Thursday, October 02, 2008

Wii / DSi : secure SD transactions

Nintendo just announced the DSi, a new version of the Nintendo DS platform, and in the speech notes Iwata expressed concern about how to manage the secure transactions of WiiWare and the upcoming DSware games and applications on the freely removable SD card format. One developer has already weighed in wondering if SD cards will open up the platform to even more piracy, as if the R4 chip wasn't easy enough.

Well. I have a solution for Nintendo. Truecrypt. Truecrypt is an on-the-fly disk encryption utility, and is the perfect answer for locking down content on the SD card format. It's also Open-Licensed, which means it's royalty-free and patent-free, which means Nintendo can use it without having to pay anybody else.

The idea is that when inputting an SD card to be used for WiiWare and DSWare games, the user has to format the SD card, or a portion of the SD card, against Truecrypt. The password and keys to unlock the content aren't actually exposed to the user, they don't see them at all. Rather, the password and keys are stored in the Wii and DS operating firmware, and against the Nintendo Online account.

The conceptual implementation is that by saving the game data in a Truecrypt formatted partition, the games data cannot be cracked by pirates using other platforms. By the same token, games that are not inside the Truecrypt partition are automatically blocked. They are given no run permission by default.

Basically it's an extension of the Unix way of reading everything as a file and assigning permissions. Executable game files can only run if they are run through the Truecrypt partition and are signed against the truecrypt partition.

Okay, that should eliminate piracy concerns, but what about consumer concerns? How does one take an SD card used in a Wii, put it in a DS, and play games, without knowing the password?

The answer is found in the system memory of each device, and the online Nintendo store. Nintendo automatically tracks every purchase made through the WiiWare and Virtual Console networks. Once you buy a game, you own that game, and can re-download it at any time.

So, whenever you register and format a Truecrypt partition, that key is actually a hash made from your login information. The online store saves the Truecrypt Key, and when you go to a different platform, you simply login with your information. The Truecrypt key is downloaded to the new platform, and the SD card is unlocked. If you have multiple SD cards, multiple pass keys can be saved.

The idea is that if you buy say, Mario64 DS DSware edition, store it on an SD card, then boot up your friends DS with the SD card, you input your login information, the key is downloaded, the card is unlocked, and your game is available.

The drawback so far is that you will need an Internet connection to validate the install.

Well, since we basically are describing Steam for Nintendo, lets go with the Steam method some more. If you have logged onto a friends Wii or DS, your login and has information is saved. So they can continue to use your SD cards.

Okay, saved information, pirates locked out, ability to access the games at any time with the login information, there has to be another technical problem, and that problem is space!

At some point if enough people register with a certain DSi or Wii platform, there won't be any space left.

Okay, this isn't exactly true as the Truecrypt pass key and the login information can simply be saved as Plain text... which isn't going to take up a lot of space. However, each device is given a user control screen. Basically, the platform owner can see who all has registered against the machine in question, and remove any usernames left, also removing their passkey.


Given the time to the DSi launch, I'm pretty sure that this strategy will work, and will ease developers minds about the potential of piracy on the Nintendo platforms.

... next question. How in the world do I get a hold of Nintendo engineering to give them this idea...

No comments: