The Security of Classic Game Consoles

all right everyone welcome to the security of classic game console my name is Kevin Shackleton I'm a five-ton vision distinguished engineer at Turner I've been there for 15 years and a lot of different things what my responsibilities currently is over the cybersecurity strategy implementation in our engineering organization so I get to work with all parties nearing to you on running secure code and making security first-class design concerning the sovereign systems we build now growing up in the 80s Nintendo with my life I begged my parents for a Nintendo when I was a kid and when I was in fourth grade I find the guy Nintendo for my birthday and my Nintendo and I were inseparable so I had a lot of great

times playing games and for those group of the 80s or even if you have any passing familiarity with intended user ruled the 80s and large-bore the 90s however Davidian game industry actually suffered a major major downfall in 1983 when it was from a three billion dollar a year industry to 100 million dollars in just a single year so it had a massive crash 1983 that actually lasted for two years now retrospectively one of the major causes of the very impressive educated brief is a glut of games that were just coming out so Atari one of the most popular system at that point and over 700 games developed for us and only a fraction of these games I've seen from

Atari a lot of the games were just really really herbal gazed at flowed as a market now in the fall of 1985 that tenda was introduced here in the United States and then with widespread the following year and it really resurrected the video game industry in the mid eighties now Nintendo learned from the crash 1983 and so they introduced with all of their game this feel of quality now for those who are familiar with this game here part of the third youth will know was one of the worst video games of all time so clearly the deal has nothing to do with quality whatsoever now what is field faulting actually meant was that as a developer your game had be

exclusive to the Nintendo for two years they locked you in also you can only develop at most five game per year for the Nintendo so Nintendo was constraining the market of games there was also a content reviews of a former Apple Store doing their iOS app virtues Nintendo is doing it with Nintendo games a review for violence sex objectionable contests and so forth and then and this is the most crucial part here is actually Minh Tendo controlled the entire manufacturing process for game cartridges so this president 13th game was produced bindings are manufactured by Nintendo and the developer action is a Nintendo upfront for the manufacturing cost and as a developer you set up similar dump and copies of this game

crews Nintendo might say well we only do 75,000 and go okay and then since take a look what the full amount of money to produce all twenty-five thousand games and if you didn't sell your entire inventory your sub Development NL has Bureau riskier now how did Nintendo actually enforce it because it seems like a terrible deal for developers and I'll get into that in a little bit here but I'm going to transition to a transition to an actually an awesome game so Megaman C which is one of my favorite games of all times it's regarded as a very very game and what I'd like people to read this presentation if you love if you'll indulge me forbid welcome to continue

the presentation here from my Nintendo but modified in tune with my modified Megaman 2 game and we'll talk about the security of game console so how does Nintendo able to enforce the licensing licensing restrictions however other big companies followed suit and incorporate securing their consoles and lets me learn about that and take that back to the software systems so let the switch over here [Music]

I'm not going to blow it up so I know blowing on it actually condensation will corrode out the connectors this year all right we may have to hear the text is very small but I've actually modified it a bit so it's not exactly big mokuba I'm going to make one more change here and that's much better here [Music] okay stow it around talking about Nintendo and we're actually going to start with that so and if you don't appreciate my my transition here and actually just play segment two t-shirts coming right at you so if I were open up my Nintendo gear this direction with the motherboard looks like it's died and remember Nintendo's seal of quality or seal of

approval feels quality how do they is for assessment was actually done through security of the first class designed concern abandon Tendo and so this chip right here is actually crucial to them so if we zoom in on it this is called the even tender checking integrated circuit for CID also known as the 10s chips so this excessively is a lot inside of your console and the video game over there if we open a fix cartridge that actually has the corresponding ship it's the exact same chip inside the cartridge remember how Nintendo manufactured all the games all the cartridges they put that ship inside the cartridge what's fascinating to me is that these ships are actually the exact same chip

literally they're the exact same they're just wired differently so on your console this take positive liable to power because of drawn columns my console in that scenario the chip act was a walk in the game cartridge it doesn't draw any power there's no power on those games so in that scenario it acts as the key when you turn on your systems the game is connected to the console and the locks over here on the CIP chip tend to see that seed goes to your seat both the lock and the key should do a series of calculations a producer results the key says no result back to the lock the lock compares the results is the result matches then the lock

knows is talking to a legitimate team and in a lot of the game to run how does it do that the lock is actually holding a reset line on the CPU if it cannot establish a communication with the key that determines being legitimate it will reset the CPU so if you've ever put a Nintendo game in memory you guys all joking about you blow on the cartridge when you put that cartridge in and you see the red dot washing on the console and you see this game flicker about one second plus because it's actually ryan 1 hertz and it's not able to establish decimal communication between the CIT ships and resetting the CPU now how do

we defeat this well Nintendo captured this entire process and maybe I should describe it in great detail they don't talk about the codes that you brought on the chip but that's okay we don't need that inside of the patent it describes an error scenario where instead of a lock key scenario if you run into a key key scenario that's an air state and in which case the CIC doesn't do anything so what does that mean if we sniff this pin here pin 4 on our chip on the console that's where it's drawing the top 10 5 volt power now the chip no longer gets powered remember how it says in the scenario where the cartridge

things to the key now gets to key and what happens here in the security world we call this a fail open design so in failures area it fails open and everything actually just works so the interesting design choice that on the case of Nintendo engineered the opposite of this via failed closed design work the detective this air scenario it recent CPU now this is just one type of attack there's another type of attack that the CIP is susceptible to and that's knocking it offline by a rogue cartridge so there's unlicensed game developers who develop game cartridges that when they wrote with a producer importers they don't have a CIP chip so instead what they put there with a

voltage regulator that sends negative 5 volt to CIT ships the TIG chip draw positive 5 volt what that we actually do is not the chip off one while your console is on rendering it off and run now I'm in Tendo actually wised up to them so they weren't checking their inputs right they weren't considering that they would get a malicious cartridge plugged in there so it's future revisions in the Nintendo data to diode on there to protect against Fulgham spikes to block out those now there's one final attack that the CIA's been susceptible to and that's simply reverse engineering and cloning the chip now the console in the game here I have access that's right so

effective select the client side logic right I have total control over it so I can reverse engineer a deal that works and actually download a company called 10g ended so tension you're not familiar is actually Atari so it's hard just created some people engine to produce nintendo games inside of here is a clone of that CIT chip that they called The Rapture okay so far found Sega said so the second matter was notable that it's one of the initial consult that had a CD based media here so there be the other games were on a CD just like any other normal TV because there's one crucial change and that is in the outer ring of

this TV was what's called what we call house ecstatic wobble signature basically is a regular CD but Sega created their own CD readers and CD writers they were capable of writing a unique signature in the outer ring that is not readable like any normal TV drug so what does this mean well for an attackers the work factor of trying to attack that move incredibly high do you have to go reverse engineer first of all how to read that signature how to write that signature what the signature was and produce the machine capable copied it so it actually actually get to be broke if no one is actually broke in this particular surgery security measure now going back to our fuzzy logic

impossible break it because we have access to the Saturn we can see how natural but at security close we know that there's actually probably other ways that are more useful to attack this atom and that reduction would happen here but first that work factor is actually described in 1975 paper called a protection of information in computer systems it's a fantastic paper a lot of research different language be sent this one actually very readable I encourage you to check it out it may be they go through a bunch of security 9 pattern they're still very relevant setting but the way the standard was attacked tom is one of the ways with a disk swap attack which is effectively a timing attack so

you can put in a legitimate disc into your Saturn the Saturn reads that security signature of the Ring and before it loads the game you yang out the disk and you put in your your burn or pirated to conduct a lot of CD based systems are susceptible to be swap type attacks and then another time attack and this is not surprising all in pod so people have access to the hardware they can go figure out how to rewire the system you know step up in here soldering suppliers over here and five has some of the security measures or bypass set that signature reading so there's not any risks with that we can break your your Saturday requires

technical aptitude plus you know the point here is that attackers just said ok we're not going to bother trying to attack the media format because that should be too much time let's go look at other attack sectors there's nothing to study please so the Sony Playstation was named Jenny screen it has a very great run throughout the 90s it also is a state disc based format just like the Saturn it actually utilized the exact same concept appending a signature key on a ring only to Saturn or only the PlayStation could could read and write that ring but the PlayStation actually was successful from a major major design flaw now first let's talk about though what the Playstations do when you go to

the game so the first thing it would read up sear on that wobble region of data on the disk and verify that it was accurate or password expected interestingly we actually know what that data is it's just four characters is either sony computer of america or sony computer of japan's four characters so it's really gz smell that is and then next would recent license screen text in the game header and display that on the screen ahead of match exactly what it was expecting something like license by Sony I thirst good things matched up into what the game would look well the design flaw in the PlayStation is parallel corporate down here which is why I'm showing the back of the

PlayStation and the parallel port be the terrible thing about it it did add access to the stream buffer of data coming off of the laser event that was reading your dips so attackers created a simple device no soldering the body required you just plug it into your pillow fort it would hijack a stream data coming off the laser and when the assistant would say I'm going to read that signature in them and that other edge of it did it would say oh here you go here's the port characters that you're expecting and so now the OS is not in thinking that it's getting too big of the disk when in fact it's coming from the parallel ports okay and then

that license screen tech it was just telling the console to swap disks and in a voltage gain that license with only on the first disc and so the system thought it was switching to the second destiny would just ignore this this check here so what is the lesson learned here well first is that going back to 1975 paper there's a concept of lease privileges so you know something that system an entity should have only privileges that it use I would argue that the parallel forms of exploitation should have no reason to act as the stream buffer from the laser you know reading from the CD it's you know should be a separate concern they're actually

Sony agreed with me of course they was in so this is the point base where I was introduced and five years later they actually restore vision which is one out of move the parallel port and if it follows another security principle which is just subscribe to that paper its economy of mechanism but we know this today is to keep it simple or keep it simple statement right similar systems are going easier to reason about they're easier to test and you'll be able to make them more secure so all things equal a simple system versus a complex system I put my money on the simple system being far more secure and so by renewing the parallel port they reduce

the attack service area the PlayStation they remove attack vector completely all right next up one two three times so backing Sega the Sega Dreamcast a fantastic system unfortunately very short-lived however the Saturn have that custom format well Sega and I will also by Sega Sega introduce a brand new one of the debuff day designed entirely new media for their system so no longer we're games on CD ROMs now it's on something called a cheer on look just like a cd-rom the packs more data on there and no one made gt-r on readers no one made gt-r on writers only seconded so now if you think this base they've solved right well the Dreamcast actually supported

three formats the first is compact all unions but it's an all-units forget about that that's worthless next up was the gt-r on which I talked about but no one knows how the heck to redirect those did forget about that attack Specter there's a third format here no one's ever heard of this probably it's called mill CD Bill CD is actually a brand new format also from Sega introduced at the same time the Dreamcast you know what the mill city was when it was an audio CD with executable code now you guys often mention which is England you had executable code into the mix theory it's not good right the intention was until to you with an interactive cd-rom as it

turns out there's only seven actual milk cities ever produced so it's very definitive Breann use format but what the attackers were able to figure out was that how could we take a Dreamcast game and put it on to Bill TV so they were most games actually didn't even take the full space so they could just copy the directives rossini for games that were too large it is downsampled the origin or sounds they burned that onto a CD code executable code according to the mill TV format which was well documented and basically injected code it's the dreamcast and that's how dreamcast were able to play burn games without any modification whatsoever so very very clever and what we learned

through all this especially as a text follow the path of least resistance so whatever the easiest attack vector is that's where the attackers were going together yeah what we look at for systems of today to talk about some old much older systems what about newer systems today now with basically all systems that are fairly recent to work factor it taxing some hardware all those carbon protections has pretty much block everyone and that does not to say that it's not it's not possible but the systems are so complex there's so many the knowledge required to analyze the hardware that componentry so intense now that this is not the attack vector that attackers are going after certainly some people will but

this is not the easiest way to go now things have moved into the space that all of us are very much aware of which is the software so here's fans you start automatically GameCube and this game with online games connected to second server and in the game you could set up your internet settings to connect a second server and one of the things with the DNS IP address if you wanted to use beauty editor well the tackers figured out that if they put in their own IP address to say that they were the DNS server then they deep they your data hijacking you know imported to be the actual game server negative it was really the malicious server they

controlled and then a delicious server they told the game hey here's an update for you to take there's a new version of the game so the game would take an executable code of executed and then it routed the game to villages while a fantastic game which was a lunch title for the week they there was a save game file that the game would utilize going on you know like an SD card and in that save game file with the name of Link's course to your character sports and attackers realize that if they put in a values with nonsensical stuff deal they could execute a buffer overflow in the game when if the game is loading up and

reused a game file the buffer overflow execute some extra code code on the savegame this and then you improve the week so again another attack through software through the game and of course the developers didn't think that anybody would be writing a malicious a game file they're thinking or the roots right in the bottle no one else could do that and then finally the Nintendo switch this just came out this year and it already had a trumpet children now how it hit us wish already been hacked well this is a switch like many modern console comes with a browser built if that browser is a WebKit browser that WebKit browser and shipped with in six bundles right it's probably

new and it was certainly manufacturing but six month old now there's no CBE of known vulnerability and attackers were able to simply you know exploit that known vulnerability so components with known vulnerabilities exist in game consoles now so what is the moral this story here so hopefully you've learned some security principles in a fun way through these consoles and my hope is that you take these these concepts back to the software systems that you built today thanks very much and

thanks I do thanks a lot Kevin all right we'll take about a five minute break and feedback here