0

I bought an old second-hand Nintendo DS game from a used game shop and my 3DS wouldn't play it. I exchanged it and the shop said it was probably a forged cartridge.

I did a bit of research and apparently the 3DS has better forgery detection than the older models - so the fake cartridge probably worked in an old DS but not in my newer model.

Here's what I already understand about 3DS copy protection:

  • Modern cartridges have a cryptographic signature to prove they're genuine.
  • Older cartridges have no signature, but the 3DS has a whitelist of checksums for every legitimate old cartridge.
  • Cartridges that don't have a signature OR appear on the whitelist are blocked.

I can see how this would stop me releasing my own unlicensed game. But I don't understand why it blocks a copy of an existing, legitimate game.

My question is: why can't the game pirates make a perfect copy of an existing game, including the signature (or with a matching checksum), so the 3DS can't distinguish it from the real thing?

(Aside - I've got no interest in playing pirated games (I write software for a living myself), I'm just curious about the technology).

TenMinJoe
  • 111
  • 1

1 Answers1

1

Things like this aren't just about providing a checksum or serial number as part of the program or image. That would be too easy to trick.

In such situations one basic paradigm would always be true and important: "don't trust the image" (at all).

It's more likely the checksum is created on startup (doesn't have to include the whole image data to speed up loading times), and then compared to an internal whitelist.

This way it's way harder (or next to impossible) to trick the console to think the game would be something else.

Signatures work in a similar way, it's just so that the "whitelist" is essentially provided as part of the image as well.

Why can't they just create a matching checksum?

That's easy to answer: Because it is a checksum. A checksum is supposed to change, even if there are only slight changes to the source. Of course, there will be collisions (since the checksum has a lower entropy than the actual data), but it's still most likely too hard or almost impossible to achieve this. You can't change all the code just to match the checksum, because you'll most likely have to change more than one or two arbitrary or unused values.

Why can't they make a perfect copy of an existing game?

That's the better question. I'm not 100% sure, but I'd assume that it might not be that easy to get the raw image and the actual data read already depends on the actual hardware accessing the data. To provide a similar example: It's not that easy to read or write a CD or DVD "as-is" simply because of the firmware doing its own processing/error correction as well. In a similar way, you can't tell a burner to exactly write the sequence 001100110011 to the disc. It will do so, the data read will still be the same as well, but the actual/physical data will have a different pattern/representation (e.g. due to error correction/redundancy stuff).

Mario
  • 8,442
  • 1
  • 29
  • 34
  • Thanks. "Why can't they make a perfect copy of an existing game?" is really what I'm curious about. If my 3DS can reliably read whatever data it needs to verify the cartridge, I would expect that the pirates could also read that data, and then reproduce it in their faked cartridge. – TenMinJoe Feb 14 '14 at 10:11
  • The trick is that what you get is not necessarily what you have to write (as in the CD/DVD example). I could also imagine some hardware serial number or some similar unique feature put into the equation as well, so even a perfect 1:1 copy wouldn't necessarily work. – Mario Feb 14 '14 at 10:12
  • I don't think CDs are a good comparison - I know that what you say is true for audio CDs, but CDs are designed to be an error-tolerant medium; if your CD gets scratched a bit it still plays. By contrast, I would expect that every time a game cartridge is read, I get 100% the same data back that was written onto the cartridge originally; indeed, if this were not the case, then using checksums to verify the data would be hopeless. – TenMinJoe Feb 14 '14 at 10:19
  • You misunderstood me a bit. Imagine you having to write the CD raw, i.e. without letting the firmware do the necessary adjustments. I.e. what the 3DS (or any card reader) reads off the cartridge is not the actual content 1:1. Might be wrong on that one though. – Mario Feb 14 '14 at 10:21
  • While we're talking about cardridges and not just passive media, the cardridge may contain some logic that can be tested (and which is more complicated to duplicate, unless you know the exact algorithm). – Jari Komppa Feb 14 '14 at 13:28
  • The specifics of the 3DS's anti piracy features aren't going to be readily available unfortunately, so this is all going to be speculation. These cards do have small processors built into them, so they could run some calculations or give variable data. –  Feb 14 '14 at 14:03
  • It's the retro-fitting of the whitelist copy-protection to try to detect older fake cartridges that I find interesting. Obviously those older cartridges aren't doing any kind of challenge-response. However, I realise that I've made the assumption that the whitelist is even effective against this - perhaps my failing fake cartridge (Professor Layton and the Curious Village) was from the post-whitelist era. – TenMinJoe Feb 14 '14 at 16:04