Thursday, October 02, 2008

Wii / DSi : secure SD transactions

Nintendo just announced the DSi, a new version of the Nintendo DS platform, and in the speech notes Iwata expressed concern about how to manage the secure transactions of WiiWare and the upcoming DSware games and applications on the freely removable SD card format. One developer has already weighed in wondering if SD cards will open up the platform to even more piracy, as if the R4 chip wasn't easy enough.

Well. I have a solution for Nintendo. Truecrypt. Truecrypt is an on-the-fly disk encryption utility, and is the perfect answer for locking down content on the SD card format. It's also Open-Licensed, which means it's royalty-free and patent-free, which means Nintendo can use it without having to pay anybody else.

The idea is that when inputting an SD card to be used for WiiWare and DSWare games, the user has to format the SD card, or a portion of the SD card, against Truecrypt. The password and keys to unlock the content aren't actually exposed to the user, they don't see them at all. Rather, the password and keys are stored in the Wii and DS operating firmware, and against the Nintendo Online account.

The conceptual implementation is that by saving the game data in a Truecrypt formatted partition, the games data cannot be cracked by pirates using other platforms. By the same token, games that are not inside the Truecrypt partition are automatically blocked. They are given no run permission by default.

Basically it's an extension of the Unix way of reading everything as a file and assigning permissions. Executable game files can only run if they are run through the Truecrypt partition and are signed against the truecrypt partition.

Okay, that should eliminate piracy concerns, but what about consumer concerns? How does one take an SD card used in a Wii, put it in a DS, and play games, without knowing the password?

The answer is found in the system memory of each device, and the online Nintendo store. Nintendo automatically tracks every purchase made through the WiiWare and Virtual Console networks. Once you buy a game, you own that game, and can re-download it at any time.

So, whenever you register and format a Truecrypt partition, that key is actually a hash made from your Nintendo.com login information. The online store saves the Truecrypt Key, and when you go to a different platform, you simply login with your Nintendo.com information. The Truecrypt key is downloaded to the new platform, and the SD card is unlocked. If you have multiple SD cards, multiple pass keys can be saved.

The idea is that if you buy say, Mario64 DS DSware edition, store it on an SD card, then boot up your friends DS with the SD card, you input your Nintendo.com login information, the key is downloaded, the card is unlocked, and your game is available.

The drawback so far is that you will need an Internet connection to validate the install.

Well, since we basically are describing Steam for Nintendo, lets go with the Steam method some more. If you have logged onto a friends Wii or DS, your login and has information is saved. So they can continue to use your SD cards.

Okay, saved information, pirates locked out, ability to access the games at any time with the Nintendo.com login information, there has to be another technical problem, and that problem is space!

At some point if enough people register with a certain DSi or Wii platform, there won't be any space left.

Okay, this isn't exactly true as the Truecrypt pass key and the login information can simply be saved as Plain text... which isn't going to take up a lot of space. However, each device is given a user control screen. Basically, the platform owner can see who all has registered against the machine in question, and remove any usernames left, also removing their passkey.

***

Given the time to the DSi launch, I'm pretty sure that this strategy will work, and will ease developers minds about the potential of piracy on the Nintendo platforms.

... next question. How in the world do I get a hold of Nintendo engineering to give them this idea...

Wednesday, October 01, 2008

No Apple did Not drop the NDA on Iphone Development

For those who haven't been following the Iphone development saga, Apple's been pulling some really rotten tricks with it. Long story short, developers who work on the Iphone platform have to sign an NDA, a non-disclosure agreement. Developers whose applications are rejected from the Iphone store can not talk about the rejections under the NDA. The result was a huge backlash among Apple Fans, as chronicled on MacRumors. So, Apple has reportedly dropped the NDA on Iphone development according to many news sites. Only, Apple hasn't. I'm going to post the message from Apple, with a couple lines bolded.
We have decided to drop the non-disclosure agreement (NDA) for released iPhone software.

We put the NDA in place because the iPhone OS includes many Apple inventions and innovations that we would like to protect, so that others don’t steal our work. It has happened before. While we have filed for hundreds of patents on iPhone technology, the NDA added yet another level of protection. We put it in place as one more way to help protect the iPhone from being ripped off by others.

However, the NDA has created too much of a burden on developers, authors and others interested in helping further the iPhone’s success, so we are dropping it for released software. Developers will receive a new agreement without an NDA covering released software within a week or so. Please note that unreleased software and features will remain under NDA until they are released.

Thanks to everyone who provided us constructive feedback on this matter.

Apple uses the term released quite often in the announcement. Released software is software that is sold on the Iphone market. Unreleased software is software that has been rejected from the Iphone store. Which is what the complaints were about to begin with.

So, Apple's done absolutely nothing to address the complaints from Apple Fans, has not listened to constructive feedback, and thinks they can get away with it. Instead, all I can see the new announcement causing is more developers fleeing to Google Android.