me if the pitch is that companies must include clear terms for consumers about how they’ll handle software / what the hardware will allow the user to do in terms of software downgrades. That has precedent as an extension of truthful advertising / consumer protection.
But if a company says “we’re selling the Widget 9000, it updates it’s firmware automatically and irreversibly”, I don’t see a coherent reason for the government to say “no, you can’t sell that”. If people don’t want to pay for gear that behaves in that way, they’re free to not buy it.
> but under what premise is it desirable that the government should mandate how companies design and sell products?
The Government already does this and with great success, the ban on lead additives in paint would be one example. By that point, it's harmful effects were already known as early as 1786 (efforts to ban lead paint began around 1921) before it's ban in 1976 (US).
Perhaps the free market just needed more time?
Without government intervention, somehow I suspect we would still see lead paint continue to be bought and sold. I cannot imagine the unthinkable number of individuals that were fucked over through no fault of their own (learning disabilities, poor health, shortened lifespan) because we chose to continue to allow lead paint to be sold on the market.
> I don’t see a coherent reason for the government to say “no, you can’t sell that”.
What about the environment? By artificially reducing the lifespan of these devices, you're sending them to an early grave only to be unnecessarily replaced by a new device because the corporate overlords demand it.
It's unnecessary churn and I'm not sure that we should demand that future generations carry the burden of our poor choices simply because we would prefer to wait until the free market fixes this mess (which may never happen). How long will that take? 10 years? More?
8 replies →
> under what premise is it desirable that the government should mandate how companies design and sell products?
The premise that benefits individuals and society.
The government already mandates how companies design and sell products. This isn't a radical concept. The reason cars get safer and cleaner every year is due to government regulation. The reason that instant coffee cannot be more than 50% bugs and twigs is government regulation.
> If people don’t want to pay for gear that behaves in that way, they’re free to not buy it.
Or we could just regulate it and then this consumer-hostile issue wouldn't exist.
6 replies →
> I get why as a purchaser of things I would want to <...>
That's actually all you need to say. Anything else is pro-corporate bullshit that you've been spoonfed until you regurgitate it.
The rebuttal to the rest of your comment is "just try and buy a TV that isn't actively hostile to the user". But that's a side conversation, the fundamental reality is that companies are legal fiction that don't have rights. They are allowed certain privileges we grant them, and we should not grant them the ability to screw over people that don't understand what the term firmware means.
8 replies →
Virtually everything you own that was sold in the US had a wide variety of terms set by the US government on your behalf on how it was constructed, advertised, and sold. The question was never if the government should set terms it is what terms.
You are also somehow envisioning the government as a separate entity having no relationship to the people as a whole that instead of literally already setting the entire ground rules in which our society exists somehow needs a very high bar to justify any interference whatsoever.
The government is all of us and the only justification it requires is the people's interests. 99.999% of people aren't chicken farmers so if they demand cleaner chicken farms so the chicken they eat are less likely to give them the shits then cleaner farms it is and those who who don't like it can situate their farms somewhere else.
99.999% of people aren't Nintendo executives so if the people are smart enough to demand hardware they actually own then Nintendo is free to exit the entire US market.
Pray we don't alter the deal further.
6 replies →
The problem is when an upgrade limits or removes features from the time of first purchase - it's akin to changing the terms of an agreement after signing it.
2 replies →
> under what premise is it desirable that the government should mandate how companies design and sell products
Under all circumstances in which the profit motive does not align with societies desires. Safety, health, discrimination, consumer rights, etc.
It seems like they're being allowed a software monopoly that reduces consumer choice and increasing consumer costs.
4 replies →
Steam Deck has a very similar form factor and is way more open to hacking. It seems like the free market is working. Why should the people who develop products at Nintendo have to design around some politician’s law?
I'm waiting for my Steam Deck. That said, the Deck is a drop in the ocean.
> Why should the people who develop products at Nintendo have to design around some politician’s law?
Sorry, but it must be we live in different planets. Japan has laws tailor made for the commercial interests of their gaming and media industry. Are IP protection and copyright also politician's law?
I'm all against absurd legislation and bureaucracy and I'm glad creators get paid but analyse your sentence:
"Why should the people who develop products at Nintendo have to design around some politician’s law?"
Do you notice that you are equating People=Private Company and Consumer Protection=Politician? I could understand if you are the owner of a company trying to work around some legislative moat, otherwise, it's pure brainwashing.
Perhaps a good middle ground could be that the regulation takes effect no later than when the manufacturer stops providing automated security updates.
Anything that allows a manufacturer to deliberately render a device that you paid for inoperable is not a compromise at all.
2 replies →
I will partially disagree with this. Irreparable hardware/software changes like this should absolutely be banned, however, I disagree that we should dictate speech, with speech in this case being how the software was written. An analogy would be telling people they can't protest vs. shooting them when they try to.
But the core issue here is the company restricting users from running their own software so the analogy would be more that a company would not be allowed to tell their hitment to shoot protesters even though that is technically speech.
reading through the replies to this, perhaps it should instead be that if you create a method to prevent downgrades you must also provide documentation on how that prevention method works in great enough detail that it can be circumvented.
Were they to document a way for you to disable the fuse check, then the user could disable the fuse check and do their own downgrades, or if writing this kind of technical documentation is too laborious then they can just provide themselves a downgrade service and just point to that in the documentation.
what if the method involves paying the original company a fee to use the old version? Would that be considered acceptable?
Even if such a law was enforced, there is a workaround: rent the consoles instead of selling them. That way, you don't legally own the console/phone/car you're playing with and they still can do whatever they want. Leasing is common for expensive items, down to cars, sometimes phones, it can be used for consoles, too. https://en.wikipedia.org/wiki/Lease
Such a workaround only works with weak enough consumer protections. If it quaks like a duck the law can choose to treat it like a duck even if you insist that its actually a goose.
I think companies can get over it with licensing. They can use subscription model to force you to upgrade.
How about on the Engine Control Modules on cars other than Teslas?
I have a Tesla, and I was stupid enough to upgrade to v11 without reading up first. The UI is so broken that I now literally have hate attacks while driving the car. Oh, and the update somehow broke a window controller unit, which had to be physically replaced.
So: yes. I’d gladly go back to v10 if I could. I actually offered money to do so, but - unsurprisingly - I got refused.
Which jurisdiction are these laws?
I meant we need these new laws. (Fixed in original comment)
4 replies →
Required supporting of old versions of a OS for a gaming console seems to provide no sensible benefit.
You can allow a downgrade without actively supporting old OS versions.
1 reply →
The reason it’s not that easy is that platform holders have contractual obligations with content providers about their content being secure. These obligations are an incentive to content production.
Actually its exactly that easy. The platform holders cannot offer something to content providers that is outside the boundaries of the law nor use a court to compel them to break the law.
Making it the law is about the only thing that would work because incentives are otherwise inherently misaligned.
2 replies →
Companies can only get away with this crap because consumers are so still so darn ignorant. I think most people won't accept a car that prevents you from changing your own oil or replacing your own wiper fluid, so it always boggles my mind that so many are still buying computers that lock users out of the firmware and boot process.
A Switch is just a toy anyways. Buy a different toy.
The reason why games on Switch can "just work" is that the OS provides the DRM. Otherwise, we would see rootkits, spyware, or always-online requirements like the DRM hell that we see with Windows games.
It's a trade-off, and I believe there is space for both kinds of devices. I want an unlocked Linux PC and a DRM-monopolized-by-Nintendo Switch so that I can do tinkering, when I want it, but also enjoy games without much technical fuss.
>The reason why games on Switch can "just work" is that the OS provides the DRM. >Otherwise, we would see rootkits, spyware, or always-online requirements like the DRM hell that we see with Windows games.
None of this would be an issue if the companies just released the server-side tools and let people host and moderate their own instances of games. This is basically how the Fediverse works and it's great. People who want to be nasty go into their little corner and everyone else in another.
Only problem is this would mean customers actually get to own the stuff they buy. Companies would rather you be the product.
9 replies →
What? I get all my games on Windows DRM free from the likes of Gog and Itch.io. If there is a game I want to play that has DRM I get a nice clean pirate copy.
9 replies →
Not all consumers are ignorant, but 99% of switch's consumers don't even care.
I bought the toy because I enjoy Zelda and Mario. I've bought every Nintendo console since the NES and will likely continue to do so because of the enjoyment I get back from it. I'm not interested in modding or downgrading or whatever.
If you are not looking for a toy to enjoy Nintendo only games with then get a Steam Deck or whatever else and mod to your hearts content.
> I think most people won't accept a car that prevents you from changing your own oil or replacing your own wiper fluid, so it always boggles my mind that so many are still buying computers that lock users out of the firmware and boot process.
There are countless variations of this in cars. Changing a fuel pump or ignition control module or sometimes even disconnecting a battery activates 'anti theft' features in many cars and companies frequently use the DMCA to prevent repair and maintenance without $10k/year software licenses.
I recently had to change the transmission in a '13 Juke. The battery was disconnected, and now three months later I still cannot use the radio. We have the placard with the unlock code, but the radio does not unlock.
Had the dealer done the repair, I could probably fight with them to get the radio fixed. But with the independent shop that did the repair, whom I feel did nothing wrong, I do not want to pressure to repair the "collateral damage" that really isn't their fault.
Consumers but game consoles to play games made for the consoles, and as long as they can play, why should they care about firmwares and bootloaders? In fact, I know plenty of Linux kernel recompiling geeks with custom built PCs who buy locked down game consoles because sometimes, they just want to play video games, and game consoles are really good at making it hassle free.
And the fact that they are locked down is not a bad thing. It actually made Nintendo's success. While other manufacturers had to deal with a flood of poor quality titles, Nintendo was able to set quality standards. As for the evil DRM, game publisher sometimes don't want to release games on open platforms (like PC) because of piracy.
Your car analogy doesn't hold, you don't need to change oil and wiper fluid in your consoles, consoles are essentially no maintenance and that's another good thing about them. And in fact, the most likely maintenance operation you may have to do on the Switch is changing the battery, and it is a relatively easy operation. I don't know how long my Switch will last, but consoles tend to last a really long time for consumer electronics.
Game consoles may be computers under the hood, and with hacks, you may turn them into a general purpose machines (and I have done it, it is fun). But really, they are accessories to the games. You are not "darn ignorant" because you buy a console for its intended purpose. Yes it is a toy, literally, you find it it toy stores, but why should you buy a different toy just because it may not do more than advertised?
This is common in modern embedded devices. Sometimes they're called eFuses.
https://imxdev.gitlab.io/tutorial/Burning_eFuses_on_i.MX/
Yeap, I think the Xbox 360 was the first (or one of the first) to implement this protection back in 2005 - https://www.youtube.com/watch?v=uxjpmc8ZIxM
Wii and PS3 too :)
Has there been any research on reseting these fuses via fault injection attacks?
These fuses are inside the CPU itself. They are programmed in a sense much like the firmware itself is.
These fuses have always been around in microcontrollers. They are used to configure various aspects of the microcontroller operations, like startup sequences, whether or not the contents of the chip can be read out, is their voltage monitoring (brownout detection) enabled, is there a watchdog timer enabled which could reset the chip automatically if needed, etc.
It is common that fuses like this can only be set to progressively stricter settings. And the only way to reset the fuses is to erase the entire chip, firmware and all. It sounds like these fuses in the Nvidia dont even allow this.
I believe it's irreversible, they need to be replaced not reset.
1 reply →
The fuses aren't being protected from modifications by the firmware, but they are physically burnt - no way to reverse that.
6 replies →
yup, Samsung Phones have them as well.
a clever but despicable tool.
This is an interesting idea, but quoting Stalin, isn't the really important thing the program that counts the burnt fuses? Maybe that's also exploitable
Anyway, the article also says that an exploit is already available to bypass that
out of curiosity, what was the original Stalin quote? I'm guessing something like "the important political position is the one that assigns positions to others" or something like that? I would google, but unclear what to search for.
It's not actually a Stalin quote. See e.g. https://fanaro.io/articles/quote_2_stalin/quote_2_stalin.htm... or https://www.politifact.com/factchecks/2019/mar/27/viral-imag...
1 reply →
Nintendo is worst then Facebook (in different ways)
Nintendo creates works of art. Facebook creates ad platforms. I wish Nintendo's consoles were less restrictive, but there are worse evils.
One of Apple's defenses against EU regulators wanting them to allow side-loading is downright whataboutism as they point to games-consoles as similarly locked-down, single-marketplace platforms that extract the same 30% cut of sales revenue from developers. And there are plenty of non-game titles on the Xbox and PlayStation stores (Netflix, alternative web-browsers[1], even a Google Stadia client... sort-of [2]), so I'm surprised you're applying double-standards to games-consoles when they're almost identical in nature to Apple's walled-garden.
[1] https://www.windowscentral.com/internet-browser-may-be-remov... [2] https://www.reviewgeek.com/98799/you-can-now-play-google-sta...
4 replies →