Hacking DIOS MIOS! GC ISO Loader proof of concept (Starfox Assault)

[Mid123]

'I don't expect the pirates to crack it anytime soon.' From his twitter:http://twitter.com/BroadOn/status/19268574476

 

[knuj_on]

I am willing to be educated so please comment if I have anything wrong as this was told to me by someone who likes gamecube games.

There is no way to buy a new gamecube game, so you have to buy second hand. Most people who have good gamecube games hang on to them so good condition games worth playing don’t come up that often. So you have no choice but to buy whatever is being sold and hope it plays.

He did this and went to the expense of having the disks professionally re-surfaced, but some still did not play. He knew I was experimenting with statistical data recovery from optical media (magnetic media is not new, the techniques go back to the 1960’s when banks had to be able to read tapes) but it is difficult to get to the 1’s and 0’s on the media. The 3 unplayable disks he game me took an average of 8 elapsed days to construct an image of the disk.

When burned, these backups played perfectly, so he gave me the rest of his collection which backed up in an average of 2 hours each. The originals would play if you inserted them several times but had random crashes and again the backups played perfectly.

The hard drive on his Wii is starting to show old age failures, and new drives do not play backups so this looked ideal. If most people have disks which don’t read perfectly they can’t use this because of the AP measures, so the only choice is a hardware solution. Thus the AP measures only hurt people with legitimate copies as it does not prevent “rent, rip & return”, so is counter productive.

 

[blazingwolf]

Get rips and use an emulator?

 

[Kayot]

When's the last time someone let logic stand in the way of a bad decision?

Then again,

When has there been a bad decision that wasn't venomously protected by the opinions and pseudo knowledge of the 'informed'?

 

[PsyBlade]

defeating rent, rip, return isnt complicated at all if he wanted to do it
well ... if the current cryptographic system is any good that is

all data mentioned below should be stored encrypted inside the disc file

store the last "last disc seen" time for each disc
update if disc is seen

store the last "last played" time for each disc
update if disc played
additionally update for 5 random(!) discs

request the disc if current date > disc seen + 30d
require the disc if current date > disc seen + 60d or current date < last played

allow discs seen to be updated from menu eg. use before taking the wii somewhere else

not absolutely secure but good enough against most users

 

[smf]

request the disc if current date > disc seen + 30d
require the disc if current date > disc seen + 60d or current date < last played

allow discs seen to be updated from menu eg. use before taking the wii somewhere else

not absolutely secure but good enough against most users

That would make it completely useless to me. The reason I want gamecube discs on usb is that I play them so rarely as I have to fetch the discs. If I end up having to get them once a month then I wouldn't bother.

I am occassionally playing burnout 3/revenge on the PS2 (which I own), but I switched to a slim for streaming mpeg4 as the fat ps2 is too noisy. It's only now that open ps2 loader supports samba streaming that I've gone back to playing any games on the ps2. I even had to remove the shrink wrap from one of my games to rip it (I bought it about two or three years ago).

 

[PsyBlade]

That would make it completely useless to me. The reason I want gamecube discs on usb is that I play them so rarely as I have to fetch the discs. If I end up having to get them once a month then I wouldn't bother.

Im not saying he should to this
I wanted to point out he could do it if those rent-rippers made to much fuss

personally I think the additional damage
would be small enough not to bother with protection at all

And what I meant with the 30 day "request"
was more a notice at the start of the game to avoid getting surprised
something along the lines of
"please insert this game before the xx
else the next play beyond that date will require it"

I play all my wii games from USB because of convenience too
but even if I had to insert them every other month I would
its still much better than fetching and swapping them every time
and it loads faster and quieter

 

[Helsionium]

This method won't work. You can easily change the date/time in your Wii settings, and there is no way to detect these settings have been changed. Such a system would therefore be absolutely useless.

I still think the system will simply use encryption of one kind or another, but I'm very curious how he does it. I write software myself (no Wii homebrew, because I hate C) and I know that it is one of the toughest tasks to create a secure cryptography implementations. It is true that all current cryptographic methods are not feasibly breakable per se, but many implementations fail just because one single bug - see the Trucha bug, which disabled an otherwise comparably tough security. Now, I don't expect crediar to make a trucha-type mistake, but a perfect cryptography solution? No single coder can do this, especially not on first try.

 

[PsyBlade]

This method won't work. You can easily change the date/time in your Wii settings, and there is no way to detect these settings have been changed. Such a system would therefore be absolutely useless.

you can check for strong monotony in dates
that will make changing the date not impossible but to much of a hassle
I even did that rudimentarly, thats what the "last played" is for
I just forgot some cases such as "require on seen > current"

 

[thesund0g]

I was told the Wii FS didn't keep timestamps, so my incremental NAND backup idea was a no-go. So, checking for monotony == same fail.

I love how the discussion solely focuses on the AP now. I don't remember this much fervor even when Riivolution came out. If this much effort was concentrated toward dev, we'd have a 2nd GC loader already and people could hush up.

I wouldn't be surprised if Crediar didn't care/bother to add the necessary workarounds to read +/-R, hence the "anti-piracy." It isn't anti-anything if the feature isn't built in, that's lack of support -- two very different things. If I had people steaming mad that I didn't feel like adding a feature, I'd do the same and add some extra protection on top of that lack-of-support, just to spite the ungrateful bitches. The more people complain, the more it's going to backfire on them.

 

[PsyBlade]

I was told the Wii FS didn't keep timestamps, so my incremental NAND backup idea was a no-go. So, checking for monotony == same fail.

I wouldn't be surprised if Crediar didn't care/bother to add the necessary workarounds to read +/-R, hence the "anti-piracy." It isn't anti-anything if the feature isn't built in, that's lack of support -- two very different things. If I had people steaming mad that I didn't feel like adding a feature, I'd do the same and add some extra protection on top of that lack-of-support, just to spite the ungrateful bitches. The more people complain, the more it's going to backfire on them.

I said store the times encrypted in the disc image not in the timestamp
and btw fat which is used to store the disk has timestamps

afaik he implemented blocking of modchips and some messures to protect against copying of rips
this is a long way from not supporting

and I for one am not complaining
just refuting people who say the scheme I posted wouldnt work

 

[bootsector]

There's no point at all on avoiding piracy on DIOS MIOS.

 

[vsevolod]

so he is basically just showing that he can do it by not doing it.

i agree about the whole "his work/his rules" thing etc but as it is, this app is useless

i hope it at least makes him feel good about himself ehehe

 

[mark0217]

Wow, I was really hopeful after seeing the title, too bad the author is just some dude riding his high horse...
Well good for him, he has a Wii app that does absolutely nothing to 99% of the population, right up there with the Wii Speak. Let's move on.

 

[smf]

There's no point at all on avoiding piracy on DIOS MIOS.

Exactly, anyone who wanted to pirate mass GC games has had alot of options for a while.

 

[ChokeD]

@crediar

Nice achievement, good work, it can be done, you did it first, that's awesome.

GC piracy, this will not prevent it. It's been going on for a long time already. It started on the GC, remember ??

Release it, don't release, really doesn't matter, as stated in the first sentence, you did it, you proved it, congrats.

seriousness and sincerity

ChokeD

--------------------------------------------------
@Everybody else

Is this really so big of a deal that it deserves all this debate ??

Hacked Wii's, Loaders and chips can already play GC backups. I really just don't see what all the fuss is about. I apologize if this comes off the wrong way, but stop and think, really.

 

[thesund0g]

and I for one am not complaining
just refuting people who say the scheme I posted wouldnt work

You really like your own idea, congrats!

Shall we expect a USB loader from you as well?

Time/date checks are some of the most easily broken methods, regardless of how they are implemented. You are neither the first nor the last person to think of this. You assume a secure path, from head to toe. So did Nintendo.

 

[bugaveli]

@Everybody else

Is this really so big of a deal that it deserves all this debate ??

I agree, Awesome that it can be done, and who knows what will happen if we do see a release. Not much point in debating it right now. seeing as how theres already a site dedicated to info on it, the only thing to come of this thread is speculation and angry pirates. Much respect to credair.

 

[Slowking]

Nothing to do with track layout, but with the security code Wii and GC games have in the inner circle.
Old drives could read normal DVDs because Nintendo was planing a DVD video channel at some point in time. Read the hackmii article for DVDX to learn more. Since they don't seem to plan something like this anymore they remove DVD support from the drives.
I'm pretty sure it could be patched back in with a soldered modchip, but USB loaders and the likes make it unatractive for modchip companys to develop such a chip.

The inner circle is BCA, which was used for all games on the GC but only a few games on the Wii seem to need it. The main protection for the Wii is the disc format.

http://debugmo.de/2008/11/anatomy-of-an-op...authentication/

No BCA is the main protection for Wii and GC games and it would have been clear to you if you had just read the article in debugmo carefully.
debugmo

The third part is completely unrelated to the first two; contrary to popular belief, the copy protection is not based on making the disc incompatible with standard DVDs; this alone would help against consumer DVD burners, but not against profesionally manufactured copies. When mastering DVDs, it’s no problem to master custom data frames. An additional feature of GODs is the usage of the “burst cutting area“, often incorrectly described as “barcode”.

Fact is the drive reads this BCA code and locks up if it's not present or wrong. Nothing you can do against it with software.
That's actually also how GC drives work. Old Wii drives just switched to DVD video mode instead of locking up, but that's over with now.

The software BCA check that NSMB Wii uses is something completely different and has nothing to do with the drive.

 

[PsyBlade]

You really like your own idea, congrats!

Shall we expect a USB loader from you as well?

Time/date checks are some of the most easily broken methods, regardless of how they are implemented. You are neither the first nor the last person to think of this. You assume a secure path, from head to toe. So did Nintendo.

Its just that I hate it if people try (intentional and unintentional) to make me look stupid by misunderstanding me.
I dont even want this implemented, but it wouldnt stop my from using it.

I know any coder let alone cediar can think of this which is why I wasnt afraid to post it.
I know I depend on a secure path, I said so in the second line or so.
I know it can be defeated, I said so too in the post.

And no I dont intend to get into another assembler language to write something like a cmios/cios.
And loaders are already enough around.