Yodzilla posted:

Razer sells every product at a loss

wesley snypes posted:

forbidden lesbian posted:

pls dont probate ppl for pics that make me horny

CitizenKain posted:

hey, all the crusader kings 2 dlc is onsale today, even the ragas of india dlc

stoutfish posted:

very rarely do companies take content that was intended to be in the base game and sell it as dlc (mass effect 3)

Knuc U Kinte posted:

What was that? I ain't finish the game yet because it kinda sucks.

Notorious QIG posted:

ftge

Space-Pope posted:

dont even get me started on the lack of a new ogre battle

Space-Pope posted:

ogre battle was a brilliant game that was amazing in its depth and complexity. removing direct unit control in battle made army management a top priority, and the myriad of things that affected it was awesome, in addition to the tons of choices u got to make during the course of the game that would affect both ur army and the final outcome of the game. it was legit ahead of its time

then they had the designer (who also made tactics ogre, vagrant story, and ff tactics) work on ff12 at which point the dude kinda went nuts

Suspicious Dish posted:

I have not done one of these in a while.

Let's start with a recap. Nintendo wanted to make a new cheap console and have this fancy new controller, but also keep backwards compatibility with the Gamecube. They rearranged the internals of the hardware around, but mostly kept it the same. They upgraded the Flipper chip to the Hollywood, and in the process added a bunch of confusing new features for gamedevs as part of the "HW2" upgrade.

To support all the new hardware like the network interfaces, Bluetooth, USB, etc. they added a whole other ARM core that runs its own custom OS called "IOS". Unlike the Gamecube, they have a proper OS with apps ("channels"), and some custom functionality as part of the "System Menu". They also wanted to have an update system so they could add new features to the system at any point. So, they need a secure way of making sure that nobody else's code gets on the Wii. If they blindly downloaded an executable over the network and installed it or ran it, then nope, game over. You can now have people run custom code, and then when that happens, you basically own the system.

Remember, all the "game" code (including the System Menu) runs on the PPC, and that has raw access to all the hardware, including all the memory in the system, the GPU, the NAND flash, and other stuff. And if you have code running on the PPC, you can get stuff running on the ARM core too: just install your payload into an IOS version slot, and then tell the ARM core to run that. Boom, you're toast. (We'll talk about IOS versions in a bit, since that's the other hilarity).

Surprisingly, the Wii doesn't really have multiple defenses against rogue code running either. If a game is running, it's law. It can access the entire NAND flash through /dev/flash, and it can access the NAND FS with /dev/fs. There is no attempt to make sure that games can only access their own savefiles or stuff like that, that's all done through the official SDK and licensing and compliance. The system is toast once any unlicensed code is running.

So, they did what most people do: they use a signing infrastructure. They maintain a "secret" key somewhere on the ROM, and whenever trying to load any channel or app, the System Menu makes sure that the code has the correct signature. Since Nintendo manufacturers all discs, they can pull this off: gamedevs submit a final master image to Nintendo along with cover art and and disc art, and Nintendo signs it and presses a disc.

This should be completely unbreakable, as long as you aren't stupid.

However

HOWEVER

Nintendo is stupid. They completely hosed up. Completely. hosed. Up.

This is the biggest security bug known to man. It's the most colossal fuckup you could ever do, and it renders the security check completely useless. It's known as the "Trucha signing bug", as it was first published by a forum user who goes by the handle "Trucha", even though it had been privately found several times before.

Basically, Nintendo uses a combination of RSA encryption and RSA signature checking to make sure that the disc is actually from Nintendo. At the beginning of every disc is a little piece of data known as the "Title Metadata" (TMD) which tells the system what the name of the game is, what files are on the disc, among others. This is what's checked.

Since RSA only works on a maximum message length of 256 bytes (if you have an RSA-2048 key, that is), in order to compute a signature, you first hash it. Nintendo uses SHA-1 here to compute a 20-byte hash of the content, and then encrypts that with their private key.

What's supposed to happen is that the Wii will read the TMD from the disc, hash it by itself, and then decrypt Nintendo's value with its public key, and then make sure that its hash and the encrypted hash on the disc are the same. If they are, then we know that Nintendo created the disc, since they're the only ones who could have encrypted that same hash.

However, when the Wii compares the hash it computed with the hash on the disc, it uses strncmp instead of memcmp. For the non-programmers here, that means that whenever it sees a 0 as part of the hash, it thinks that the hash just ended. As long as it matched up to the point of the first 0, then the Wii thinks that the signatures are the same. This is even the case if it starts with a 0: all we have to make sure that the decrypted hash and the hash of the content both start with 0.

The TMD also has a lot of empty space which is never read, because the format is aligned to 32 byte boundaries. This leaves us with a lot of random unused bytes. We can keep modifying this data randomly until we get a 0 as the first byte. This can be done in seconds on a modern computer, however theoretically it can take an infinite amount of time (it doesn't).

Now for the second part. We have to modify the encrypted RSA bytes so that it decrypts to a 0 in the start. Since we don't know what will result in a 0 after encryption, we could just brute force like we did the SHA-1 hash and decrypt over and over until we get a 0, but the designers of RSA left us a secret present.

You see, RSA is based on multiplication. Lots and lots of multiplication. Ars Technica has a really good approachable introduction here:


You might notice something here. Anything times 0 is 0, right? So if we take a bunch of 0s and decrypt them, it will always result in 0s, no matter the public or private keys.

So, we no longer have to do any RSA decryptions at all. It doesn't really matter, since it would have only taken us a few more seconds anyway, but it's still another hilarious piece of incompetence that falls out.

This is how a good majority of Nintendo homebrew initially worked, including the Homebrew Channel. Nintendo later patched it out, but only in the latest version of IOS. The bug remained in older versions of IOS for at least two years. I'll talk about IOS version slots next time.

Notorious QIG posted:

yospos should I get civrev 2. I have never played the first

haveblue posted:

Notorious QIG posted:

dont play a wow

HAIL eSATA-n posted:

PSA: don't ever play a MMO or MOBA

hth

Vintersorg posted:

its a man child game

Vintersorg posted:

its a duck tales game

Notorious QIG posted:

woo im off probation yes i took mafia 2

Panty Saluter posted:

quigs


where u been

Notorious QIG posted:

bfbc2 had astonishingly destructible terrain, i distinctly recall blasting holes in walls to expose people hiding in buildings

anthonypants posted:

i heard it wasn't very good?

Space-Pope posted:

lmbo the sims 4 wont have pools in it